Add tests for the CRYPTO_VAR_LOCK variable

Author: elichai

.travis.yml

@@ -38,6 +38,7 @@ script:
   - cargo test --verbose --features="rand rand-std"
   - cargo test --verbose --features="rand serde"
   - cargo test --verbose --features="rand serde recovery endomorphism"
+  - cargo test --verbose --lib --features=fuzztarget -- --test-threads=1 # 1 thread is required so that we can have 2 tests setting the `UNSAFE_CRYPTO_FUZZING` variable.
   - cargo build --verbose
   - cargo test --verbose
   - cargo build --verbose --release

src/ecdh.rs

@@ -162,7 +162,7 @@ impl SharedSecret {
     }
 }
 
-#[cfg(test)]
+#[cfg(all(test, not(feature = "fuzztarget")))]
 mod tests {
     use rand::thread_rng;
     use super::SharedSecret;

src/key.rs

@@ -443,7 +443,7 @@ impl<'de> ::serde::Deserialize<'de> for PublicKey {
     }
 }
 
-#[cfg(test)]
+#[cfg(all(test, not(feature = "fuzztarget")))]
 mod test {
     use Secp256k1;
     use from_hex;

src/lib.rs

@@ -707,7 +707,7 @@ fn from_hex(hex: &str, target: &mut [u8]) -> Result<usize, ()> {
 }
 
 
-#[cfg(test)]
+#[cfg(all(test, not(feature = "fuzztarget")))]
 mod tests {
     use rand::{RngCore, thread_rng};
     use std::str::FromStr;
@@ -1160,3 +1160,66 @@ mod benches {
         });
     }
 }
+
+#[cfg(all(test, feature = "fuzztarget"))]
+mod test_fuzz {
+    use super::*;
+    use std::str::FromStr;
+    use std::panic::{self, UnwindSafe};
+
+
+    pub fn crashed_for_fuzz<F: FnOnce() -> R + UnwindSafe, R>(f: F) -> bool {
+        if let Err(e) = panic::catch_unwind(f) {
+            if let Some(st) = e.downcast_ref::<&str>() {
+                return st.contains(ffi::UNSAFE_CRYPTO_WARNING);
+            }
+        }
+        false
+    }
+
+    #[test]
+    fn fuzz_not_set_var() {
+        unsafe {ffi::UNSAFE_CRYPTO_FUZZING = false};
+        assert!(crashed_for_fuzz(|| SecretKey::from_slice(&[2; 32])));
+        assert!(crashed_for_fuzz(|| PublicKey::from_slice(&[2; 33])));
+        assert!(crashed_for_fuzz(|| Signature::from_compact(&[3; 64])));
+        assert!(crashed_for_fuzz(|| Secp256k1::new()));
+        assert!(crashed_for_fuzz(|| {
+            let mut sec = SecretKey::from_str("01010101010101010001020304050607ffff0000ffff00006363636363636363").unwrap();
+            let _ = sec.add_assign(&[2u8; 32]);
+        }));
+        assert!(crashed_for_fuzz(|| {
+            let mut sec = SecretKey::from_str("01010101010101010001020304050607ffff0000ffff00006363636363636363").unwrap();
+            let _ = sec.mul_assign(&[2u8; 32]);
+        }));
+        assert!(crashed_for_fuzz(|| {
+            let sig: Signature = unsafe { std::mem::transmute::<_, ffi::Signature>([3u8; 64]).into() };
+            let _ = sig.serialize_compact();
+        }));
+
+        assert!(crashed_for_fuzz(|| {
+            let pubkey1: PublicKey = unsafe { std::mem::transmute::<_, ffi::PublicKey>([3u8; 64]).into() };
+            let pubkey2: PublicKey = unsafe { std::mem::transmute::<_, ffi::PublicKey>([5u8; 64]).into() };
+            let _ = pubkey1.combine(&pubkey2);
+        }));
+    }
+
+    #[test]
+    fn fuzz_set_var_not_crash() {
+        unsafe {ffi::UNSAFE_CRYPTO_FUZZING = true;}
+        let _ = SecretKey::from_slice(&[2; 32]);
+        let _ = PublicKey::from_slice(&[2; 33]);
+        let _ = Signature::from_compact(&[3; 64]);
+        let _ = Secp256k1::new();
+        let mut sec = SecretKey::from_str("01010101010101010001020304050607ffff0000ffff00006363636363636363").unwrap();
+        let _ = sec.add_assign(&[2u8; 32]);
+        let mut sec = SecretKey::from_str("01010101010101010001020304050607ffff0000ffff00006363636363636363").unwrap();
+        let _ = sec.mul_assign(&[2u8; 32]);
+        let sig: Signature = unsafe { std::mem::transmute::<_, ffi::Signature>([3u8; 64]).into() };
+        let _ = sig.serialize_compact();
+        let pubkey1: PublicKey = unsafe { std::mem::transmute::<_, ffi::PublicKey>([3u8; 64]).into() };
+        let pubkey2: PublicKey = unsafe { std::mem::transmute::<_, ffi::PublicKey>([5u8; 64]).into() };
+        let _ = pubkey1.combine(&pubkey2);
+    }
+}
+