1 files changed, 49 insertions, 208 deletions
diff --git a/fuzz/fuzz_mgmt.c b/fuzz/fuzz_mgmt.c
index 741b375..d46daf6 100644
--- a/fuzz/fuzz_mgmt.c
+++ b/fuzz/fuzz_mgmt.c
@@ -11,6 +11,8 @@
 #include <string.h>
 #include "mutator_aux.h"
+#include "wiredata_fido2.h"
+#include "dummy.h"
 #include "fido.h"
 #include "../openbsd-compat/openbsd-compat.h"
@@ -35,207 +37,39 @@ struct param {
        int             seed;
 };
-/* Example parameters. */
-static const char dummy_pin1[] = "skepp cg0u3;Y..";
-static const char dummy_pin2[] = "bastilha 6rJrfQZI.";
 static const uint8_t dummy_reset_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x91,
+        WIREDATA_CTAP_INIT,
-        0xef, 0xbe, 0x74, 0x39, 0x1a, 0x1c, 0x4a, 0x00,
+        WIREDATA_CTAP_CBOR_INFO,
-        0x22, 0x00, 0x01, 0x02, 0x05, 0x02, 0x01, 0x05,
+        WIREDATA_CTAP_KEEPALIVE,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_KEEPALIVE,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_KEEPALIVE,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_CBOR_RESET,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x01,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x01, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 static const uint8_t dummy_info_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80,
+        WIREDATA_CTAP_INIT,
-        0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00,
+        WIREDATA_CTAP_CBOR_INFO,
-        0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05,
+        WIREDATA_CTAP_CBOR_INFO,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00,
-        0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f,
-        0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f,
-        0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f,
-        0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45,
-        0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50,
-        0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68,
-        0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72,
-        0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03,
-        0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45,
-        0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc,
-        0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62,
-        0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74,
-        0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
-        0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65,
-        0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d,
-        0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74,
-        0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5,
-        0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07,
-        0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63,
-        0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70,
-        0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
-        0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c,
-        0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a,
-        0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62,
-        0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 static const uint8_t dummy_set_pin_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x59,
+        WIREDATA_CTAP_INIT,
-        0x50, 0x8c, 0x27, 0x14, 0x83, 0x43, 0xd5, 0x00,
+        WIREDATA_CTAP_CBOR_INFO,
-        0x22, 0x00, 0x03, 0x02, 0x05, 0x02, 0x01, 0x05,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_CBOR_STATUS,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
-        0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
-        0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
-        0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
-        0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
-        0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
-        0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60,
-        0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
-        0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
-        0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 static const uint8_t dummy_change_pin_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x48,
+        WIREDATA_CTAP_INIT,
-        0xfd, 0xf9, 0xde, 0x28, 0x21, 0x99, 0xd5, 0x00,
+        WIREDATA_CTAP_CBOR_INFO,
-        0x22, 0x00, 0x04, 0x02, 0x05, 0x02, 0x01, 0x05,
