diff options
author | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
---|---|---|
committer | wolfbeast <mcwerewolf@wolfbeast.com> | 2020-01-02 21:06:40 +0100 |
commit | f4a12fc67689a830e9da1c87fd11afe5bc09deb3 (patch) | |
tree | 211ae0cd022a6c11b0026ecc7761a550c584583c /security/nss/fuzz | |
parent | f7d30133221896638f7bf4f66c504255c4b14f48 (diff) | |
download | uxp-f4a12fc67689a830e9da1c87fd11afe5bc09deb3.tar.gz |
Issue #1338 - Part 2: Update NSS to 3.48-RTM
Diffstat (limited to 'security/nss/fuzz')
-rw-r--r-- | security/nss/fuzz/fuzz.gyp | 3 | ||||
-rw-r--r-- | security/nss/fuzz/tls_client_target.cc | 1 | ||||
-rw-r--r-- | security/nss/fuzz/tls_common.cc | 9 | ||||
-rw-r--r-- | security/nss/fuzz/tls_common.h | 1 | ||||
-rw-r--r-- | security/nss/fuzz/tls_server_target.cc | 1 |
5 files changed, 14 insertions, 1 deletions
diff --git a/security/nss/fuzz/fuzz.gyp b/security/nss/fuzz/fuzz.gyp index 69e1783190..292930a755 100644 --- a/security/nss/fuzz/fuzz.gyp +++ b/security/nss/fuzz/fuzz.gyp @@ -43,6 +43,7 @@ '<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7', # This is a static build of pk11wrap, softoken, and freebl. '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', + '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix', ], 'cflags_cc': [ '-Wno-error=shadow', @@ -91,7 +92,7 @@ '-lcrypto', ], }], - # For test builds we have to set MPI defines. + # For static builds we have to set MPI defines. [ 'target_arch=="ia32"', { 'defines': [ 'MP_USE_UINT_DIGIT', diff --git a/security/nss/fuzz/tls_client_target.cc b/security/nss/fuzz/tls_client_target.cc index a5b2a2c5ff..461962c5d3 100644 --- a/security/nss/fuzz/tls_client_target.cc +++ b/security/nss/fuzz/tls_client_target.cc @@ -106,6 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { // Probably not too important for clients. SSL_SetURL(ssl_fd, "server"); + FixTime(ssl_fd); SetSocketOptions(ssl_fd, config); EnableAllCipherSuites(ssl_fd); SetupCallbacks(ssl_fd, config.get()); diff --git a/security/nss/fuzz/tls_common.cc b/security/nss/fuzz/tls_common.cc index 1e66684dcd..b00ab26bf6 100644 --- a/security/nss/fuzz/tls_common.cc +++ b/security/nss/fuzz/tls_common.cc @@ -5,9 +5,18 @@ #include <assert.h> #include "ssl.h" +#include "sslexp.h" #include "tls_common.h" +static PRTime FixedTime(void*) { return 1234; } + +// Fix the time input, to avoid any time-based variation. +void FixTime(PRFileDesc* fd) { + SECStatus rv = SSL_SetTimeFunc(fd, FixedTime, nullptr); + assert(rv == SECSuccess); +} + PRStatus EnableAllProtocolVersions() { SSLVersionRange supported; diff --git a/security/nss/fuzz/tls_common.h b/security/nss/fuzz/tls_common.h index 8843347fa1..e53acceade 100644 --- a/security/nss/fuzz/tls_common.h +++ b/security/nss/fuzz/tls_common.h @@ -7,6 +7,7 @@ #include "prinit.h" +void FixTime(PRFileDesc* fd); PRStatus EnableAllProtocolVersions(); void EnableAllCipherSuites(PRFileDesc* fd); void DoHandshake(PRFileDesc* fd, bool isServer); diff --git a/security/nss/fuzz/tls_server_target.cc b/security/nss/fuzz/tls_server_target.cc index 0c09020776..41a55541c4 100644 --- a/security/nss/fuzz/tls_server_target.cc +++ b/security/nss/fuzz/tls_server_target.cc @@ -118,6 +118,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get()); assert(ssl_fd == fd.get()); + FixTime(ssl_fd); SetSocketOptions(ssl_fd, config); DoHandshake(ssl_fd, true); |