From 4d94a114b5cdd773e12fdb103e73c5bf3ddbcadb Mon Sep 17 00:00:00 2001 From: Chandra Pratap Date: Thu, 5 Jun 2025 05:25:08 +0000 Subject: [PATCH 1/2] fuzz-tests: get rid of magic numbers in `fuzz-hsm_encryption.c` Changelog-None: `fuzz-hsm_encryption.c` hard codes the lengths sizeof(struct secret) as 32 and crypto_pwhash_argon2id_PASSWD_MAX as 4294967295. Replace the latter with the former to improve readability and maintainability. While at it, replace the `tal_free()` call on our secret key with `discard_key()`. This has the benefit of testing `discard_key()`. --- tests/fuzz/fuzz-hsm_encryption.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/tests/fuzz/fuzz-hsm_encryption.c b/tests/fuzz/fuzz-hsm_encryption.c index 168fc2540264..1bc738ee8a31 100644 --- a/tests/fuzz/fuzz-hsm_encryption.c +++ b/tests/fuzz/fuzz-hsm_encryption.c @@ -11,9 +11,9 @@ void init(int *argc, char ***argv) void run(const uint8_t *data, size_t size) { - /* 4294967295 is crypto_pwhash_argon2id_PASSWD_MAX. libfuzzer won't - * generate inputs that large in practice, but hey. */ - if (size > 32 && size < 4294967295) { + /* LibFuzzer won't generate inputs larger than + * crypto_pwhash_argon2id_PASSWD_MAX in practice, but hey. */ + if (size > sizeof(struct secret) && size < crypto_pwhash_argon2id_PASSWD_MAX) { struct secret *hsm_secret, decrypted_hsm_secret, encryption_key; char *passphrase; struct encrypted_hsm_secret encrypted_secret; @@ -21,8 +21,8 @@ void run(const uint8_t *data, size_t size) /* Take the first 32 bytes as the plaintext hsm_secret seed, * and the remaining ones as the passphrase. */ - hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, 32, 0); - passphrase = to_string(NULL, data + 32, size - 32); + hsm_secret = (struct secret *)tal_dup_arr(NULL, u8, data, sizeof(struct secret), 0); + passphrase = to_string(NULL, data + sizeof(struct secret), size - sizeof(struct secret)); /* A valid seed, a valid passphrase. This should not fail. */ assert(!hsm_secret_encryption_key_with_exitcode(passphrase, &encryption_key, &emsg)); @@ -35,7 +35,7 @@ void run(const uint8_t *data, size_t size) decrypted_hsm_secret.data, sizeof(decrypted_hsm_secret.data))); - tal_free(hsm_secret); + discard_key(hsm_secret); tal_free(passphrase); } } From 8cea2f32162dad910b928fbfb6998c7353fc5ed8 Mon Sep 17 00:00:00 2001 From: Chandra Pratap Date: Thu, 5 Jun 2025 05:48:14 +0000 Subject: [PATCH 2/2] fuzz-tests: Add coverage-increasing inputs to seed corpora Change in the fuzzing scheme of fuzz-hsm_encryption led to the discovery of test inputs that result in greater in code coverage. Add these inputs to the test's seed corpus. --- .../23310b00d98159b5b169b2b919f4af986233e4a0 | 1 + .../25172a8f2d48f9081b884ed5066cb4fc41a7099d | Bin 0 -> 74 bytes 2 files changed, 1 insertion(+) create mode 100644 tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0 create mode 100644 tests/fuzz/corpora/fuzz-hsm_encryption/25172a8f2d48f9081b884ed5066cb4fc41a7099d diff --git a/tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0 b/tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0 new file mode 100644 index 000000000000..4662158191f7 --- /dev/null +++ b/tests/fuzz/corpora/fuzz-hsm_encryption/23310b00d98159b5b169b2b919f4af986233e4a0 @@ -0,0 +1 @@ +QQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQ- \ No newline at end of file diff --git a/tests/fuzz/corpora/fuzz-hsm_encryption/25172a8f2d48f9081b884ed5066cb4fc41a7099d b/tests/fuzz/corpora/fuzz-hsm_encryption/25172a8f2d48f9081b884ed5066cb4fc41a7099d new file mode 100644 index 0000000000000000000000000000000000000000..af96d3a4d7f0ce02f8e531547b6d0134f83ee0f4 GIT binary patch literal 74 QcmWFxBo#2g0g6st05GQ%9RL6T literal 0 HcmV?d00001