Add standalone PKCS#8 and SPKI fuzzers. We already had coverage for our new EVP_PKEY parsers, but it's good to have some that cover them directly. The initial corpus was generated manually with der-ascii and should cover most of the insanity around EC key serialization. BUG=15 Change-Id: I7aaf56876680bfd5a89f5e365c5052eee03ba862 Reviewed-on: https://boringssl-review.googlesource.com/7728 Reviewed-by: Adam Langley <agl@google.com>

commit: 1fc7564ba7dd985f311d5fccd1de4b01ee368b43 [log] [tgz]
author: David Benjamin <davidben@google.com> Fri Apr 22 00:43:20 2016 -0400
committer: Adam Langley <agl@google.com> Mon Apr 25 21:57:28 2016 +0000
tree: 7d851217a5a602049f55b7b1aef047f649339a3f
parent: af18cdd733a05a088518e5adb01704c1980fff3b [diff]
diff --git a/FUZZING.md b/FUZZING.md
index df45af5..86d0930 100644
--- a/FUZZING.md
+++ b/FUZZING.md

@@ -32,10 +32,12 @@
 
 | Test      | `max_len` value |
 |-----------|-----------------|
-| `privkey` | 2048            |
 | `cert`    | 3072            |
-| `server`  | 4096            |
 | `client`  | 20000           |
+| `pkcs8`   | 2048            |
+| `privkey` | 2048            |
+| `server`  | 4096            |
+| `spki`    | 1024            |
 
 
 These were determined by rounding up the length of the largest case in the corpus.

diff --git a/crypto/CMakeLists.txt b/crypto/CMakeLists.txt
index 8395c4f..7a6b591 100644
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt

@@ -166,7 +166,7 @@
   $<TARGET_OBJECTS:pem>
   $<TARGET_OBJECTS:x509>
   $<TARGET_OBJECTS:x509v3>
-  $<TARGET_OBJECTS:pkcs8>
+  $<TARGET_OBJECTS:pkcs8_lib>
 )
 
 if(NOT MSVC AND NOT ANDROID)

diff --git a/crypto/pkcs8/CMakeLists.txt b/crypto/pkcs8/CMakeLists.txt
index 9550109..ffb3821 100644
--- a/crypto/pkcs8/CMakeLists.txt
+++ b/crypto/pkcs8/CMakeLists.txt

@@ -1,7 +1,7 @@
 include_directories(../../include)
 
 add_library(
-  pkcs8
+  pkcs8_lib
 
   OBJECT
 

diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt
index 0453e7c..f315347 100644
--- a/fuzz/CMakeLists.txt
+++ b/fuzz/CMakeLists.txt

@@ -19,6 +19,24 @@
 target_link_libraries(cert crypto)
 
 add_executable(
+  spki
+
+  spki.cc
+)
+
+target_link_libraries(spki Fuzzer)
+target_link_libraries(spki crypto)
+
+add_executable(
+  pkcs8
+
+  pkcs8.cc
+)
+
+target_link_libraries(pkcs8 Fuzzer)
+target_link_libraries(pkcs8 crypto)
+
+add_executable(
   server
 
   server.cc

diff --git a/fuzz/pkcs8.cc b/fuzz/pkcs8.cc
new file mode 100644
index 0000000..55d3893
--- /dev/null
+++ b/fuzz/pkcs8.cc

