Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-23 04:41:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1927888 - land NSS NSS_3_107_RTM UPGRADE_NSS_RELEASE, r=keeler

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D229812
This commit is contained in:
John Schanck 2024-11-21 18:02:53 +00:00
parent e17c757468
commit e5203a0cc4
49 changed files with 720 additions and 1526 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
security/nss/TAG-INFO
View File

@ -1 +1 @@
NSS_3_107_BETA1
NSS_3_107_RTM

2
security/nss/automation/ossfuzz/build.sh
View File

@ -7,7 +7,7 @@
################################################################################
# List of targets disabled for oss-fuzz.
declare -A disabled=([pkcs8]=1)
declare -A disabled=()
# List of targets we want to fuzz in TLS and non-TLS mode.
declare -A tls_targets=([tls-client]=1 [tls-server]=1 [dtls-client]=1 [dtls-server]=1)

7
security/nss/automation/taskcluster/docker-fuzz/Dockerfile
View File

@ -14,13 +14,16 @@ RUN apt-get update \
ca-certificates \
clang \
clang-tools \
cmake \
curl \
g++-multilib \
git \
gyp \
libboost-dev \
libboost-dev:i386 \
libclang-rt-dev \
libssl-dev \
libssl-dev:i386 \
libsqlite3-dev \
libsqlite3-dev:i386 \
libxml2-utils \
lib32z1-dev \
linux-libc-dev:i386 \

135
security/nss/automation/taskcluster/graph/src/extend.js
View File

@ -635,9 +635,9 @@ async function scheduleLinux(name, overrides, args = "") {
/*****************************************************************************/
function scheduleFuzzingRun(base, name, target, symbol = null, corpus = null) {
const MAX_FUZZ_TIME = 300;
const MAX_FUZZ_TIME = 300;
function scheduleFuzzingRun(base, name, target, corpus = null) {
queue.scheduleTask(merge(base, {
name,
command: [
@ -645,11 +645,11 @@ function scheduleFuzzingRun(base, name, target, symbol = null, corpus = null) {
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
`${target} ${corpus || target} ` +
`-max_total_time=${MAX_FUZZ_TIME} `
`-max_total_time=${MAX_FUZZ_TIME}`
],
provisioner: "nss-t",
workerType: "t-linux-xlarge-gcp",
symbol: symbol || name
symbol: name.replace(" ", "-")
}));
}
@ -671,12 +671,6 @@ async function scheduleFuzzing() {
// Build base definition.
let build_base = merge(base, {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh --fuzz"
],
artifacts: {
public: {
expires: 24 * (process.env.MOZ_SCM_LEVEL == "3" ? 90 : 7),
@ -690,13 +684,19 @@ async function scheduleFuzzing() {
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {
name: "Linux x64 (debug, fuzz)"
name: "Linux x64 (debug, fuzz)",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh --fuzz --disable-tests -Ddisable_libpkix=1 && " +
"nss/automation/taskcluster/scripts/build_cryptofuzz.sh"
],
}));
// The task that builds NSPR+NSS (TLS fuzzing mode).
let task_build_tls = queue.scheduleTask(merge(build_base, {
name: "Linux x64 (debug, TLS fuzz)",
symbol: "B",
group: "TLS",
command: [
"/bin/bash",
@ -710,6 +710,7 @@ async function scheduleFuzzing() {
queue.scheduleTask(merge(base, {
parent: task_build_tls,
name: "Gtests",
group: "TLS",
command: [
"/bin/bash",
"-c",
@ -726,36 +727,35 @@ async function scheduleFuzzing() {
let run_base = merge(base, {parent: task_build, kind: "test"});
scheduleFuzzingRun(run_base, "CertDN", "certDN");
scheduleFuzzingRun(run_base, "PKCS7", "pkcs7");
scheduleFuzzingRun(run_base, "PKCS8", "pkcs8");
scheduleFuzzingRun(run_base, "PKCS12", "pkcs12");
scheduleFuzzingRun(run_base, "QuickDER", "quickder");
// Schedule MPI fuzzing runs.
let mpi_base = merge(run_base, {group: "MPI"});
let mpi_names = ["add", "addmod", "div", "mod", "mulmod", "sqr",
"sqrmod", "sub", "submod"];
for (let name of mpi_names) {
scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, name);
}
scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, "invmod");
scheduleFuzzingRun(mpi_base, `MPI (expmod)`, `mpi-expmod`, "expmod");
scheduleFuzzingRun(run_base, "TLS Client", "tls-client", "tls-client-no_fuzzer_mode");
scheduleFuzzingRun(run_base, "TLS Server", "tls-server", "tls-server-no_fuzzer_mode");
scheduleFuzzingRun(run_base, "DTLS Client", "dtls-client", "dtls-client-no_fuzzer_mode");
scheduleFuzzingRun(run_base, "DTLS Server", "dtls-server", "dtls-server-no_fuzzer_mode");
// Schedule TLS fuzzing runs (non-fuzzing mode).
let tls_base = merge(run_base, {group: "TLS"});
scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", "client-nfm",
"tls-client-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", "server-nfm",
"tls-server-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client",
"dtls-client-nfm", "dtls-client-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server",
"dtls-server-nfm", "dtls-server-no_fuzzer_mode");
// Schedule Cryptofuzz.
queue.scheduleTask(merge(run_base, {
name: "Cryptofuzz",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/cryptofuzz.sh " +
`-max_total_time=${MAX_FUZZ_TIME}`,
],
provisioner: "nss-t",
workerType: "t-linux-xlarge-gcp",
symbol: "Cryptofuzz",
}));
// Schedule TLS fuzzing runs (fuzzing mode).
let tls_fm_base = merge(tls_base, {parent: task_build_tls});
scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", "client");
scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", "server");
scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", "dtls-client");
scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", "dtls-server");
let tls_base = merge(run_base, {parent: task_build_tls, group: "TLS"});
scheduleFuzzingRun(tls_base, "TLS Client", "tls-client");
scheduleFuzzingRun(tls_base, "TLS Server", "tls-server");
scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client");
scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server");
return queue.submit();
}
@ -778,12 +778,6 @@ async function scheduleFuzzing32() {
// Build base definition.
let build_base = merge(base, {
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh --fuzz -t ia32"
],
artifacts: {
public: {
expires: 24 * (process.env.MOZ_SCM_LEVEL == "3" ? 90 : 7),
@ -797,13 +791,19 @@ async function scheduleFuzzing32() {
// The task that builds NSPR+NSS.
let task_build = queue.scheduleTask(merge(build_base, {
name: "Linux 32 (debug, fuzz)"
name: "Linux 32 (debug, fuzz)",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh --fuzz -t ia32 --disable-tests -Ddisable_libpkix=1 && " +
"nss/automation/taskcluster/scripts/build_cryptofuzz.sh --i386"
],
}));
// The task that builds NSPR+NSS (TLS fuzzing mode).
let task_build_tls = queue.scheduleTask(merge(build_base, {
name: "Linux 32 (debug, TLS fuzz)",
symbol: "B",
group: "TLS",
command: [
"/bin/bash",
@ -817,6 +817,7 @@ async function scheduleFuzzing32() {
queue.scheduleTask(merge(base, {
parent: task_build_tls,
name: "Gtests",
group: "TLS",
command: [
"/bin/bash",
"-c",
@ -833,35 +834,35 @@ async function scheduleFuzzing32() {
let run_base = merge(base, {parent: task_build, kind: "test"});
scheduleFuzzingRun(run_base, "CertDN", "certDN");
scheduleFuzzingRun(run_base, "PKCS7", "pkcs7");
scheduleFuzzingRun(run_base, "PKCS8", "pkcs8");
scheduleFuzzingRun(run_base, "PKCS12", "pkcs12");
scheduleFuzzingRun(run_base, "QuickDER", "quickder");
// Schedule MPI fuzzing runs.
let mpi_base = merge(run_base, {group: "MPI"});
let mpi_names = ["add", "addmod", "div", "expmod", "mod", "mulmod", "sqr",
"sqrmod", "sub", "submod"];
for (let name of mpi_names) {
scheduleFuzzingRun(mpi_base, `MPI (${name})`, `mpi-${name}`, name);
}
scheduleFuzzingRun(mpi_base, `MPI (invmod)`, `mpi-invmod`, "invmod");
scheduleFuzzingRun(run_base, "TLS Client", "tls-client", "tls-client-no_fuzzer_mode");
scheduleFuzzingRun(run_base, "TLS Server", "tls-server", "tls-server-no_fuzzer_mode");
scheduleFuzzingRun(run_base, "DTLS Client", "dtls-client", "dtls-client-no_fuzzer_mode");
scheduleFuzzingRun(run_base, "DTLS Server", "dtls-server", "dtls-server-no_fuzzer_mode");
// Schedule TLS fuzzing runs (non-fuzzing mode).
let tls_base = merge(run_base, {group: "TLS"});
scheduleFuzzingRun(tls_base, "TLS Client", "tls-client", "client-nfm",
"tls-client-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "TLS Server", "tls-server", "server-nfm",
"tls-server-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client",
"dtls-client-nfm", "dtls-client-no_fuzzer_mode");
scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server",
"dtls-server-nfm", "dtls-server-no_fuzzer_mode");
// Schedule Cryptofuzz.
queue.scheduleTask(merge(run_base, {
name: "Cryptofuzz",
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && nss/automation/taskcluster/scripts/cryptofuzz.sh " +
`-max_total_time=${MAX_FUZZ_TIME}`,
],
provisioner: "nss-t",
workerType: "t-linux-xlarge-gcp",
symbol: "Cryptofuzz",
}));
// Schedule TLS fuzzing runs (fuzzing mode).
let tls_fm_base = merge(tls_base, {parent: task_build_tls});
scheduleFuzzingRun(tls_fm_base, "TLS Client", "tls-client", "client");
scheduleFuzzingRun(tls_fm_base, "TLS Server", "tls-server", "server");
scheduleFuzzingRun(tls_fm_base, "DTLS Client", "dtls-client", "dtls-client");
scheduleFuzzingRun(tls_fm_base, "DTLS Server", "dtls-server", "dtls-server");
let tls_base = merge(run_base, {parent: task_build_tls, group: "TLS"});
scheduleFuzzingRun(tls_base, "TLS Client", "tls-client");
scheduleFuzzingRun(tls_base, "TLS Server", "tls-server");
scheduleFuzzingRun(tls_base, "DTLS Client", "dtls-client");
scheduleFuzzingRun(tls_base, "DTLS Server", "dtls-server");
return queue.submit();
}

