Skip to content

Commit d9b2f9c

Browse files
elichaielichai
committed
Add a static mut bool to prevent accidentally using fuzz functions
1 parent 0782872 commit d9b2f9c

File tree

2 files changed

+30
-2
lines changed

2 files changed

+30
-2
lines changed

secp256k1-sys/src/lib.rs

Lines changed: 29 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,7 @@ pub type EcdhHashFn = unsafe extern "C" fn(
8484
#[cfg(feature = "fuzztarget")]
8585
impl Context {
8686
pub fn flags(&self) -> u32 {
87+
unsafe {assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING); }
8788
self.0 as u32
8889
}
8990
}
@@ -405,7 +406,7 @@ unsafe fn strlen(mut str_ptr: *const c_char) -> usize {
405406
/// A trait for producing pointers that will always be valid in C. (assuming NULL pointer is a valid no-op)
406407
/// Rust doesn't promise what pointers does it give to ZST (https://doc.rust-lang.org/nomicon/exotic-sizes.html#zero-sized-types-zsts)
407408
/// In case the type is empty this trait will give a NULL pointer, which should be handled in C.
408-
///
409+
///
409410
pub trait CPtr {
410411
type Target;
411412
fn as_c_ptr(&self) -> *const Self::Target;
@@ -447,6 +448,9 @@ mod fuzz_dummy {
447448
#[allow(non_upper_case_globals)]
448449
pub static secp256k1_context_no_precomp: &Context = &Context(0);
449450

451+
pub static mut UNSAFE_CRYPTO_FUZZING: bool = false;
452+
pub const UNSAFE_CRYPTO_WARNING: &str = "Tried fuzzing without setting the UNSAFE_CRYPTO_FUZZING variable";
453+
450454
extern "C" {
451455
#[cfg_attr(not(feature = "external-symbols"), link_name = "rustsecp256k1_v0_1_1_ecdh_hash_function_default")]
452456
pub static secp256k1_ecdh_hash_function_default: EcdhHashFn;
@@ -457,36 +461,43 @@ mod fuzz_dummy {
457461
// Contexts
458462
/// Creates a dummy context, tracking flags to ensure proper calling semantics
459463
pub unsafe fn secp256k1_context_preallocated_create(_ptr: *mut c_void, flags: c_uint) -> *mut Context {
464+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
460465
let b = Box::new(Context(flags as i32));
461466
Box::into_raw(b)
462467
}
463468

464469
/// Return dummy size of context struct.
465470
pub unsafe fn secp256k1_context_preallocated_size(_flags: c_uint) -> size_t {
471+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
466472
mem::size_of::<Context>()
467473
}
468474

469475
/// Return dummy size of context struct.
470476
pub unsafe fn secp256k1_context_preallocated_clone_size(_cx: *mut Context) -> size_t {
477+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
471478
mem::size_of::<Context>()
472479
}
473480

474481
/// Copies a dummy context
475482
pub unsafe fn secp256k1_context_preallocated_clone(cx: *const Context, prealloc: *mut c_void) -> *mut Context {
483+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
476484
let ret = prealloc as *mut Context;
477485
*ret = (*cx).clone();
478486
ret
479487
}
480488

481489
/// "Destroys" a dummy context
482-
pub unsafe fn secp256k1_context_preallocated_destroy(cx: *mut Context) {
490+
pub unsafe fn secp256k1_context_preallocated_destroy(cx: *mut Context)
491+
{
492+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
483493
(*cx).0 = 0;
484494
}
485495

486496
/// Asserts that cx is properly initialized
487497
pub unsafe fn secp256k1_context_randomize(cx: *mut Context,
488498
_seed32: *const c_uchar)
489499
-> c_int {
500+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
490501
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
491502
1
492503
}
@@ -496,6 +507,7 @@ mod fuzz_dummy {
496507
pub unsafe fn secp256k1_ec_pubkey_parse(cx: *const Context, pk: *mut PublicKey,
497508
input: *const c_uchar, in_len: size_t)
498509
-> c_int {
510+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
499511
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
500512
match in_len {
501513
33 => {
@@ -524,6 +536,7 @@ mod fuzz_dummy {
524536
out_len: *mut size_t, pk: *const PublicKey,
525537
compressed: c_uint)
526538
-> c_int {
539+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
527540
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
528541
if test_pk_validate(cx, pk) != 1 { return 0; }
529542
if compressed == SECP256K1_SER_COMPRESSED {
@@ -555,6 +568,7 @@ mod fuzz_dummy {
555568
pub unsafe fn secp256k1_ecdsa_signature_parse_compact(cx: *const Context, sig: *mut Signature,
556569
input64: *const c_uchar)
557570
-> c_int {
571+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
558572
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
559573
if secp256k1_ec_seckey_verify(cx, input64.offset(32)) != 1 { return 0; } // sig should be msg32||sk
560574
ptr::copy(input64, (*sig).0[..].as_mut_ptr(), 64);
@@ -571,6 +585,7 @@ mod fuzz_dummy {
571585
pub unsafe fn secp256k1_ecdsa_signature_serialize_der(cx: *const Context, output: *mut c_uchar,
572586
out_len: *mut size_t, sig: *const Signature)
573587
-> c_int {
588+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
574589
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
575590