+        WIREDATA_CTAP_CBOR_AUTHKEY,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+        WIREDATA_CTAP_CBOR_STATUS,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
-        0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
-        0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
-        0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
-        0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
-        0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
-        0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
-        0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
-        0x00, 0x22, 0x00, 0x04, 0x00, 0x3f, 0xf1, 0x60,
-        0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
-        0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
-        0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x01, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 static const uint8_t dummy_retry_wire_data[] = {
-        0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x7f,
+        WIREDATA_CTAP_INIT,
-        0xaa, 0x73, 0x3e, 0x95, 0x98, 0xa8, 0x60, 0x00,
+        WIREDATA_CTAP_CBOR_INFO,
-        0x22, 0x00, 0x05, 0x02, 0x05, 0x02, 0x01, 0x05,
+        WIREDATA_CTAP_CBOR_RETRIES,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x22, 0x00, 0x05, 0x90, 0x00, 0x04, 0x00,
-        0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
-        0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
 };
 int    LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -277,12 +111,20 @@ pack(uint8_t *ptr, size_t len, const struct param *p)
        return (max - len);
 }
+static size_t
+input_len(int max)
+{
+        return (2 * len_string(max) + 5 * len_blob(max) + len_int());
+}
 static fido_dev_t *
 prepare_dev()
 {
        fido_dev_t      *dev;
        fido_dev_io_t    io;
+        memset(&io, 0, sizeof(io));
        io.open = dev_open;
        io.close = dev_close;
        io.read = dev_read;
@@ -304,9 +146,8 @@ dev_reset(struct param *p)
        set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len);
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                return;
-        }
        fido_dev_reset(dev);
        fido_dev_close(dev);
@@ -327,9 +168,8 @@ dev_get_cbor_info(struct param *p)
        set_wire_data(p->info_wire_data.body, p->info_wire_data.len);
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                return;
-        }
        proto = fido_dev_protocol(dev);
        major = fido_dev_major(dev);
@@ -343,15 +183,10 @@ dev_get_cbor_info(struct param *p)
        consume(&build, sizeof(build));
        consume(&flags, sizeof(flags));
-        if ((ci = fido_cbor_info_new()) == NULL) {
+        if ((ci = fido_cbor_info_new()) == NULL)
-                fido_dev_close(dev);
+                goto out;
-                fido_dev_free(&dev);
-                return;
-        }
        fido_dev_get_cbor_info(dev, ci);
-        fido_dev_close(dev);
-        fido_dev_free(&dev);
        for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) {
                char * const *sa = fido_cbor_info_versions_ptr(ci);
@@ -372,10 +207,17 @@ dev_get_cbor_info(struct param *p)
        n = fido_cbor_info_maxmsgsiz(ci);
        consume(&n, sizeof(n));
+        n = fido_cbor_info_fwversion(ci);
+        consume(&n, sizeof(n));
        consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));
        consume(fido_cbor_info_protocols_ptr(ci),
            fido_cbor_info_protocols_len(ci));
+out:
+        fido_dev_close(dev);
+        fido_dev_free(&dev);
        fido_cbor_info_free(&ci);
 }
@@ -386,9 +228,8 @@ dev_set_pin(struct param *p)
        set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len);
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                return;
-        }
        fido_dev_set_pin(dev, p->pin1, NULL);
        fido_dev_close(dev);
@@ -402,9 +243,8 @@ dev_change_pin(struct param *p)
        set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len);
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                return;
-        }
        fido_dev_set_pin(dev, p->pin2, p->pin1);
        fido_dev_close(dev);
@@ -419,9 +259,8 @@ dev_get_retry_count(struct param *p)
        set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len);
-        if ((dev = prepare_dev()) == NULL) {
+        if ((dev = prepare_dev()) == NULL)
                return;
-        }
