[openssl-commits] [openssl] master update
Kurt Roeckx
kurt at openssl.org
Fri Dec 2 23:15:01 UTC 2016
The branch master has been updated
via ef2bf0f57c2282d3b4fd47138052d0ab9a8f2b6a (commit)
via d69d8f904c9c558c7a9455ee816e494690d80ca8 (commit)
via 0282aeb690d63fab73a07191b63300a2fe30d212 (commit)
via 1b6a77a1a0e524492bf26495c19b728730e6b585 (commit)
via 3a9b9b2deb8e19fa10e7c3c99ad0baa2f90f13fa (commit)
via 3a85d05fb3977ddc3b2f97cf4641b73e10bb952b (commit)
via 8087bcb323ce097329eb367fcba945dc2a266def (commit)
via 7d22cceeccb4d3daf53151d164d6c4bca6d26089 (commit)
via da15cb7cd99be8dac3d28f78a0cf97437e9f5fac (commit)
via ad4da7fbc0779fb1730c9862221e19583de69f4f (commit)
via baae2cbc92accf4fa53a7b8faaf3df1153c943f5 (commit)
via f3e911d5ed16db6a129306675e20e51d1ee81e1a (commit)
from 82cb311fa0e1096bc6840fd92973d9b418ff5dde (commit)
- Log -----------------------------------------------------------------
commit ef2bf0f57c2282d3b4fd47138052d0ab9a8f2b6a
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Dec 2 19:49:34 2016 +0100
Run a some tests with -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
The fuzzers use -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, and actually
get different results based on that. We should have at least some
targets that actually fully use the fuzz corpora.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit d69d8f904c9c558c7a9455ee816e494690d80ca8
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Dec 2 19:34:54 2016 +0100
Make the fuzzers more reproducible
We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
blinding that has been set up, ...
So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit 0282aeb690d63fab73a07191b63300a2fe30d212
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Fri Dec 2 19:26:31 2016 +0100
Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit 1b6a77a1a0e524492bf26495c19b728730e6b585
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:50:33 2016 +0100
CMS fuzzer: also use id2
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit 3a9b9b2deb8e19fa10e7c3c99ad0baa2f90f13fa
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:20:34 2016 +0100
Make the random number generator predictable when fuzzing.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit 3a85d05fb3977ddc3b2f97cf4641b73e10bb952b
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:15:43 2016 +0100
Use 8bit-counters when using libfuzzer
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit 8087bcb323ce097329eb367fcba945dc2a266def
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 21:00:21 2016 +0100
bndiv fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit 7d22cceeccb4d3daf53151d164d6c4bca6d26089
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 19:26:19 2016 +0100
bignum fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit da15cb7cd99be8dac3d28f78a0cf97437e9f5fac
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:24:39 2016 +0100
asn1parse: create the out bio during init, free it during cleanup
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit ad4da7fbc0779fb1730c9862221e19583de69f4f
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:13:10 2016 +0100
Add a FuzzerClean() function
This allows to free everything we allocated, so we can detect memory
leaks.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit baae2cbc92accf4fa53a7b8faaf3df1153c943f5
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:12:11 2016 +0100
FuzzerInitialize always exists
There was a time it could be NULL, but that was changed to always have it.
