From 0a8bbde361227c8a9cb1e0fd893bcc3947976dac Mon Sep 17 00:00:00 2001 From: Denis Kasak Date: Thu, 17 Jun 2021 14:49:26 +0200 Subject: [PATCH] Support building a "disarmed" target via the OLM_FUZZING macro. Like other crypto libs, libolm contains many obstacles which a fuzzer is unlikely to be able to surmount but which are not important for the end goal of fuzzing. The easiest and most robust way around this is to remove these obstacles conditionally when building the fuzzer binaries. This commit adds a preprocessor macro OLM_FUZZING which can be used to conditionally disables problematic bits of code during compile-time for easier fuzzing. Currently the only thing it disables is the encryption/decryption and base64 encoding/decoding when processing pickled Megolm keys. This allows the fuzzers to fuzz the unpickling functionality directly without inadvertently fuzzing the base64 encoder and encryption (which should be fuzzed separately). The macro is set in the Makefile *only* when building fuzzer binaries. --- src/outbound_group_session.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/outbound_group_session.c b/src/outbound_group_session.c index 6acad5a..4a251d0 100644 --- a/src/outbound_group_session.c +++ b/src/outbound_group_session.c @@ -103,12 +103,21 @@ size_t olm_pickle_outbound_group_session( return (size_t)-1; } +#ifndef OLM_FUZZING pos = _olm_enc_output_pos(pickled, raw_length); +#else + pos = pickled; +#endif + pos = _olm_pickle_uint32(pos, PICKLE_VERSION); pos = megolm_pickle(&(session->ratchet), pos); pos = _olm_pickle_ed25519_key_pair(pos, &(session->signing_key)); +#ifndef OLM_FUZZING return _olm_enc_output(key, key_length, pickled, raw_length); +#else + return raw_length; +#endif } size_t olm_unpickle_outbound_group_session( @@ -120,9 +129,14 @@ size_t olm_unpickle_outbound_group_session( const uint8_t *end; uint32_t pickle_version; +#ifndef OLM_FUZZING size_t raw_length = _olm_enc_input( key, key_length, pickled, pickled_length, &(session->last_error) ); +#else + size_t raw_length = pickled_length; +#endif + if (raw_length == (size_t)-1) { return raw_length; }