From de2ea978b5be4607c677aaefceebff39b1520e0a Mon Sep 17 00:00:00 2001 From: Pauli Date: Thu, 10 Dec 2020 12:04:58 +1000 Subject: RAND_METHOD deprecation: fuzzer Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/13652) --- fuzz/asn1.c | 5 +- fuzz/build.info | 20 +++---- fuzz/client.c | 5 +- fuzz/cmp.c | 4 +- fuzz/fuzz_rand.c | 164 +++++++++++++++++++++++++++++++++++++++++++++++++++++++ fuzz/fuzzer.h | 2 + fuzz/server.c | 7 +-- fuzz/x509.c | 5 +- 8 files changed, 187 insertions(+), 25 deletions(-) create mode 100644 fuzz/fuzz_rand.c (limited to 'fuzz') diff --git a/fuzz/asn1.c b/fuzz/asn1.c index 15a517a72c..449d851e68 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -40,8 +40,6 @@ #include #include "fuzzer.h" -#include "rand.inc" - static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(ACCESS_DESCRIPTION), #ifndef OPENSSL_NO_RFC3779 @@ -280,6 +278,7 @@ static ASN1_PCTX *pctx; int FuzzerInitialize(int *argc, char ***argv) { + FuzzerSetRand(); pctx = ASN1_PCTX_new(); ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | @@ -291,7 +290,6 @@ int FuzzerInitialize(int *argc, char ***argv) OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); - FuzzerSetRand(); return 1; } @@ -365,4 +363,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) void FuzzerCleanup(void) { ASN1_PCTX_free(pctx); + FuzzerClearRand(); } diff --git a/fuzz/build.info b/fuzz/build.info index e52b8e3b57..7b26b8c152 100644 --- a/fuzz/build.info +++ b/fuzz/build.info @@ -23,7 +23,7 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] PROGRAMS{noinst}=ct ENDIF - SOURCE[asn1]=asn1.c driver.c + SOURCE[asn1]=asn1.c driver.c fuzz_rand.c INCLUDE[asn1]=../include {- $ex_inc -} DEPEND[asn1]=../libcrypto ../libssl {- $ex_lib -} @@ -39,11 +39,11 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] INCLUDE[bndiv]=../include {- $ex_inc -} DEPEND[bndiv]=../libcrypto {- $ex_lib -} - SOURCE[client]=client.c driver.c + SOURCE[client]=client.c driver.c fuzz_rand.c INCLUDE[client]=../include {- $ex_inc -} DEPEND[client]=../libcrypto ../libssl {- $ex_lib -} - SOURCE[cmp]=cmp.c driver.c + SOURCE[cmp]=cmp.c driver.c fuzz_rand.c INCLUDE[cmp]=../include {- $ex_inc -} DEPEND[cmp]=../libcrypto {- $ex_lib -} @@ -63,11 +63,11 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}] INCLUDE[ct]=../include {- $ex_inc -} DEPEND[ct]=../libcrypto {- $ex_lib -} - SOURCE[server]=server.c driver.c + SOURCE[server]=server.c driver.c fuzz_rand.c INCLUDE[server]=../include {- $ex_inc -} DEPEND[server]=../libcrypto ../libssl {- $ex_lib -} - SOURCE[x509]=x509.c driver.c + SOURCE[x509]=x509.c driver.c fuzz_rand.c INCLUDE[x509]=../include {- $ex_inc -} DEPEND[x509]=../libcrypto {- $ex_lib -} ENDIF @@ -87,7 +87,7 @@ IF[{- !$disabled{tests} -}] PROGRAMS{noinst}=ct-test ENDIF - SOURCE[asn1-test]=asn1.c test-corpus.c + SOURCE[asn1-test]=asn1.c test-corpus.c fuzz_rand.c INCLUDE[asn1-test]=../include DEPEND[asn1-test]=../libcrypto ../libssl @@ -103,11 +103,11 @@ IF[{- !$disabled{tests} -}] INCLUDE[bndiv-test]=../include DEPEND[bndiv-test]=../libcrypto - SOURCE[client-test]=client.c test-corpus.c + SOURCE[client-test]=client.c test-corpus.c fuzz_rand.c INCLUDE[client-test]=../include DEPEND[client-test]=../libcrypto ../libssl - SOURCE[cmp-test]=cmp.c test-corpus.c + SOURCE[cmp-test]=cmp.c test-corpus.c fuzz_rand.c INCLUDE[cmp-test]=../include DEPEND[cmp-test]=../libcrypto.a # referring to static lib allows using non-exported functions @@ -128,11 +128,11 @@ IF[{- !