Pauli
d2ef6e4ecc
Stack sorting safety
...
Use the defined typechecking stack method to sort the compression methods stack
rather than using the generic function and apply type casts.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4382 )
2017-09-18 12:17:18 +10:00
gbrl
61389f0981
bndiv fuzzer: limit the size of the input to avoid timeout
...
CLA: trivial
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4119 )
2017-08-16 10:05:40 -04:00
Rich Salz
710769f0a9
Move FuzzerSetRand to separate file.
...
Use an inline rand.inc; this fixes Google's OSS-Fuzz builds.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4141 )
2017-08-11 08:23:07 -04:00
Rich Salz
9f08a1c63e
Install custom RAND_METHOD for fuzzing
...
Instead of setting a "magic" global variable to force RAND to keep
consistent state and always generate the same bytestream, have
the fuzzing code install its own RAND_METHOD that does this. For
BN_RAND_DEBUG, we just don't do it; that debugging was about mucking
with BN's internal representation, not requiring predictable rand
bytes.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4025 )
2017-07-26 19:27:54 -04:00
Kurt Roeckx
515b124b8b
Update fuzz corpora
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #3829
2017-07-02 18:21:19 +02:00
Andy Polyakov
b12ae4a912
fuzz/{client,server}.c: omit _time64 "overload method".
...
Approach was opportunistic in Windows context from its inception
and on top of that it was proven to be error-prone at link stage.
Correct answer is to introduce library-specific time function that
we can control in platform-neutral manner. Meanwhile we just let
be attempts to override time on Windows.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3320 )
2017-04-27 13:01:08 +02:00
Jon Spillett
424aa35245
Change 64-bit time type for windows
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3248 )
2017-04-19 15:54:52 -04:00
Kurt Roeckx
ff54cd9beb
Optionally check for early data
...
This adds a way to use the last byte of the buffer to change the
behavior of the server. The last byte is used so that the existing
corpus can be reused either without changing it, or just adding a single
byte, and that it can still be used by other projects.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:15 +02:00
Kurt Roeckx
14a6570f31
Use a fixed time when fuzzing.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:15 +02:00
Kurt Roeckx
930aa9eeed
Document how to update the corpus.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Kurt Roeckx
b534df96c9
Make x509 and asn1 fuzzer reproducible
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Kurt Roeckx
644fb113a0
Switch libfuzzer to use trace-pc-guard
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #2683
2017-04-16 19:30:14 +02:00
Richard Levitte
31ae516116
Act on deprecation of LONG and ZLONG, step 1
...
Don't compile code that still uses LONG when it's deprecated
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126 )
2017-04-10 12:11:00 +02:00
Richard Levitte
64f11ee888
Publish our INT32, UINT32, INT64, UINT64 ASN.1 types and Z variants
...
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3126 )
2017-04-10 12:10:59 +02:00
Rich Salz
076fc55527
Make default_method mostly compile-time
...
Document thread-safety issues
Have RSA_null return NULL (always fails)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2244 )
2017-04-07 12:19:46 -04:00
Matt Caswell
8a585601fe
Fix out-of-memory condition in conf
...
conf has the ability to expand variables in config files. Repeatedly doing
this can lead to an exponential increase in the amount of memory required.
This places a limit on the length of a value that can result from an
expansion.
Credit to OSS-Fuzz for finding this problem.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2894 )
2017-03-12 00:19:14 +00:00
Kurt Roeckx
9dd4ac8cf1
Update client, server and x509 fuzz corpus
...
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2682
2017-02-21 18:53:07 +01:00
Kurt Roeckx
d2828c8bdb
Update client and server corpus
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2318
2017-01-29 00:59:03 +01:00
Richard Levitte
18e3ab7bc4
Fix build issues with no-dh, no-dsa and no-ec
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2192 )
2017-01-09 22:45:47 +01:00
Kurt Roeckx
3b72dcd5fb
Update fuzz corpora
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:27:17 +01:00
Kurt Roeckx
76d1ba3a7a
Make client and server fuzzer reproducible
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:27:00 +01:00
Kurt Roeckx
13799455cb
Make the bignum fuzzer reproducible
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:59 +01:00
Kurt Roeckx
f8d4b3beda
Update fuzz documentation
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:58 +01:00
Kurt Roeckx
d2aa960ee2
server fuzzer: add support for DSA and ECDSA
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2182
2017-01-06 18:26:57 +01:00
Kurt Roeckx
f15eed3b79
Update fuzz corpora
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #2090
2016-12-19 00:46:45 +01:00
Kurt Roeckx
4e9954799a
Make client and server fuzzer support all ciphers
...