97
security/nss/automation/taskcluster/scripts/build_cryptofuzz.sh Executable file
View File

@ -0,0 +1,97 @@
#!/usr/bin/env bash
source $(dirname "$0")/tools.sh
# Do differential fuzzing with Botan (and not OpenSSL) since NSS has
# symbol collisions with OpenSSL and therefore they can't be used together
# in Cryptofuzz.
export CRYPTOFUZZ_VERSION="687d3064c5cef2b0fe1f30824065a2f2c9c0bbd8"
export BOTAN_VERSION="3.6.1"
git clone -q https://github.com/guidovranken/cryptofuzz.git
git -C cryptofuzz checkout "$CRYPTOFUZZ_VERSION"
git clone -q https://github.com/randombit/botan.git
git -C botan checkout "$BOTAN_VERSION"
export CC="clang"
export CXX="clang++"
export CFLAGS="-fsanitize=address,fuzzer-no-link -O2 -g"
export CXXFLAGS="-fsanitize=address,fuzzer-no-link -O2 -g"
if [ "$1" = "--i386" ]; then
# Make sure everything is compiled and linked with 32-bit.
export CFLAGS="$CFLAGS -m32"
export CXXFLAGS="$CXXFLAGS -m32"
export LD_FLAGS="$LD_FLAGS -m32"
export LINK_FLAGS="$LINK_FLAGS -m32"
# Some static libraries aren't built on 32-bit systems, but still assumed
# to exist by Cryptofuzz.
sed -i "/libhw-acc-crypto-avx.a/d" cryptofuzz/modules/nss/Makefile
sed -i "/libhw-acc-crypto-avx2.a/d" cryptofuzz/modules/nss/Makefile
else
# UBSan is only enabled for 64-bit builds of NSS.
export CFLAGS="$CFLAGS -fsanitize=undefined"
export CXXFLAGS="$CXXFLAGS -fsanitize=undefined"
fi
# Build Botan.
pushd botan
if [ "$1" = "--i386" ]; then
./configure.py --cpu=x86_32 \
--cc-bin=$CXX \
--cc-abi-flags="$CXXFLAGS" \
--disable-shared \
--disable-modules=locking_allocator \
--build-targets=static \
--without-documentation
else
./configure.py --cc-bin=$CXX \
--cc-abi-flags="$CXXFLAGS" \
--disable-shared \
--disable-modules=locking_allocator \
--build-targets=static \
--without-documentation
fi
make -j"$(nproc)"
popd
# Generate Cryptofuzz header.
pushd cryptofuzz
./gen_repository.py
popd
# Build Botan module.
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN"
export LIBBOTAN_A_PATH="$(realpath botan/libbotan-3.a)"
export BOTAN_INCLUDE_PATH="$(realpath botan/build/include)"
pushd cryptofuzz/modules/botan
make -j"$(nproc)"
popd
# Build NSS module.
export NSS_NSPR_PATH="$PWD"
export CXXFLAGS="$CXXFLAGS -I $NSS_NSPR_PATH/dist/public/nss -I $NSS_NSPR_PATH/dist/Debug/include/nspr -DCRYPTOFUZZ_NSS -DCRYPTOFUZZ_NO_OPENSSL"
export LINK_FLAGS="$LINK_FLAGS -lsqlite3"
# The library lies somewhere else than what is expected by Cryptofuzz.
sed -i "s/nspr\/Debug\/pr\/src/dist\/Debug\/lib/" cryptofuzz/modules/nss/Makefile
pushd cryptofuzz/modules/nss
make -j"$(nproc)"
popd
# Build Cryptofuzz.
export LIBFUZZER_LINK="-fsanitize=fuzzer"
pushd cryptofuzz
make -j"$(nproc)"
popd
# Package
mkdir -p artifacts
tar cvfjh artifacts/cryptofuzz.tar.bz2 cryptofuzz

40
security/nss/automation/taskcluster/scripts/cryptofuzz.sh Executable file
View File

@ -0,0 +1,40 @@
#!/usr/bin/env bash
source $(dirname "$0")/tools.sh
# Fetch Cryptofuzz artifact.
if [ "$TASKCLUSTER_ROOT_URL" = "https://taskcluster.net" ] || [ -z "$TASKCLUSTER_ROOT_URL" ]; then
url=https://queue.taskcluster.net/v1/task/$TC_PARENT_TASK_ID/artifacts/public/cryptofuzz.tar.bz2
else
url=$TASKCLUSTER_ROOT_URL/api/queue/v1/task/$TC_PARENT_TASK_ID/artifacts/public/cryptofuzz.tar.bz2
fi
if [ ! -d "cryptofuzz" ]; then
curl --retry 3 -Lo cryptofuzz.tar.bz2 $url
tar xvjf cryptofuzz.tar.bz2
fi
# Clone corpus.
mkdir -p nss/fuzz/corpus/cryptofuzz
pushd nss/fuzz/corpus/cryptofuzz
curl -O "https://storage.googleapis.com/cryptofuzz-backup.clusterfuzz-external.appspot.com/corpus/libFuzzer/cryptofuzz_cryptofuzz-nss/public.zip"
unzip public.zip
rm -f public.zip
popd
# Generate dictionary
./cryptofuzz/generate_dict
# Run Cryptofuzz.
./cryptofuzz/cryptofuzz -dict="cryptofuzz-dict.txt" "nss/fuzz/corpus/cryptofuzz" "$@"
# Alert if version is older than half a year.
cryptofuzz_timestamp=$(git -C cryptofuzz show -s --format=%ct $CRYPTOFUZZ_VERSION)
current_timestamp=$(date +%s)
half_a_year=$((60 * 60 * 24 * 183))
if [ $((current_timestamp - cryptofuzz_timestamp)) -gt $half_a_year ]; then
echo "Cryptofuzz version is older than half a year. Please consider updating it (and Botan). Thanks!" >&2
exit 1
fi

8
security/nss/build.sh
View File

@ -104,6 +104,7 @@ while [ $# -gt 0 ]; do
--pprof) gyp_params+=(-Duse_pprof=1) ;;
--asan) enable_sanitizer asan ;;
--msan) enable_sanitizer msan ;;
--tsan) enable_sanitizer tsan ;;
--sourcecov) enable_sourcecov ;;
--ubsan) enable_ubsan ;;
--ubsan=?*) enable_ubsan "${1#*=}" ;;
@ -144,6 +145,13 @@ if [ "$opt_build" = 1 ] && [ "$fuzz" = 1 ]; then
exit 1
fi
if [ -n "${sanitizers["tsan"]:-}" ] && ([ "$CC" != "clang" ] ||
[ "$CCC" != "clang++" ] ||
[ "$CXX" != "clang++" ]); then
echo "Specifying --tsan requires clang." >&2
exit 1
fi
if [ -n "$python" ]; then
gyp_params+=(-Dpython="$python")
fi

1
security/nss/coreconf/coreconf.dep
View File

@ -10,3 +10,4 @@
*/
#error "Do not include this header file."

6
security/nss/coreconf/sanitizers.py
View File

@ -5,7 +5,7 @@ import sys
def main():
if len(sys.argv) < 2:
raise Exception('Specify either "asan", "fuzzer", "msan", "sancov", "sourcecov" or "ubsan" as argument.')
raise Exception('Specify either "asan", "fuzzer", "msan", "sancov", "sourcecov", "tsan" or "ubsan" as argument.')
sanitizer = sys.argv[1]
if sanitizer == "ubsan":
@ -30,6 +30,10 @@ def main():
if sanitizer == "sourcecov":
print('-fprofile-instr-generate -fcoverage-mapping', end='')
return
if sanitizer == "tsan":
print('-fsanitize=thread ', end='')
print('-fno-omit-frame-pointer -fno-optimize-sibling-calls ', end='')
return
if sanitizer == "fuzzer":
print('-fsanitize=fuzzer-no-link ', end='')
return

