Add OCSP fuzzer

Some attempts at reducing overhead in ECC math tests, unclear if
really changed anything for my machine but probably can't hurt.

Fix LLVM build flags

[ci skip]

3 files changed, 27 insertions, 11 deletions

diff --git a/src/extra_tests/fuzzers/GNUmakefile b/src/extra_tests/fuzzers/GNUmakefile
index 3e6f9a35a..24c3c500a 100644
--- a/src/extra_tests/fuzzers/GNUmakefile
+++ b/src/extra_tests/fuzzers/GNUmakefile
@@ -8,7 +8,7 @@ CLANG_COV_FLAGS=-fsanitize-coverage=edge,indirect-calls,8bit-counters
 SHARED_FLAGS=-O3 -g -std=c++11 -pthread
 CFG_FLAGS=--with-debug-info --unsafe-fuzzer-mode
 
-LIBFUZZER_FLAGS=-Illvm-build/build/include $(SHARED_FLAGS) $(CLANG_COV_FLAGS)
+LIBFUZZER_FLAGS=-Illvm-build/build/include $(SHARED_FLAGS) $(CLANG_COV_FLAGS) $(CLANG_SAN_FLAGS)
 AFL_FLAGS=-Iafl-build/build/include $(SHARED_FLAGS) -DINCLUDE_AFL_MAIN
 
 LIBFUZZER_LIBS=llvm-build/libbotan-1.11.a libFuzzer.a
diff --git a/src/extra_tests/fuzzers/jigs/ecc_helper.h b/src/extra_tests/fuzzers/jigs/ecc_helper.h
index 1cfbead1a..fb502452a 100644
--- a/src/extra_tests/fuzzers/jigs/ecc_helper.h
+++ b/src/extra_tests/fuzzers/jigs/ecc_helper.h
@@ -33,15 +33,17 @@ inline std::ostream& operator<<(std::ostream& o, const PointGFp& point)
    return o;
    }
 
-void check_ecc_math(const EC_Group& group, const uint8_t in[], size_t len)
+void check_ecc_math(const EC_Group& group,
+                    const uint8_t in[], size_t len)
    {
+   // These depend only on the group, which is also static
+   static const Botan::PointGFp base_point = group.get_base_point();
+   static Botan::Blinded_Point_Multiply blind(base_point, group.get_order(), 4);
+
    const size_t hlen = len / 2;
    const BigInt a = BigInt::decode(in, hlen);
    const BigInt b = BigInt::decode(in + hlen, len - hlen);
 
-   const Botan::PointGFp& base_point = group.get_base_point();
-   const Botan::BigInt& group_order = group.get_order();
-
    const Botan::BigInt c = a + b;
 
    const Botan::PointGFp P = base_point * a;
@@ -51,10 +53,7 @@ void check_ecc_math(const EC_Group& group, const uint8_t in[], size_t len)
    const Botan::PointGFp A1 = P + Q;
    const Botan::PointGFp A2 = Q + P;
 
-   FUZZER_ASSERT_EQUAL(A1, R);
-   FUZZER_ASSERT_EQUAL(A2, R);
-
-   Botan::Blinded_Point_Multiply blind(base_point, group_order, 4);
+   FUZZER_ASSERT_EQUAL(A1, A2);
 
    const Botan::PointGFp P1 = blind.blinded_multiply(a, fuzzer_rng());
    const Botan::PointGFp Q1 = blind.blinded_multiply(b, fuzzer_rng());
@@ -63,8 +62,8 @@ void check_ecc_math(const EC_Group& group, const uint8_t in[], size_t len)
    const Botan::PointGFp S1 = P1 + Q1;
    const Botan::PointGFp S2 = Q1 + P1;
 
-   FUZZER_ASSERT_EQUAL(S1, R1);
-   FUZZER_ASSERT_EQUAL(S2, R1);
+   FUZZER_ASSERT_EQUAL(S1, S2);
+   FUZZER_ASSERT_EQUAL(S1, A1);
    }
 
 #endif
diff --git a/src/extra_tests/fuzzers/jigs/ocsp.cpp b/src/extra_tests/fuzzers/jigs/ocsp.cpp
new file mode 100644
index 000000000..7cf2d91b0
--- /dev/null
+++ b/src/extra_tests/fuzzers/jigs/ocsp.cpp
@@ -0,0 +1,17 @@
+/*
+* (C) 2015,2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+#include "driver.h"
+
+#include <botan/ocsp.h>
+
+void fuzz(const uint8_t in[], size_t len)
+   {
+   try
+      {
+      OCSP::Response response(in, len);
+      }
+   catch(Botan::Exception& e) { }
+   }