Skip to content

Commit 3a9b470

Browse files
elichaielichai
committed
Add a static mut bool to prevent accidentally using fuzz functions
1 parent 4e69dcc commit 3a9b470

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

src/ffi.rs

+27-1
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ pub type EcdhHashFn = unsafe extern "C" fn(
6363
#[cfg(feature = "fuzztarget")]
6464
impl Context {
6565
pub fn flags(&self) -> u32 {
66+
unsafe {assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable"); }
6667
self.0 as u32
6768
}
6869
}
@@ -399,6 +400,8 @@ mod fuzz_dummy {
399400
use self::std::{ptr, mem};
400401
use self::std::boxed::Box;
401402

403+
pub static mut UNSAFE_CRYPTO_FUZZING: bool = false;
404+
402405
extern "C" {
403406
pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
404407
pub static secp256k1_nonce_function_rfc6979: NonceFn;
@@ -408,36 +411,43 @@ mod fuzz_dummy {
408411
// Contexts
409412
/// Creates a dummy context, tracking flags to ensure proper calling semantics
410413
pub unsafe fn secp256k1_context_preallocated_create(_ptr: *mut c_void, flags: c_uint) -> *mut Context {
414+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
411415
let b = Box::new(Context(flags as i32));
412416
Box::into_raw(b)
413417
}
414418

415419
/// Return dummy size of context struct.
416420
pub unsafe fn secp256k1_context_preallocated_size(_flags: c_uint) -> usize {
421+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
417422
mem::size_of::<Context>()
418423
}
419424

420425
/// Return dummy size of context struct.
421426
pub unsafe fn secp256k1_context_preallocated_clone_size(cx: *mut Context) -> usize {
427+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
422428
mem::size_of::<Context>()
423429
}
424430

425431
/// Copies a dummy context
426432
pub unsafe fn secp256k1_context_preallocated_clone(cx: *const Context, prealloc: *mut c_void) -> *mut Context {
433+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
427434
let ret = prealloc as *mut Context;
428435
*ret = (*cx).clone();
429436
ret
430437
}
431438

432439
/// "Destroys" a dummy context
433-
pub unsafe fn secp256k1_context_preallocated_destroy(cx: *mut Context) {
440+
pub unsafe fn secp256k1_context_preallocated_destroy(cx: *mut Context)
441+
{
442+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
434443
(*cx).0 = 0;
435444
}
436445

437446
/// Asserts that cx is properly initialized
438447
pub unsafe fn secp256k1_context_randomize(cx: *mut Context,
439448
_seed32: *const c_uchar)
440449
-> c_int {
450+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
441451
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
442452
1
443453
}
@@ -454,6 +464,7 @@ mod fuzz_dummy {
454464
pub unsafe fn secp256k1_ec_pubkey_parse(cx: *const Context, pk: *mut PublicKey,
455465
input: *const c_uchar, in_len: usize)
456466
-> c_int {
467+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
457468
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
458469
match in_len {
459470
33 => {
@@ -482,6 +493,7 @@ mod fuzz_dummy {
482493
out_len: *mut usize, pk: *const PublicKey,
483494
compressed: c_uint)
484495
-> c_int {
496+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
485497
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
486498
if test_pk_validate(cx, pk) != 1 { return 0; }
487499
if compressed == SECP256K1_SER_COMPRESSED {
@@ -513,6 +525,7 @@ mod fuzz_dummy {
513525
pub unsafe fn secp256k1_ecdsa_signature_parse_compact(cx: *const Context, sig: *mut Signature,
514526
input64: *const c_uchar)
515527
-> c_int {
528+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
516529
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
517530
if secp256k1_ec_seckey_verify(cx, input64.offset(32)) != 1 { return 0; } // sig should be msg32||sk
518531
ptr::copy(input64, (*sig).0[..].as_mut_ptr(), 64);
@@ -529,6 +542,7 @@ mod fuzz_dummy {
529542
pub unsafe fn secp256k1_ecdsa_signature_serialize_der(cx: *const Context, output: *mut c_uchar,
530543
out_len: *mut usize, sig: *const Signature)
531544
-> c_int {
545+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
532546
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
533547

