Skip to content

Commit 5e415b6

Browse files
elichaielichai
committed
Add a static mut bool to prevent accidentally using fuzz functions
1 parent 0782872 commit 5e415b6

File tree

2 files changed

+28
-1
lines changed

2 files changed

+28
-1
lines changed

secp256k1-sys/src/lib.rs

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@ pub type EcdhHashFn = unsafe extern "C" fn(
8484
#[cfg(feature = "fuzztarget")]
8585
impl Context {
8686
pub fn flags(&self) -> u32 {
87+
unsafe {assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING); }
8788
self.0 as u32
8889
}
8990
}
@@ -405,7 +406,7 @@ unsafe fn strlen(mut str_ptr: *const c_char) -> usize {
405406
/// A trait for producing pointers that will always be valid in C. (assuming NULL pointer is a valid no-op)
406407
/// Rust doesn't promise what pointers does it give to ZST (https://doc.rust-lang.org/nomicon/exotic-sizes.html#zero-sized-types-zsts)
407408
/// In case the type is empty this trait will give a NULL pointer, which should be handled in C.
408-
///
409+
///
409410
pub trait CPtr {
410411
type Target;
411412
fn as_c_ptr(&self) -> *const Self::Target;
@@ -447,6 +448,9 @@ mod fuzz_dummy {
447448
#[allow(non_upper_case_globals)]
448449
pub static secp256k1_context_no_precomp: &Context = &Context(0);
449450

451+
pub static mut UNSAFE_CRYPTO_FUZZING: bool = false;
452+
pub const UNSAFE_CRYPTO_WARNING: &str = "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable";
453+
450454
extern "C" {
451455
#[cfg_attr(not(feature = "external-symbols"), link_name = "rustsecp256k1_v0_1_1_ecdh_hash_function_default")]
452456
pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
@@ -457,36 +461,42 @@ mod fuzz_dummy {
457461
// Contexts
458462
/// Creates a dummy context, tracking flags to ensure proper calling semantics
459463
pub unsafe fn secp256k1_context_preallocated_create(_ptr: *mut c_void, flags: c_uint) -> *mut Context {
464+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
460465
let b = Box::new(Context(flags as i32));
461466
Box::into_raw(b)
462467
}
463468

464469
/// Return dummy size of context struct.
465470
pub unsafe fn secp256k1_context_preallocated_size(_flags: c_uint) -> size_t {
471+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
466472
mem::size_of::<Context>()
467473
}
468474

469475
/// Return dummy size of context struct.
470476
pub unsafe fn secp256k1_context_preallocated_clone_size(_cx: *mut Context) -> size_t {
477+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
471478
mem::size_of::<Context>()
472479
}
473480

474481
/// Copies a dummy context
475482
pub unsafe fn secp256k1_context_preallocated_clone(cx: *const Context, prealloc: *mut c_void) -> *mut Context {
483+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
476484
let ret = prealloc as *mut Context;
477485
*ret = (*cx).clone();
478486
ret
479487
}
480488

481489
/// "Destroys" a dummy context
482490
pub unsafe fn secp256k1_context_preallocated_destroy(cx: *mut Context) {
491+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
483492
(*cx).0 = 0;
484493
}
485494

486495
/// Asserts that cx is properly initialized
487496
pub unsafe fn secp256k1_context_randomize(cx: *mut Context,
488497
_seed32: *const c_uchar)
489498
-> c_int {
499+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
490500
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
491501
1
492502
}
@@ -496,6 +506,7 @@ mod fuzz_dummy {
496506
pub unsafe fn secp256k1_ec_pubkey_parse(cx: *const Context, pk: *mut PublicKey,
497507
input: *const c_uchar, in_len: size_t)
498508
-> c_int {
509+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
499510
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
500511
match in_len {
501512
33 => {
@@ -524,6 +535,7 @@ mod fuzz_dummy {
524535
out_len: *mut size_t, pk: *const PublicKey,
525536
compressed: c_uint)
526537
-> c_int {
538+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
527539
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
528540
if test_pk_validate(cx, pk) != 1 { return 0; }
529541
if compressed == SECP256K1_SER_COMPRESSED {
@@ -555,6 +567,7 @@ mod fuzz_dummy {
555567
pub unsafe fn secp256k1_ecdsa_signature_parse_compact(cx: *const Context, sig: *mut Signature,
556568
input64: *const c_uchar)
557569
-> c_int {
570+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
558571
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
559572
if secp256k1_ec_seckey_verify(cx, input64.offset(32)) != 1 { return 0; } // sig should be msg32||sk
560573
ptr::copy(input64, (*sig).0[..].as_mut_ptr(), 64);
@@ -571,6 +584,7 @@ mod fuzz_dummy {
571584
pub unsafe fn secp256k1_ecdsa_signature_serialize_der(cx: *const Context, output: *mut c_uchar,
572585
out_len: *mut size_t, sig: *const Signature)
573586
-> c_int {
587+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
574588
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
575589