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
commit f3e911d5ed16db6a129306675e20e51d1ee81e1a
Author: Kurt Roeckx <kurt at roeckx.be>
Date: Sat Nov 19 17:10:35 2016 +0100
Fix formatting of fuzzers
Reviewed-by: Rich Salz <rsalz at openssl.org>
GH: #2023
-----------------------------------------------------------------------
Summary of changes:
.travis.yml | 6 ++--
Configure | 4 ---
crypto/rand/md_rand.c | 4 +--
fuzz/README.md | 4 ++-
fuzz/asn1.c | 10 +++++--
fuzz/asn1parse.c | 24 +++++++++++-----
fuzz/bignum.c | 44 ++++++++++++++++++-----------
fuzz/bndiv.c | 49 ++++++++++++++++++++++-----------
fuzz/cms.c | 33 +++++++++++++++++-----
fuzz/conf.c | 14 ++++++++--
fuzz/crl.c | 16 +++++++++--
fuzz/ct.c | 15 ++++++++--
fuzz/driver.c | 12 ++++----
fuzz/fuzzer.h | 1 +
fuzz/server.c | 76 +++++++++++++++++++++++++++++++++++++--------------
fuzz/test-corpus.c | 3 ++
fuzz/x509.c | 15 ++++++++--
17 files changed, 237 insertions(+), 93 deletions(-)
diff --git a/.travis.yml b/.travis.yml
index 4967839..fb9a5fb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -42,16 +42,16 @@ matrix:
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
compiler: gcc-5
- env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers enable-external-tests" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++-5"
+ env: CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers enable-external-tests -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++-5"
- os: linux
compiler: clang-3.6
env: CONFIG_OPTS="enable-msan"
- os: linux
compiler: clang-3.6
- env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg -fno-sanitize=alignment"
+ env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg -fno-sanitize=alignment -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
- os: linux
compiler: clang-3.6
- env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2"
+ env: CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
- os: linux
compiler: gcc-5
env: CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 -DPEDANTIC"
diff --git a/Configure b/Configure
index c005781..45b4175 100755
--- a/Configure
+++ b/Configure
@@ -1110,10 +1110,6 @@ if ($disabled{"dynamic-engine"}) {
$config{dynamic_engines} = 1;
}
-unless ($disabled{"fuzz-libfuzzer"}) {
- $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
-}
-
unless ($disabled{asan}) {
$config{cflags} .= "-fsanitize=address ";
}
diff --git a/crypto/rand/md_rand.c b/crypto/rand/md_rand.c
index 85ce4e6..0cf6e90 100644
--- a/crypto/rand/md_rand.c
+++ b/crypto/rand/md_rand.c
@@ -33,7 +33,7 @@
# include <openssl/fips.h>
#endif
-#ifdef BN_DEBUG
+#if defined(BN_DEBUG) || defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
# define PREDICT
#endif
@@ -307,7 +307,7 @@ static int rand_bytes(unsigned char *buf, int num, int pseudo)
#ifdef PREDICT
if (rand_predictable) {
- static unsigned char val = 0;
+ unsigned char val = 0;
for (i = 0; i < num; i++)
buf[i] = val++;
diff --git a/fuzz/README.md b/fuzz/README.md
index c5a1ba9..69c3881 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -38,7 +38,9 @@ Configure for fuzzing:
$ CC=clang ./config enable-fuzz-libfuzzer \
--with-fuzzer-include=../../svn-work/Fuzzer \
--with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
- -DPEDANTIC enable-asan enable-ubsan no-shared
+ -DPEDANTIC enable-asan enable-ubsan no-shared \
+ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
+ -fsanitize-coverage=edge,indirect-calls,8bit-counters
$ sudo apt-get install make
$ LDCMD=clang++ make -j
$ fuzz/helper.py $FUZZER
diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 5125f36..f7b5571 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -183,11 +183,13 @@ static ASN1_ITEM_EXP *item_type[] = {
NULL
};
-int FuzzerInitialize(int *argc, char ***argv) {
+int FuzzerInitialize(int *argc, char ***argv)
+{
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
int n;
ASN1_PCTX *pctx = ASN1_PCTX_new();
@@ -220,3 +222,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c
index b3a6dab..cf5ef72 100644
--- a/fuzz/asn1parse.c
+++ b/fuzz/asn1parse.c
@@ -16,18 +16,28 @@
#include <openssl/asn1.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+static BIO *bio_out;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ bio_out = BIO_new_file("/dev/null", "w");
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ ERR_get_state();
+ CRYPTO_free_ex_index(0, -1);
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
- static BIO *bio_out;
-
- if (bio_out == NULL)
- bio_out = BIO_new_file("/dev/null", "w");
-
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
(void)ASN1_parse_dump(bio_out, buf, len, 0, 0);
+ ERR_clear_error();
return 0;
}
+
+void FuzzerCleanup(void)
+{
+ BIO_free(bio_out);
+}
diff --git a/fuzz/bignum.c b/fuzz/bignum.c
index 43e134b..e53dd3d 100644
--- a/fuzz/bignum.c
+++ b/fuzz/bignum.c
@@ -17,29 +17,31 @@
#include <openssl/bn.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+static BN_CTX *ctx;
+static BIGNUM *b1;
+static BIGNUM *b2;
+static BIGNUM *b3;
+static BIGNUM *b4;
+static BIGNUM *b5;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ b1 = BN_new();
+ b2 = BN_new();
+ b3 = BN_new();
+ b4 = BN_new();
+ b5 = BN_new();
+ ctx = BN_CTX_new();
+
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
- static BN_CTX *ctx;
- static BIGNUM *b1;
- static BIGNUM *b2;
- static BIGNUM *b3;
- static BIGNUM *b4;
- static BIGNUM *b5;
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
int success = 0;
size_t l1 = 0, l2 = 0, l3 = 0;
int s1 = 0, s2 = 0, s3 = 0;
- if (ctx == NULL) {
- b1 = BN_new();
- b2 = BN_new();
- b3 = BN_new();
- b4 = BN_new();
- b5 = BN_new();
- ctx = BN_CTX_new();
- }
/* Divide the input into three parts, using the values of the first two
* bytes to choose lengths, which generate b1, b2 and b3. Use three bits
* of the third byte to choose signs for the three numbers.
@@ -92,3 +94,13 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
return 0;
}
+
+void FuzzerCleanup(void)
+{
+ BN_free(b1);
+ BN_free(b2);
+ BN_free(b3);
+ BN_free(b4);
+ BN_free(b5);
+ BN_CTX_free(ctx);
+}
diff --git a/fuzz/bndiv.c b/fuzz/bndiv.c
index 45a3937..30d8448 100644
--- a/fuzz/bndiv.c
+++ b/fuzz/bndiv.c
@@ -15,32 +15,38 @@
#include <stdio.h>
#include <openssl/bn.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+static BN_CTX *ctx;
+static BIGNUM *b1;
+static BIGNUM *b2;
+static BIGNUM *b3;
+static BIGNUM *b4;
+static BIGNUM *b5;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ b1 = BN_new();
+ b2 = BN_new();
+ b3 = BN_new();
+ b4 = BN_new();
+ b5 = BN_new();
+ ctx = BN_CTX_new();
+
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ ERR_get_state();
+
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
- static BN_CTX *ctx;
- static BIGNUM *b1;
- static BIGNUM *b2;
- static BIGNUM *b3;
- static BIGNUM *b4;
- static BIGNUM *b5;
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
int success = 0;
size_t l1 = 0, l2 = 0;
/* s1 and s2 will be the signs for b1 and b2. */
int s1 = 0, s2 = 0;
- if (ctx == NULL) {
- b1 = BN_new();
- b2 = BN_new();
- b3 = BN_new();
- b4 = BN_new();
- b5 = BN_new();
- ctx = BN_CTX_new();
- }
/* We are going to split the buffer in two, sizes l1 and l2, giving b1 and
* b2.
