RAND_METHOD deprecation: fuzzer

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13652)

8 files changed, 187 insertions, 25 deletions

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 15a517a72c..449d851e68 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -40,8 +40,6 @@
 #include <internal/nelem.h>
 #include "fuzzer.h"
 
-#include "rand.inc"
-
 static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(ACCESS_DESCRIPTION),
 #ifndef OPENSSL_NO_RFC3779
@@ -280,6 +278,7 @@ static ASN1_PCTX *pctx;
 
 int FuzzerInitialize(int *argc, char ***argv)
 {
+    FuzzerSetRand();
     pctx = ASN1_PCTX_new();
     ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
         ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
@@ -291,7 +290,6 @@ int FuzzerInitialize(int *argc, char ***argv)
     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
     ERR_clear_error();
     CRYPTO_free_ex_index(0, -1);
-    FuzzerSetRand();
 
     return 1;
 }
@@ -365,4 +363,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 void FuzzerCleanup(void)
 {
     ASN1_PCTX_free(pctx);
+    FuzzerClearRand();
 }
diff --git a/fuzz/build.info b/fuzz/build.info
index e52b8e3b57..7b26b8c152 100644
--- a/fuzz/build.info
+++ b/fuzz/build.info
@@ -23,7 +23,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
     PROGRAMS{noinst}=ct
   ENDIF
 
-  SOURCE[asn1]=asn1.c driver.c
+  SOURCE[asn1]=asn1.c driver.c fuzz_rand.c
   INCLUDE[asn1]=../include {- $ex_inc -}
   DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -}
 
@@ -39,11 +39,11 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
   INCLUDE[bndiv]=../include {- $ex_inc -}
   DEPEND[bndiv]=../libcrypto {- $ex_lib -}
 
-  SOURCE[client]=client.c driver.c
+  SOURCE[client]=client.c driver.c fuzz_rand.c
   INCLUDE[client]=../include {- $ex_inc -}
   DEPEND[client]=../libcrypto ../libssl {- $ex_lib -}
 
-  SOURCE[cmp]=cmp.c driver.c
+  SOURCE[cmp]=cmp.c driver.c fuzz_rand.c
   INCLUDE[cmp]=../include {- $ex_inc -}
   DEPEND[cmp]=../libcrypto {- $ex_lib -}
 
@@ -63,11 +63,11 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
   INCLUDE[ct]=../include {- $ex_inc -}
   DEPEND[ct]=../libcrypto {- $ex_lib -}
 
-  SOURCE[server]=server.c driver.c
+  SOURCE[server]=server.c driver.c fuzz_rand.c
   INCLUDE[server]=../include {- $ex_inc -}
   DEPEND[server]=../libcrypto ../libssl {- $ex_lib -}
 
-  SOURCE[x509]=x509.c driver.c
+  SOURCE[x509]=x509.c driver.c fuzz_rand.c
   INCLUDE[x509]=../include {- $ex_inc -}
   DEPEND[x509]=../libcrypto {- $ex_lib -}
 ENDIF
@@ -87,7 +87,7 @@ IF[{- !$disabled{tests} -}]
     PROGRAMS{noinst}=ct-test
   ENDIF
 
-  SOURCE[asn1-test]=asn1.c test-corpus.c
+  SOURCE[asn1-test]=asn1.c test-corpus.c fuzz_rand.c
   INCLUDE[asn1-test]=../include
   DEPEND[asn1-test]=../libcrypto ../libssl
 
@@ -103,11 +103,11 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[bndiv-test]=../include
   DEPEND[bndiv-test]=../libcrypto
 
-  SOURCE[client-test]=client.c test-corpus.c
+  SOURCE[client-test]=client.c test-corpus.c fuzz_rand.c
   INCLUDE[client-test]=../include
   DEPEND[client-test]=../libcrypto ../libssl
 
-  SOURCE[cmp-test]=cmp.c test-corpus.c
+  SOURCE[cmp-test]=cmp.c test-corpus.c fuzz_rand.c
   INCLUDE[cmp-test]=../include
   DEPEND[cmp-test]=../libcrypto.a
   # referring to static lib allows using non-exported functions
@@ -128,11 +128,11 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[ct-test]=../include
   DEPEND[ct-test]=../libcrypto
 
-  SOURCE[server-test]=server.c test-corpus.c
+  SOURCE[server-test]=server.c test-corpus.c fuzz_rand.c
   INCLUDE[server-test]=../include
   DEPEND[server-test]=../libcrypto ../libssl
 
-  SOURCE[x509-test]=x509.c test-corpus.c
+  SOURCE[x509-test]=x509.c test-corpus.c fuzz_rand.c
   INCLUDE[x509-test]=../include
   DEPEND[x509-test]=../libcrypto
 ENDIF
diff --git a/fuzz/client.c b/fuzz/client.c
index 2c2cd90fb8..007b0d6443 100644
--- a/fuzz/client.c
+++ b/fuzz/client.c
@@ -18,8 +18,6 @@
 #include <openssl/err.h>
 #include "fuzzer.h"
 