        fido_dev_get_retry_count(dev, &n);
        consume(&n, sizeof(n));
@@ -436,12 +275,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
        memset(&p, 0, sizeof(p));
-        if (unpack(data, size, &p) < 0)
+        if (size < input_len(GETLEN_MIN) || size > input_len(GETLEN_MAX) ||
+            unpack(data, size, &p) < 0)
                return (0);
-        srandom((unsigned int)p.seed);
+        prng_init((unsigned int)p.seed);
-        fido_init(0);
+        fido_init(FIDO_DEBUG);
+        fido_set_log_handler(consume_str);
        dev_reset(&p);
        dev_get_cbor_info(&p);

diff --git a/fuzz/fuzz_mgmt.c b/fuzz/fuzz_mgmt.c index 741b375..d46daf6 100644 --- a/fuzz/fuzz_mgmt.c +++ b/fuzz/fuzz_mgmt.c
@@ -11,6 +11,8 @@
11	#include <string.h>	11	#include <string.h>
12		12
13	#include "mutator_aux.h"	13	#include "mutator_aux.h"
		14	#include "wiredata_fido2.h"
		15	#include "dummy.h"
14	#include "fido.h"	16	#include "fido.h"
15		17
16	#include "../openbsd-compat/openbsd-compat.h"	18	#include "../openbsd-compat/openbsd-compat.h"
@@ -35,207 +37,39 @@ struct param {
35	int seed;	37	int seed;
36	};	38	};
37		39
38	/* Example parameters. */
39	static const char dummy_pin1[] = "skepp cg0u3;Y..";
40	static const char dummy_pin2[] = "bastilha 6rJrfQZI.";
41
42	static const uint8_t dummy_reset_wire_data[] = {	40	static const uint8_t dummy_reset_wire_data[] = {
43	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x91,	41	WIREDATA_CTAP_INIT,
44	0xef, 0xbe, 0x74, 0x39, 0x1a, 0x1c, 0x4a, 0x00,	42	WIREDATA_CTAP_CBOR_INFO,
45	0x22, 0x00, 0x01, 0x02, 0x05, 0x02, 0x01, 0x05,	43	WIREDATA_CTAP_KEEPALIVE,
46	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	44	WIREDATA_CTAP_KEEPALIVE,
47	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	45	WIREDATA_CTAP_KEEPALIVE,
48	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	46	WIREDATA_CTAP_CBOR_RESET,
49	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
50	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
51	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
52	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
53	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
54	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
55	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
56	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
57	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
58	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
59	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
60	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
61	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
62	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
63	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
64	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
65	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
66	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
67	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
68	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
69	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
70	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
71	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
72	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
73	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
74	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
75	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
76	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
77	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
78	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
79	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
80	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
81	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
82	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
83	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x02,
84	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
85	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
86	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
87	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
88	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
89	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
90	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
91	0x00, 0x22, 0x00, 0x01, 0xbb, 0x00, 0x01, 0x01,
92	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
93	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
94	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