576590
let mut len_r = 33;
@@ -609,6 +623,7 @@ mod fuzz_dummy {
609623
pub unsafe fn secp256k1_ecdsa_signature_serialize_compact(cx: *const Context, output64: *mut c_uchar,
610624
sig: *const Signature)
611625
-> c_int {
626+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
612627
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
613628
ptr::copy((*sig).0[..].as_ptr(), output64, 64);
614629
1
@@ -627,6 +642,7 @@ mod fuzz_dummy {
627642
msg32: *const c_uchar,
628643
pk: *const PublicKey)
629644
-> c_int {
645+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
630646
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
631647
assert!((*cx).0 as u32 & SECP256K1_START_VERIFY == SECP256K1_START_VERIFY);
632648
if test_pk_validate(cx, pk) != 1 { return 0; }
@@ -650,6 +666,7 @@ mod fuzz_dummy {
650666
_noncefn: NonceFn,
651667
_noncedata: *const c_void)
652668
-> c_int {
669+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
653670
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
654671
assert!((*cx).0 as u32 & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
655672
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
@@ -662,6 +679,7 @@ mod fuzz_dummy {
662679
/// Checks that pk != 0xffff...ffff and pk[0..32] == pk[32..64]
663680
pub unsafe fn test_pk_validate(cx: *const Context,
664681
pk: *const PublicKey) -> c_int {
682+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
665683
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
666684
if (*pk).0[0..32] != (*pk).0[32..64] || secp256k1_ec_seckey_verify(cx, (*pk).0[0..32].as_ptr()) == 0 {
667685
0
@@ -673,6 +691,7 @@ mod fuzz_dummy {
673691
/// Checks that sk != 0xffff...ffff
674692
pub unsafe fn secp256k1_ec_seckey_verify(cx: *const Context,
675693
sk: *const c_uchar) -> c_int {
694+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
676695
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
677696
let mut res = 0;
678697
for i in 0..32 {
@@ -684,6 +703,7 @@ mod fuzz_dummy {
684703
/// Sets pk to sk||sk
685704
pub unsafe fn secp256k1_ec_pubkey_create(cx: *const Context, pk: *mut PublicKey,
686705
sk: *const c_uchar) -> c_int {
706+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
687707
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
688708
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
689709
ptr::copy(sk, (*pk).0[0..32].as_mut_ptr(), 32);
@@ -699,6 +719,7 @@ mod fuzz_dummy {
699719
sk: *mut c_uchar,
700720
tweak: *const c_uchar)
701721
-> c_int {
722+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
702723
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
703724
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
704725
ptr::copy(tweak.offset(16), sk.offset(16), 16);
@@ -711,6 +732,7 @@ mod fuzz_dummy {
711732
pk: *mut PublicKey,
712733
tweak: *const c_uchar)
713734
-> c_int {
735+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
714736
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
715737
if test_pk_validate(cx, pk) != 1 { return 0; }
716738
ptr::copy(tweak.offset(16), (*pk).0[16..32].as_mut_ptr(), 16);
@@ -725,6 +747,7 @@ mod fuzz_dummy {
725747
sk: *mut c_uchar,
726748
tweak: *const c_uchar)
727749
-> c_int {
750+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
728751
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
729752
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
730753
ptr::copy(tweak.offset(16), sk.offset(16), 16);
@@ -737,6 +760,7 @@ mod fuzz_dummy {
737760
pk: *mut PublicKey,
738761
tweak: *const c_uchar)
739762
-> c_int {
763+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
740764
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
741765
if test_pk_validate(cx, pk) != 1 { return 0; }
742766
ptr::copy(tweak.offset(16), (*pk).0[16..32].as_mut_ptr(), 16);
@@ -751,6 +775,7 @@ mod fuzz_dummy {
751775
ins: *const *const PublicKey,
752776
n: c_int)
753777
-> c_int {
778+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
754779
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
755780
assert!(n <= 32 && n >= 0); //TODO: Remove this restriction?
756781
for i in 0..n {
@@ -772,6 +797,7 @@ mod fuzz_dummy {
772797
_hashfp: EcdhHashFn,
773798
_data: *mut c_void,
774799
) -> c_int {
800+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
775801
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
776802
if secp256k1_ec_seckey_verify(cx, scalar) != 1 { return 0; }
777803

secp256k1-sys/src/recovery.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ mod fuzz_dummy {
108108
_noncefn: NonceFn,
109109
_noncedata: *const c_void)
110110
-> c_int {
111+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
111112
assert!(!cx.is_null() && (*cx).flags() & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
112113
assert!((*cx).flags() & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
113114
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }

0 commit comments

Comments
 (0)