diff options
author | Jack Lloyd <[email protected]> | 2016-12-08 22:39:57 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2016-12-08 22:41:39 -0500 |
commit | b9de14fd8ce50064870d57e366ce99720ae9f4b8 (patch) | |
tree | 328bef42ff9a65738a26671db5d8e3ea94e17bb7 | |
parent | 047e3f3cdc2720ba6ce38af2b4911ace9d5de27b (diff) |
Avoid use of system RNG in fuzzers
Seemingly /dev/urandom not accessible in ClusterFuzz env
[ci skip]
-rw-r--r-- | src/extra_tests/fuzzers/jigs/driver.h | 33 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/ecc_helper.h | 7 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/pkcs8.cpp | 4 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/ressol.cpp | 3 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/tls_client.cpp | 4 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/tls_server.cpp | 6 |
6 files changed, 41 insertions, 16 deletions
diff --git a/src/extra_tests/fuzzers/jigs/driver.h b/src/extra_tests/fuzzers/jigs/driver.h index 530cc80b7..aea7274a1 100644 --- a/src/extra_tests/fuzzers/jigs/driver.h +++ b/src/extra_tests/fuzzers/jigs/driver.h @@ -12,6 +12,7 @@ #include <vector> #include <stdlib.h> // for setenv #include <botan/exceptn.h> +#include <botan/rng.h> using namespace Botan; @@ -71,6 +72,38 @@ int main(int argc, char* argv[]) // Some helpers for the fuzzer jigs +Botan::RandomNumberGenerator& fuzzer_rng() + { + class ChaCha20_RNG : public Botan::RandomNumberGenerator + { + public: + std::string name() const override { return "ChaCha20_RNG"; } + void clear() override { /* ignored */ } + + void randomize(uint8_t out[], size_t len) override + { + Botan::clear_mem(out, len); + m_chacha.cipher1(out, len); + } + + bool is_seeded() const override { return true; } + + void add_entropy(const uint8_t[], size_t) override { /* ignored */ } + + ChaCha20_RNG() + { + std::vector<uint8_t> seed(32, 0x82); + m_chacha.set_key(seed); + } + + private: + Botan::ChaCha m_chacha; + }; + + static ChaCha20_RNG rng; + return rng; + } + #define FUZZER_ASSERT_EQUAL(x, y) do { \ if(x != y) { \ std::cerr << #x << " = " << x << " !=\n" << #y << " = " << y \ diff --git a/src/extra_tests/fuzzers/jigs/ecc_helper.h b/src/extra_tests/fuzzers/jigs/ecc_helper.h index 9848e6a9e..9b1774ee4 100644 --- a/src/extra_tests/fuzzers/jigs/ecc_helper.h +++ b/src/extra_tests/fuzzers/jigs/ecc_helper.h @@ -10,7 +10,6 @@ #include <botan/curve_gfp.h> #include <botan/ec_group.h> #include <botan/reducer.h> -#include <botan/system_rng.h> void check_redc(std::function<void (BigInt&, secure_vector<word>&)> redc_fn, const Modular_Reducer& redc, @@ -60,9 +59,9 @@ void check_ecc_math(const EC_Group& group, const uint8_t in[], size_t len) Botan::Blinded_Point_Multiply blind(base_point, group_order, 4); - const Botan::PointGFp P1 = blind.blinded_multiply(a, system_rng()); - const Botan::PointGFp Q1 = blind.blinded_multiply(b, system_rng()); - const Botan::PointGFp R1 = blind.blinded_multiply(c, system_rng()); + const Botan::PointGFp P1 = blind.blinded_multiply(a, fuzzer_rng()); + const Botan::PointGFp Q1 = blind.blinded_multiply(b, fuzzer_rng()); + const Botan::PointGFp R1 = blind.blinded_multiply(c, fuzzer_rng()); const Botan::PointGFp S1 = P1 + Q1; const Botan::PointGFp S2 = Q1 + P1; diff --git a/src/extra_tests/fuzzers/jigs/pkcs8.cpp