summaryrefslogtreecommitdiff
path: root/security/nss/fuzz
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@wolfbeast.com>2020-01-02 21:06:40 +0100
committerwolfbeast <mcwerewolf@wolfbeast.com>2020-01-02 21:06:40 +0100
commitf4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch)
tree211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/fuzz
parentf7d30133221896638f7bf4f66c504255c4b14f48 (diff)
downloaduxp-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/fuzz')
-rw-r--r--security/nss/fuzz/fuzz.gyp3
-rw-r--r--security/nss/fuzz/tls_client_target.cc1
-rw-r--r--security/nss/fuzz/tls_common.cc9
-rw-r--r--security/nss/fuzz/tls_common.h1
-rw-r--r--security/nss/fuzz/tls_server_target.cc1
5 files changed, 14 insertions, 1 deletions
diff --git a/security/nss/fuzz/fuzz.gyp b/security/nss/fuzz/fuzz.gyp
index 69e1783190..292930a755 100644
--- a/security/nss/fuzz/fuzz.gyp
+++ b/security/nss/fuzz/fuzz.gyp
@@ -43,6 +43,7 @@
'<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
# This is a static build of pk11wrap, softoken, and freebl.
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'cflags_cc': [
'-Wno-error=shadow',
@@ -91,7 +92,7 @@
'-lcrypto',
],
}],
- # For test builds we have to set MPI defines.
+ # For static builds we have to set MPI defines.
[ 'target_arch=="ia32"', {
'defines': [
'MP_USE_UINT_DIGIT',
diff --git a/security/nss/fuzz/tls_client_target.cc b/security/nss/fuzz/tls_client_target.cc
index a5b2a2c5ff..461962c5d3 100644
--- a/security/nss/fuzz/tls_client_target.cc
+++ b/security/nss/fuzz/tls_client_target.cc
@@ -106,6 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
// Probably not too important for clients.
SSL_SetURL(ssl_fd, "server");
+ FixTime(ssl_fd);
SetSocketOptions(ssl_fd, config);
EnableAllCipherSuites(ssl_fd);
SetupCallbacks(ssl_fd, config.get());
diff --git a/security/nss/fuzz/tls_common.cc b/security/nss/fuzz/tls_common.cc
index 1e66684dcd..b00ab26bf6 100644
--- a/security/nss/fuzz/tls_common.cc
+++ b/security/nss/fuzz/tls_common.cc
@@ -5,9 +5,18 @@
#include <assert.h>
#include "ssl.h"
+#include "sslexp.h"
#include "tls_common.h"
+static PRTime FixedTime(void*) { return 1234; }
+
+// Fix the time input, to avoid any time-based variation.
+void FixTime(PRFileDesc* fd) {
+ SECStatus rv = SSL_SetTimeFunc(fd, FixedTime, nullptr);
+ assert(rv == SECSuccess);
+}
+
PRStatus EnableAllProtocolVersions() {
SSLVersionRange supported;
diff --git a/security/nss/fuzz/tls_common.h b/security/nss/fuzz/tls_common.h
index 8843347fa1..e53acceade 100644
--- a/security/nss/fuzz/tls_common.h
+++ b/security/nss/fuzz/tls_common.h
@@ -7,6 +7,7 @@
#include "prinit.h"
+void FixTime(PRFileDesc* fd);
PRStatus EnableAllProtocolVersions();
void EnableAllCipherSuites(PRFileDesc* fd);
void DoHandshake(PRFileDesc* fd, bool isServer);
diff --git a/security/nss/fuzz/tls_server_target.cc b/security/nss/fuzz/tls_server_target.cc
index 0c09020776..41a55541c4 100644
--- a/security/nss/fuzz/tls_server_target.cc
+++ b/security/nss/fuzz/tls_server_target.cc
@@ -118,6 +118,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get());
assert(ssl_fd == fd.get());
+ FixTime(ssl_fd);
SetSocketOptions(ssl_fd, config);
DoHandshake(ssl_fd, true);