576591
let mut len_r = 33;
@@ -609,6 +624,7 @@ mod fuzz_dummy {
609624
pub unsafe fn secp256k1_ecdsa_signature_serialize_compact(cx: *const Context, output64: *mut c_uchar,
610625
sig: *const Signature)
611626
-> c_int {
627+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
612628
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
613629
ptr::copy((*sig).0[..].as_ptr(), output64, 64);
614630
1
@@ -627,6 +643,7 @@ mod fuzz_dummy {
627643
msg32: *const c_uchar,
628644
pk: *const PublicKey)
629645
-> c_int {
646+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
630647
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
631648
assert!((*cx).0 as u32 & SECP256K1_START_VERIFY == SECP256K1_START_VERIFY);
632649
if test_pk_validate(cx, pk) != 1 { return 0; }
@@ -650,6 +667,7 @@ mod fuzz_dummy {
650667
_noncefn: NonceFn,
651668
_noncedata: *const c_void)
652669
-> c_int {
670+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
653671
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
654672
assert!((*cx).0 as u32 & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
655673
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
@@ -662,6 +680,7 @@ mod fuzz_dummy {
662680
/// Checks that pk != 0xffff...ffff and pk[0..32] == pk[32..64]
663681
pub unsafe fn test_pk_validate(cx: *const Context,
664682
pk: *const PublicKey) -> c_int {
683+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
665684
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
666685
if (*pk).0[0..32] != (*pk).0[32..64] || secp256k1_ec_seckey_verify(cx, (*pk).0[0..32].as_ptr()) == 0 {
667686
0
@@ -673,6 +692,7 @@ mod fuzz_dummy {
673692
/// Checks that sk != 0xffff...ffff
674693
pub unsafe fn secp256k1_ec_seckey_verify(cx: *const Context,
675694
sk: *const c_uchar) -> c_int {
695+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
676696
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
677697
let mut res = 0;
678698
for i in 0..32 {
@@ -684,6 +704,7 @@ mod fuzz_dummy {
684704
/// Sets pk to sk||sk
685705
pub unsafe fn secp256k1_ec_pubkey_create(cx: *const Context, pk: *mut PublicKey,
686706
sk: *const c_uchar) -> c_int {
707+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
687708
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
688709
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
689710
ptr::copy(sk, (*pk).0[0..32].as_mut_ptr(), 32);
@@ -699,6 +720,7 @@ mod fuzz_dummy {
699720
sk: *mut c_uchar,
700721
tweak: *const c_uchar)
701722
-> c_int {
723+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
702724
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
703725
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
704726
ptr::copy(tweak.offset(16), sk.offset(16), 16);
@@ -711,6 +733,7 @@ mod fuzz_dummy {
711733
pk: *mut PublicKey,
712734
tweak: *const c_uchar)
713735
-> c_int {
736+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
714737
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
715738
if test_pk_validate(cx, pk) != 1 { return 0; }
716739
ptr::copy(tweak.offset(16), (*pk).0[16..32].as_mut_ptr(), 16);
@@ -725,6 +748,7 @@ mod fuzz_dummy {
725748
sk: *mut c_uchar,
726749
tweak: *const c_uchar)
727750
-> c_int {
751+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
728752
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
729753
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }
730754
ptr::copy(tweak.offset(16), sk.offset(16), 16);
@@ -737,6 +761,7 @@ mod fuzz_dummy {
737761
pk: *mut PublicKey,
738762
tweak: *const c_uchar)
739763
-> c_int {
764+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
740765
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
741766
if test_pk_validate(cx, pk) != 1 { return 0; }
742767
ptr::copy(tweak.offset(16), (*pk).0[16..32].as_mut_ptr(), 16);
@@ -751,6 +776,7 @@ mod fuzz_dummy {
751776
ins: *const *const PublicKey,
752777
n: c_int)
753778
-> c_int {
779+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
754780
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
755781
assert!(n <= 32 && n >= 0); //TODO: Remove this restriction?
756782
for i in 0..n {
@@ -772,6 +798,7 @@ mod fuzz_dummy {
772798
_hashfp: EcdhHashFn,
773799
_data: *mut c_void,
774800
) -> c_int {
801+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
775802
assert!(!cx.is_null() && (*cx).0 as u32 & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
776803
if secp256k1_ec_seckey_verify(cx, scalar) != 1 { return 0; }
777804

secp256k1-sys/src/recovery.rs

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,7 @@ mod fuzz_dummy {
108108
_noncefn: NonceFn,
109109
_noncedata: *const c_void)
110110
-> c_int {
111+
assert!(UNSAFE_CRYPTO_FUZZING, UNSAFE_CRYPTO_WARNING);
111112
assert!(!cx.is_null() && (*cx).flags() & !(SECP256K1_START_NONE | SECP256K1_START_VERIFY | SECP256K1_START_SIGN) == 0);
112113
assert!((*cx).flags() & SECP256K1_START_SIGN == SECP256K1_START_SIGN);
113114
if secp256k1_ec_seckey_verify(cx, sk) != 1 { return 0; }

0 commit comments

Comments
 (0)