1 /* 2 * Copyright (c) 2019-2022 Yubico AB. All rights reserved. 3 * Use of this source code is governed by a BSD-style 4 * license that can be found in the LICENSE file. 5 * SPDX-License-Identifier: BSD-2-Clause 6 */ 7 8 #include <sys/types.h> 9 #include <sys/random.h> 10 #include <sys/socket.h> 11 12 #include <openssl/bn.h> 13 #include <openssl/evp.h> 14 #include <openssl/sha.h> 15 16 #include <cbor.h> 17 #include <stdbool.h> 18 #include <stdint.h> 19 #include <stdio.h> 20 #include <stdlib.h> 21 #include <zlib.h> 22 23 #include "mutator_aux.h" 24 25 extern int prng_up; 26 27 int fuzz_save_corpus; 28 29 /* 30 * Build wrappers around functions of interest, and have them fail 31 * in a pseudo-random manner. A uniform probability of 0.25% (1/400) 32 * allows for a depth of log(0.5)/log(399/400) > 276 operations 33 * before simulated errors become statistically more likely. 34 */ 35 36 #define WRAP(type, name, args, retval, param, prob) \ 37 extern type __wrap_##name args; \ 38 extern type __real_##name args; \ 39 type __wrap_##name args { \ 40 if (prng_up && uniform_random(400) < (prob)) { \ 41 return (retval); \ 42 } \ 43 \ 44 return (__real_##name param); \ 45 } 46 47 WRAP(void *, 48 malloc, 49 (size_t size), 50 NULL, 51 (size), 52 1 53 ) 54 55 WRAP(void *, 56 calloc, 57 (size_t nmemb, size_t size), 58 NULL, 59 (nmemb, size), 60 1 61 ) 62 63 WRAP(void *, 64 realloc, 65 (void *ptr, size_t size), 66 NULL, 67 (ptr, size), 68 1 69 ) 70 71 WRAP(char *, 72 strdup, 73 (const char *s), 74 NULL, 75 (s), 76 1 77 ) 78 79 WRAP(ssize_t, 80 getrandom, 81 (void *buf, size_t buflen, unsigned int flags), 82 -1, 83 (buf, buflen, flags), 84 1 85 ) 86 87 WRAP(int, 88 EVP_Cipher, 89 (EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, 90 unsigned int inl), 91 -1, 92 (ctx, out, in, inl), 93 1 94 ) 95 96 WRAP(int, 97 EVP_CIPHER_CTX_ctrl, 98 (EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr), 99 0, 100 (ctx, type, arg, ptr), 101 1 102 ) 103 104 WRAP(EVP_CIPHER_CTX *, 105 EVP_CIPHER_CTX_new, 106 (void), 107 NULL, 108 (), 109 1 110 ) 111 112 WRAP(int, 113 EVP_CipherInit, 114 (EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, 115 const unsigned char *key, const unsigned char *iv, int enc), 116 0, 117 (ctx, cipher, key, iv, enc), 118 1 119 ) 120 121 WRAP(RSA *, 122 EVP_PKEY_get0_RSA, 123 (EVP_PKEY *pkey), 124 NULL, 125 (pkey), 126 1 127 ) 128 129 WRAP(EC_KEY *, 130 EVP_PKEY_get0_EC_KEY, 131 (EVP_PKEY *pkey), 132 NULL, 133 (pkey), 134 1 135 ) 136 137 WRAP(int, 138 EVP_PKEY_get_raw_public_key, 139 (const EVP_PKEY *pkey, unsigned char *pub, size_t *len), 140 0, 141 (pkey, pub, len), 142 1 143 ) 144 145 WRAP(EVP_MD_CTX *, 146 EVP_MD_CTX_new, 147 (void), 148 NULL, 149 (), 150 1 151 ) 152 153 WRAP(int, 154 EVP_DigestVerifyInit, 155 (EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, 156 EVP_PKEY *pkey), 157 0, 158 (ctx, pctx, type, e, pkey), 159 