diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 07:52:35 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 16:42:52 +0200 |
commit | ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch) | |
tree | 5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/fuzz | |
parent | f44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff) | |
download | UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip |
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/fuzz')
-rw-r--r-- | security/nss/fuzz/fuzz.gyp | 3 | ||||
-rw-r--r-- | security/nss/fuzz/tls_client_target.cc | 8 |
2 files changed, 7 insertions, 4 deletions
diff --git a/security/nss/fuzz/fuzz.gyp b/security/nss/fuzz/fuzz.gyp index ed1f53d58..69e178319 100644 --- a/security/nss/fuzz/fuzz.gyp +++ b/security/nss/fuzz/fuzz.gyp @@ -44,6 +44,9 @@ # This is a static build of pk11wrap, softoken, and freebl. '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static', ], + 'cflags_cc': [ + '-Wno-error=shadow', + ], 'conditions': [ ['fuzz_oss==0', { 'sources': [ diff --git a/security/nss/fuzz/tls_client_target.cc b/security/nss/fuzz/tls_client_target.cc index e59550984..a5b2a2c5f 100644 --- a/security/nss/fuzz/tls_client_target.cc +++ b/security/nss/fuzz/tls_client_target.cc @@ -87,15 +87,12 @@ static void SetupCallbacks(PRFileDesc* fd, ClientConfig* config) { } extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { - static std::unique_ptr<NSSDatabase> db(new NSSDatabase()); + std::unique_ptr<NSSDatabase> db(new NSSDatabase()); assert(db != nullptr); EnableAllProtocolVersions(); std::unique_ptr<ClientConfig> config(new ClientConfig(data, len)); - // Clear the cache. We never want to resume as we couldn't reproduce that. - SSL_ClearSessionCache(); - // Reset the RNG state. assert(RNG_RandomUpdate(NULL, 0) == SECSuccess); @@ -114,6 +111,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { SetupCallbacks(ssl_fd, config.get()); DoHandshake(ssl_fd, false); + // Release all SIDs. + SSL_ClearSessionCache(); + return 0; } |