Commit d69d8f90 authored by Kurt Roeckx's avatar Kurt Roeckx
Browse files

Make the fuzzers more reproducible 



We want to be in the same global state each time we come in
FuzzerTestOneInput(). There are various reasons why we might not be that
include:
- Initialization that happens on first use. This is mostly the
  RUN_ONCE() things, or loading of error strings.
- Results that get cached. For instance a stack that is sorted, RSA
  blinding that has been set up, ...

So I try to trigger as much as possible in FuzzerInitialize(), and for
things I didn't find out how to trigger this it needs to happen in
FuzzerTestOneInput().

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
GH: #2023
parent 0282aeb6

fuzz/asn1parse.c

+5 −0
Original line number Diff line number Diff line
@@ -16,6 +16,7 @@ 
#include <openssl/asn1.h>

#include <openssl/x509.h>

#include <openssl/x509v3.h>

#include <openssl/err.h>

#include "fuzzer.h"



static BIO *bio_out;
@@ -23,12 +24,16 @@ static BIO *bio_out; 
int FuzzerInitialize(int *argc, char ***argv)

{

    bio_out = BIO_new_file("/dev/null", "w");

    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

    ERR_get_state();

    CRYPTO_free_ex_index(0, -1);

    return 1;

}



int FuzzerTestOneInput(const uint8_t *buf, size_t len)

{

    (void)ASN1_parse_dump(bio_out, buf, len, 0, 0);

    ERR_clear_error();

    return 0;

}

fuzz/bndiv.c

+5 −0
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ 


#include <stdio.h>

#include <openssl/bn.h>

#include <openssl/err.h>

#include "fuzzer.h"



static BN_CTX *ctx;
@@ -33,6 +34,9 @@ int FuzzerInitialize(int *argc, char ***argv) 
    b5 = BN_new();

    ctx = BN_CTX_new();



    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

    ERR_get_state();



    return 1;

}
@@ -104,6 +108,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) 


 done:

    OPENSSL_assert(success);

    ERR_clear_error();



    return 0;

}

fuzz/cms.c

+5 −0
Original line number Diff line number Diff line
@@ -14,10 +14,14 @@ 


#include <openssl/bio.h>

#include <openssl/cms.h>

#include <openssl/err.h>

#include "fuzzer.h"



int FuzzerInitialize(int *argc, char ***argv)

{

    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

    ERR_get_state();

    CRYPTO_free_ex_index(0, -1);

    return 1;

}
@@ -41,6 +45,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) 
    }



    BIO_free(in);

    ERR_clear_error();



    return 0;

}

fuzz/conf.c

+4 −0
Original line number Diff line number Diff line
@@ -13,10 +13,13 @@ 
 */



#include <openssl/conf.h>

#include <openssl/err.h>

#include "fuzzer.h"



int FuzzerInitialize(int *argc, char ***argv)

{

    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

    ERR_get_state();

    return 1;

}
@@ -35,6 +38,7 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) 
    NCONF_load_bio(conf, in, &eline);

    NCONF_free(conf);

    BIO_free(in);

    ERR_clear_error();



    return 0;

}

fuzz/crl.c

+6 −0
Original line number Diff line number Diff line
@@ -10,10 +10,14 @@ 


#include <openssl/x509.h>

#include <openssl/bio.h>

#include <openssl/err.h>

#include "fuzzer.h"



int FuzzerInitialize(int *argc, char ***argv)

{

    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

    ERR_get_state();

    CRYPTO_free_ex_index(0, -1);

    return 1;

}
@@ -33,6 +37,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) 


        X509_CRL_free(crl);

    }

    ERR_clear_error();



    return 0;

}