1 160 ) 161 162 WRAP(int, 163 EVP_DigestInit_ex, 164 (EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl), 165 0, 166 (ctx, type, impl), 167 1 168 ) 169 170 WRAP(int, 171 EVP_DigestUpdate, 172 (EVP_MD_CTX *ctx, const void *data, size_t count), 173 0, 174 (ctx, data, count), 175 1 176 ) 177 178 WRAP(int, 179 EVP_DigestFinal_ex, 180 (EVP_MD_CTX *ctx, unsigned char *md, unsigned int *isize), 181 0, 182 (ctx, md, isize), 183 1 184 ) 185 186 WRAP(BIGNUM *, 187 BN_bin2bn, 188 (const unsigned char *s, int len, BIGNUM *ret), 189 NULL, 190 (s, len, ret), 191 1 192 ) 193 194 WRAP(int, 195 BN_bn2bin, 196 (const BIGNUM *a, unsigned char *to), 197 -1, 198 (a, to), 199 1 200 ) 201 202 WRAP(BIGNUM *, 203 BN_CTX_get, 204 (BN_CTX *ctx), 205 NULL, 206 (ctx), 207 1 208 ) 209 210 WRAP(BN_CTX *, 211 BN_CTX_new, 212 (void), 213 NULL, 214 (), 215 1 216 ) 217 218 WRAP(BIGNUM *, 219 BN_new, 220 (void), 221 NULL, 222 (), 223 1 224 ) 225 226 WRAP(RSA *, 227 RSA_new, 228 (void), 229 NULL, 230 (), 231 1 232 ) 233 234 WRAP(int, 235 RSA_set0_key, 236 (RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d), 237 0, 238 (r, n, e, d), 239 1 240 ) 241 242 WRAP(int, 243 RSA_pkey_ctx_ctrl, 244 (EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2), 245 -1, 246 (ctx, optype, cmd, p1, p2), 247 1 248 ) 249 250 WRAP(EC_KEY *, 251 EC_KEY_new_by_curve_name, 252 (int nid), 253 NULL, 254 (nid), 255 1 256 ) 257 258 WRAP(const EC_GROUP *, 259 EC_KEY_get0_group, 260 (const EC_KEY *key), 261 NULL, 262 (key), 263 1 264 ) 265 266 WRAP(const BIGNUM *, 267 EC_KEY_get0_private_key, 268 (const EC_KEY *key), 269 NULL, 270 (key), 271 1 272 ) 273 274 WRAP(EC_POINT *, 275 EC_POINT_new, 276 (const EC_GROUP *group), 277 NULL, 278 (group), 279 1 280 ) 281 282 WRAP(int, 283 EC_POINT_get_affine_coordinates_GFp, 284 (const EC_GROUP *group, const EC_POINT *p, BIGNUM *x, BIGNUM *y, BN_CTX *ctx), 285 0, 286 (group, p, x, y, ctx), 287 1 288 ) 289 290 WRAP(EVP_PKEY *, 291 EVP_PKEY_new, 292 (void), 293 NULL, 294 (), 295 1 296 ) 297 298 WRAP(int, 299 EVP_PKEY_assign, 300 (EVP_PKEY *pkey, int type, void *key), 301 0, 302 (pkey, type, key), 303 1 304 ) 305 306 WRAP(int, 307 EVP_PKEY_keygen_init, 308 (EVP_PKEY_CTX *ctx), 309 0, 310 (ctx), 311 1 312 ) 313 314 WRAP(int, 315 EVP_PKEY_keygen, 316 (EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey), 317 0, 318 (ctx, ppkey), 319 1 320 ) 321 322 WRAP(int, 323 EVP_PKEY_paramgen_init, 324 (EVP_PKEY_CTX *ctx), 325 0, 326 (ctx), 327 1 328 ) 329 330 WRAP(int, 331 EVP_PKEY_paramgen, 332 (EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey), 333 0, 334 (ctx, ppkey), 335 1 336 ) 337 338 WRAP(EVP_PKEY *, 339 EVP_PKEY_new_raw_public_key, 340 (int type, ENGINE *e, const unsigned char *key, size_t keylen), 341 NULL, 342 (type, e, key, keylen), 343 1 344 ) 345 346 WRAP(EVP_PKEY_CTX *, 347 EVP_PKEY_CTX_new, 348 (EVP_PKEY *pkey, ENGINE *e), 349 NULL, 350 (pkey, e), 351 1 352 ) 353 354 WRAP(EVP_PKEY_CTX *, 355 EVP_PKEY_CTX_new_id, 356 (int id, ENGINE *e), 357 NULL, 358 (id, e), 359 1 360 ) 361 362 WRAP(int, 363 EVP_PKEY_derive, 364 (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen), 365 0, 366 (ctx, key, pkeylen), 367 1 368 ) 369 370 WRAP(int, 371 EVP_PKEY_derive_init, 372 (EVP_PKEY_CTX *ctx), 373 0, 374 (ctx), 375 1 376 ) 377 378 WRAP(int, 379 EVP_PKEY_derive_set_peer, 380 (EVP_PKEY_CTX *ctx, EVP_PKEY *peer), 381 0, 382 (ctx, peer), 383 1 384 ) 385 386 WRAP(int, 387 EVP_PKEY_verify_init, 388 (EVP_PKEY_CTX *ctx), 389 0, 390 (ctx), 391 1 392 ) 393 394 WRAP(int, 395 EVP_PKEY_CTX_ctrl, 396 (EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2), 397 -1, 398 (ctx, keytype, optype, cmd, p1, p2), 399 1 400 ) 401 402 WRAP(const EVP_MD *, 403 EVP_sha1, 404 (void), 405 NULL, 406 (), 407 1 408 ) 409 410 WRAP(const EVP_MD *, 411 EVP_sha256, 412 (void), 413 NULL, 414 (), 415 1 416 ) 417 418 WRAP(const EVP_CIPHER *, 419 EVP_aes_256_cbc, 420 (void), 421 NULL, 422 (), 423 1 424 ) 425 426 WRAP(const EVP_CIPHER *, 427 EVP_aes_256_gcm, 428 (void), 429 NULL, 430 (), 431 1 432 ) 433 434 WRAP(unsigned char *, 435 HMAC, 436 (const EVP_MD *evp_md, const void *key, int key_len, 437 const unsigned char *d, int n, unsigned char *md, 438 unsigned int *md_len), 439 NULL, 440 (evp_md, key, key_len, d, n, md, md_len), 441 1 442 ) 443 444 WRAP(HMAC_CTX *, 445 HMAC_CTX_new, 446 (void), 447 NULL, 448 (), 449 1 450 ) 451 452 WRAP(int, 453 HMAC_Init_ex, 454 (HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md, 455 ENGINE *impl), 456 0, 457 (ctx, key, key_len, md, impl), 458 1 459 ) 460 461 WRAP(int, 462 HMAC_Update, 463 (HMAC_CTX *ctx, const unsigned char *data, int len), 464 0, 465 (ctx, data, len), 466 1 467 ) 468 469 WRAP(int, 470 HMAC_Final, 471 (HMAC_CTX *ctx, unsigned char *md, unsigned int *len), 472 0, 473 (ctx, md, len), 474 1 475 ) 476 477 WRAP(unsigned char *, 478 SHA1, 479 (const unsigned char *d, size_t n, unsigned char *md), 480 NULL, 481 (d, n, md), 482 1 483 ) 484 485 WRAP(unsigned char *, 486 SHA256, 487 (const unsigned char *d, size_t n, unsigned char *md), 488 NULL, 489 (d, n, md), 490 1 491 ) 492 493 WRAP(cbor_item_t *, 494 cbor_build_string, 495 (const char *val), 496 NULL, 497 (val), 498 1 499 ) 500 501 WRAP(cbor_item_t *, 502 cbor_build_bytestring, 503 (cbor_data handle, size_t length), 504 NULL, 505 (handle, length), 506 1 507 ) 508 509 WRAP(cbor_item_t *, 510 cbor_build_bool, 511 (bool value), 512 NULL, 513 (value), 514 1 515 ) 516 517 WRAP(cbor_item_t *, 518 cbor_build_negint8, 519 (uint8_t value), 520 NULL, 521 (value), 522 1 523 ) 524 525 WRAP(cbor_item_t *, 526 cbor_build_negint16, 527 (uint16_t value), 528 NULL, 529 (value), 530 1 531 ) 532 533 WRAP(cbor_item_t *, 534 cbor_load, 535 (cbor_data source, size_t source_size, struct cbor_load_result *result), 536 NULL, 537 (source, source_size, result), 538 1 539 ) 540 541 WRAP(cbor_item_t *, 542 cbor_build_uint8, 543 (uint8_t value), 544 NULL, 545 (value), 546 1 547 ) 548 549 WRAP(cbor_item_t *, 550 cbor_build_uint16, 551 (uint16_t value), 552 NULL, 553 (value), 554 1 555 ) 556 557 WRAP(cbor_item_t *, 558 cbor_build_uint32, 559 (uint32_t value), 560 NULL, 561 (value), 562 1 563 ) 564 565 WRAP(cbor_item_t *, 566 cbor_build_uint64, 567 (uint64_t value), 568 NULL, 569 (value), 570 1 571 ) 572 573 WRAP(struct cbor_pair *, 574 cbor_map_handle, 575 (const cbor_item_t *item), 576 NULL, 577 (item), 578 1 579 ) 580 581 WRAP(cbor_item_t **, 582 cbor_array_handle, 583 (const cbor_item_t *item), 584 NULL, 585 (item), 586 1 587 ) 588 589 WRAP(bool, 590 cbor_array_push, 591 (cbor_item_t *array, cbor_item_t *pushee), 592 false, 593 (array, pushee), 594 1 595 ) 596 597 WRAP(bool, 598 cbor_map_add, 599 (cbor_item_t *item, struct cbor_pair pair), 600 false, 601 (item, pair), 602 1 603 ) 604 605 WRAP(cbor_item_t *, 606 cbor_new_definite_map, 607 (size_t size), 608 NULL, 609 (size), 610 1 611 ) 612 613 WRAP(cbor_item_t *, 614 cbor_new_definite_array, 615 (size_t size), 616 NULL, 617 (size), 618 1 619 ) 620 621 WRAP(cbor_item_t *, 622 cbor_new_definite_bytestring, 623 (void), 624 NULL, 625 (), 626 1 627 ) 628 629 WRAP(size_t, 630 cbor_serialize_alloc, 631 (const cbor_item_t *item, cbor_mutable_data *buffer, 632 size_t *buffer_size), 633 0, 634 (item, buffer, buffer_size), 635 1 636 ) 637 638 WRAP(int, 639 fido_tx, 640 (fido_dev_t *d, uint8_t cmd, const void *buf, size_t count, int *ms), 641 -1, 642 (d, cmd, buf, count, ms), 643 1 644 ) 645 646 WRAP(int, 647 bind, 648 (int sockfd, const struct sockaddr *addr, socklen_t addrlen), 649 -1, 650 (sockfd, addr, addrlen), 651 1 652 ) 653 654 WRAP(int, 655 deflateInit2_, 656 (z_streamp strm, int level, int method, int windowBits, int memLevel, 657 int strategy, const char *version, int stream_size), 658 Z_STREAM_ERROR, 659 (strm, level, method, windowBits, memLevel, strategy, version, 660 stream_size), 661 1 662 ) 663 664 int __wrap_deflate(z_streamp, int); 665 int __real_deflate(z_streamp, int); 666 667 int 668 __wrap_deflate(z_streamp strm, int flush) 669 { 670 if (prng_up && uniform_random(400) < 1) { 671 return Z_BUF_ERROR; 672 } 673 /* should never happen, but we check for it */ 674 if (prng_up && uniform_random(400) < 1) { 675 strm->avail_out = UINT_MAX; 676 return Z_STREAM_END; 677 } 678 679 return __real_deflate(strm, flush); 680 } 681 682 int __wrap_asprintf(char **, const char *, ...); 683 684 int 685 __wrap_asprintf(char **strp, const char *fmt, ...) 686 { 687 va_list ap; 688 int r; 689 690 if (prng_up && uniform_random(400) < 1) { 691 *strp = (void *)0xdeadbeef; 692 return -1; 693 } 694 695 va_start(ap, fmt); 696 r = vasprintf(strp, fmt, ap); 697 va_end(ap); 698 699 return r; 700 } 701
Indexes created Tue Feb 24 01:34:59 UTC 2026