44
security/nss/doc/rst/releases/index.rst
View File

@ -8,6 +8,7 @@ Releases
:glob:
:hidden:
nss_3_107.rst
nss_3_106.rst
nss_3_105.rst
nss_3_104.rst
@ -78,7 +79,7 @@ Releases
.. note::
**NSS 3.106** is the latest version of NSS.
**NSS 3.107** is the latest version of NSS.
Complete release notes are available here: :ref:`mozilla_projects_nss_nss_3_106_release_notes`
**NSS 3.101.2 (ESR)** is the latest ESR version of NSS.
@ -86,24 +87,25 @@ Releases
.. container::
Changes in 3.106 included in this release:
- Bug 1925975 - NSS 3.106 should be distributed with NSPR 4.36.
- Bug 1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
- Bug 1899402 - Correctly destroy bulkkey in error scenario.
- Bug 1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
- Bug 1923002 - Extract certificates with handshake collection script.
- Bug 1923006 - Specify len_control for fuzz targets.
- Bug 1923280 - Fix memory leak in dumpCertificatePEM.
- Bug 1102981 - Fix UBSan errors for SECU_PrintCertificate and SECU_PrintCertificateBasicInfo.
- Bug 1921528 - add new error codes to mozilla::pkix for Firefox to use.
- Bug 1921768 - allow null phKey in NSC_DeriveKey.
- Bug 1921801 - Only create seed corpus zip from existing corpus.
- Bug 1826035 - Use explicit allowlist for for KDF PRFS.
- Bug 1920138 - Increase optimization level for fuzz builds.
- Bug 1920470 - Remove incorrect assert.
- Bug 1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
- Bug 1920945 - Polish corpus collection for automation.
- Bug 1917572 - Detect new and unfuzzed SSL options.
- Bug 1804646 - PKCS12 fuzzing target.
Changes in 3.107 included in this release:
- Bug 1923038 - Remove MPI fuzz targets.
- Bug 1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
- Bug 1919015 - Enable PKCS8 fuzz target.
- Bug 1923037 - Integrate Cryptofuzz in CI.
- Bug 1913677 - Part 2: Set tls server target socket options in config class.
- Bug 1913677 - Part 1: Set tls client target socket options in config class.
- Bug 1913680 - Support building with thread sanitizer.
- Bug 1922392 - set nssckbi version number to 2.72.
- Bug 1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4.
- Bug 1920641 - remove Security Communication RootCA3 root cert.
- Bug 1918559 - remove SecureSign RootCA11 root cert.
- Bug 1922387 - Add distrust-after for TLS to Entrust Roots.
- Bug 1927096 - update expected error code in pk12util pbmac1 tests.
- Bug 1929041 - Use random tstclnt args with handshake collection script.
- Bug 1920466 - Remove extraneous assert in ssl3gthr.c.
- Bug 1928402 - Adding missing release notes for NSS_3_105.
- Bug 1874451 - Enable the disabled mlkem tests for dtls.
- Bug 1874451 - NSS gtests filter cleans up the constucted buffer before the use.
- Bug 1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
- Bug 1925503 - Remove short circuit test from ssl_Init.

54
security/nss/doc/rst/releases/nss_3_107.rst Normal file
View File

@ -0,0 +1,54 @@
.. _mozilla_projects_nss_nss_3_107_release_notes:
NSS 3.107 release notes
========================
`Introduction <#introduction>`__
--------------------------------
.. container::
Network Security Services (NSS) 3.107 was released on *21 November 2024**.
`Distribution Information <#distribution_information>`__
--------------------------------------------------------
.. container::
The HG tag is NSS_3_107_RTM. NSS 3.107 requires NSPR 4.35 or newer. The latest version of NSPR is 4.36.
NSS 3.107 source distributions are available on ftp.mozilla.org for secure HTTPS download:
- Source tarballs:
https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_3_107_RTM/src/
Other releases are available :ref:`mozilla_projects_nss_releases`.
.. _changes_in_nss_3.107:
`Changes in NSS 3.107 <#changes_in_nss_3.107>`__
------------------------------------------------------------------
.. container::
- Bug 1923038 - Remove MPI fuzz targets.
- Bug 1925512 - Remove globals `lockStatus` and `locksEverDisabled`.
- Bug 1919015 - Enable PKCS8 fuzz target.
- Bug 1923037 - Integrate Cryptofuzz in CI.
- Bug 1913677 - Part 2: Set tls server target socket options in config class.
- Bug 1913677 - Part 1: Set tls client target socket options in config class.
- Bug 1913680 - Support building with thread sanitizer.
- Bug 1922392 - set nssckbi version number to 2.72.
- Bug 1919913 - remove Websites Trust Bit from Entrust Root Certification Authority - G4.
- Bug 1920641 - remove Security Communication RootCA3 root cert.
- Bug 1918559 - remove SecureSign RootCA11 root cert.
- Bug 1922387 - Add distrust-after for TLS to Entrust Roots.
- Bug 1927096 - update expected error code in pk12util pbmac1 tests.
- Bug 1929041 - Use random tstclnt args with handshake collection script.
- Bug 1920466 - Remove extraneous assert in ssl3gthr.c.
- Bug 1928402 - Adding missing release notes for NSS_3_105.
- Bug 1874451 - Enable the disabled mlkem tests for dtls.
- Bug 1874451 - NSS gtests filter cleans up the constucted buffer before the use.
- Bug 1925505 - Make ssl_SetDefaultsFromEnvironment thread-safe.
- Bug 1925503 - Remove short circuit test from ssl_Init.

177
security/nss/fuzz/fuzz.gyp
View File

@ -66,42 +66,6 @@
}]
],
},
{
'target_name': 'nssfuzz-mpi-base',
'type': 'none',
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'fuzz_base',
],
'direct_dependent_settings': {
'include_dirs': [
'<(DEPTH)/lib/freebl/mpi',
],
'sources': [
'mpi_helper.cc',
],
'conditions': [
[ 'fuzz_oss==1', {
'libraries': [
'/usr/lib/x86_64-linux-gnu/libcrypto.a',
],
}, {
'libraries': [
'-lcrypto',
],
}],
# For static builds we have to set MPI defines.
[ 'target_arch=="ia32"', {
'defines': [
'MP_USE_UINT_DIGIT',
'MP_ASSEMBLY_MULTIPLY',
'MP_ASSEMBLY_SQUARE',
'MP_ASSEMBLY_DIV_2DX1D',
],
}],
],
},
},
{
'target_name': 'nssfuzz-pkcs7',
'type': 'executable',
@ -162,130 +126,6 @@
'fuzz_base',
],
},
{
'target_name': 'nssfuzz-mpi-add',
'type': 'executable',
'sources': [
'mpi_add_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-sub',
'type': 'executable',
'sources': [
'mpi_sub_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-sqr',
'type': 'executable',
'sources': [
'mpi_sqr_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-div',
'type': 'executable',
'sources': [
'mpi_div_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-mod',
'type': 'executable',
'sources': [
'mpi_mod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-sqrmod',
'type': 'executable',
'sources': [
'mpi_sqrmod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-addmod',
'type': 'executable',
'sources': [
'mpi_addmod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-submod',
'type': 'executable',
'sources': [
'mpi_submod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-mulmod',
'type': 'executable',
'sources': [
'mpi_mulmod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-expmod',
'type': 'executable',
'sources': [
'mpi_expmod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
},
{
'target_name': 'nssfuzz-mpi-invmod',
'type': 'executable',
'sources': [
'mpi_invmod_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'nssfuzz-mpi-base',
],
'include_dirs': [
'<(DEPTH)/lib/freebl',
],
},
{
'target_name': 'nssfuzz-tls-base',
'type': 'static_library',
@ -383,23 +223,6 @@
'nssfuzz-tls-client',
'nssfuzz-tls-server',
],
'conditions': [
['OS=="linux"', {
'dependencies': [
'nssfuzz-mpi-add',
'nssfuzz-mpi-addmod',
'nssfuzz-mpi-div',
'nssfuzz-mpi-expmod',
'nssfuzz-mpi-invmod',
'nssfuzz-mpi-mod',
'nssfuzz-mpi-mulmod',
'nssfuzz-mpi-sqr',
'nssfuzz-mpi-sqrmod',
'nssfuzz-mpi-sub',
'nssfuzz-mpi-submod',
],
}],
],
}
],
}

42
security/nss/fuzz/mpi_add_target.cc
View File

@ -1,42 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
// Compare with OpenSSL addition
assert(mp_add(&a, &b, &c) == MP_OKAY);
(void)BN_add(C, A, B);
check_equal(C, &c, max_size);
// Check a + b == a - -b
mp_neg(&b, &b);
assert(mp_sub(&a, &b, &r) == MP_OKAY);
bool eq = mp_cmp(&r, &c) == 0;
if (!eq) {
char rC[max_size], cC[max_size], aC[max_size], bC[max_size];
mp_tohex(&r, rC);
mp_tohex(&c, cC);
mp_tohex(&a, aC);
mp_tohex(&b, bC);
std::cout << "a = " << std::hex << aC << std::endl;
std::cout << "-b = " << std::hex << bC << std::endl;
std::cout << "a + b = " << std::hex << cC << std::endl;
std::cout << "a - -b = " << std::hex << rC << std::endl;
}
assert(eq);
CLEANUP_AND_RETURN
}

27
security/nss/fuzz/mpi_addmod_target.cc
View File

@ -1,27 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
auto modulus = get_modulus(data, size, ctx);
// Compare with OpenSSL add mod
m1 = &std::get<1>(modulus);
assert(mp_addmod(&a, &b, m1, &c) == MP_OKAY);
(void)BN_mod_add(C, A, B, std::get<0>(modulus), ctx);
check_equal(C, &c, max_size);
CLEANUP_AND_RETURN
}

36
security/nss/fuzz/mpi_div_target.cc
View File

@ -1,36 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
// We can't divide by 0.
if (mp_cmp_z(&b) == 0) {
CLEANUP_AND_RETURN
}
// Compare with OpenSSL division
assert(mp_div(&a, &b, &c, &r) == MP_OKAY);
BN_div(C, R, A, B, ctx);
check_equal(C, &c, max_size);
check_equal(R, &r, max_size);
// Check c * b + r == a
assert(mp_mul(&c, &b, &c) == MP_OKAY);
assert(mp_add(&c, &r, &c) == MP_OKAY);
assert(mp_cmp(&c, &a) == 0);
CLEANUP_AND_RETURN
}

36
security/nss/fuzz/mpi_expmod_target.cc
View File

@ -1,36 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
auto modulus = get_modulus(data, size, ctx);
// Compare with OpenSSL exp mod
m1 = &std::get<1>(modulus);
// The exponent b (B) can get really big. Make it smaller if necessary.
if (MP_USED(&b) > 100) {
size_t shift = (MP_USED(&b) - 100) * MP_DIGIT_BIT;
mp_div_2d(&b, shift, &b, nullptr);
BN_rshift(B, B, shift);
}
check_equal(A, &a, max_size);
check_equal(B, &b, max_size);
check_equal(std::get<0>(modulus), m1, 3 * max_size);
assert(mp_exptmod(&a, &b, m1, &c) == MP_OKAY);
(void)BN_mod_exp(C, A, B, std::get<0>(modulus), ctx);
check_equal(C, &c, 2 * max_size);
CLEANUP_AND_RETURN
}

