summaryrefslogtreecommitdiffstats
path: root/security/nss/fuzz
diff options
context:
space:
mode:
Diffstat (limited to 'security/nss/fuzz')
-rw-r--r--security/nss/fuzz/fuzz.gyp3
-rw-r--r--security/nss/fuzz/tls_client_target.cc1
-rw-r--r--security/nss/fuzz/tls_common.cc9
-rw-r--r--security/nss/fuzz/tls_common.h1
-rw-r--r--security/nss/fuzz/tls_server_target.cc1
5 files changed, 14 insertions, 1 deletions
diff --git a/security/nss/fuzz/fuzz.gyp b/security/nss/fuzz/fuzz.gyp
index 69e178319..292930a75 100644
--- a/security/nss/fuzz/fuzz.gyp
+++ b/security/nss/fuzz/fuzz.gyp
@@ -43,6 +43,7 @@
'<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
# This is a static build of pk11wrap, softoken, and freebl.
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
+ '<(DEPTH)/lib/libpkix/libpkix.gyp:libpkix',
],
'cflags_cc': [
'-Wno-error=shadow',
@@ -91,7 +92,7 @@
'-lcrypto',
],
}],
- # For test builds we have to set MPI defines.
+ # For static builds we have to set MPI defines.
[ 'target_arch=="ia32"', {
'defines': [
'MP_USE_UINT_DIGIT',
diff --git a/security/nss/fuzz/tls_client_target.cc b/security/nss/fuzz/tls_client_target.cc
index a5b2a2c5f..461962c5d 100644
--- a/security/nss/fuzz/tls_client_target.cc
+++ b/security/nss/fuzz/tls_client_target.cc
@@ -106,6 +106,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
// Probably not too important for clients.
SSL_SetURL(ssl_fd, "server");
+ FixTime(ssl_fd);
SetSocketOptions(ssl_fd, config);
EnableAllCipherSuites(ssl_fd);
SetupCallbacks(ssl_fd, config.get());
diff --git a/security/nss/fuzz/tls_common.cc b/security/nss/fuzz/tls_common.cc
index 1e66684dc..b00ab26bf 100644
--- a/security/nss/fuzz/tls_common.cc
+++ b/security/nss/fuzz/tls_common.cc
@@ -5,9 +5,18 @@
#include <assert.h>
#include "ssl.h"
+#include "sslexp.h"
#include "tls_common.h"
+static PRTime FixedTime(void*) { return 1234; }
+
+// Fix the time input, to avoid any time-based variation.
+void FixTime(PRFileDesc* fd) {
+ SECStatus rv = SSL_SetTimeFunc(fd, FixedTime, nullptr);
+ assert(rv == SECSuccess);
+}
+
PRStatus EnableAllProtocolVersions() {
SSLVersionRange supported;
diff --git a/security/nss/fuzz/tls_common.h b/security/nss/fuzz/tls_common.h
index 8843347fa..e53accead 100644
--- a/security/nss/fuzz/tls_common.h
+++ b/security/nss/fuzz/tls_common.h
@@ -7,6 +7,7 @@
#include "prinit.h"
+void FixTime(PRFileDesc* fd);
PRStatus EnableAllProtocolVersions();
void EnableAllCipherSuites(PRFileDesc* fd);
void DoHandshake(PRFileDesc* fd, bool isServer);
diff --git a/security/nss/fuzz/tls_server_target.cc b/security/nss/fuzz/tls_server_target.cc
index 0c0902077..41a55541c 100644
--- a/security/nss/fuzz/tls_server_target.cc
+++ b/security/nss/fuzz/tls_server_target.cc
@@ -118,6 +118,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get());
assert(ssl_fd == fd.get());
+ FixTime(ssl_fd);
SetSocketOptions(ssl_fd, config);
DoHandshake(ssl_fd, true);
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 22:50:21 +0000