534548
let mut len_r = 33;
@@ -567,6 +581,7 @@ mod fuzz_dummy {
567581
pub unsafe fn secp256k1_ecdsa_signature_serialize_compact(cx: *const Context, output64: *mut c_uchar,
568582
sig: *const Signature)
569583
-> c_int {
584+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
570585
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
571586
ptr::copy((*sig).0[..].as_ptr(), output64, 64);
572587
1
@@ -585,6 +600,7 @@ mod fuzz_dummy {
585600
msg32: *const c_uchar,
586601
pk: *const PublicKey)
587602
-> c_int {
603+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
588604
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
589605
assert!((*cx).0 as u32 & SECP256K1_START_VERIFY == SECP256K1_START_VERIFY);
590606
if test_pk_validate(cx, pk) != 1 { return 0; }
@@ -608,6 +624,7 @@ mod fuzz_dummy {
608624
_noncefn: NonceFn,
609625
_noncedata: *const c_void)
610626
-> c_int {
627+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
611628
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
612629
assert!((*cx).0 as u32 & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
613630
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
@@ -620,6 +637,7 @@ mod fuzz_dummy {
620637
/// Checks that pk != 0xffff...ffff and pk[0..32] == pk[32..64]
621638
pub unsafe fn test_pk_validate(cx: *const Context,
622639
pk: *const PublicKey) -> c_int {
640+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
623641
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
624642
if (*pk).0[0..32] != (*pk).0[32..64] || secp256k1_ec_seckey_verify(cx, (*pk).0[0..32].as_ptr()) == 0 {
625643
0
@@ -631,6 +649,7 @@ mod fuzz_dummy {
631649
/// Checks that sk != 0xffff...ffff
632650
pub unsafe fn secp256k1_ec_seckey_verify(cx: *const Context,
633651
sk: *const c_uchar) -> c_int {
652+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
634653
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
635654
let mut res = 0;
636655
for i in 0..32 {
@@ -642,6 +661,7 @@ mod fuzz_dummy {
642661
/// Sets pk to sk||sk
643662
pub unsafe fn secp256k1_ec_pubkey_create(cx: *const Context, pk: *mut PublicKey,
644663
sk: *const c_uchar) -> c_int {
664+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
645665
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
646666
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
647667
ptr::copy(sk, (*pk).0[0..32].as_mut_ptr(), 32);
@@ -657,6 +677,7 @@ mod fuzz_dummy {
657677
sk: *mut c_uchar,
658678
tweak: *const c_uchar)
659679
-> c_int {
680+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
660681
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
661682
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
662683
ptr::copy(tweak.offset(16), sk.offset(16), 16);
@@ -669,6 +690,7 @@ mod fuzz_dummy {
669690
pk: *mut PublicKey,
670691
tweak: *const c_uchar)
671692
-> c_int {
693+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
672694
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
673695
if test_pk_validate(cx, pk) != 1 { return 0; }
674696
ptr::copy(tweak.offset(16), (*pk).0[16..32].as_mut_ptr(), 16);
@@ -683,6 +705,7 @@ mod fuzz_dummy {
683705
sk: *mut c_uchar,
684706
tweak: *const c_uchar)
685707
-> c_int {
708+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
686709
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
687710
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
688711
ptr::copy(tweak.offset(16), sk.offset(16), 16);
@@ -695,6 +718,7 @@ mod fuzz_dummy {
695718
pk: *mut PublicKey,
696719
tweak: *const c_uchar)
697720
-> c_int {
721+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
698722
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
699723
if test_pk_validate(cx, pk) != 1 { return 0; }
700724
ptr::copy(tweak.offset(16), (*pk).0[16..32].as_mut_ptr(), 16);
@@ -709,6 +733,7 @@ mod fuzz_dummy {
709733
ins: *const *const PublicKey,
710734
n: c_int)
711735
-> c_int {
736+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
712737
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
713738
assert!(n <= 32 && n >= 0); //TODO: Remove this restriction?
714739
for i in 0..n {
@@ -730,6 +755,7 @@ mod fuzz_dummy {
730755
_hashfp: EcdhHashFn,
731756
_data: *mut c_void,
732757
) -> c_int {
758+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
733759
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
734760
if secp256k1_ec_seckey_verify(cx, scalar) != 1 { return 0; }
735761

src/recovery/ffi.rs

+1
Original file line numberDiff line numberDiff line change
@@ -102,6 +102,7 @@ mod fuzz_dummy {
102102
_noncefn: NonceFn,
103103
_noncedata: *const c_void)
104104
-> c_int {
105+
assert!(UNSAFE_CRYPTO_FUZZING, "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable");
105106
assert!(!cx.is_null() && (*cx).flags() & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
106107
assert!((*cx).flags() & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
107108
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }

0 commit comments

Comments
 (0)