106
security/nss/fuzz/mpi_helper.cc
View File

@ -1,106 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Helper functions for MPI fuzzing targets. */
#include "mpi_helper.h"
#include <cstdlib>
#include <random>
char *to_char(const uint8_t *x) {
return reinterpret_cast<char *>(const_cast<unsigned char *>(x));
}
void print_bn(std::string label, BIGNUM *x) {
char *xc = BN_bn2hex(x);
std::cout << label << ": " << std::hex << xc << std::endl;
OPENSSL_free(xc);
}
// Check that the two numbers are equal.
void check_equal(BIGNUM *b, mp_int *m, size_t max_size) {
char *bnBc = BN_bn2hex(b);
char mpiMc[max_size];
mp_tohex(m, mpiMc);
std::string bnA(bnBc);
std::string mpiA(mpiMc);
OPENSSL_free(bnBc);
// We have to strip leading zeros from bignums, ignoring the sign.
if (bnA.at(0) != '-') {
bnA.erase(0, std::min(bnA.find_first_not_of('0'), bnA.size() - 1));
} else if (bnA.at(1) == '0') {
bnA.erase(1, std::min(bnA.find_first_not_of('0', 1) - 1, bnA.size() - 1));
}
if (mpiA != bnA) {
std::cout << "openssl: " << std::hex << bnA << std::endl;
std::cout << "nss: " << std::hex << mpiA << std::endl;
}
assert(mpiA == bnA);
}
// Parse data into two numbers for MPI and OpenSSL Bignum.
void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
mp_int *a, mp_int *b) {
// Note that b might overlap a.
size_t len = (size_t)size / 2;
assert(mp_read_raw(a, to_char(data), len) == MP_OKAY);
assert(mp_read_raw(b, to_char(data) + len, len) == MP_OKAY);
// Force a positive sign.
// TODO: add tests for negatives.
MP_SIGN(a) = MP_ZPOS;
MP_SIGN(b) = MP_ZPOS;
// Skip the first byte as it's interpreted as sign by NSS.
assert(BN_bin2bn(data + 1, len - 1, A) != nullptr);
assert(BN_bin2bn(data + len + 1, len - 1, B) != nullptr);
check_equal(A, a, 2 * size + 1);
check_equal(B, b, 2 * size + 1);
}
// Parse data into a number for MPI and OpenSSL Bignum.
void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a) {
assert(mp_read_raw(a, to_char(data), size) == MP_OKAY);
// Force a positive sign.
// TODO: add tests for negatives.
MP_SIGN(a) = MP_ZPOS;
// Skip the first byte as it's interpreted as sign by NSS.
assert(BN_bin2bn(data + 1, size - 1, A) != nullptr);
check_equal(A, a, 4 * size + 1);
}
// Take a chunk in the middle of data and use it as modulus.
std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
BN_CTX *ctx) {
BIGNUM *r1 = BN_CTX_get(ctx);
mp_int r2;
assert(mp_init(&r2) == MP_OKAY);
size_t len = static_cast<size_t>(size / 4);
if (len != 0) {
assert(mp_read_raw(&r2, to_char(data + len), len) == MP_OKAY);
MP_SIGN(&r2) = MP_ZPOS;
assert(BN_bin2bn(data + len + 1, len - 1, r1) != nullptr);
check_equal(r1, &r2, 2 * len + 1);
}
// If we happen to get 0 for the modulus, take a random number.
if (mp_cmp_z(&r2) == 0 || len == 0) {
mp_zero(&r2);
BN_zero(r1);
std::mt19937 rng(data[0]);
std::uniform_int_distribution<mp_digit> dist(1, MP_DIGIT_MAX);
mp_digit x = dist(rng);
mp_add_d(&r2, x, &r2);
BN_add_word(r1, x);
}
return std::make_tuple(r1, r2);
}

87
security/nss/fuzz/mpi_helper.h
View File

@ -1,87 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/* Helper functions for MPI fuzzing targets. */
#ifndef mpi_helper_h__
#define mpi_helper_h__
#include <iostream>
#include <string>
#include <tuple>
#include <vector>
#include "hasht.h"
#include "mpi.h"
#include <openssl/bn.h>
void check_equal(BIGNUM *b, mp_int *m, size_t max_size);
void parse_input(const uint8_t *data, size_t size, BIGNUM *A, BIGNUM *B,
mp_int *a, mp_int *b);
void parse_input(const uint8_t *data, size_t size, BIGNUM *A, mp_int *a);
std::tuple<BIGNUM *, mp_int> get_modulus(const uint8_t *data, size_t size,
BN_CTX *ctx);
void print_bn(std::string label, BIGNUM *x);
// Initialise MPI and BN variables
// XXX: Also silence unused variable warnings for R.
#define INIT_FOUR_NUMBERS \
mp_int a, b, c, r; \
mp_int *m1 = nullptr; \
BN_CTX *ctx = BN_CTX_new(); \
BN_CTX_start(ctx); \
BIGNUM *A = BN_CTX_get(ctx); \
BIGNUM *B = BN_CTX_get(ctx); \
BIGNUM *C = BN_CTX_get(ctx); \
BIGNUM *R = BN_CTX_get(ctx); \
assert(mp_init(&a) == MP_OKAY); \
assert(mp_init(&b) == MP_OKAY); \
assert(mp_init(&c) == MP_OKAY); \
assert(mp_init(&r) == MP_OKAY); \
size_t max_size = 2 * size + 1; \
parse_input(data, size, A, B, &a, &b); \
do { \
(void)(R); \
} while (0);
// Initialise MPI and BN variables
// XXX: Also silence unused variable warnings for B.
#define INIT_THREE_NUMBERS \
mp_int a, b, c; \
BN_CTX *ctx = BN_CTX_new(); \
BN_CTX_start(ctx); \
BIGNUM *A = BN_CTX_get(ctx); \
BIGNUM *B = BN_CTX_get(ctx); \
BIGNUM *C = BN_CTX_get(ctx); \
assert(mp_init(&a) == MP_OKAY); \
assert(mp_init(&b) == MP_OKAY); \
assert(mp_init(&c) == MP_OKAY); \
size_t max_size = 4 * size + 1; \
parse_input(data, size, A, &a); \
do { \
(void)(B); \
} while (0);
#define CLEANUP_AND_RETURN \
mp_clear(&a); \
mp_clear(&b); \
mp_clear(&c); \
mp_clear(&r); \
if (m1) { \
mp_clear(m1); \
} \
BN_CTX_end(ctx); \
BN_CTX_free(ctx); \
return 0;
#define CLEANUP_AND_RETURN_THREE \
mp_clear(&a); \
mp_clear(&b); \
mp_clear(&c); \
BN_CTX_end(ctx); \
BN_CTX_free(ctx); \
return 0;
#endif // mpi_helper_h__

69
security/nss/fuzz/mpi_invmod_target.cc
View File

@ -1,69 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
#include "mpprime.h"
#include <algorithm>
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 4 to get everything we need from data.
if (size < 4) {
return 0;
}
INIT_THREE_NUMBERS
// Make a prime of length size.
int count = 0;
mp_err res = MP_NO;
// mpp_make_prime is so slow :( use something smaller than size.
int primeLen = std::max(static_cast<int>(size / 4), 3);
uint8_t bp[primeLen];
memcpy(bp, data, primeLen);
do {
bp[0] |= 0x80; /* set high-order bit */
bp[primeLen - 1] |= 0x01; /* set low-order bit */
++count;
assert(mp_read_unsigned_octets(&b, bp, primeLen) == MP_OKAY);
} while ((res = mpp_make_prime(&b, primeLen * 8, PR_FALSE)) != MP_YES &&
count < 10);
if (res != MP_YES) {
return 0;
}
// Use the same prime in OpenSSL B
char tmp[max_size];
mp_toradix(&b, tmp, 16);
int tmpLen;
assert((tmpLen = BN_hex2bn(&B, tmp)) != 0);
// Compare with OpenSSL invmod
res = mp_invmod(&a, &b, &c);
BIGNUM *X = BN_mod_inverse(C, A, B, ctx);
if (res != MP_OKAY) {
// In case we couldn't compute the inverse, OpenSSL shouldn't be able to
// either.
assert(X == nullptr);
} else {
check_equal(C, &c, max_size);
// Check a * c mod b == 1
assert(mp_mulmod(&a, &c, &b, &c) == MP_OKAY);
bool eq = mp_cmp_d(&c, 1) == 0;
if (!eq) {
char cC[max_size];
mp_tohex(&c, cC);
std::cout << "c = " << std::hex << cC << std::endl;
}
assert(eq);
}
CLEANUP_AND_RETURN_THREE
}

36
security/nss/fuzz/mpi_mod_target.cc
View File

@ -1,36 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
// We can't divide by 0.
if (mp_cmp_z(&b) == 0) {
CLEANUP_AND_RETURN
}
// Compare with OpenSSL mod
assert(mp_mod(&a, &b, &c) == MP_OKAY);
(void)BN_mod(C, A, B, ctx);
check_equal(C, &c, max_size);
// Check a mod b = a - floor(a / b) * b
assert(mp_div(&a, &b, &r, nullptr) == MP_OKAY);
assert(mp_mul(&r, &b, &r) == MP_OKAY);
assert(mp_sub(&a, &r, &r) == MP_OKAY);
assert(mp_cmp(&c, &r) == 0);
CLEANUP_AND_RETURN
}

27
security/nss/fuzz/mpi_mulmod_target.cc
View File

@ -1,27 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
auto modulus = get_modulus(data, size, ctx);
// Compare with OpenSSL mul mod
m1 = &std::get<1>(modulus);
assert(mp_mulmod(&a, &b, m1, &c) == MP_OKAY);
(void)BN_mod_mul(C, A, B, std::get<0>(modulus), ctx);
check_equal(C, &c, max_size);
CLEANUP_AND_RETURN
}