$disabled{tests} -}] INCLUDE[ct-test]=../include DEPEND[ct-test]=../libcrypto - SOURCE[server-test]=server.c test-corpus.c + SOURCE[server-test]=server.c test-corpus.c fuzz_rand.c INCLUDE[server-test]=../include DEPEND[server-test]=../libcrypto ../libssl - SOURCE[x509-test]=x509.c test-corpus.c + SOURCE[x509-test]=x509.c test-corpus.c fuzz_rand.c INCLUDE[x509-test]=../include DEPEND[x509-test]=../libcrypto ENDIF diff --git a/fuzz/client.c b/fuzz/client.c index 2c2cd90fb8..007b0d6443 100644 --- a/fuzz/client.c +++ b/fuzz/client.c @@ -18,8 +18,6 @@ #include #include "fuzzer.h" -#include "rand.inc" - /* unused, to avoid warning. */ static int idx; @@ -42,12 +40,12 @@ int FuzzerInitialize(int *argc, char ***argv) { STACK_OF(SSL_COMP) *comp_methods; + FuzzerSetRand(); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); idx = SSL_get_ex_data_X509_STORE_CTX_idx(); - FuzzerSetRand(); comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods != NULL) sk_SSL_COMP_sort(comp_methods); @@ -99,4 +97,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) void FuzzerCleanup(void) { + FuzzerClearRand(); } diff --git a/fuzz/cmp.c b/fuzz/cmp.c index ae4c1ec753..82a812baba 100644 --- a/fuzz/cmp.c +++ b/fuzz/cmp.c @@ -16,14 +16,13 @@ #include "../crypto/cmp/cmp_local.h" #include #include "fuzzer.h" -#include "rand.inc" int FuzzerInitialize(int *argc, char ***argv) { + FuzzerSetRand(); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); - FuzzerSetRand(); return 1; } @@ -200,4 +199,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) void FuzzerCleanup(void) { + FuzzerClearRand(); } diff --git a/fuzz/fuzz_rand.c b/fuzz/fuzz_rand.c new file mode 100644 index 0000000000..99c32509c6 --- /dev/null +++ b/fuzz/fuzz_rand.c @@ -0,0 +1,164 @@ +/* + * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * https://www.openssl.org/source/license.html + * or in the file LICENSE in the source distribution. + */ + +#include +#include +#include +#include "fuzzer.h" + +static OSSL_FUNC_rand_newctx_fn fuzz_rand_newctx; +static OSSL_FUNC_rand_freectx_fn fuzz_rand_freectx; +static OSSL_FUNC_rand_instantiate_fn fuzz_rand_instantiate; +static OSSL_FUNC_rand_uninstantiate_fn fuzz_rand_uninstantiate; +static OSSL_FUNC_rand_generate_fn fuzz_rand_generate; +static OSSL_FUNC_rand_gettable_ctx_params_fn fuzz_rand_gettable_ctx_params; +static OSSL_FUNC_rand_get_ctx_params_fn fuzz_rand_get_ctx_params; +static OSSL_FUNC_rand_enable_locking_fn fuzz_rand_enable_locking; + +static void *fuzz_rand_newctx( + void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch) +{ + int *st = OPENSSL_malloc(sizeof(*st)); + + if (st != NULL) + *st = EVP_RAND_STATE_UNINITIALISED; + return st; +} + +static void fuzz_rand_freectx(ossl_unused void *vrng) +{ + OPENSSL_free(vrng); +} + +static int fuzz_rand_instantiate(ossl_unused void *vrng, + ossl_unused unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *pstr, + ossl_unused size_t pstr_len) +{ + *(int *)vrng = EVP_RAND_STATE_READY; + return 1; +} + +static int fuzz_rand_uninstantiate(ossl_unused void *vrng) +{ + *(int *)vrng = EVP_RAND_STATE_UNINITIALISED; + return 1; +} + +static int fuzz_rand_generate(ossl_unused void *vdrbg, + unsigned char *out, size_t outlen, + ossl_unused unsigned int strength, + ossl_unused int prediction_resistance, + ossl_unused const unsigned char *adin, + ossl_unused size_t adinlen) +{ + unsigned char val = 1; + size_t i; + + for (i = 0; i < outlen; i++) + out[i] = val++; + return 1; +} + +static int fuzz_rand_enable_locking(ossl_unused void *vrng) +{ + return 1; +} + +static int fuzz_rand_get_ctx_params(void *vrng, OSSL_PARAM params[]) +{ + OSSL_PARAM *p; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE); + if (p != NULL && !OSSL_PARAM_set_int(p, *(int *)vrng)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH); + if (p != NULL && !OSSL_PARAM_set_int(p, 500)) + return 0; + + p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); + if (p != NULL && !OSSL_PARAM_set_size_t(p, INT_MAX)) + return 0; + return 1; +} + +static const OSSL_PARAM *fuzz_rand_gettable_ctx_params(ossl_unused void *provctx) +{ + static const OSSL_PARAM known_gettable_ctx_params[] = { + OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), + OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL), + OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), + OSSL_PARAM_END + }; + return known_gettable_ctx_params; +} + +static const OSSL_DISPATCH fuzz_rand_functions[] = { + { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))fuzz_rand_newctx }, + { OSSL_FUNC_RAND_FREECTX, (void (*)(void))fuzz_rand_freectx }, + { OSSL_FUNC_RAND_INSTANTIATE, (void (*)(void))fuzz_rand_instantiate }, + { OSSL_FUNC_RAND_UNINSTANTIATE, (void (*)(void))fuzz_rand_uninstantiate }, + { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fuzz_rand_generate }, + { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fuzz_rand_enable_locking }, + { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, + (void(*)(void))fuzz_rand_gettable_ctx_params }, + { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fuzz_rand_get_ctx_params }, + { 0, NULL } +}; + +static const OSSL_ALGORITHM fuzz_rand_rand[] = { + { "fuzz", "provider=fuzz-rand", fuzz_rand_functions }, + { NULL, NULL, NULL } +}; + +static const OSSL_ALGORITHM *fuzz_rand_query(void *provctx, + int operation_id, + int *no_cache) +{ + *no_cache = 0; + switch (operation_id) { + case OSSL_OP_RAND: + return fuzz_rand_rand; + } + return NULL; +} + +/* Functions we provide to the core */ +static const OSSL_DISPATCH fuzz_rand_method[] = { + { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, + { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fuzz_rand_query }, + { 0, NULL } +}; + +static int fuzz_rand_provider_init(const OSSL_CORE_HANDLE *handle, + const OSSL_DISPATCH *in, + const OSSL_DISPATCH **out, void **provctx) +{ + *provctx = OSSL_LIB_CTX_new(); + *out = fuzz_rand_method; + return 1; +} + +static OSSL_PROVIDER *r_prov; + +void FuzzerSetRand(void) +{ + if (!OSSL_PROVIDER_add_builtin(NULL, "fuzz-rand", fuzz_rand_provider_init) + || !RAND_set_DRBG_type(NULL, "fuzz", NULL, NULL, NULL) + || (r_prov = OSSL_PROVIDER_try_load(NULL, "fuzz-rand", 1)) == NULL) + exit(1); +} + +void FuzzerClearRand(void) +{ + OSSL_PROVIDER_unload(r_prov); +} diff --git a/fuzz/fuzzer.h b/fuzz/fuzzer.h index b4605f8c8f..517a8622d9 100644 --- a/fuzz/fuzzer.h +++ b/fuzz/fuzzer.h @@ -11,4 +11,6 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len); int FuzzerInitialize(int *argc, char ***argv); void FuzzerCleanup(void); + void FuzzerSetRand(void); +void FuzzerClearRand(void); diff --git a/fuzz/server.c b/fuzz/server.c index c381bbfae8..6234e15ccc 100644 --- a/fuzz/server.c +++ b/fuzz/server.c @@ -12,7 +12,7 @@ /* Test first part of SSL server handshake. */ -/* We need to use the deprecated RSA/EC low level calls */ +/* We need to use some deprecated APIs */ #define OPENSSL_SUPPRESS_DEPRECATED #include @@ -25,8 +25,6 @@ #include #include "fuzzer.h" -#include "rand.inc" - static const uint8_t kCertificateDER[] = { 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb, @@ -495,12 +493,12 @@ int FuzzerInitialize(int *argc, char ***argv) { STACK_OF(SSL_COMP) *comp_methods; + FuzzerSetRand(); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); idx = SSL_get_ex_data_X509_STORE_CTX_idx(); - FuzzerSetRand(); comp_methods = SSL_COMP_get_compression_methods(); if (comp_methods != NULL) sk_SSL_COMP_sort(comp_methods); @@ -663,4 +661,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) void FuzzerCleanup(void) { + FuzzerClearRand(); } diff --git a/fuzz/x509.c b/fuzz/x509.c index dd9075acd7..78061d176a 100644 --- a/fuzz/x509.c +++ b/fuzz/x509.c @@ -14,14 +14,12 @@ #include #include "fuzzer.h" -#include "rand.inc" - int FuzzerInitialize(int *argc, char ***argv) { + FuzzerSetRand(); OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ERR_clear_error(); CRYPTO_free_ex_index(0, -1); - FuzzerSetRand(); return 1; } @@ -50,4 +48,5 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) void FuzzerCleanup(void) { + FuzzerClearRand(); } -- cgit v1.2.3