95	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
96	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
97	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
98	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
99	0x00, 0x22, 0x00, 0x01, 0x90, 0x00, 0x01, 0x00,
100	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
101	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
102	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
103	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
104	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
105	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
106	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
107	};	47	};
108		48
109	static const uint8_t dummy_info_wire_data[] = {	49	static const uint8_t dummy_info_wire_data[] = {
110	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x80,	50	WIREDATA_CTAP_INIT,
111	0x43, 0x56, 0x40, 0xb1, 0x4e, 0xd9, 0x2d, 0x00,	51	WIREDATA_CTAP_CBOR_INFO,
112	0x22, 0x00, 0x02, 0x02, 0x05, 0x02, 0x01, 0x05,	52	WIREDATA_CTAP_CBOR_INFO,
113	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
114	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
115	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
116	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
117	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
118	0x00, 0x22, 0x00, 0x02, 0x90, 0x00, 0xb9, 0x00,
119	0xa9, 0x01, 0x83, 0x66, 0x55, 0x32, 0x46, 0x5f,
120	0x56, 0x32, 0x68, 0x46, 0x49, 0x44, 0x4f, 0x5f,
121	0x32, 0x5f, 0x30, 0x6c, 0x46, 0x49, 0x44, 0x4f,
122	0x5f, 0x32, 0x5f, 0x31, 0x5f, 0x50, 0x52, 0x45,
123	0x02, 0x82, 0x6b, 0x63, 0x72, 0x65, 0x64, 0x50,
124	0x72, 0x6f, 0x74, 0x65, 0x63, 0x74, 0x6b, 0x68,
125	0x6d, 0x61, 0x63, 0x2d, 0x73, 0x65, 0x63, 0x72,
126	0x00, 0x22, 0x00, 0x02, 0x00, 0x65, 0x74, 0x03,
127	0x50, 0x19, 0x56, 0xe5, 0xbd, 0xa3, 0x74, 0x45,
128	0xf1, 0xa8, 0x14, 0x35, 0x64, 0x03, 0xfd, 0xbc,
129	0x18, 0x04, 0xa5, 0x62, 0x72, 0x6b, 0xf5, 0x62,
130	0x75, 0x70, 0xf5, 0x64, 0x70, 0x6c, 0x61, 0x74,
131	0xf4, 0x69, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74,
132	0x50, 0x69, 0x6e, 0xf4, 0x75, 0x63, 0x72, 0x65,
133	0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4d,
134	0x00, 0x22, 0x00, 0x02, 0x01, 0x67, 0x6d, 0x74,
135	0x50, 0x72, 0x65, 0x76, 0x69, 0x65, 0x77, 0xf5,
136	0x05, 0x19, 0x04, 0xb0, 0x06, 0x81, 0x01, 0x07,
137	0x08, 0x08, 0x18, 0x80, 0x0a, 0x82, 0xa2, 0x63,
138	0x61, 0x6c, 0x67, 0x26, 0x64, 0x74, 0x79, 0x70,
139	0x65, 0x6a, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63,
140	0x2d, 0x6b, 0x65, 0x79, 0xa2, 0x63, 0x61, 0x6c,
141	0x67, 0x27, 0x64, 0x74, 0x79, 0x70, 0x65, 0x6a,
142	0x00, 0x22, 0x00, 0x02, 0x02, 0x70, 0x75, 0x62,
143	0x6c, 0x69, 0x63, 0x2d, 0x6b, 0x65, 0x79, 0x00,
144	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
145	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
146	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
147	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
148	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
149	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
150	};	53	};
151		54
152	static const uint8_t dummy_set_pin_wire_data[] = {	55	static const uint8_t dummy_set_pin_wire_data[] = {
153	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x59,	56	WIREDATA_CTAP_INIT,
154	0x50, 0x8c, 0x27, 0x14, 0x83, 0x43, 0xd5, 0x00,	57	WIREDATA_CTAP_CBOR_INFO,
155	0x22, 0x00, 0x03, 0x02, 0x05, 0x02, 0x01, 0x05,	58	WIREDATA_CTAP_CBOR_AUTHKEY,
156	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	59	WIREDATA_CTAP_CBOR_STATUS,
157	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
158	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
159	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
161	0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x51, 0x00,
162	0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
163	0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
164	0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
165	0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
166	0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
167	0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
168	0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
169	0x00, 0x22, 0x00, 0x03, 0x00, 0x3f, 0xf1, 0x60,
170	0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
171	0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
172	0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
