summaryrefslogtreecommitdiffstats
path: root/security/nss/fuzz
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-08-14 07:52:35 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-08-14 16:42:52 +0200
commitab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch)
tree5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/fuzz
parentf44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff)
downloadUXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz
UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft) - Updated to final TLS 1.3 draft version (28) - Removed TLS 1.3 prerelease draft limit check - Removed NPN code - Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments - Fixed several bugs with TLS 1.3 negotiation - Updated internal certificate store - Added support for the TLS Record Size Limit Extension. - Fixed CVE-2018-0495 - Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/fuzz')
-rw-r--r--security/nss/fuzz/fuzz.gyp3
-rw-r--r--security/nss/fuzz/tls_client_target.cc8
2 files changed, 7 insertions, 4 deletions
diff --git a/security/nss/fuzz/fuzz.gyp b/security/nss/fuzz/fuzz.gyp
index ed1f53d58..69e178319 100644
--- a/security/nss/fuzz/fuzz.gyp
+++ b/security/nss/fuzz/fuzz.gyp
@@ -44,6 +44,9 @@
# This is a static build of pk11wrap, softoken, and freebl.
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
],
+ 'cflags_cc': [
+ '-Wno-error=shadow',
+ ],
'conditions': [
['fuzz_oss==0', {
'sources': [
diff --git a/security/nss/fuzz/tls_client_target.cc b/security/nss/fuzz/tls_client_target.cc
index e59550984..a5b2a2c5f 100644
--- a/security/nss/fuzz/tls_client_target.cc
+++ b/security/nss/fuzz/tls_client_target.cc
@@ -87,15 +87,12 @@ static void SetupCallbacks(PRFileDesc* fd, ClientConfig* config) {
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
- static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
+ std::unique_ptr<NSSDatabase> db(new NSSDatabase());
assert(db != nullptr);
EnableAllProtocolVersions();
std::unique_ptr<ClientConfig> config(new ClientConfig(data, len));
- // Clear the cache. We never want to resume as we couldn't reproduce that.
- SSL_ClearSessionCache();
-
// Reset the RNG state.
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
@@ -114,6 +111,9 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
SetupCallbacks(ssl_fd, config.get());
DoHandshake(ssl_fd, false);
+ // Release all SIDs.
+ SSL_ClearSessionCache();
+
return 0;
}