@@ -0,0 +1,38 @@
+/* Copyright (c) 2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/bytestring.h>
+#include <openssl/evp.h>
+#include <openssl/mem.h>
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+  CBS cbs;
+  CBS_init(&cbs, buf, len);
+  EVP_PKEY *pkey = EVP_parse_private_key(&cbs);
+  if (pkey == NULL) {
+    return 0;
+  }
+
+  uint8_t *der;
+  size_t der_len;
+  CBB cbb;
+  if (CBB_init(&cbb, 0) &&
+      EVP_marshal_private_key(&cbb, pkey) &&
+      CBB_finish(&cbb, &der, &der_len)) {
+    OPENSSL_free(der);
+  }
+  CBB_cleanup(&cbb);
+  EVP_PKEY_free(pkey);
+  return 0;
+}

diff --git a/fuzz/pkcs8_corpus/129ebe4bf8b167a37741c9c470fd7c4a0359ad63 b/fuzz/pkcs8_corpus/129ebe4bf8b167a37741c9c470fd7c4a0359ad63
new file mode 100644
index 0000000..3221600
--- /dev/null
+++ b/fuzz/pkcs8_corpus/129ebe4bf8b167a37741c9c470fd7c4a0359ad63
Binary files differ

diff --git a/fuzz/pkcs8_corpus/1bf03b5d9f129cd80513b820a55c9568eb1d350b b/fuzz/pkcs8_corpus/1bf03b5d9f129cd80513b820a55c9568eb1d350b
new file mode 100644
index 0000000..05800ee
--- /dev/null
+++ b/fuzz/pkcs8_corpus/1bf03b5d9f129cd80513b820a55c9568eb1d350b
Binary files differ

diff --git a/fuzz/pkcs8_corpus/225df81ad5fc9783575b57e20207645e55a8fa3f b/fuzz/pkcs8_corpus/225df81ad5fc9783575b57e20207645e55a8fa3f
new file mode 100644
index 0000000..df3b06b
--- /dev/null
+++ b/fuzz/pkcs8_corpus/225df81ad5fc9783575b57e20207645e55a8fa3f
Binary files differ

diff --git a/fuzz/pkcs8_corpus/3033b336d833baef80981f40394c281c20677f53 b/fuzz/pkcs8_corpus/3033b336d833baef80981f40394c281c20677f53
new file mode 100644
index 0000000..a13699c
--- /dev/null
+++ b/fuzz/pkcs8_corpus/3033b336d833baef80981f40394c281c20677f53
Binary files differ

diff --git a/fuzz/pkcs8_corpus/31aa87887801ac3f6eaab0bade714e56fcb5fab7 b/fuzz/pkcs8_corpus/31aa87887801ac3f6eaab0bade714e56fcb5fab7
new file mode 100644
index 0000000..96f304e
--- /dev/null
+++ b/fuzz/pkcs8_corpus/31aa87887801ac3f6eaab0bade714e56fcb5fab7
Binary files differ

diff --git a/fuzz/pkcs8_corpus/3f7e0b4378403f44de34874789bce582790a1348 b/fuzz/pkcs8_corpus/3f7e0b4378403f44de34874789bce582790a1348
new file mode 100644
index 0000000..ab5dc9e
--- /dev/null
+++ b/fuzz/pkcs8_corpus/3f7e0b4378403f44de34874789bce582790a1348
Binary files differ

diff --git a/fuzz/pkcs8_corpus/40d5a9f71cacb2389b58a8a24cfa52d6b51bf046 b/fuzz/pkcs8_corpus/40d5a9f71cacb2389b58a8a24cfa52d6b51bf046
new file mode 100644
index 0000000..05020c9
--- /dev/null
+++ b/fuzz/pkcs8_corpus/40d5a9f71cacb2389b58a8a24cfa52d6b51bf046
Binary files differ

diff --git a/fuzz/pkcs8_corpus/57e8e625f2f2313f2ec174a3209972e9bc5125ab b/fuzz/pkcs8_corpus/57e8e625f2f2313f2ec174a3209972e9bc5125ab
new file mode 100644
index 0000000..4d4de1c
--- /dev/null
+++ b/fuzz/pkcs8_corpus/57e8e625f2f2313f2ec174a3209972e9bc5125ab
Binary files differ

