/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
- * Licensed under the OpenSSL licenses, (the "License");
+ * Licensed under the Apache License 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
/* Test first part of SSL server handshake. */
+/* We need to use some deprecated APIs */
+#define OPENSSL_SUPPRESS_DEPRECATED
+
#include <time.h>
#include <openssl/rand.h>
#include <openssl/ssl.h>
0x76, 0x8a, 0xbb,
};
+#ifndef OPENSSL_NO_DEPRECATED_3_0
static const uint8_t kRSAPrivateKeyDER[] = {
0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
0x98, 0x46, 0x89, 0x82, 0x40,
};
-
+#endif
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* -----BEGIN EC PRIVATE KEY-----
* MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49
0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
};
+# endif
/*
* -----BEGIN CERTIFICATE-----
};
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/*
* -----BEGIN DSA PRIVATE KEY-----
* MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
};
#endif
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-extern int rand_predictable;
-#endif
-#define ENTROPY_NEEDED 32
-
/* unused, to avoid warning. */
static int idx;
#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
/*
- * This might not in all cases and still get the current time
- * instead of the fixed time. This will just result in things
- * not being fully reproducible and have a slightly different
- * coverage.
+ * This might not work in all cases (and definitely not on Windows
+ * because of the way linkers are) and callees can still get the
+ * current time instead of the fixed time. This will just result
+ * in things not being fully reproducible and have a slightly
+ * different coverage.
*/
-#if defined(_WIN32) && defined(_TIME64_T_DEFINED)
-time64_t _time64(time64_t *t) TIME_IMPL(t)
-#endif
-#if !defined(_WIN32) || !defined(_MSC_VER)
+#if !defined(_WIN32)
time_t time(time_t *t) TIME_IMPL(t)
#endif
{
STACK_OF(SSL_COMP) *comp_methods;
+ FuzzerSetRand();
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
- ERR_get_state();
+ ERR_clear_error();
CRYPTO_free_ex_index(0, -1);
idx = SSL_get_ex_data_X509_STORE_CTX_idx();
- RAND_add("", 1, ENTROPY_NEEDED);
- RAND_status();
comp_methods = SSL_COMP_get_compression_methods();
- OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods);
-
-
-#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
- rand_predictable = 1;
-#endif
+ if (comp_methods != NULL)
+ sk_SSL_COMP_sort(comp_methods);
return 1;
}
SSL *server;
BIO *in;
BIO *out;
+#if !defined(OPENSSL_NO_EC) \
+ || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
BIO *bio_buf;
+#endif
SSL_CTX *ctx;
int ret;
+#ifndef OPENSSL_NO_DEPRECATED_3_0
RSA *privkey;
+#endif
const uint8_t *bufp;
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
EVP_PKEY *pkey;
+#endif
X509 *cert;
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
+# endif
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsakey = NULL;
#endif
+ uint8_t opt;
- if (len == 0)
+ if (len < 2)
return 0;
- /*
- * TODO: use the ossltest engine (optionally?) to disable crypto checks.
- */
-
/* This only fuzzes the initial flow from the client so far. */
ctx = SSL_CTX_new(SSLv23_method());
+ ret = SSL_CTX_set_min_proto_version(ctx, 0);
+ OPENSSL_assert(ret == 1);
+ ret = SSL_CTX_set_cipher_list(ctx, "ALL:eNULL:@SECLEVEL=0");
+ OPENSSL_assert(ret == 1);
+
+#ifndef OPENSSL_NO_DEPRECATED_3_0
/* RSA */
bufp = kRSAPrivateKeyDER;
privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
+#endif
bufp = kCertificateDER;
cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
X509_free(cert);
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/* ECDSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
-
+# endif
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
X509_free(cert);
#endif
-#ifndef OPENSSL_NO_DSA
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/* DSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));
X509_free(cert);
#endif
- /* TODO: Set up support for SRP and PSK */
-
server = SSL_new(ctx);
- ret = SSL_set_cipher_list(server, "ALL:eNULL:@SECLEVEL=0");
- OPENSSL_assert(ret == 1);
in = BIO_new(BIO_s_mem());
out = BIO_new(BIO_s_mem());
SSL_set_bio(server, in, out);
SSL_set_accept_state(server);
+
+ opt = (uint8_t)buf[len-1];
+ len--;
+
OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
+
+ if ((opt & 0x01) != 0)
+ {
+ do {
+ char early_buf[16384];
+ size_t early_len;
+ ret = SSL_read_early_data(server, early_buf, sizeof(early_buf), &early_len);
+
+ if (ret != SSL_READ_EARLY_DATA_SUCCESS)
+ break;
+ } while (1);
+ }
+
if (SSL_do_handshake(server) == 1) {
/* Keep reading application data until error or EOF. */
uint8_t tmp[1024];
void FuzzerCleanup(void)
{
+ FuzzerClearRand();
}
projects / thirdparty / openssl.git / blobdiff