-#include "rand.inc"
-
 /* unused, to avoid warning. */
 static int idx;
 
@@ -42,12 +40,12 @@ int FuzzerInitialize(int *argc, char ***argv)
 {
     STACK_OF(SSL_COMP) *comp_methods;
 
+    FuzzerSetRand();
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
     ERR_clear_error();
     CRYPTO_free_ex_index(0, -1);
     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
-    FuzzerSetRand();
     comp_methods = SSL_COMP_get_compression_methods();
     if (comp_methods != NULL)
         sk_SSL_COMP_sort(comp_methods);
@@ -99,4 +97,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
 void FuzzerCleanup(void)
 {
+    FuzzerClearRand();
 }
diff --git a/fuzz/cmp.c b/fuzz/cmp.c
index ae4c1ec753..82a812baba 100644
--- a/fuzz/cmp.c
+++ b/fuzz/cmp.c
@@ -16,14 +16,13 @@
 #include "../crypto/cmp/cmp_local.h"
 #include <openssl/err.h>
 #include "fuzzer.h"
-#include "rand.inc"
 
 int FuzzerInitialize(int *argc, char ***argv)
 {
+    FuzzerSetRand();
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
     ERR_clear_error();
     CRYPTO_free_ex_index(0, -1);
-    FuzzerSetRand();
     return 1;
 }
 
@@ -200,4 +199,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
 void FuzzerCleanup(void)
 {
+    FuzzerClearRand();
 }
diff --git a/fuzz/fuzz_rand.c b/fuzz/fuzz_rand.c
new file mode 100644
index 0000000000..99c32509c6
--- /dev/null
+++ b/fuzz/fuzz_rand.c
@@ -0,0 +1,164 @@
+/*
+ * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/core_names.h>
+#include <openssl/rand.h>
+#include <openssl/provider.h>
+#include "fuzzer.h"
+
+static OSSL_FUNC_rand_newctx_fn fuzz_rand_newctx;
+static OSSL_FUNC_rand_freectx_fn fuzz_rand_freectx;
+static OSSL_FUNC_rand_instantiate_fn fuzz_rand_instantiate;
+static OSSL_FUNC_rand_uninstantiate_fn fuzz_rand_uninstantiate;
+static OSSL_FUNC_rand_generate_fn fuzz_rand_generate;
+static OSSL_FUNC_rand_gettable_ctx_params_fn fuzz_rand_gettable_ctx_params;
+static OSSL_FUNC_rand_get_ctx_params_fn fuzz_rand_get_ctx_params;
+static OSSL_FUNC_rand_enable_locking_fn fuzz_rand_enable_locking;
+
+static void *fuzz_rand_newctx(
+         void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch)
+{
+    int *st = OPENSSL_malloc(sizeof(*st));
+
+    if (st != NULL)
+        *st = EVP_RAND_STATE_UNINITIALISED;
+    return st;
+}
+
+static void fuzz_rand_freectx(ossl_unused void *vrng)
+{
+    OPENSSL_free(vrng);
+}
+
+static int fuzz_rand_instantiate(ossl_unused void *vrng,
+                                 ossl_unused unsigned int strength,
+                                 ossl_unused int prediction_resistance,
+                                 ossl_unused const unsigned char *pstr,
+                                 ossl_unused size_t pstr_len)
+{
+    *(int *)vrng = EVP_RAND_STATE_READY;
+    return 1;
+}
+
+static int fuzz_rand_uninstantiate(ossl_unused void *vrng)
+{
+    *(int *)vrng = EVP_RAND_STATE_UNINITIALISED;
+    return 1;
+}
+
+static int fuzz_rand_generate(ossl_unused void *vdrbg,
+                              unsigned char *out, size_t outlen,
+                              ossl_unused unsigned int strength,
+                              ossl_unused int prediction_resistance,
+                              ossl_unused const unsigned char *adin,
+                              ossl_unused size_t adinlen)
+{
+    unsigned char val = 1;
+    size_t i;
+
+    for (i = 0; i < outlen; i++)
+        out[i] = val++;
+    return 1;
+}
+
+static int fuzz_rand_enable_locking(ossl_unused void *vrng)
+{
+    return 1;
+}
+
+static int fuzz_rand_get_ctx_params(void *vrng, OSSL_PARAM params[])
+{
+    OSSL_PARAM *p;
+
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
+    if (p != NULL && !OSSL_PARAM_set_int(p, *(int *)vrng))
+        return 0;
+
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
+    if (p != NULL && !OSSL_PARAM_set_int(p, 500))
+        return 0;
+
+    p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
+    if (p != NULL && !OSSL_PARAM_set_size_t(p, INT_MAX))
+        return 0;
+    return 1;
+}
+
+static const OSSL_PARAM *fuzz_rand_gettable_ctx_params(ossl_unused void *provctx)
+{
+    static const OSSL_PARAM known_gettable_ctx_params[] = {
+        OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
+        OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
+        OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
+        OSSL_PARAM_END
+    };
+    return known_gettable_ctx_params;
+}
+
+static const OSSL_DISPATCH fuzz_rand_functions[] = {
+    { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))fuzz_rand_newctx },
+    { OSSL_FUNC_RAND_FREECTX, (void (*)(void))fuzz_rand_freectx },
+    { OSSL_FUNC_RAND_INSTANTIATE, (void (*)(void))fuzz_rand_instantiate },
+    { OSSL_FUNC_RAND_UNINSTANTIATE, (void (*)(void))fuzz_rand_uninstantiate },
+    { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fuzz_rand_generate },
+    { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fuzz_rand_enable_locking },
+    { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
+      (void(*)(void))fuzz_rand_gettable_ctx_params },
+    { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fuzz_rand_get_ctx_params },
+    { 0, NULL }
+};
+
+static const OSSL_ALGORITHM fuzz_rand_rand[] = {
+    { "fuzz", "provider=fuzz-rand", fuzz_rand_functions },
+    { NULL, NULL, NULL }
+};
+
+static const OSSL_ALGORITHM *fuzz_rand_query(void *provctx,
+                                             int operation_id,
+                                             int *no_cache)
+{
+    *no_cache = 0;
+    switch (operation_id) {
+    case OSSL_OP_RAND:
+        return fuzz_rand_rand;
+    }
+    return NULL;
+}
+
+/* Functions we provide to the core */
+static const OSSL_DISPATCH fuzz_rand_method[] = {
+    { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free },
+    { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fuzz_rand_query },
+    { 0, NULL }
+};
+
+static int fuzz_rand_provider_init(const OSSL_CORE_HANDLE *handle,
+                                   const OSSL_DISPATCH *in,
+                                   const OSSL_DISPATCH **out, void **provctx)
+{
+    *provctx = OSSL_LIB_CTX_new();
+    *out = fuzz_rand_method;
+    return 1;
+}
+
+static OSSL_PROVIDER *r_prov;
+
+void FuzzerSetRand(void)
+{
+    if (!OSSL_PROVIDER_add_builtin(NULL, "fuzz-rand", fuzz_rand_provider_init)
+        || !RAND_set_DRBG_type(NULL, "fuzz", NULL, NULL, NULL)
+        || (r_prov = OSSL_PROVIDER_try_load(NULL, "fuzz-rand", 1)) == NULL)
+        exit(1);
+}
+
+void FuzzerClearRand(void)
+{
+    OSSL_PROVIDER_unload(r_prov);
+}
diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h
index b4605f8c8f..517a8622d9 100644
--- a/fuzz/fuzzer.h
+++ b/fuzz/fuzzer.h
@@ -11,4 +11,6 @@
 int FuzzerTestOneInput(const uint8_t *buf, size_t len);
 int FuzzerInitialize(int *argc, char ***argv);
 void FuzzerCleanup(void);
+
 void FuzzerSetRand(void);
+void FuzzerClearRand(void);
diff --git a/fuzz/server.c b/fuzz/server.c
index c381bbfae8..6234e15ccc 100644
--- a/fuzz/server.c
+++ b/fuzz/server.c
@@ -12,7 +12,7 @@
 