40
security/nss/fuzz/mpi_sqr_target.cc
View File

@ -1,40 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 2 to get an integers from Data.
if (size < 2) {
return 0;
}
INIT_THREE_NUMBERS
// Compare with OpenSSL sqr
assert(mp_sqr(&a, &c) == MP_OKAY);
(void)BN_sqr(C, A, ctx);
check_equal(C, &c, max_size);
// Check a * a == a**2
assert(mp_mul(&a, &a, &b) == MP_OKAY);
bool eq = mp_cmp(&b, &c) == 0;
if (!eq) {
char rC[max_size], cC[max_size], aC[max_size];
mp_tohex(&b, rC);
mp_tohex(&c, cC);
mp_tohex(&a, aC);
std::cout << "a = " << std::hex << aC << std::endl;
std::cout << "a * a = " << std::hex << cC << std::endl;
std::cout << "a ** 2 = " << std::hex << rC << std::endl;
}
assert(eq);
CLEANUP_AND_RETURN_THREE
}

36
security/nss/fuzz/mpi_sqrmod_target.cc
View File

@ -1,36 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_THREE_NUMBERS
// We can't divide by 0.
if (mp_cmp_z(&b) == 0) {
mp_clear(&a);
mp_clear(&b);
mp_clear(&c);
BN_CTX_end(ctx);
BN_CTX_free(ctx);
return 0;
}
// Compare with OpenSSL square mod
assert(mp_sqrmod(&a, &b, &c) == MP_OKAY);
(void)BN_mod_sqr(C, A, B, ctx);
check_equal(C, &c, max_size);
CLEANUP_AND_RETURN_THREE
}

42
security/nss/fuzz/mpi_sub_target.cc
View File

@ -1,42 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
// Compare with OpenSSL subtraction
assert(mp_sub(&a, &b, &c) == MP_OKAY);
(void)BN_sub(C, A, B);
check_equal(C, &c, max_size);
// Check a - b == a + -b
mp_neg(&b, &b);
assert(mp_add(&a, &b, &r) == MP_OKAY);
bool eq = mp_cmp(&r, &c) == 0;
if (!eq) {
char rC[max_size], cC[max_size], aC[max_size], bC[max_size];
mp_tohex(&r, rC);
mp_tohex(&c, cC);
mp_tohex(&a, aC);
mp_tohex(&b, bC);
std::cout << "a = " << std::hex << aC << std::endl;
std::cout << "-b = " << std::hex << bC << std::endl;
std::cout << "a - b = " << std::hex << cC << std::endl;
std::cout << "a + -b = " << std::hex << rC << std::endl;
}
assert(eq);
CLEANUP_AND_RETURN
}

27
security/nss/fuzz/mpi_submod_target.cc
View File

@ -1,27 +0,0 @@
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/*
* This target fuzzes NSS mpi against openssl bignum.
* It therefore requires openssl to be installed.
*/
#include "mpi_helper.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
// We require at least size 3 to get two integers from Data.
if (size < 3) {
return 0;
}
INIT_FOUR_NUMBERS
auto modulus = get_modulus(data, size, ctx);
// Compare with OpenSSL sub mod
m1 = &std::get<1>(modulus);
assert(mp_submod(&a, &b, m1, &c) == MP_OKAY);
(void)BN_mod_sub(C, A, B, std::get<0>(modulus), ctx);
check_equal(C, &c, 2 * max_size);
CLEANUP_AND_RETURN
}

3
security/nss/fuzz/options/mpi-add.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-addmod.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-div.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-expmod.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 1024

2
security/nss/fuzz/options/mpi-invmod.options
View File

@ -1,2 +0,0 @@
[libfuzzer]
max_len = 256

3
security/nss/fuzz/options/mpi-mod.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-mulmod.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-sqr.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-sqrmod.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-sub.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/mpi-submod.options
View File