diff --git a/fuzz/pkcs8_corpus/89db3807a0d30e36007b74c8ee4aac912fe3fd75 b/fuzz/pkcs8_corpus/89db3807a0d30e36007b74c8ee4aac912fe3fd75
new file mode 100644
index 0000000..7e8322c
--- /dev/null
+++ b/fuzz/pkcs8_corpus/89db3807a0d30e36007b74c8ee4aac912fe3fd75
Binary files differ

diff --git a/fuzz/pkcs8_corpus/d38e79992de4ffaf585a6450ba2e6f21188fdd08 b/fuzz/pkcs8_corpus/d38e79992de4ffaf585a6450ba2e6f21188fdd08
new file mode 100644
index 0000000..fe36039
--- /dev/null
+++ b/fuzz/pkcs8_corpus/d38e79992de4ffaf585a6450ba2e6f21188fdd08
Binary files differ

diff --git a/fuzz/pkcs8_corpus/d9206dbdd26c06ee8de4e587553e72b3bb22d36b b/fuzz/pkcs8_corpus/d9206dbdd26c06ee8de4e587553e72b3bb22d36b
new file mode 100644
index 0000000..f45bac5
--- /dev/null
+++ b/fuzz/pkcs8_corpus/d9206dbdd26c06ee8de4e587553e72b3bb22d36b
Binary files differ

diff --git a/fuzz/pkcs8_corpus/e0a0b34deb64510a36919a13258bd2c8725e41fe b/fuzz/pkcs8_corpus/e0a0b34deb64510a36919a13258bd2c8725e41fe
new file mode 100644
index 0000000..4047d7e
--- /dev/null
+++ b/fuzz/pkcs8_corpus/e0a0b34deb64510a36919a13258bd2c8725e41fe
Binary files differ

diff --git a/fuzz/pkcs8_corpus/e5cfb9f3e23eda47731b1cf3414df1bd408179b7 b/fuzz/pkcs8_corpus/e5cfb9f3e23eda47731b1cf3414df1bd408179b7
new file mode 100644
index 0000000..477a3da
--- /dev/null
+++ b/fuzz/pkcs8_corpus/e5cfb9f3e23eda47731b1cf3414df1bd408179b7
Binary files differ

diff --git a/fuzz/pkcs8_corpus/efb2c016e9375355e04a5d99e2a17415c9d4f648 b/fuzz/pkcs8_corpus/efb2c016e9375355e04a5d99e2a17415c9d4f648
new file mode 100644
index 0000000..d9a28d4
--- /dev/null
+++ b/fuzz/pkcs8_corpus/efb2c016e9375355e04a5d99e2a17415c9d4f648
Binary files differ

diff --git a/fuzz/pkcs8_corpus/fc0fad9f9fb142dee99a03a50a64d10767f9f18e b/fuzz/pkcs8_corpus/fc0fad9f9fb142dee99a03a50a64d10767f9f18e
new file mode 100644
index 0000000..cac230a
--- /dev/null
+++ b/fuzz/pkcs8_corpus/fc0fad9f9fb142dee99a03a50a64d10767f9f18e
Binary files differ

diff --git a/fuzz/spki.cc b/fuzz/spki.cc
new file mode 100644
index 0000000..939d719
--- /dev/null
+++ b/fuzz/spki.cc

@@ -0,0 +1,38 @@
+/* Copyright (c) 2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <openssl/bytestring.h>
+#include <openssl/evp.h>
+#include <openssl/mem.h>
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+  CBS cbs;
+  CBS_init(&cbs, buf, len);
+  EVP_PKEY *pkey = EVP_parse_public_key(&cbs);
+  if (pkey == NULL) {
+    return 0;
+  }
+
+  uint8_t *der;
+  size_t der_len;
+  CBB cbb;
+  if (CBB_init(&cbb, 0) &&
+      EVP_marshal_public_key(&cbb, pkey) &&
+      CBB_finish(&cbb, &der, &der_len)) {
+    OPENSSL_free(der);
+  }
+  CBB_cleanup(&cbb);
+  EVP_PKEY_free(pkey);
+  return 0;
+}