 /* Test first part of SSL server handshake. */
 
-/* We need to use the deprecated RSA/EC low level calls */
+/* We need to use some deprecated APIs */
 #define OPENSSL_SUPPRESS_DEPRECATED
 
 #include <time.h>
@@ -25,8 +25,6 @@
 #include <openssl/err.h>
 #include "fuzzer.h"
 
-#include "rand.inc"
-
 static const uint8_t kCertificateDER[] = {
     0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
     0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
@@ -495,12 +493,12 @@ int FuzzerInitialize(int *argc, char ***argv)
 {
     STACK_OF(SSL_COMP) *comp_methods;
 
+    FuzzerSetRand();
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
     ERR_clear_error();
     CRYPTO_free_ex_index(0, -1);
     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
-    FuzzerSetRand();
     comp_methods = SSL_COMP_get_compression_methods();
     if (comp_methods != NULL)
         sk_SSL_COMP_sort(comp_methods);
@@ -663,4 +661,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
 void FuzzerCleanup(void)
 {
+    FuzzerClearRand();
 }
diff --git a/fuzz/x509.c b/fuzz/x509.c
index dd9075acd7..78061d176a 100644
--- a/fuzz/x509.c
+++ b/fuzz/x509.c
@@ -14,14 +14,12 @@
 #include <openssl/rand.h>
 #include "fuzzer.h"
 
-#include "rand.inc"
-
 int FuzzerInitialize(int *argc, char ***argv)
 {
+    FuzzerSetRand();
     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
     ERR_clear_error();
     CRYPTO_free_ex_index(0, -1);
-    FuzzerSetRand();
     return 1;
 }
 
@@ -50,4 +48,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 
 void FuzzerCleanup(void)
 {
+    FuzzerClearRand();
 }