/*
- * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License");
* you may not use this file except in compliance with the License.
/* Test first part of SSL server handshake. */
-/* We need to use the deprecated RSA low level calls */
+/* We need to use some deprecated APIs */
#define OPENSSL_SUPPRESS_DEPRECATED
#include <time.h>
#include <openssl/err.h>
#include "fuzzer.h"
-#include "rand.inc"
-
static const uint8_t kCertificateDER[] = {
0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
};
#endif
-
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/*
* -----BEGIN EC PRIVATE KEY-----
* MHcCAQEEIJLyl7hJjpQL/RhP1x2zS79xdiPJQB683gWeqcqHPeZkoAoGCCqGSM49
0x4e, 0x44, 0x20, 0x45, 0x43, 0x20, 0x50, 0x52, 0x49, 0x56, 0x41, 0x54,
0x45, 0x20, 0x4b, 0x45, 0x59, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x0a
};
+# endif
/*
* -----BEGIN CERTIFICATE-----
};
#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/*
* -----BEGIN DSA PRIVATE KEY-----
* MIIBuwIBAAKBgQDdkFKzNABLOha7Eqj7004+p5fhtR6bxpujToMmSZTYi8igVVXP
{
STACK_OF(SSL_COMP) *comp_methods;
+ FuzzerSetRand();
OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
ERR_clear_error();
CRYPTO_free_ex_index(0, -1);
idx = SSL_get_ex_data_X509_STORE_CTX_idx();
- FuzzerSetRand();
comp_methods = SSL_COMP_get_compression_methods();
if (comp_methods != NULL)
sk_SSL_COMP_sort(comp_methods);
SSL *server;
BIO *in;
BIO *out;
-#if !defined(OPENSSL_NO_EC) || !defined(OPENSSL_NO_DSA) \
- || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_EC) \
+ || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
BIO *bio_buf;
#endif
SSL_CTX *ctx;
RSA *privkey;
#endif
const uint8_t *bufp;
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) \
- || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DEPRECATED_3_0)
EVP_PKEY *pkey;
#endif
X509 *cert;
-#ifndef OPENSSL_NO_EC
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# ifndef OPENSSL_NO_EC
EC_KEY *ecdsakey = NULL;
+# endif
#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
DSA *dsakey = NULL;
#endif
uint8_t opt;
if (len < 2)
return 0;
- /*
- * TODO: use the ossltest engine (optionally?) to disable crypto checks.
- */
-
/* This only fuzzes the initial flow from the client so far. */
ctx = SSL_CTX_new(SSLv23_method());
X509_free(cert);
#ifndef OPENSSL_NO_EC
+# ifndef OPENSSL_NO_DEPRECATED_3_0
/* ECDSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSAPrivateKeyPEM, sizeof(ECDSAPrivateKeyPEM)) == sizeof(ECDSAPrivateKeyPEM));
ret = SSL_CTX_use_PrivateKey(ctx, pkey);
OPENSSL_assert(ret == 1);
EVP_PKEY_free(pkey);
-
+# endif
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, ECDSACertPEM, sizeof(ECDSACertPEM)) == sizeof(ECDSACertPEM));
cert = PEM_read_bio_X509(bio_buf, NULL, NULL, NULL);
X509_free(cert);
#endif
-#if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_DEPRECATED_3_0)
+#if !defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0)
/* DSA */
bio_buf = BIO_new(BIO_s_mem());
OPENSSL_assert((size_t)BIO_write(bio_buf, DSAPrivateKeyPEM, sizeof(DSAPrivateKeyPEM)) == sizeof(DSAPrivateKeyPEM));
X509_free(cert);
#endif
- /* TODO: Set up support for SRP and PSK */
-
server = SSL_new(ctx);
in = BIO_new(BIO_s_mem());
out = BIO_new(BIO_s_mem());
void FuzzerCleanup(void)
{
+ FuzzerClearRand();
}