diff --git a/fuzz/spki_corpus/04f58baf6e4bba0bb3094e2e26d3a531a7c263ee b/fuzz/spki_corpus/04f58baf6e4bba0bb3094e2e26d3a531a7c263ee
new file mode 100644
index 0000000..d1eac6d
--- /dev/null
+++ b/fuzz/spki_corpus/04f58baf6e4bba0bb3094e2e26d3a531a7c263ee
Binary files differ

diff --git a/fuzz/spki_corpus/079bdf85c086ad0a92bd01f1f70c645d81053f3a b/fuzz/spki_corpus/079bdf85c086ad0a92bd01f1f70c645d81053f3a
new file mode 100644
index 0000000..a6eb9d4
--- /dev/null
+++ b/fuzz/spki_corpus/079bdf85c086ad0a92bd01f1f70c645d81053f3a
Binary files differ

diff --git a/fuzz/spki_corpus/0f5bd094b20a4632f14903bf62db8d467d2c548f b/fuzz/spki_corpus/0f5bd094b20a4632f14903bf62db8d467d2c548f
new file mode 100644
index 0000000..2bd95c3
--- /dev/null
+++ b/fuzz/spki_corpus/0f5bd094b20a4632f14903bf62db8d467d2c548f
Binary files differ

diff --git a/fuzz/spki_corpus/183c579d75863c1e10100f76e3ffb757b44a9587 b/fuzz/spki_corpus/183c579d75863c1e10100f76e3ffb757b44a9587
new file mode 100644
index 0000000..e3a1ed7
--- /dev/null
+++ b/fuzz/spki_corpus/183c579d75863c1e10100f76e3ffb757b44a9587
Binary files differ

diff --git a/fuzz/spki_corpus/4ee178363e1d8411f30e540cb97d550d4ce62f0c b/fuzz/spki_corpus/4ee178363e1d8411f30e540cb97d550d4ce62f0c
new file mode 100644
index 0000000..471dddf
--- /dev/null
+++ b/fuzz/spki_corpus/4ee178363e1d8411f30e540cb97d550d4ce62f0c
Binary files differ

diff --git a/fuzz/spki_corpus/70da87d1d374ade329433dde31805abc8d80d915 b/fuzz/spki_corpus/70da87d1d374ade329433dde31805abc8d80d915
new file mode 100644
index 0000000..e6deda1
--- /dev/null
+++ b/fuzz/spki_corpus/70da87d1d374ade329433dde31805abc8d80d915
Binary files differ

diff --git a/fuzz/spki_corpus/de0338b0c809548dc79d5a34e28b0010852a8f00 b/fuzz/spki_corpus/de0338b0c809548dc79d5a34e28b0010852a8f00
new file mode 100644
index 0000000..81cbe26
--- /dev/null
+++ b/fuzz/spki_corpus/de0338b0c809548dc79d5a34e28b0010852a8f00
Binary files differ

diff --git a/fuzz/spki_corpus/fc941f77c710354d3c3c1426432a5ee935d51dd6 b/fuzz/spki_corpus/fc941f77c710354d3c3c1426432a5ee935d51dd6
new file mode 100644
index 0000000..10e1674
--- /dev/null
+++ b/fuzz/spki_corpus/fc941f77c710354d3c3c1426432a5ee935d51dd6
Binary files differ
commit	1fc7564ba7dd985f311d5fccd1de4b01ee368b43	[log] [tgz]
author	David Benjamin <davidben@google.com>	Fri Apr 22 00:43:20 2016 -0400
committer	Adam Langley <agl@google.com>	Mon Apr 25 21:57:28 2016 +0000
tree	7d851217a5a602049f55b7b1aef047f649339a3f
parent	af18cdd733a05a088518e5adb01704c1980fff3b [diff]