173	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
174	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
175	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
176	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
177	0x00, 0x22, 0x00, 0x03, 0x90, 0x00, 0x01, 0x00,
178	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
179	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
180	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
181	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
182	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
183	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
184	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
185	};	60	};
186		61
187	static const uint8_t dummy_change_pin_wire_data[] = {	62	static const uint8_t dummy_change_pin_wire_data[] = {
188	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x48,	63	WIREDATA_CTAP_INIT,
189	0xfd, 0xf9, 0xde, 0x28, 0x21, 0x99, 0xd5, 0x00,	64	WIREDATA_CTAP_CBOR_INFO,
190	0x22, 0x00, 0x04, 0x02, 0x05, 0x02, 0x01, 0x05,	65	WIREDATA_CTAP_CBOR_AUTHKEY,
191	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,	66	WIREDATA_CTAP_CBOR_STATUS,
192	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
193	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
194	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
195	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
196	0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x51, 0x00,
197	0xa1, 0x01, 0xa5, 0x01, 0x02, 0x03, 0x38, 0x18,
198	0x20, 0x01, 0x21, 0x58, 0x20, 0x2a, 0xb8, 0x2d,
199	0x36, 0x69, 0xab, 0x30, 0x9d, 0xe3, 0x5e, 0x9b,
200	0xfb, 0x94, 0xfc, 0x1d, 0x92, 0x95, 0xaf, 0x01,
201	0x47, 0xfe, 0x4b, 0x87, 0xe5, 0xcf, 0x3f, 0x05,
202	0x0b, 0x39, 0xda, 0x17, 0x49, 0x22, 0x58, 0x20,
203	0x15, 0x1b, 0xbe, 0x08, 0x78, 0x60, 0x4d, 0x3c,
204	0x00, 0x22, 0x00, 0x04, 0x00, 0x3f, 0xf1, 0x60,
205	0xa6, 0xd8, 0xf8, 0xed, 0xce, 0x4a, 0x30, 0x5d,
206	0x1a, 0xaf, 0x80, 0xc4, 0x0a, 0xd2, 0x6f, 0x77,
207	0x38, 0x12, 0x97, 0xaa, 0xbd, 0x00, 0x00, 0x00,
208	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
209	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
210	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
211	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
212	0x00, 0x22, 0x00, 0x04, 0x90, 0x00, 0x01, 0x00,
213	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
214	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
215	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
216	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
217	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
218	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
219	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
220	};	67	};
221		68
222	static const uint8_t dummy_retry_wire_data[] = {	69	static const uint8_t dummy_retry_wire_data[] = {
223	0xff, 0xff, 0xff, 0xff, 0x86, 0x00, 0x11, 0x7f,	70	WIREDATA_CTAP_INIT,
224	0xaa, 0x73, 0x3e, 0x95, 0x98, 0xa8, 0x60, 0x00,	71	WIREDATA_CTAP_CBOR_INFO,
225	0x22, 0x00, 0x05, 0x02, 0x05, 0x02, 0x01, 0x05,	72	WIREDATA_CTAP_CBOR_RETRIES,
226	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
227	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
228	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
229	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231	0x00, 0x22, 0x00, 0x05, 0x90, 0x00, 0x04, 0x00,
232	0xa1, 0x03, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00,
233	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
234	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
235	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
236	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
237	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
238	0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
239	};	73	};
240		74
241	int LLVMFuzzerTestOneInput(const uint8_t *, size_t);	75	int LLVMFuzzerTestOneInput(const uint8_t *, size_t);
@@ -277,12 +111,20 @@ pack(uint8_t ptr, size_t len, const struct param p)
277	return (max - len);	111	return (max - len);
278	}	112	}
279		113
		114	static size_t
		115	input_len(int max)
		116	{
		117	return (2 * len_string(max) + 5 * len_blob(max) + len_int());
		118	}
		119
280	static fido_dev_t *	120	static fido_dev_t *
281	prepare_dev()	121	prepare_dev()
282	{	122	{
283	fido_dev_t *dev;	123	fido_dev_t *dev;
284	fido_dev_io_t io;	124	fido_dev_io_t io;
285		125
		126	memset(&io, 0, sizeof(io));
		127
286	io.open = dev_open;	128	io.open = dev_open;