Also send a SNI extension in the client so the fuzzer can react to it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
e104d01deb
Document the recommended parameters for fuzzing
...
We use those parameters for calculating the coverage.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
2016-12-16 01:08:22 +01:00
Kurt Roeckx
6c0e1e20d2
Update client fuzz corpus
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2060
2016-12-09 23:35:06 +01:00
Kurt Roeckx
af5a4b40d7
Update client fuzzer corpus
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2053
2016-12-09 18:13:18 +01:00
Kurt Roeckx
141ecc4e55
Fuzz corpora update
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:19 +01:00
Kurt Roeckx
4410f9d786
And client fuzzer
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:18 +01:00
Kurt Roeckx
231f13370b
Make asn1 fuzzer more reproducible
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2041
2016-12-08 19:06:17 +01:00
Kurt Roeckx
d69d8f904c
Make the fuzzers more reproducible
...
We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
blinding that has been set up, ...
So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
0282aeb690
Move libfuzzer sanitizer options to README
...
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
1b6a77a1a0
CMS fuzzer: also use id2
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a9b9b2deb
Make the random number generator predictable when fuzzing.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
8087bcb323
bndiv fuzzer: move new and free calls to the init and cleanup function.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
7d22cceecc
bignum fuzzer: move new and free calls to the init and cleanup function.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
da15cb7cd9
asn1parse: create the out bio during init, free it during cleanup
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
ad4da7fbc0
Add a FuzzerClean() function
...
This allows to free everything we allocated, so we can detect memory
leaks.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
baae2cbc92
FuzzerInitialize always exists
...
There was a time it could be NULL, but that was changed to always have it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
f3e911d5ed
Fix formatting of fuzzers
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Kurt Roeckx
c22d64845a
Update fuzz corpora
...
New minimal fuzz corpora set
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #1910
2016-11-12 16:54:51 +01:00
Kurt Roeckx
ea6199ea91
conf fuzzer: also check for an empty file
...
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1828
2016-11-03 05:13:34 +01:00
Sergey Bronnikov
fe2582a224
Fix link to LibFuzzer
...
CLA: trivial
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1801 )
2016-11-02 13:10:30 -04:00
Mike Aizatsky
ba7407002d
[fuzzers] do not fail fuzzers with empty input
...
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1788
2016-11-01 19:24:55 +01:00
Kurt Roeckx
2b687397fd
Update fuzz corpora
...
New minimal fuzz corpora for asn1, asn1parse, bndiv, crl and x509
Reviewed-by: Andy Polyakov <appro@openssl.org>
GH: #1678
2016-10-10 19:31:38 +02:00
Robert Swiecki
44f206aa9d
Add to fuzz corpora for CVE-2016-6309
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-09-26 08:52:48 +01:00
Kurt Roeckx
5579eab9ef
Update fuzz corpora
...
This is a new minimal corpus with the following changes:
- asn1: files: 1135 (+474), tuples: 27236 (+7496)
- asn1parse: files: 305 (-3), tuples: 8758 (+11)
- bignum: files: 370 (-1), tuples: 9547 (+10)
- bndiv: files: 160 (+0), tuples: 2416 (+6)
- cms: files: 155 (-1), tuples: 3408 (+0)
- conf: files: 231 (-11), tuples: 4668 (+3)
- crl: files: 905 (+188), tuples: 22876 (+4096)
- ct: files: 117 (+35), tuples: 3557 (+908)
- x509: files: 920, tuples: 28334
Note that tuple count depends on the binary and is random.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-08-23 20:01:54 +01:00
Matt Caswell
255af26c5d
Some minor tweaks to the fuzzing docs
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 22:07:04 +01:00
Ben Laurie
68e71e9d00
Include what we use.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Ben Laurie
620c6ad312
Fix various no-*s.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-01 11:30:33 +01:00
Kurt Roeckx
abdb0c7b4e
Skip non-existing files.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1324
2016-07-26 21:01:05 +02:00
Matt Caswell
49dadc1cb7
Fix no-ct
...