@ -1,3 +0,0 @@
[libfuzzer]
max_len = 2048

3
security/nss/fuzz/options/pkcs8.options Normal file
View File

@ -0,0 +1,3 @@
[libfuzzer]
len_control = 100
max_len = 16777215

301
security/nss/fuzz/tls_client_config.cc
View File

@ -4,33 +4,45 @@
#include "tls_client_config.h"
#include <cassert>
#include <cstddef>
#include <cstdint>
#include <memory>
#include "sslt.h"
#include "nss_scoped_ptrs.h"
#include "nssb64.h"
#include "prio.h"
#include "prtypes.h"
#include "seccomon.h"
#include "ssl.h"
#include "sslexp.h"
const uint32_t CONFIG_FAIL_CERT_AUTH = 1 << 0;
const uint32_t CONFIG_ENABLE_EXTENDED_MS = 1 << 1;
const uint32_t CONFIG_REQUIRE_DH_NAMED_GROUPS = 1 << 2;
const uint32_t CONFIG_ENABLE_FALSE_START = 1 << 3;
const uint32_t CONFIG_ENABLE_DEFLATE = 1 << 4;
const uint32_t CONFIG_ENABLE_CBC_RANDOM_IV = 1 << 5;
const uint32_t CONFIG_REQUIRE_SAFE_NEGOTIATION = 1 << 6;
const uint32_t CONFIG_NO_CACHE = 1 << 7;
const uint32_t CONFIG_ENABLE_GREASE = 1 << 8;
const uint32_t CONFIG_ENABLE_CH_EXTENSION_PERMUTATION = 1 << 9;
const uint32_t CONFIG_SET_CERTIFICATION_COMPRESSION_ALGORITHM = 1 << 10;
const uint32_t CONFIG_SET_CLIENT_ECH_CONFIGS = 1 << 11;
const uint32_t CONFIG_VERSION_RANGE_SET = 1 << 12;
const uint32_t CONFIG_ADD_EXTERNAL_PSK = 1 << 13;
const uint32_t CONFIG_ENABLE_POST_HANDSHAKE_AUTH = 1 << 14;
const uint32_t CONFIG_ENABLE_ZERO_RTT = 1 << 15;
const uint32_t CONFIG_ENABLE_ALPN = 1 << 16;
const uint32_t CONFIG_ENABLE_FALLBACK_SCSV = 1 << 17;
const uint32_t CONFIG_ENABLE_OCSP_STAPLING = 1 << 18;
const uint32_t CONFIG_ENABLE_SESSION_TICKETS = 1 << 19;
const uint32_t CONFIG_ENABLE_TLS13_COMPAT_MODE = 1 << 20;
const uint32_t CONFIG_NO_LOCKS = 1 << 21;
#include "tls_common.h"
#ifndef IS_DTLS_FUZZ
const char kEchConfigs[] =
"AEX+"
"DQBBcQAgACDh4IuiuhhInUcKZx5uYcehlG9PQ1ZlzhvVZyjJl7dscQAEAAEAAQASY2xvdWRmbG"
"FyZS1lY2guY29tAAA=";
#endif // IS_DTLS_FUZZ
const SSLCertificateCompressionAlgorithm kCompressionAlg = {
0x1337, "fuzz", DummyCompressionEncode, DummyCompressionDecode};
const PRUint8 kPskIdentity[] = "fuzz-psk-identity";
static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig,
PRBool isServer) {
assert(!isServer);
auto config = reinterpret_cast<ClientConfig*>(arg);
if (config->FailCertificateAuthentication()) return SECFailure;
return SECSuccess;
}
static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
PRBool* canFalseStart) {
*canFalseStart = true;
return SECSuccess;
}
// XOR 64-bit chunks of data to build a bitmap of config options derived from
// the fuzzing input. This seems the only way to fuzz various options while
@ -66,144 +78,161 @@ ClientConfig::ClientConfig(const uint8_t* data, size_t len) {
};
}
bool ClientConfig::FailCertificateAuthentication() {
return config_ & CONFIG_FAIL_CERT_AUTH;
void ClientConfig::SetCallbacks(PRFileDesc* fd) {
SECStatus rv = SSL_AuthCertificateHook(fd, AuthCertificateHook, this);
assert(rv == SECSuccess);
rv = SSL_SetCanFalseStartCallback(fd, CanFalseStartCallback, nullptr);
assert(rv == SECSuccess);
}
bool ClientConfig::EnableExtendedMasterSecret() {
return config_ & CONFIG_ENABLE_EXTENDED_MS;
void ClientConfig::SetSocketOptions(PRFileDesc* fd) {
SECStatus rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
this->EnableExtendedMasterSecret());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_DH_NAMED_GROUPS,
this->RequireDhNamedGroups());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_FALSE_START, this->EnableFalseStart());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, this->EnableDeflate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, this->CbcRandomIv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION,
this->RequireSafeNegotiation());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_NO_CACHE, this->NoCache());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_GREASE, this->EnableGrease());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_CH_EXTENSION_PERMUTATION,
this->EnableCHExtensionPermutation());
assert(rv == SECSuccess);
if (this->SetCertificateCompressionAlgorithm()) {
rv = SSL_SetCertificateCompressionAlgorithm(fd, kCompressionAlg);
assert(rv == SECSuccess);
}
if (this->SetVersionRange()) {
rv = SSL_VersionRangeSet(fd, &ssl_version_range_);
assert(rv == SECSuccess);
}
if (this->AddExternalPsk()) {
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
assert(slot);
ScopedPK11SymKey key(PK11_KeyGen(slot.get(), CKM_NSS_CHACHA20_POLY1305,
nullptr, 32, nullptr));
assert(key);
rv = SSL_AddExternalPsk(fd, key.get(), kPskIdentity,
sizeof(kPskIdentity) - 1, this->PskHashType());
assert(rv == SECSuccess);
}
rv = SSL_OptionSet(fd, SSL_ENABLE_POST_HANDSHAKE_AUTH,
this->EnablePostHandshakeAuth());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_0RTT_DATA, this->EnableZeroRtt());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_ALPN, this->EnableAlpn());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, this->EnableFallbackScsv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, this->EnableOcspStapling());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS,
this->EnableSessionTickets());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_TLS13_COMPAT_MODE,
this->EnableTls13CompatMode());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_NO_LOCKS, this->NoLocks());
assert(rv == SECSuccess);
#ifndef IS_DTLS_FUZZ
rv =
SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
assert(rv == SECSuccess);
if (this->SetClientEchConfigs()) {
ScopedSECItem echConfigsBin(NSSBase64_DecodeBuffer(
nullptr, nullptr, kEchConfigs, sizeof(kEchConfigs)));
assert(echConfigsBin);
rv = SSL_SetClientEchConfigs(fd, echConfigsBin->data, echConfigsBin->len);
assert(rv == SECSuccess);
}
#endif // IS_DTLS_FUZZ
}
bool ClientConfig::RequireDhNamedGroups() {
return config_ & CONFIG_REQUIRE_DH_NAMED_GROUPS;
}
bool ClientConfig::EnableFalseStart() {
return config_ & CONFIG_ENABLE_FALSE_START;
}
bool ClientConfig::EnableDeflate() { return config_ & CONFIG_ENABLE_DEFLATE; }
bool ClientConfig::EnableCbcRandomIv() {
return config_ & CONFIG_ENABLE_CBC_RANDOM_IV;
}
bool ClientConfig::RequireSafeNegotiation() {
return config_ & CONFIG_REQUIRE_SAFE_NEGOTIATION;
}
bool ClientConfig::NoCache() { return config_ & CONFIG_NO_CACHE; }
bool ClientConfig::EnableGrease() { return config_ & CONFIG_ENABLE_GREASE; }
bool ClientConfig::EnableCHExtensionPermutation() {
return config_ & CONFIG_ENABLE_CH_EXTENSION_PERMUTATION;
};
bool ClientConfig::SetCertificateCompressionAlgorithm() {
return config_ & CONFIG_SET_CERTIFICATION_COMPRESSION_ALGORITHM;
}
bool ClientConfig::SetClientEchConfigs() {
return config_ & CONFIG_SET_CLIENT_ECH_CONFIGS;
}
bool ClientConfig::SetVersionRange() {
return config_ & CONFIG_VERSION_RANGE_SET;
}
bool ClientConfig::AddExternalPsk() {
return config_ & CONFIG_ADD_EXTERNAL_PSK;
}
bool ClientConfig::EnablePostHandshakeAuth() {
return config_ & CONFIG_ENABLE_POST_HANDSHAKE_AUTH;
}
bool ClientConfig::EnableZeroRtt() { return config_ & CONFIG_ENABLE_ZERO_RTT; }
bool ClientConfig::EnableAlpn() { return config_ & CONFIG_ENABLE_ALPN; }
bool ClientConfig::EnableFallbackScsv() {
return config_ & CONFIG_ENABLE_FALLBACK_SCSV;
}
bool ClientConfig::EnableOcspStapling() {
return config_ & CONFIG_ENABLE_OCSP_STAPLING;
}
bool ClientConfig::EnableSessionTickets() {
return config_ & CONFIG_ENABLE_SESSION_TICKETS;
}
bool ClientConfig::EnableTls13CompatMode() {
return config_ & CONFIG_ENABLE_TLS13_COMPAT_MODE;
}
bool ClientConfig::NoLocks() { return config_ & CONFIG_NO_LOCKS; }
SSLHashType ClientConfig::PskHashType() {
if (config_ % 2) return ssl_hash_sha256;
return ssl_hash_sha384;
}
const SSLVersionRange& ClientConfig::VersionRange() {
return ssl_version_range_;
}
std::ostream& operator<<(std::ostream& out,
std::unique_ptr<ClientConfig>& config) {
std::ostream& operator<<(std::ostream& out, ClientConfig& config) {
out << "============= ClientConfig ============="
<< "\n";
out << "SSL_NO_CACHE: " << config->NoCache()
<< "\n";
out << "SSL_NO_CACHE: " << config.NoCache() << "\n";
out << "SSL_ENABLE_EXTENDED_MASTER_SECRET: "
<< config->EnableExtendedMasterSecret() << "\n";
<< config.EnableExtendedMasterSecret() << "\n";
out << "SSL_REQUIRE_DH_NAMED_GROUPS: "
<< config->RequireDhNamedGroups() << "\n";
out << "SSL_ENABLE_FALSE_START: "
<< config->EnableFalseStart() << "\n";
out << "SSL_ENABLE_DEFLATE: " << config->EnableDeflate()
<< config.RequireDhNamedGroups() << "\n";
out << "SSL_ENABLE_FALSE_START: " << config.EnableFalseStart()
<< "\n";
out << "SSL_ENABLE_DEFLATE: " << config.EnableDeflate()
<< "\n";
out << "SSL_CBC_RANDOM_IV: " << config.CbcRandomIv()
<< "\n";
out << "SSL_CBC_RANDOM_IV: "
<< config->EnableCbcRandomIv() << "\n";
out << "SSL_REQUIRE_SAFE_NEGOTIATION: "
<< config->RequireSafeNegotiation() << "\n";
out << "SSL_ENABLE_GREASE: " << config->EnableGrease()
<< config.RequireSafeNegotiation() << "\n";
out << "SSL_ENABLE_GREASE: " << config.EnableGrease()
<< "\n";
out << "SSL_ENABLE_CH_EXTENSION_PERMUTATION: "
<< config->EnableCHExtensionPermutation() << "\n";
<< config.EnableCHExtensionPermutation() << "\n";
out << "SSL_SetCertificateCompressionAlgorithm: "
<< config->SetCertificateCompressionAlgorithm() << "\n";
out << "SSL_VersionRangeSet: " << config->SetVersionRange()
<< config.SetCertificateCompressionAlgorithm() << "\n";
out << "SSL_VersionRangeSet: " << config.SetVersionRange()
<< "\n";
out << " Min: "
<< config->VersionRange().min << "\n";
<< config.SslVersionRange().min << "\n";
out << " Max: "
<< config->VersionRange().max << "\n";
out << "SSL_AddExternalPsk: " << config->AddExternalPsk()
<< config.SslVersionRange().max << "\n";
out << "SSL_AddExternalPsk: " << config.AddExternalPsk()
<< "\n";
out << " Type: " << config->PskHashType()
out << " Type: " << config.PskHashType()
<< "\n";
out << "SSL_ENABLE_POST_HANDSHAKE_AUTH: "
<< config->EnablePostHandshakeAuth() << "\n";
out << "SSL_ENABLE_0RTT_DATA: " << config->EnableZeroRtt()
<< config.EnablePostHandshakeAuth() << "\n";
out << "SSL_ENABLE_0RTT_DATA: " << config.EnableZeroRtt()
<< "\n";
out << "SSL_ENABLE_ALPN: " << config->EnableAlpn()
out << "SSL_ENABLE_ALPN: " << config.EnableAlpn()
<< "\n";
out << "SSL_ENABLE_FALLBACK_SCSV: "
<< config->EnableFallbackScsv() << "\n";
<< config.EnableFallbackScsv() << "\n";
out << "SSL_ENABLE_OCSP_STAPLING: "
<< config->EnableOcspStapling() << "\n";
<< config.EnableOcspStapling() << "\n";
out << "SSL_ENABLE_SESSION_TICKETS: "
<< config->EnableSessionTickets() << "\n";
<< config.EnableSessionTickets() << "\n";
out << "SSL_ENABLE_TLS13_COMPAT_MODE: "
<< config->EnableTls13CompatMode() << "\n";
out << "SSL_NO_LOCKS: " << config->NoLocks()
<< "\n";
<< config.EnableTls13CompatMode() << "\n";
out << "SSL_NO_LOCKS: " << config.NoLocks() << "\n";
out << "SSL_SetClientEchConfigs: "
<< config->SetClientEchConfigs() << "\n";
<< config.SetClientEchConfigs() << "\n";
out << "========================================";
return out;

60
security/nss/fuzz/tls_client_config.h
View File

@ -7,9 +7,9 @@
#include <cstddef>
#include <cstdint>
#include <memory>
#include <ostream>
#include "prio.h"
#include "sslt.h"
#ifdef IS_DTLS_FUZZ
@ -23,38 +23,44 @@ class ClientConfig {
public:
ClientConfig(const uint8_t* data, size_t len);
bool FailCertificateAuthentication();
bool EnableExtendedMasterSecret();
bool RequireDhNamedGroups();
bool EnableFalseStart();
bool EnableDeflate();
bool EnableCbcRandomIv();
bool RequireSafeNegotiation();
bool NoCache();
bool EnableGrease();
bool EnableCHExtensionPermutation();
bool SetCertificateCompressionAlgorithm();
bool SetClientEchConfigs();
bool SetVersionRange();
bool AddExternalPsk();
bool EnablePostHandshakeAuth();
bool EnableZeroRtt();
bool EnableAlpn();
bool EnableFallbackScsv();
bool EnableOcspStapling();
bool EnableSessionTickets();
bool EnableTls13CompatMode();
bool NoLocks();
void SetCallbacks(PRFileDesc* fd);
void SetSocketOptions(PRFileDesc* fd);
SSLHashType PskHashType();
const SSLVersionRange& VersionRange();
SSLHashType PskHashType() {
if (config_ % 2) return ssl_hash_sha256;
return ssl_hash_sha384;
};
SSLVersionRange SslVersionRange() { return ssl_version_range_; };
bool FailCertificateAuthentication() { return config_ & (1 << 0); };
bool EnableExtendedMasterSecret() { return config_ & (1 << 1); };
bool RequireDhNamedGroups() { return config_ & (1 << 2); };
bool EnableFalseStart() { return config_ & (1 << 3); };
bool EnableDeflate() { return config_ & (1 << 4); };
bool CbcRandomIv() { return config_ & (1 << 5); };
bool RequireSafeNegotiation() { return config_ & (1 << 6); };
bool NoCache() { return config_ & (1 << 7); };
bool EnableGrease() { return config_ & (1 << 8); };
bool EnableCHExtensionPermutation() { return config_ & (1 << 9); };
bool SetCertificateCompressionAlgorithm() { return config_ & (1 << 10); };
bool SetClientEchConfigs() { return config_ & (1 << 11); };
bool SetVersionRange() { return config_ & (1 << 12); };
bool AddExternalPsk() { return config_ & (1 << 13); };
bool EnablePostHandshakeAuth() { return config_ & (1 << 14); };
bool EnableZeroRtt() { return config_ & (1 << 15); };
bool EnableAlpn() { return config_ & (1 << 16); };
bool EnableFallbackScsv() { return config_ & (1 << 17); };
bool EnableOcspStapling() { return config_ & (1 << 18); };
bool EnableSessionTickets() { return config_ & (1 << 19); };
bool EnableTls13CompatMode() { return config_ & (1 << 20); };
bool NoLocks() { return config_ & (1 << 21); };
private:
uint32_t config_;
SSLVersionRange ssl_version_range_;
};
std::ostream& operator<<(std::ostream& out,
std::unique_ptr<ClientConfig>& config);
std::ostream& operator<<(std::ostream& out, ClientConfig& config);
#endif // TLS_CLIENT_CONFIG_H_