*/
@@ -102,6 +108,17 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
done:
OPENSSL_assert(success);
+ ERR_clear_error();
return 0;
}
+
+void FuzzerCleanup(void)
+{
+ BN_free(b1);
+ BN_free(b2);
+ BN_free(b3);
+ BN_free(b4);
+ BN_free(b5);
+ BN_CTX_free(ctx);
+}
diff --git a/fuzz/cms.c b/fuzz/cms.c
index 94390e7..959ef93 100644
--- a/fuzz/cms.c
+++ b/fuzz/cms.c
@@ -14,23 +14,42 @@
#include <openssl/bio.h>
#include <openssl/cms.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ ERR_get_state();
+ CRYPTO_free_ex_index(0, -1);
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
- CMS_ContentInfo *i;
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+ CMS_ContentInfo *cms;
BIO *in;
- if (!len) {
+
+ if (len == 0)
return 0;
- }
in = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
- i = d2i_CMS_bio(in, NULL);
- CMS_ContentInfo_free(i);
+ cms = d2i_CMS_bio(in, NULL);
+ if (cms != NULL) {
+ BIO *out = BIO_new(BIO_s_null());
+
+ i2d_CMS_bio(out, cms);
+ BIO_free(out);
+ CMS_ContentInfo_free(cms);
+ }
+
BIO_free(in);
+ ERR_clear_error();
+
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/conf.c b/fuzz/conf.c
index 30b13c8..87fe857 100644
--- a/fuzz/conf.c
+++ b/fuzz/conf.c
@@ -13,13 +13,18 @@
*/
#include <openssl/conf.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ ERR_get_state();
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
CONF *conf;
BIO *in;
long eline;
@@ -33,6 +38,11 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
NCONF_load_bio(conf, in, &eline);
NCONF_free(conf);
BIO_free(in);
+ ERR_clear_error();
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/crl.c b/fuzz/crl.c
index 728943f..e4b0192 100644
--- a/fuzz/crl.c
+++ b/fuzz/crl.c
@@ -10,13 +10,19 @@
#include <openssl/x509.h>
#include <openssl/bio.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ ERR_get_state();
+ CRYPTO_free_ex_index(0, -1);
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
const unsigned char *p = buf;
unsigned char *der = NULL;
@@ -31,5 +37,11 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
X509_CRL_free(crl);
}
+ ERR_clear_error();
+
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/ct.c b/fuzz/ct.c
index 411ccef..72dd798 100644
--- a/fuzz/ct.c
+++ b/fuzz/ct.c
@@ -14,13 +14,19 @@
#include <stdio.h>
#include <openssl/ct.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ CRYPTO_free_ex_index(0, -1);
+ ERR_get_state();
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
const uint8_t **pp = &buf;
unsigned char *der = NULL;
STACK_OF(SCT) *scts = d2i_SCT_LIST(NULL, pp, len);
@@ -36,5 +42,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
SCT_LIST_free(scts);
}
+ ERR_clear_error();
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/driver.c b/fuzz/driver.c
index c530fed..21bbb25 100644
--- a/fuzz/driver.c
+++ b/fuzz/driver.c
@@ -17,12 +17,11 @@
int LLVMFuzzerInitialize(int *argc, char ***argv)
{
- if (FuzzerInitialize)
- return FuzzerInitialize(argc, argv);
- return 0;
+ return FuzzerInitialize(argc, argv);
}
-int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
return FuzzerTestOneInput(buf, len);
}
@@ -32,8 +31,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
int main(int argc, char** argv)
{
- if (FuzzerInitialize)
- FuzzerInitialize(&argc, &argv);
+ FuzzerInitialize(&argc, &argv);
while (__AFL_LOOP(10000)) {
uint8_t *buf = malloc(BUF_SIZE);
@@ -42,6 +40,8 @@ int main(int argc, char** argv)
FuzzerTestOneInput(buf, size);
free(buf);
}
+
+ FuzzerCleanup();
return 0;
}
diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h
index 04d605d..5f9efa4 100644
--- a/fuzz/fuzzer.h
+++ b/fuzz/fuzzer.h
@@ -10,3 +10,4 @@
int FuzzerTestOneInput(const uint8_t *buf, size_t len);
int FuzzerInitialize(int *argc, char ***argv);
+void FuzzerCleanup(void);
