arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-05-25 18:28:47 +00:00
Code Issues Releases Wiki Activity

feat(crypto): use macro for check pattern

Browse Source
This commit is contained in:
Christian Reitter 2022-08-12 14:04:15 +02:00 committed by Andrew Kozlik
parent d069b2955e
commit 5fe7d50232
1 changed files with 29 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
crypto/fuzzer/fuzzer.c
View File

@ -139,6 +139,9 @@ void check_msan(void *pointer, size_t length) {
#endif #endif
} }
// simplify the pointer check after a var_pointer = malloc()
#define RETURN_IF_NULL(var_pointer) if (var_pointer == NULL) { return 0; }
/* individual fuzzer harness functions */ /* individual fuzzer harness functions */
int fuzz_bn_format(void) { int fuzz_bn_format(void) {
@ -177,9 +180,8 @@ int fuzz_bn_format(void) {
char *prefix = malloc(prefixlen); char *prefix = malloc(prefixlen);
// IDEA allow suffix == NULL // IDEA allow suffix == NULL
char *suffix = malloc(suffixlen); char *suffix = malloc(suffixlen);
if (prefix == NULL || suffix == NULL) { RETURN_IF_NULL(prefix);
return 0; RETURN_IF_NULL(suffix);
}
memset(prefix, 0, prefixlen); memset(prefix, 0, prefixlen);
memset(suffix, 0, suffixlen); memset(suffix, 0, suffixlen);
@ -214,9 +216,8 @@ int fuzz_base32_decode(void) {
char *in_buffer = malloc(fuzzer_length); char *in_buffer = malloc(fuzzer_length);
// basic heuristic: the decoded output will always fit in less or equal space // basic heuristic: the decoded output will always fit in less or equal space
uint8_t *out_buffer = malloc(fuzzer_length); uint8_t *out_buffer = malloc(fuzzer_length);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
size_t outlen = fuzzer_length; size_t outlen = fuzzer_length;
size_t raw_inlen = fuzzer_length; size_t raw_inlen = fuzzer_length;
@ -248,9 +249,8 @@ int fuzz_base32_encode(void) {
// TODO: find a better heuristic for output buffer size // TODO: find a better heuristic for output buffer size
size_t outlen = 2 * fuzzer_length; size_t outlen = 2 * fuzzer_length;
char *out_buffer = malloc(outlen); char *out_buffer = malloc(outlen);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
// mutate in_buffer // mutate in_buffer
size_t raw_inlen = fuzzer_length; size_t raw_inlen = fuzzer_length;
@ -282,9 +282,8 @@ int fuzz_base58_encode_check(void) {
// TODO: find a better heuristic for output buffer size // TODO: find a better heuristic for output buffer size
size_t outlen = 2 * fuzzer_length; size_t outlen = 2 * fuzzer_length;
char *out_buffer = malloc(outlen); char *out_buffer = malloc(outlen);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
// mutate in_buffer // mutate in_buffer
size_t raw_inlen = fuzzer_length; size_t raw_inlen = fuzzer_length;
@ -321,9 +320,7 @@ int fuzz_base58_decode_check(void) {
} }
uint8_t *in_buffer = malloc(fuzzer_length + 1); uint8_t *in_buffer = malloc(fuzzer_length + 1);
if (in_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0;
}
size_t raw_inlen = fuzzer_length; size_t raw_inlen = fuzzer_length;
memcpy(in_buffer, fuzzer_input(raw_inlen), raw_inlen); memcpy(in_buffer, fuzzer_input(raw_inlen), raw_inlen);
@ -355,13 +352,12 @@ int fuzz_xmr_base58_addr_decode_check(void) {
} }
// TODO no null termination used !? // TODO no null termination used !?
char *in_buffer = malloc(fuzzer_length);
// TODO use better size heuristic // TODO use better size heuristic
size_t outlen = fuzzer_length; size_t outlen = fuzzer_length;
char *in_buffer = malloc(fuzzer_length);
uint8_t *out_buffer = malloc(outlen); uint8_t *out_buffer = malloc(outlen);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
// tag is only written to // tag is only written to
uint64_t tag = 0; uint64_t tag = 0;
@ -392,13 +388,13 @@ int fuzz_xmr_base58_decode(void) {
return -1; return -1;
} }
char *in_buffer = malloc(fuzzer_length);
// TODO better size heuristic // TODO better size heuristic
size_t outlen = fuzzer_length; size_t outlen = fuzzer_length;
char *in_buffer = malloc(fuzzer_length);
uint8_t *out_buffer = malloc(outlen); uint8_t *out_buffer = malloc(outlen);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
memset(out_buffer, 0, outlen); memset(out_buffer, 0, outlen);
// mutate in_buffer // mutate in_buffer
@ -428,13 +424,13 @@ int fuzz_xmr_base58_addr_encode_check(void) {
// mutate tag_in // mutate tag_in
memcpy(&tag_in, fuzzer_input(tag_size), tag_size); memcpy(&tag_in, fuzzer_input(tag_size), tag_size);
uint8_t *in_buffer = malloc(fuzzer_length);
// TODO better size heuristic // TODO better size heuristic
size_t outlen = fuzzer_length * 2; size_t outlen = fuzzer_length * 2;
uint8_t *in_buffer = malloc(fuzzer_length);
char *out_buffer = malloc(outlen); char *out_buffer = malloc(outlen);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
memset(out_buffer, 0, outlen); memset(out_buffer, 0, outlen);
// mutate in_buffer // mutate in_buffer
@ -471,13 +467,13 @@ int fuzz_xmr_base58_encode(void) {
return -1; return -1;
} }
uint8_t *in_buffer = malloc(fuzzer_length);
// TODO better size heuristic // TODO better size heuristic
size_t outlen = fuzzer_length * 2; size_t outlen = fuzzer_length * 2;
uint8_t *in_buffer = malloc(fuzzer_length);
char *out_buffer = malloc(outlen); char *out_buffer = malloc(outlen);
if (in_buffer == NULL || out_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0; RETURN_IF_NULL(out_buffer);
}
memset(out_buffer, 0, outlen); memset(out_buffer, 0, outlen);
// mutate in_buffer // mutate in_buffer
@ -512,9 +508,7 @@ int fuzz_xmr_serialize_varint(void) {
// mutate in_buffer // mutate in_buffer
size_t raw_inlen = fuzzer_length; size_t raw_inlen = fuzzer_length;
uint8_t *in_buffer = malloc(raw_inlen); uint8_t *in_buffer = malloc(raw_inlen);
if (in_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0;
}
memcpy(in_buffer, fuzzer_input(raw_inlen), raw_inlen); memcpy(in_buffer, fuzzer_input(raw_inlen), raw_inlen);
// use the varint // use the varint
@ -541,9 +535,7 @@ int fuzz_nem_validate_address(void) {
uint8_t network = fuzzer_input(1)[0]; uint8_t network = fuzzer_input(1)[0];
size_t raw_inlen = fuzzer_length + 1; size_t raw_inlen = fuzzer_length + 1;
char *in_buffer = malloc(raw_inlen); char *in_buffer = malloc(raw_inlen);
if (in_buffer == NULL) { RETURN_IF_NULL(in_buffer);
return 0;
}
// mutate the buffer // mutate the buffer
memcpy(in_buffer, fuzzer_input(raw_inlen - 1), raw_inlen - 1); memcpy(in_buffer, fuzzer_input(raw_inlen - 1), raw_inlen - 1);