Ensure that we don't build/run the ct fuzzing code if no-ct is used.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-25 08:18:14 +01:00
Kurt Roeckx
2980ae2e78
Add all publicly avaiable asn1 types to the asn1 fuzzer.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1331
2016-07-20 19:25:16 +02:00
Matt Caswell
df0aa7770e
Fix building with no-cms
...
The new fuzzing code broke no-cms
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-19 14:01:33 +01:00
Richard Levitte
7218ae5134
Use _NO_INST in some build.info files
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 20:49:54 +02:00
Matt Caswell
33e49fda96
Fix strict-warnings build
...
The i2d_SCT_LIST function is declared as __owur, therefore we need to check
the result or a --strict-warnings build will fail.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 10:28:45 +01:00
Kurt Roeckx
e10aeee104
fuzzers: print and convert it back
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1323
2016-07-16 21:51:53 +02:00
Richard Levitte
878f42251b
Make fuzzer and fuzz tester builds less magic
...
Instead of having fuzz/build.info.fuzz magically and conditionally
included along with the other build.info files, incorporate it in
fuzz/build.info and add the conditions there instead.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 19:37:50 +02:00
Viktor Dukhovni
1d03b7b893
Don't rely on implicit rsa.h inclusion
...
With no-deprecated, some nested includes don't happen by default.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-10 21:09:38 -04:00
Rich Salz
d20841c414
Add OPENSSL_NO_EC wrapper
...
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-07-06 09:48:00 -04:00
Rich Salz
31b15b9b55
Update fuzz/README.md
...
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-07-04 09:47:27 -04:00
Richard Levitte
0483f58652
Simplify INCLUDE statements in build.info files
...
Now that INCLUDE considers both the source and build trees, no need
for the rel2abs perl fragment hacks any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 18:36:08 +02:00
Dr. Stephen Henson
352dbbaf4c
fix 'set but not used' warning
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 16:05:37 +01:00
Kurt Roeckx
a05b0bcf87
Re-add x509 and crl fuzzer
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1276
2016-07-01 17:02:33 +02:00
Ben Laurie
90d28f0519
Run the fuzzing corpora as tests.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 13:45:45 +01:00
Alex Gaynor
03cb37acec
Add comment about X509_print
...
Signed-off-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Emilia Kasper <emilia@openssl.org>
GH: #1255
2016-06-28 18:30:41 +02:00
Kurt Roeckx
f08c8c1a19
Add x509 and crl corpora
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1229
2016-06-25 11:01:29 +02:00
Kurt Roeckx
e1859d8d54
Add X509 and CRL fuzzer
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1229
2016-06-25 11:01:29 +02:00
Kurt Roeckx
d0ba3119de
Update fuzz corpora
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2986
2016-06-23 15:13:32 +02:00
Kurt Roeckx
2dca984bab
Update fuzz corpora
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
MR: #2949
2016-06-14 19:30:41 +02:00
Kurt Roeckx
0a3206539a
include stdlib for malloc() and free()
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #1174
2016-06-11 16:43:49 +02:00
Ben Laurie
ff2c608bf6
Add fuzz corpora.
...
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-10 13:00:31 +01:00
Kurt Roeckx
f59d0131cb
Add support for fuzzing with AFL
...
Reviewed-by: Ben Laurie <ben@links.org>
MR: #2740
2016-06-04 14:39:24 +02:00
Ben Laurie
4a2c4c1ab8
Add ct fuzzer.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Ben Laurie
75a112295d
Linkify libfuzzer.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Ben Laurie
e298cb10fe
Fuzz everything with every input.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Ben Laurie
e78fadede2
Sort.
...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-03 11:24:51 +01:00
Rich Salz
44c8a5e2b9
Add final(?) set of copyrights.
...
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Ben Laurie
c38bb72797
Add fuzzing!
...
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-07 18:13:54 +01:00