226
security/nss/fuzz/tls_client_target.cc
View File

@ -6,14 +6,13 @@
#include <cstddef>
#include <cstdint>
#include <iostream>
#include <memory>
#include "blapi.h"
#include "shared.h"
#include "seccomon.h"
#include "ssl.h"
#include "sslexp.h"
#include "sslimpl.h"
#include "sslt.h"
#include "shared.h"
#include "tls_client_config.h"
#include "tls_common.h"
#include "tls_mutators.h"
@ -27,217 +26,40 @@ __attribute__((constructor)) static void set_is_dtls() {
#define ImportFD DTLS_ImportFD
#else
#define ImportFD SSL_ImportFD
static PRUint8 gEchConfigs[1024];
static unsigned int gEchConfigsLen;
const HpkeSymmetricSuite kEchHpkeCipherSuites[] = {
{HpkeKdfHkdfSha256, HpkeAeadAes128Gcm},
{HpkeKdfHkdfSha256, HpkeAeadAes256Gcm},
{HpkeKdfHkdfSha256, HpkeAeadChaCha20Poly1305},
{HpkeKdfHkdfSha384, HpkeAeadAes128Gcm},
{HpkeKdfHkdfSha384, HpkeAeadAes256Gcm},
{HpkeKdfHkdfSha384, HpkeAeadChaCha20Poly1305},
{HpkeKdfHkdfSha512, HpkeAeadAes128Gcm},
{HpkeKdfHkdfSha512, HpkeAeadAes256Gcm},
{HpkeKdfHkdfSha512, HpkeAeadChaCha20Poly1305},
};
#endif // IS_DTLS_FUZZ
const SSLCertificateCompressionAlgorithm kCompressionAlg = {
0x1337, "fuzz", DummyCompressionEncode, DummyCompressionDecode};
const PRUint8 kPskIdentity[] = "fuzz-identity";
static void SetSocketOptions(PRFileDesc* fd,
std::unique_ptr<ClientConfig>& config) {
SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, config->NoCache());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
config->EnableExtendedMasterSecret());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_DH_NAMED_GROUPS,
config->RequireDhNamedGroups());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_FALSE_START, config->EnableFalseStart());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, config->EnableDeflate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, config->EnableCbcRandomIv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION,
config->RequireSafeNegotiation());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_GREASE, config->EnableGrease());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_CH_EXTENSION_PERMUTATION,
config->EnableCHExtensionPermutation());
assert(rv == SECSuccess);
if (config->SetCertificateCompressionAlgorithm()) {
rv = SSL_SetCertificateCompressionAlgorithm(fd, kCompressionAlg);
assert(rv == SECSuccess);
}
if (config->SetVersionRange()) {
rv = SSL_VersionRangeSet(fd, &config->VersionRange());
assert(rv == SECSuccess);
}
if (config->AddExternalPsk()) {
PK11SlotInfo* slot = PK11_GetInternalSlot();
assert(slot);
PK11SymKey* key =
PK11_KeyGen(slot, CKM_NSS_CHACHA20_POLY1305, nullptr, 32, nullptr);
assert(key);
rv = SSL_AddExternalPsk(fd, key, kPskIdentity, sizeof(kPskIdentity) - 1,
config->PskHashType());
assert(rv == SECSuccess);
PK11_FreeSlot(slot);
PK11_FreeSymKey(key);
}
rv = SSL_OptionSet(fd, SSL_ENABLE_POST_HANDSHAKE_AUTH,
config->EnablePostHandshakeAuth());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_0RTT_DATA, config->EnableZeroRtt());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_ALPN, config->EnableAlpn());
assert(rv == SECSuccess);
rv =
SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, config->EnableFallbackScsv());
assert(rv == SECSuccess);
rv =
SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, config->EnableOcspStapling());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS,
config->EnableSessionTickets());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_TLS13_COMPAT_MODE,
config->EnableTls13CompatMode());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_NO_LOCKS, config->NoLocks());
assert(rv == SECSuccess);
#ifndef IS_DTLS_FUZZ
rv =
SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
assert(rv == SECSuccess);
if (config->SetClientEchConfigs()) {
const sslNamedGroupDef* group_def =
ssl_LookupNamedGroup(ssl_grp_ec_curve25519);
assert(group_def);
const SECOidData* oid_data = SECOID_FindOIDByTag(group_def->oidTag);
assert(oid_data);
ScopedSECItem params(
SECITEM_AllocItem(nullptr, nullptr, (2 + oid_data->oid.len)));
assert(params);
params->data[0] = SEC_ASN1_OBJECT_ID;
params->data[1] = oid_data->oid.len;
PORT_Memcpy((void*)(params->data + 2), oid_data->oid.data,
oid_data->oid.len);
SECKEYPublicKey* pub_key = nullptr;
SECKEYPrivateKey* priv_key =
SECKEY_CreateECPrivateKey(params.get(), &pub_key, nullptr);
assert(pub_key);
assert(priv_key);
rv = SSL_EncodeEchConfigId(
77, "fuzz.name", 100, HpkeDhKemX25519Sha256, pub_key,
kEchHpkeCipherSuites,
sizeof(kEchHpkeCipherSuites) / sizeof(HpkeSymmetricSuite), gEchConfigs,
&gEchConfigsLen, sizeof(gEchConfigs));
SECKEY_DestroyPublicKey(pub_key);
SECKEY_DestroyPrivateKey(priv_key);
assert(rv == SECSuccess);
rv = SSL_SetClientEchConfigs(fd, gEchConfigs, gEchConfigsLen);
assert(rv == SECSuccess);
}
#endif // IS_DTLS_FUZZ
}
// This is only called when we set SSL_ENABLE_FALSE_START=1,
// so we can always just set *canFalseStart=true.
static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
PRBool* canFalseStart) {
*canFalseStart = true;
return SECSuccess;
}
static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig,
PRBool isServer) {
assert(!isServer);
auto config = reinterpret_cast<ClientConfig*>(arg);
if (config->FailCertificateAuthentication()) return SECFailure;
return SECSuccess;
}
static void SetupCallbacks(PRFileDesc* fd,
std::unique_ptr<ClientConfig>& config) {
SECStatus rv = SSL_AuthCertificateHook(fd, AuthCertificateHook, config.get());
assert(rv == SECSuccess);
rv = SSL_SetCanFalseStartCallback(fd, CanFalseStartCallback, nullptr);
assert(rv == SECSuccess);
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
static NSSDatabase db = NSSDatabase();
static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-client");
EnableAllProtocolVersions();
std::unique_ptr<ClientConfig> config(new ClientConfig(data, len));
// Reset the RNG state.
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
// Create and import dummy socket.
std::unique_ptr<DummyPrSocket> socket(new DummyPrSocket(data, len));
static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-client");
ScopedPRFileDesc fd(DummyIOLayerMethods::CreateFD(id, socket.get()));
PRFileDesc* ssl_fd = ImportFD(nullptr, fd.get());
assert(ssl_fd == fd.get());
DummyPrSocket socket = DummyPrSocket(data, len);
ScopedPRFileDesc prFd(DummyIOLayerMethods::CreateFD(id, &socket));
PRFileDesc* sslFd = ImportFD(nullptr, prFd.get());
assert(sslFd == prFd.get());
// Derive client config from input data.
ClientConfig config = ClientConfig(data, len);
// Print the client config for debugging.
if (ssl_trace >= 90) {
std::cerr << config << "\n";
}
// Probably not too important for clients.
SSL_SetURL(ssl_fd, "server");
// Reset the RNG state.
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
assert(SSL_SetURL(sslFd, "fuzz.client") == SECSuccess);
FixTime(ssl_fd);
SetSocketOptions(ssl_fd, config);
EnableAllCipherSuites(ssl_fd);
SetupCallbacks(ssl_fd, config);
DoHandshake(ssl_fd, false);
FixTime(sslFd);
EnableAllCipherSuites(sslFd);
// Set socket callbacks & options from client config.
config.SetCallbacks(sslFd);
config.SetSocketOptions(sslFd);
// Perform the acutal handshake.
DoHandshake(sslFd, false);
// Release all SIDs.
SSL_ClearSessionCache();

