Commit graph

82 commits

Author SHA1 Message Date
Ben Laurie
cc1c473d70 Remove unused variable.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4367)
2017-10-16 15:18:24 -04:00
Pauli
d2ef6e4ecc Stack sorting safety
Use the defined typechecking stack method to sort the compression methods stack
rather than using the generic function and apply type casts.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4382)
2017-09-18 12:17:18 +10:00
gbrl
61389f0981 bndiv fuzzer: limit the size of the input to avoid timeout
CLA: trivial

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4119)
2017-08-16 10:05:40 -04:00
Rich Salz
710769f0a9 Move FuzzerSetRand to separate file.
Use an inline rand.inc; this fixes Google's OSS-Fuzz builds.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4141)
2017-08-11 08:23:07 -04:00
Rich Salz
9f08a1c63e Install custom RAND_METHOD for fuzzing
Instead of setting a "magic" global variable to force RAND to keep
consistent state and always generate the same bytestream, have
the fuzzing code install its own RAND_METHOD that does this.  For
BN_RAND_DEBUG, we just don't do it; that debugging was about mucking
with BN's internal representation, not requiring predictable rand
bytes.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4025)
2017-07-26 19:27:54 -04:00
Kurt Roeckx
515b124b8b Update fuzz corpora
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #3829
2017-07-02 18:21:19 +02:00
Andy Polyakov
b12ae4a912 fuzz/{client,server}.c: omit _time64 "overload method".
Approach was opportunistic in Windows context from its inception
and on top of that it was proven to be error-prone at link stage.
Correct answer is to introduce library-specific time function that
we can control in platform-neutral manner.  Meanwhile we just let
be attempts to override time on Windows.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3320)
2017-04-27 13:01:08 +02:00
Jon Spillett
424aa35245 Change 64-bit time type for windows
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3248)
2017-04-19 15:54:52 -04:00
Kurt Roeckx
ff54cd9beb Optionally check for early data
This adds a way to use the last byte of the buffer to change the
behavior of the server. The last byte is used so that the existing
corpus can be reused either without changing it, or just adding a single
byte, and that it can still be used by other projects.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:15 +02:00
Kurt Roeckx
14a6570f31 Use a fixed time when fuzzing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:15 +02:00
Kurt Roeckx
930aa9eeed Document how to update the corpus.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Kurt Roeckx
b534df96c9 Make x509 and asn1 fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Kurt Roeckx
644fb113a0 Switch libfuzzer to use trace-pc-guard
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Richard Levitte
31ae516116 Act on deprecation of LONG and ZLONG, step 1
Don't compile code that still uses LONG when it's deprecated

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888 Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126)
2017-04-10 12:10:59 +02:00
Rich Salz
076fc55527 Make default_method mostly compile-time
Document thread-safety issues
Have RSA_null return NULL (always fails)

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244)
2017-04-07 12:19:46 -04:00
Matt Caswell
8a585601fe Fix out-of-memory condition in conf
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.

Credit to OSS-Fuzz for finding this problem.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894)
2017-03-12 00:19:14 +00:00
Kurt Roeckx
9dd4ac8cf1 Update client, server and x509 fuzz corpus
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2682
2017-02-21 18:53:07 +01:00
Kurt Roeckx
d2828c8bdb Update client and server corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2318
2017-01-29 00:59:03 +01:00
Richard Levitte
18e3ab7bc4 Fix build issues with no-dh, no-dsa and no-ec
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192)
2017-01-09 22:45:47 +01:00
Kurt Roeckx
3b72dcd5fb Update fuzz corpora
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:27:17 +01:00
Kurt Roeckx
76d1ba3a7a Make client and server fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:27:00 +01:00
Kurt Roeckx
13799455cb Make the bignum fuzzer reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:59 +01:00
Kurt Roeckx
f8d4b3beda Update fuzz documentation
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:58 +01:00
Kurt Roeckx
d2aa960ee2 server fuzzer: add support for DSA and ECDSA
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:57 +01:00
Kurt Roeckx
f15eed3b79 Update fuzz corpora
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2090
2016-12-19 00:46:45 +01:00
Kurt Roeckx
4e9954799a Make client and server fuzzer support all ciphers
Also send a SNI extension in the client so the fuzzer can react to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
e104d01deb Document the recommended parameters for fuzzing
We use those parameters for calculating the coverage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
6c0e1e20d2 Update client fuzz corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
2016-12-09 23:35:06 +01:00
Kurt Roeckx
af5a4b40d7 Update client fuzzer corpus
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
2016-12-09 18:13:18 +01:00
Kurt Roeckx
141ecc4e55 Fuzz corpora update
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:19 +01:00
Kurt Roeckx
4410f9d786 And client fuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:18 +01:00
Kurt Roeckx
231f13370b Make asn1 fuzzer more reproducible
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:17 +01:00
Kurt Roeckx
d69d8f904c Make the fuzzers more reproducible
We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
  RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
  blinding that has been set up, ...

So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
0282aeb690 Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
1b6a77a1a0 CMS fuzzer: also use id2
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a9b9b2deb Make the random number generator predictable when fuzzing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
8087bcb323 bndiv fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
7d22cceecc bignum fuzzer: move new and free calls to the init and cleanup function.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
da15cb7cd9 asn1parse: create the out bio during init, free it during cleanup
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
ad4da7fbc0 Add a FuzzerClean() function
This allows to free everything we allocated, so we can detect memory
leaks.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
baae2cbc92 FuzzerInitialize always exists
There was a time it could be NULL, but that was changed to always have it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
f3e911d5ed Fix formatting of fuzzers
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
c22d64845a Update fuzz corpora
New minimal fuzz corpora set

Reviewed-by: Andy Polyakov <appro@openssl.org>

GH: #1910
2016-11-12 16:54:51 +01:00
Kurt Roeckx
ea6199ea91 conf fuzzer: also check for an empty file
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1828
2016-11-03 05:13:34 +01:00
Sergey Bronnikov
fe2582a224 Fix link to LibFuzzer
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1801)
2016-11-02 13:10:30 -04:00
Mike Aizatsky
ba7407002d [fuzzers] do not fail fuzzers with empty input
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #1788
2016-11-01 19:24:55 +01:00
Kurt Roeckx
2b687397fd Update fuzz corpora
New minimal fuzz corpora for asn1, asn1parse, bndiv, crl and x509

Reviewed-by: Andy Polyakov <appro@openssl.org>

GH: #1678
2016-10-10 19:31:38 +02:00
Robert Swiecki
44f206aa9d Add to fuzz corpora for CVE-2016-6309
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 08:52:48 +01:00
Kurt Roeckx
5579eab9ef Update fuzz corpora
This is a new minimal corpus with the following changes:
- asn1: files: 1135 (+474), tuples: 27236 (+7496)
- asn1parse: files: 305 (-3), tuples: 8758 (+11)
- bignum: files: 370 (-1), tuples: 9547 (+10)
- bndiv: files: 160 (+0), tuples: 2416 (+6)
- cms: files: 155 (-1), tuples: 3408 (+0)
- conf: files: 231 (-11), tuples: 4668 (+3)
- crl: files: 905 (+188), tuples: 22876 (+4096)
- ct: files: 117 (+35), tuples: 3557 (+908)
- x509: files: 920, tuples: 28334

Note that tuple count depends on the binary and is random.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 20:01:54 +01:00