b/src/extra_tests/fuzzers/jigs/pkcs8.cpp index 69e2c193f..47c0068ad 100644 --- a/src/extra_tests/fuzzers/jigs/pkcs8.cpp +++ b/src/extra_tests/fuzzers/jigs/pkcs8.cpp @@ -6,15 +6,13 @@ #include "driver.h" #include <botan/pkcs8.h> -#include <botan/system_rng.h> void fuzz(const uint8_t in[], size_t len) { try { - System_RNG rng; DataSource_Memory input(in, len); - std::unique_ptr<Private_Key> key(PKCS8::load_key(input, rng)); + std::unique_ptr<Private_Key> key(PKCS8::load_key(input, fuzzer_rng())); } catch(Botan::Exception& e) { } } diff --git a/src/extra_tests/fuzzers/jigs/ressol.cpp b/src/extra_tests/fuzzers/jigs/ressol.cpp index 011194866..4c3f8df69 100644 --- a/src/extra_tests/fuzzers/jigs/ressol.cpp +++ b/src/extra_tests/fuzzers/jigs/ressol.cpp @@ -6,7 +6,6 @@ #include "driver.h" #include <botan/numthry.h> -#include <botan/system_rng.h> void fuzz(const uint8_t in[], size_t len) { @@ -32,7 +31,7 @@ void fuzz(const uint8_t in[], size_t len) BigInt a_redc = a % n; if(z != a_redc) { - if(is_prime(n, system_rng(), 64)) + if(is_prime(n, fuzzer_rng(), 64)) { std::cout << "A = " << a << "\n"; std::cout << "Ressol = " << a_sqrt << "\n"; diff --git a/src/extra_tests/fuzzers/jigs/tls_client.cpp b/src/extra_tests/fuzzers/jigs/tls_client.cpp index c176667d4..f70e1eb75 100644 --- a/src/extra_tests/fuzzers/jigs/tls_client.cpp +++ b/src/extra_tests/fuzzers/jigs/tls_client.cpp @@ -6,7 +6,6 @@ #include "driver.h" #include <botan/tls_client.h> -#include <botan/system_rng.h> class Fuzzer_TLS_Client_Creds : public Credentials_Manager { @@ -29,7 +28,6 @@ void fuzz(const uint8_t in[], size_t len) auto ignore_alerts = [](TLS::Alert, const byte[], size_t) {}; auto ignore_hs = [](const TLS::Session&) { abort(); return true; }; - Botan::System_RNG rng; TLS::Session_Manager_Noop session_manager; TLS::Policy policy; TLS::Protocol_Version client_offer = TLS::Protocol_Version::TLS_V12; @@ -44,7 +42,7 @@ void fuzz(const uint8_t in[], size_t len) session_manager, creds, policy, - rng, + fuzzer_rng(), info, client_offer, protocols_to_offer); diff --git a/src/extra_tests/fuzzers/jigs/tls_server.cpp b/src/extra_tests/fuzzers/jigs/tls_server.cpp index dea885de3..acf7ce08e 100644 --- a/src/extra_tests/fuzzers/jigs/tls_server.cpp +++ b/src/extra_tests/fuzzers/jigs/tls_server.cpp @@ -6,7 +6,6 @@ #include "driver.h" #include <botan/tls_server.h> -#include <botan/system_rng.h> const char* fixed_rsa_key = "-----BEGIN PRIVATE KEY-----\n" @@ -69,7 +68,7 @@ class Fuzzer_TLS_Server_Creds : public Credentials_Manager DataSource_Memory key_in(fixed_rsa_key); m_rsa_cert.reset(new Botan::X509_Certificate(cert_in)); - //m_rsa_key.reset(Botan::PKCS8::load_key(key_in, Botan::system_rng())); + //m_rsa_key.reset(Botan::PKCS8::load_key(key_in, fuzzer_rng()); } std::vector<Botan::X509_Certificate> cert_chain( @@ -119,7 +118,6 @@ void fuzz(const uint8_t in[], size_t len) auto ignore_alerts = [](TLS::Alert, const byte[], size_t) {}; auto ignore_hs = [](const TLS::Session&) { return true; }; - Botan::System_RNG rng; TLS::Session_Manager_Noop session_manager; TLS::Policy policy; TLS::Server_Information info("server.name", 443); @@ -141,7 +139,7 @@ void fuzz(const uint8_t in[], size_t len) session_manager, creds, policy, - rng, + fuzzer_rng(), next_proto_fn, is_datagram); |