diff --git a/fuzz/asn1parse.c b/fuzz/asn1parse.c index 3e11d350c1b68d5f1600cc7a100b742a36c779df..cf5ef72a13cf99cc24fb537a34f5b53895ed6786 100644 --- a/fuzz/asn1parse.c +++ b/fuzz/asn1parse.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fuzzer.h" static BIO *bio_out; @@ -23,12 +24,16 @@ static BIO *bio_out; int FuzzerInitialize(int *argc, char ***argv) { bio_out = BIO_new_file("/dev/null", "w"); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } int FuzzerTestOneInput(const uint8_t *buf, size_t len) { (void)ASN1_parse_dump(bio_out, buf, len, 0, 0); + ERR_clear_error(); return 0; } diff --git a/fuzz/bndiv.c b/fuzz/bndiv.c index dd6d9cfafe64adc7cccbccce0c5fb969a657b3c1..30d84482a63e8cefad7e526a66238da942a38989 100644 --- a/fuzz/bndiv.c +++ b/fuzz/bndiv.c @@ -15,6 +15,7 @@ #include #include +#include #include "fuzzer.h" static BN_CTX *ctx; @@ -33,6 +34,9 @@ int FuzzerInitialize(int *argc, char ***argv) b5 = BN_new(); ctx = BN_CTX_new(); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + return 1; } @@ -104,6 +108,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) done: OPENSSL_assert(success); + ERR_clear_error(); return 0; } diff --git a/fuzz/cms.c b/fuzz/cms.c index b57a6de96a63112cce7bc63e257771a437fb6594..959ef9365ad1f60c1d0405bf78dfa4bfaa0274d5 100644 --- a/fuzz/cms.c +++ b/fuzz/cms.c @@ -14,10 +14,14 @@ #include #include +#include #include "fuzzer.h" int FuzzerInitialize(int *argc, char ***argv) { + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } @@ -41,6 +45,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) } BIO_free(in); + ERR_clear_error(); return 0; } diff --git a/fuzz/conf.c b/fuzz/conf.c index 27429c570f1285855fb571010ba72e352d088d7f..87fe857099b8482beaab2eafbb2d6c28c24a2651 100644 --- a/fuzz/conf.c +++ b/fuzz/conf.c @@ -13,10 +13,13 @@ */ #include +#include #include "fuzzer.h" int FuzzerInitialize(int *argc, char ***argv) { + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); return 1; } @@ -35,6 +38,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) NCONF_load_bio(conf, in, &eline); NCONF_free(conf); BIO_free(in); + ERR_clear_error(); return 0; } diff --git a/fuzz/crl.c b/fuzz/crl.c index decf19e9d3e5912d565e58979ea4c63944cc87b3..e4b0192f051b3f73b46d297df001abfdb60f63c5 100644 --- a/fuzz/crl.c +++ b/fuzz/crl.c @@ -10,10 +10,14 @@ #include #include +#include #include "fuzzer.h" int FuzzerInitialize(int *argc, char ***argv) { + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } @@ -33,6 +37,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_CRL_free(crl); } + ERR_clear_error(); + return 0; } diff --git a/fuzz/ct.c b/fuzz/ct.c index 47b0fc3f78af3809740803f663515c8edc6644ea..72dd798711baa09c3adff95e3a4b24e4d3c677be 100644 --- a/fuzz/ct.c +++ b/fuzz/ct.c @@ -14,10 +14,14 @@ #include #include +#include #include "fuzzer.h" int FuzzerInitialize(int *argc, char ***argv) { + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + CRYPTO_free_ex_index(0, -1); + ERR_get_state(); return 1; } @@ -38,6 +42,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) SCT_LIST_free(scts); } + ERR_clear_error(); return 0; } diff --git a/fuzz/server.c b/fuzz/server.c index 4f2c794a4ca513779a7001396f28037b47c8863b..3b5df9dc4215c95aef4fa03df6b6e36522723f21 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -16,6 +16,7 @@ #include #include #include +#include #include "fuzzer.h" static const uint8_t kCertificateDER[] = { @@ -189,34 +190,29 @@ static const uint8_t kRSAPrivateKeyDER[] = { 0x98, 0x46, 0x89, 0x82, 0x40, }; -static SSL_CTX *ctx; - #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extern int rand_predictable; #endif +#define ENTROPY_NEEDED 32 + +/* unused, to avoid warning. */ +static int idx; int FuzzerInitialize(int *argc, char ***argv) { - const uint8_t *bufp = kRSAPrivateKeyDER; - RSA *privkey; - EVP_PKEY *pkey; - int ret; - X509 *cert; + STACK_OF(SSL_COMP) *comp_methods; + + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); + idx = SSL_get_ex_data_X509_STORE_CTX_idx(); + RAND_add("", 1, ENTROPY_NEEDED); + RAND_status(); + RSA_get_default_method(); + comp_methods = SSL_COMP_get_compression_methods(); + OPENSSL_sk_sort((OPENSSL_STACK *)comp_methods); - ctx = SSL_CTX_new(SSLv23_method()); - privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); - OPENSSL_assert(privkey != NULL); - pkey = EVP_PKEY_new(); - EVP_PKEY_assign_RSA(pkey, privkey); - ret = SSL_CTX_use_PrivateKey(ctx, pkey); - OPENSSL_assert(ret == 1); - EVP_PKEY_free(pkey); - bufp = kCertificateDER; - cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); - OPENSSL_assert(cert != NULL); - ret = SSL_CTX_use_certificate(ctx, cert); - OPENSSL_assert(ret == 1); - X509_free(cert); #ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION rand_predictable = 1; @@ -230,16 +226,37 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) SSL *server; BIO *in; BIO *out; - if (!len) { + SSL_CTX *ctx; + int ret; + RSA *privkey; + const uint8_t *bufp = kRSAPrivateKeyDER; + EVP_PKEY *pkey; + X509 *cert; + + if (len == 0) return 0; - } - /* TODO: make this work for OpenSSL. There's a PREDICT define that may do - * the job. + + /* * TODO: use the ossltest engine (optionally?) to disable crypto checks. - * RAND_reset_for_fuzzing(); */ /* This only fuzzes the initial flow from the client so far. */ + ctx = SSL_CTX_new(SSLv23_method()); + privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER)); + OPENSSL_assert(privkey != NULL); + pkey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(pkey, privkey); + ret = SSL_CTX_use_PrivateKey(ctx, pkey); + OPENSSL_assert(ret == 1); + EVP_PKEY_free(pkey); + + bufp = kCertificateDER; + cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER)); + OPENSSL_assert(cert != NULL); + ret = SSL_CTX_use_certificate(ctx, cert); + OPENSSL_assert(ret == 1); + X509_free(cert); + server = SSL_new(ctx); in = BIO_new(BIO_s_mem()); out = BIO_new(BIO_s_mem()); @@ -256,10 +273,12 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) } } SSL_free(server); + ERR_clear_error(); + SSL_CTX_free(ctx); + return 0; } void FuzzerCleanup(void) { - SSL_CTX_free(ctx); } diff --git a/fuzz/x509.c b/fuzz/x509.c index 78fef6c3ff00434626d6aa2dc2ab653e365e5c86..8d383e4ababcf2ba7708352aad02bdbffea339c7 100644 --- a/fuzz/x509.c +++ b/fuzz/x509.c @@ -10,10 +10,14 @@ #include #include +#include #include "fuzzer.h" int FuzzerInitialize(int *argc, char ***argv) { + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); return 1; } @@ -34,6 +38,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) X509_free(x509); } + ERR_clear_error(); return 0; }