aboutsummaryrefslogtreecommitdiff
path: root/src/test
diff options
context:
space:
mode:
authorMarcoFalke <falke.marco@gmail.com>2020-03-18 15:48:22 -0400
committerMarcoFalke <falke.marco@gmail.com>2020-03-18 15:48:27 -0400
commite83a1de4c03f305f4a89febc648168003a6e7987 (patch)
tree8723b0fe088395b2588e2e762e98d945b0ea882f /src/test
parentdbb067da389d457e73c6ecbf6389baa3ab082b46 (diff)
parent5e47b19e50cf5a8de77dfe363988522cfd212c06 (diff)
Merge #18155: tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker
5e47b19e50cf5a8de77dfe363988522cfd212c06 tests: Add harness which fuzzes EvalScript and VerifyScript using a fuzzed signature checker (practicalswift) Pull request description: Add harness which fuzzes `EvalScript` and `VerifyScript` using a fuzzed signature checker. Test this PR using: ``` $ make distclean $ ./autogen.sh $ CC=clang CXX=clang++ ./configure --enable-fuzz \ --with-sanitizers=address,fuzzer,undefined $ make $ src/test/fuzz/signature_checker … ``` Closes #17986. Top commit has no ACKs. Tree-SHA512: a9988f8fa7919fe470756ca3e4e75764a589f590769aab452c8f4c254cf41667793e52131d470a12629ec3681fa7fc20091f371b8f3e3eec105674c2769e7d7e
Diffstat (limited to 'src/test')
-rw-r--r--src/test/fuzz/signature_checker.cpp68
1 files changed, 68 insertions, 0 deletions
diff --git a/src/test/fuzz/signature_checker.cpp b/src/test/fuzz/signature_checker.cpp
new file mode 100644
index 0000000000..312db27adc
--- /dev/null
+++ b/src/test/fuzz/signature_checker.cpp
@@ -0,0 +1,68 @@
+// Copyright (c) 2009-2019 The Bitcoin Core developers
+// Distributed under the MIT software license, see the accompanying
+// file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+#include <pubkey.h>
+#include <script/interpreter.h>
+#include <test/fuzz/FuzzedDataProvider.h>
+#include <test/fuzz/fuzz.h>
+#include <util/memory.h>
+
+#include <cstdint>
+#include <limits>
+#include <string>
+#include <vector>
+
+void initialize()
+{
+ static const auto verify_handle = MakeUnique<ECCVerifyHandle>();
+}
+
+namespace {
+class FuzzedSignatureChecker : public BaseSignatureChecker
+{
+ FuzzedDataProvider& m_fuzzed_data_provider;
+
+public:
+ FuzzedSignatureChecker(FuzzedDataProvider& fuzzed_data_provider) : m_fuzzed_data_provider(fuzzed_data_provider)
+ {
+ }
+
+ virtual bool CheckSig(const std::vector<unsigned char>& scriptSig, const std::vector<unsigned char>& vchPubKey, const CScript& scriptCode, SigVersion sigversion) const
+ {
+ return m_fuzzed_data_provider.ConsumeBool();
+ }
+
+ virtual bool CheckLockTime(const CScriptNum& nLockTime) const
+ {
+ return m_fuzzed_data_provider.ConsumeBool();
+ }
+
+ virtual bool CheckSequence(const CScriptNum& nSequence) const
+ {
+ return m_fuzzed_data_provider.ConsumeBool();
+ }
+
+ virtual ~FuzzedSignatureChecker() {}
+};
+} // namespace
+
+void test_one_input(const std::vector<uint8_t>& buffer)
+{
+ FuzzedDataProvider fuzzed_data_provider(buffer.data(), buffer.size());
+ const unsigned int flags = fuzzed_data_provider.ConsumeIntegral<unsigned int>();
+ const SigVersion sig_version = fuzzed_data_provider.PickValueInArray({SigVersion::BASE, SigVersion::WITNESS_V0});
+ const std::string script_string_1 = fuzzed_data_provider.ConsumeRandomLengthString(65536);
+ const std::vector<uint8_t> script_bytes_1{script_string_1.begin(), script_string_1.end()};
+ const std::string script_string_2 = fuzzed_data_provider.ConsumeRandomLengthString(65536);
+ const std::vector<uint8_t> script_bytes_2{script_string_2.begin(), script_string_2.end()};
+ std::vector<std::vector<unsigned char>> stack;
+ (void)EvalScript(stack, {script_bytes_1.begin(), script_bytes_1.end()}, flags, FuzzedSignatureChecker(fuzzed_data_provider), sig_version, nullptr);
+ if ((flags & SCRIPT_VERIFY_CLEANSTACK) != 0 && ((flags & SCRIPT_VERIFY_P2SH) == 0 || (flags & SCRIPT_VERIFY_WITNESS) == 0)) {
+ return;
+ }
+ if ((flags & SCRIPT_VERIFY_WITNESS) != 0 && (flags & SCRIPT_VERIFY_P2SH) == 0) {
+ return;
+ }
+ (void)VerifyScript({script_bytes_1.begin(), script_bytes_1.end()}, {script_bytes_2.begin(), script_bytes_2.end()}, nullptr, flags, FuzzedSignatureChecker(fuzzed_data_provider), nullptr);
+}