diff --git a/fuzz/server.c b/fuzz/server.c
index 35449d8..3b5df9d 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -16,6 +16,7 @@
#include <openssl/rand.h>
#include <openssl/ssl.h>
#include <openssl/rsa.h>
+#include <openssl/err.h>
#include "fuzzer.h"
static const uint8_t kCertificateDER[] = {
@@ -189,15 +190,57 @@ static const uint8_t kRSAPrivateKeyDER[] = {
0x98, 0x46, 0x89, 0x82, 0x40,
};
-static SSL_CTX *ctx;
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+extern int rand_predictable;
+#endif
+#define ENTROPY_NEEDED 32
-int FuzzerInitialize(int *argc, char ***argv) {
- const uint8_t *bufp = kRSAPrivateKeyDER;
+/* unused, to avoid warning. */
+static int idx;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ STACK_OF(SSL_COMP) *comp_methods;
+
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+ ERR_get_state();
+ CRYPTO_free_ex_index(0, -1);
+ idx = SSL_get_ex_data_X509_STORE_CTX_idx();
+ RAND_add("", 1, ENTROPY_NEEDED);
+ RAND_status();
+ RSA_get_default_method();
+ comp_methods = SSL_COMP_get_compression_methods();
+ OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods);
+
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+ rand_predictable = 1;
+#endif
+
+ return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+ SSL *server;
+ BIO *in;
+ BIO *out;
+ SSL_CTX *ctx;
+ int ret;
RSA *privkey;
+ const uint8_t *bufp = kRSAPrivateKeyDER;
EVP_PKEY *pkey;
- int ret;
X509 *cert;
+ if (len == 0)
+ return 0;
+
+ /*
+ * TODO: use the ossltest engine (optionally?) to disable crypto checks.
+ */
+
+ /* This only fuzzes the initial flow from the client so far. */
ctx = SSL_CTX_new(SSLv23_method());
privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
OPENSSL_assert(privkey != NULL);
@@ -206,6 +249,7 @@ int FuzzerInitialize(int *argc, char ***argv) {
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
+
bufp = kCertificateDER;
cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
OPENSSL_assert(cert != NULL);
@@ -213,23 +257,6 @@ int FuzzerInitialize(int *argc, char ***argv) {
OPENSSL_assert(ret == 1);
X509_free(cert);
- return 1;
-}
-
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
- SSL *server;
- BIO *in;
- BIO *out;
- if (!len) {
- return 0;
- }
- /* TODO: make this work for OpenSSL. There's a PREDICT define that may do
- * the job.
- * TODO: use the ossltest engine (optionally?) to disable crypto checks.
- * RAND_reset_for_fuzzing();
- */
-
- /* This only fuzzes the initial flow from the client so far. */
server = SSL_new(ctx);
in = BIO_new(BIO_s_mem());
out = BIO_new(BIO_s_mem());
@@ -246,5 +273,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
}
}
SSL_free(server);
+ ERR_clear_error();
+ SSL_CTX_free(ctx);
+
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/test-corpus.c b/fuzz/test-corpus.c
index c553697..9cef01f 100644
--- a/fuzz/test-corpus.c
+++ b/fuzz/test-corpus.c
@@ -42,5 +42,8 @@ int main(int argc, char **argv) {
free(buf);
fclose(f);
}
+
+ FuzzerCleanup();
+
return 0;
}
diff --git a/fuzz/x509.c b/fuzz/x509.c
index b2851f1..8d383e4 100644
--- a/fuzz/x509.c
+++ b/fuzz/x509.c
@@ -10,13 +10,19 @@
#include <openssl/x509.h>
#include <openssl/bio.h>
+#include <openssl/err.h>
#include "fuzzer.h"
-int FuzzerInitialize(int *argc, char ***argv) {
+int FuzzerInitialize(int *argc, char ***argv)
+{
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ ERR_get_state();
+ CRYPTO_free_ex_index(0, -1);
return 1;
}
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
const unsigned char *p = buf;
unsigned char *der = NULL;
@@ -32,5 +38,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
X509_free(x509);
}
+ ERR_clear_error();
return 0;
}
+
+void FuzzerCleanup(void)
+{
+}
More information about the openssl-commits
mailing list