1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
|
#define CRYPTO_ED25519_PRIVATE
#include "orconfig.h"
#include "or.h"
#include "backtrace.h"
#include "config.h"
#include "fuzzing.h"
#include "crypto.h"
#include "crypto_ed25519.h"
extern const char tor_git_revision[];
const char tor_git_revision[] = "";
static int
mock_crypto_pk_public_checksig__nocheck(const crypto_pk_t *env, char *to,
size_t tolen,
const char *from, size_t fromlen)
{
tor_assert(env && to && from);
(void)fromlen;
/* We could look at from[0..fromlen-1] ... */
tor_assert(tolen >= crypto_pk_keysize(env));
memset(to, 0x01, 20);
return 20;
}
static int
mock_crypto_pk_public_checksig_digest__nocheck(crypto_pk_t *env,
const char *data,
size_t datalen,
const char *sig,
size_t siglen)
{
tor_assert(env && data && sig);
(void)datalen;
(void)siglen;
/* We could look at data[..] and sig[..] */
return 0;
}
static int
mock_ed25519_checksig__nocheck(const ed25519_signature_t *signature,
const uint8_t *msg, size_t len,
const ed25519_public_key_t *pubkey)
{
tor_assert(signature && msg && pubkey);
/* We could look at msg[0..len-1] ... */
(void)len;
return 0;
}
static int
mock_ed25519_checksig_batch__nocheck(int *okay_out,
const ed25519_checkable_t *checkable,
int n_checkable)
{
tor_assert(checkable);
int i;
for (i = 0; i < n_checkable; ++i) {
/* We could look at messages and signatures XXX */
tor_assert(checkable[i].pubkey);
tor_assert(checkable[i].msg);
if (okay_out)
okay_out[i] = 1;
}
return 0;
}
static int
mock_ed25519_impl_spot_check__nocheck(void)
{
return 0;
}
void
disable_signature_checking(void)
{
MOCK(crypto_pk_public_checksig,
mock_crypto_pk_public_checksig__nocheck);
MOCK(crypto_pk_public_checksig_digest,
mock_crypto_pk_public_checksig_digest__nocheck);
MOCK(ed25519_checksig, mock_ed25519_checksig__nocheck);
MOCK(ed25519_checksig_batch, mock_ed25519_checksig_batch__nocheck);
MOCK(ed25519_impl_spot_check, mock_ed25519_impl_spot_check__nocheck);
}
#ifdef LLVM_FUZZ
int
LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
static int initialized = 0;
if (!initialized) {
if (fuzz_init() < 0)
abort();
}
return fuzz_main(Data, Size);
}
#else /* Not LLVM_FUZZ, so AFL. */
int
main(int argc, char **argv)
{
size_t size;
tor_threads_init();
init_logging(1);
/* Disable logging by default to speed up fuzzing. */
int loglevel = LOG_ERR;
/* Initialise logging first */
init_logging(1);
configure_backtrace_handler(get_version());
for (int i = 1; i < argc; ++i) {
if (!strcmp(argv[i], "--warn")) {
loglevel = LOG_WARN;
} else if (!strcmp(argv[i], "--notice")) {
loglevel = LOG_NOTICE;
} else if (!strcmp(argv[i], "--info")) {
loglevel = LOG_INFO;
} else if (!strcmp(argv[i], "--debug")) {
loglevel = LOG_DEBUG;
}
}
{
log_severity_list_t s;
memset(&s, 0, sizeof(s));
set_log_severity_config(loglevel, LOG_ERR, &s);
/* ALWAYS log bug warnings. */
s.masks[LOG_WARN-LOG_ERR] |= LD_BUG;
add_stream_log(&s, "", fileno(stdout));
}
/* Make BUG() and nonfatal asserts crash */
tor_set_failed_assertion_callback(abort);
if (fuzz_init() < 0)
abort();
#ifdef __AFL_HAVE_MANUAL_CONTROL
/* Tell AFL to pause and fork here - ignored if not using AFL */
__AFL_INIT();
#endif
#define MAX_FUZZ_SIZE (128*1024)
char *input = read_file_to_str_until_eof(0, MAX_FUZZ_SIZE, &size);
tor_assert(input);
fuzz_main((const uint8_t*)input, size);
tor_free(input);
if (fuzz_cleanup() < 0)
abort();
return 0;
}
#endif
|