287	io.close = dev_close;	129	io.close = dev_close;
288	io.read = dev_read;	130	io.read = dev_read;
@@ -304,9 +146,8 @@ dev_reset(struct param *p)
304		146
305	set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len);	147	set_wire_data(p->reset_wire_data.body, p->reset_wire_data.len);
306		148
307	if ((dev = prepare_dev()) == NULL) {	149	if ((dev = prepare_dev()) == NULL)
308	return;	150	return;
309	}
310		151
311	fido_dev_reset(dev);	152	fido_dev_reset(dev);
312	fido_dev_close(dev);	153	fido_dev_close(dev);
@@ -327,9 +168,8 @@ dev_get_cbor_info(struct param *p)
327		168
328	set_wire_data(p->info_wire_data.body, p->info_wire_data.len);	169	set_wire_data(p->info_wire_data.body, p->info_wire_data.len);
329		170
330	if ((dev = prepare_dev()) == NULL) {	171	if ((dev = prepare_dev()) == NULL)
331	return;	172	return;
332	}
333		173
334	proto = fido_dev_protocol(dev);	174	proto = fido_dev_protocol(dev);
335	major = fido_dev_major(dev);	175	major = fido_dev_major(dev);
@@ -343,15 +183,10 @@ dev_get_cbor_info(struct param *p)
343	consume(&build, sizeof(build));	183	consume(&build, sizeof(build));
344	consume(&flags, sizeof(flags));	184	consume(&flags, sizeof(flags));
345		185
346	if ((ci = fido_cbor_info_new()) == NULL) {	186	if ((ci = fido_cbor_info_new()) == NULL)
347	fido_dev_close(dev);	187	goto out;
348	fido_dev_free(&dev);
349	return;
350	}
351		188
352	fido_dev_get_cbor_info(dev, ci);	189	fido_dev_get_cbor_info(dev, ci);
353	fido_dev_close(dev);
354	fido_dev_free(&dev);
355		190
356	for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) {	191	for (size_t i = 0; i < fido_cbor_info_versions_len(ci); i++) {
357	char * const *sa = fido_cbor_info_versions_ptr(ci);	192	char * const *sa = fido_cbor_info_versions_ptr(ci);
@@ -372,10 +207,17 @@ dev_get_cbor_info(struct param *p)
372	n = fido_cbor_info_maxmsgsiz(ci);	207	n = fido_cbor_info_maxmsgsiz(ci);
373	consume(&n, sizeof(n));	208	consume(&n, sizeof(n));
374		209
		210	n = fido_cbor_info_fwversion(ci);
		211	consume(&n, sizeof(n));
		212
375	consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));	213	consume(fido_cbor_info_aaguid_ptr(ci), fido_cbor_info_aaguid_len(ci));
376	consume(fido_cbor_info_protocols_ptr(ci),	214	consume(fido_cbor_info_protocols_ptr(ci),
377	fido_cbor_info_protocols_len(ci));	215	fido_cbor_info_protocols_len(ci));
378		216
		217	out:
		218	fido_dev_close(dev);
		219	fido_dev_free(&dev);
		220
379	fido_cbor_info_free(&ci);	221	fido_cbor_info_free(&ci);
380	}	222	}
381		223
@@ -386,9 +228,8 @@ dev_set_pin(struct param *p)
386		228
387	set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len);	229	set_wire_data(p->set_pin_wire_data.body, p->set_pin_wire_data.len);
388		230
389	if ((dev = prepare_dev()) == NULL) {	231	if ((dev = prepare_dev()) == NULL)
390	return;	232	return;
391	}
392		233
393	fido_dev_set_pin(dev, p->pin1, NULL);	234	fido_dev_set_pin(dev, p->pin1, NULL);
394	fido_dev_close(dev);	235	fido_dev_close(dev);
@@ -402,9 +243,8 @@ dev_change_pin(struct param *p)
402		243
403	set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len);	244	set_wire_data(p->change_pin_wire_data.body, p->change_pin_wire_data.len);
404		245
405	if ((dev = prepare_dev()) == NULL) {	246	if ((dev = prepare_dev()) == NULL)
406	return;	247	return;
407	}
408		248
409	fido_dev_set_pin(dev, p->pin2, p->pin1);	249	fido_dev_set_pin(dev, p->pin2, p->pin1);
410	fido_dev_close(dev);	250	fido_dev_close(dev);
@@ -419,9 +259,8 @@ dev_get_retry_count(struct param *p)
419		259
420	set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len);	260	set_wire_data(p->retry_wire_data.body, p->retry_wire_data.len);
421		261
422	if ((dev = prepare_dev()) == NULL) {	262	if ((dev = prepare_dev()) == NULL)
423	return;	263	return;
424	}
425		264
426	fido_dev_get_retry_count(dev, &n);	265	fido_dev_get_retry_count(dev, &n);
427	consume(&n, sizeof(n));	266	consume(&n, sizeof(n));
@@ -436,12 +275,14 @@ LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
436		275
437	memset(&p, 0, sizeof(p));	276	memset(&p, 0, sizeof(p));
438		277
439	if (unpack(data, size, &p) < 0)	278	if (size < input_len(GETLEN_MIN) \|\| size > input_len(GETLEN_MAX) \|\|
		279	unpack(data, size, &p) < 0)
440	return (0);	280	return (0);
441		281
442	srandom((unsigned int)p.seed);	282	prng_init((unsigned int)p.seed);
443		283
444	fido_init(0);	284	fido_init(FIDO_DEBUG);
		285	fido_set_log_handler(consume_str);
445		286
446	dev_reset(&p);	287	dev_reset(&p);
447	dev_get_cbor_info(&p);	288	dev_get_cbor_info(&p);