221
security/nss/fuzz/tls_server_config.cc
View File

@ -4,27 +4,38 @@
#include "tls_server_config.h"
#include <cassert>
#include <cstddef>
#include <cstdint>
#include "nss_scoped_ptrs.h"
#include "pk11pub.h"
#include "prio.h"
#include "seccomon.h"
#include "ssl.h"
#include "sslexp.h"
#include "sslt.h"
const uint32_t CONFIG_ENABLE_EXTENDED_MS = 1 << 0;
const uint32_t CONFIG_REQUEST_CERTIFICATE = 1 << 1;
const uint32_t CONFIG_REQUIRE_CERTIFICATE = 1 << 2;
const uint32_t CONFIG_ENABLE_DEFLATE = 1 << 3;
const uint32_t CONFIG_ENABLE_CBC_RANDOM_IV = 1 << 4;
const uint32_t CONFIG_REQUIRE_SAFE_NEGOTIATION = 1 << 5;
const uint32_t CONFIG_NO_CACHE = 1 << 6;
const uint32_t CONFIG_ENABLE_GREASE = 1 << 7;
const uint32_t CONFIG_SET_CERTIFICATION_COMPRESSION_ALGORITHM = 1 << 8;
const uint32_t CONFIG_VERSION_RANGE_SET = 1 << 9;
const uint32_t CONFIG_ADD_EXTERNAL_PSK = 1 << 10;
const uint32_t CONFIG_ENABLE_ZERO_RTT = 1 << 11;
const uint32_t CONFIG_ENABLE_ALPN = 1 << 12;
const uint32_t CONFIG_ENABLE_FALLBACK_SCSV = 1 << 13;
const uint32_t CONFIG_ENABLE_SESSION_TICKETS = 1 << 14;
const uint32_t CONFIG_NO_LOCKS = 1 << 15;
#include "tls_common.h"
const SSLCertificateCompressionAlgorithm kCompressionAlg = {
0x1337, "fuzz", DummyCompressionEncode, DummyCompressionDecode};
const PRUint8 kPskIdentity[] = "fuzz-psk-identity";
static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig,
PRBool isServer) {
assert(isServer);
auto config = reinterpret_cast<ServerConfig*>(arg);
if (config->FailCertificateAuthentication()) return SECFailure;
return SECSuccess;
}
static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
PRBool* canFalseStart) {
*canFalseStart = true;
return SECSuccess;
}
// XOR 64-bit chunks of data to build a bitmap of config options derived from
// the fuzzing input. This seems the only way to fuzz various options while
@ -60,110 +71,126 @@ ServerConfig::ServerConfig(const uint8_t* data, size_t len) {
};
}
bool ServerConfig::EnableExtendedMasterSecret() {
return config_ & CONFIG_ENABLE_EXTENDED_MS;
void ServerConfig::SetCallbacks(PRFileDesc* fd) {
SECStatus rv = SSL_AuthCertificateHook(fd, AuthCertificateHook, this);
assert(rv == SECSuccess);
rv = SSL_SetCanFalseStartCallback(fd, CanFalseStartCallback, nullptr);
assert(rv == SECSuccess);
}
bool ServerConfig::RequestCertificate() {
return config_ & CONFIG_REQUEST_CERTIFICATE;
void ServerConfig::SetSocketOptions(PRFileDesc* fd) {
SECStatus rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
this->EnableExtendedMasterSecret());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUEST_CERTIFICATE, this->RequestCertificate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_CERTIFICATE, this->RequireCertificate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, this->EnableDeflate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, this->EnableCbcRandomIv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION,
this->RequireSafeNegotiation());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_NO_CACHE, this->NoCache());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_GREASE, this->EnableGrease());
assert(rv == SECSuccess);
if (this->SetCertificateCompressionAlgorithm()) {
rv = SSL_SetCertificateCompressionAlgorithm(fd, kCompressionAlg);
assert(rv == SECSuccess);
}
if (this->SetVersionRange()) {
rv = SSL_VersionRangeSet(fd, &ssl_version_range_);
assert(rv == SECSuccess);
}
if (this->AddExternalPsk()) {
ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
assert(slot);
ScopedPK11SymKey key(PK11_KeyGen(slot.get(), CKM_NSS_CHACHA20_POLY1305,
nullptr, 32, nullptr));
assert(key);
rv = SSL_AddExternalPsk(fd, key.get(), kPskIdentity,
sizeof(kPskIdentity) - 1, this->PskHashType());
assert(rv == SECSuccess);
}
rv = SSL_OptionSet(fd, SSL_ENABLE_0RTT_DATA, this->EnableZeroRtt());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_ALPN, this->EnableAlpn());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, this->EnableFallbackScsv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS,
this->EnableSessionTickets());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_NO_LOCKS, this->NoLocks());
assert(rv == SECSuccess);
#ifndef IS_DTLS_FUZZ
rv =
SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
assert(rv == SECSuccess);
#endif
}
bool ServerConfig::RequireCertificate() {
return config_ & CONFIG_REQUIRE_CERTIFICATE;
}
bool ServerConfig::EnableDeflate() { return config_ & CONFIG_ENABLE_DEFLATE; }
bool ServerConfig::EnableCbcRandomIv() {
return config_ & CONFIG_ENABLE_CBC_RANDOM_IV;
}
bool ServerConfig::RequireSafeNegotiation() {
return config_ & CONFIG_REQUIRE_SAFE_NEGOTIATION;
}
bool ServerConfig::NoCache() { return config_ & CONFIG_NO_CACHE; }
bool ServerConfig::EnableGrease() { return config_ & CONFIG_ENABLE_GREASE; }
bool ServerConfig::SetCertificateCompressionAlgorithm() {
return config_ & CONFIG_SET_CERTIFICATION_COMPRESSION_ALGORITHM;
}
bool ServerConfig::SetVersionRange() {
return config_ & CONFIG_VERSION_RANGE_SET;
}
bool ServerConfig::AddExternalPsk() {
return config_ & CONFIG_ADD_EXTERNAL_PSK;
}
bool ServerConfig::EnableZeroRtt() { return config_ & CONFIG_ENABLE_ZERO_RTT; }
bool ServerConfig::EnableAlpn() { return config_ & CONFIG_ENABLE_ALPN; }
bool ServerConfig::EnableFallbackScsv() {
return config_ & CONFIG_ENABLE_FALLBACK_SCSV;
}
bool ServerConfig::EnableSessionTickets() {
return config_ & CONFIG_ENABLE_SESSION_TICKETS;
}
bool ServerConfig::NoLocks() { return config_ & CONFIG_NO_LOCKS; }
SSLHashType ServerConfig::PskHashType() {
if (config_ % 2) return ssl_hash_sha256;
return ssl_hash_sha384;
}
const SSLVersionRange& ServerConfig::VersionRange() {
return ssl_version_range_;
}
std::ostream& operator<<(std::ostream& out,
std::unique_ptr<ServerConfig>& config) {
std::ostream& operator<<(std::ostream& out, ServerConfig& config) {
out << "============= ServerConfig ============="
<< "\n";
out << "SSL_NO_CACHE: " << config->NoCache()
<< "\n";
out << "SSL_NO_CACHE: " << config.NoCache() << "\n";
out << "SSL_ENABLE_EXTENDED_MASTER_SECRET: "
<< config->EnableExtendedMasterSecret() << "\n";
<< config.EnableExtendedMasterSecret() << "\n";
out << "SSL_REQUEST_CERTIFICATE: "
<< config->RequestCertificate() << "\n";
<< config.RequestCertificate() << "\n";
out << "SSL_REQUIRE_CERTIFICATE: "
<< config->RequireCertificate() << "\n";
out << "SSL_ENABLE_DEFLATE: " << config->EnableDeflate()
<< config.RequireCertificate() << "\n";
out << "SSL_ENABLE_DEFLATE: " << config.EnableDeflate()
<< "\n";
out << "SSL_CBC_RANDOM_IV: "
<< config->EnableCbcRandomIv() << "\n";
<< config.EnableCbcRandomIv() << "\n";
out << "SSL_REQUIRE_SAFE_NEGOTIATION: "
<< config->RequireSafeNegotiation() << "\n";
out << "SSL_ENABLE_GREASE: " << config->EnableGrease()
<< config.RequireSafeNegotiation() << "\n";
out << "SSL_ENABLE_GREASE: " << config.EnableGrease()
<< "\n";
out << "SSL_SetCertificateCompressionAlgorithm: "
<< config->SetCertificateCompressionAlgorithm() << "\n";
out << "SSL_VersionRangeSet: " << config->SetVersionRange()
<< config.SetCertificateCompressionAlgorithm() << "\n";
out << "SSL_VersionRangeSet: " << config.SetVersionRange()
<< "\n";
out << " Min: "
<< config->VersionRange().min << "\n";
<< config.SslVersionRange().min << "\n";
out << " Max: "
<< config->VersionRange().max << "\n";
out << "SSL_AddExternalPsk: " << config->AddExternalPsk()
<< config.SslVersionRange().max << "\n";
out << "SSL_AddExternalPsk: " << config.AddExternalPsk()
<< "\n";
out << " Type: " << config->PskHashType()
out << " Type: " << config.PskHashType()
<< "\n";
out << "SSL_ENABLE_0RTT_DATA: " << config->EnableZeroRtt()
out << "SSL_ENABLE_0RTT_DATA: " << config.EnableZeroRtt()
<< "\n";
out << "SSL_ENABLE_ALPN: " << config->EnableAlpn()
out << "SSL_ENABLE_ALPN: " << config.EnableAlpn()
<< "\n";
out << "SSL_ENABLE_FALLBACK_SCSV: "
<< config->EnableFallbackScsv() << "\n";
<< config.EnableFallbackScsv() << "\n";
out << "SSL_ENABLE_SESSION_TICKETS: "
<< config->EnableSessionTickets() << "\n";
out << "SSL_NO_LOCKS: " << config->NoLocks()
<< "\n";
<< config.EnableSessionTickets() << "\n";
out << "SSL_NO_LOCKS: " << config.NoLocks() << "\n";
out << "========================================";
return out;

49
security/nss/fuzz/tls_server_config.h
View File

@ -7,9 +7,9 @@
#include <cstddef>
#include <cstdint>
#include <memory>
#include <ostream>
#include "prio.h"
#include "sslt.h"
#ifdef IS_DTLS_FUZZ
@ -23,32 +23,39 @@ class ServerConfig {
public:
ServerConfig(const uint8_t* data, size_t len);
bool EnableExtendedMasterSecret();
bool RequestCertificate();
bool RequireCertificate();
bool EnableDeflate();
bool EnableCbcRandomIv();
bool RequireSafeNegotiation();
bool NoCache();
bool EnableGrease();
bool SetCertificateCompressionAlgorithm();
bool SetVersionRange();
bool AddExternalPsk();
bool EnableZeroRtt();
bool EnableAlpn();
bool EnableFallbackScsv();
bool EnableSessionTickets();
bool NoLocks();
void SetCallbacks(PRFileDesc* fd);
void SetSocketOptions(PRFileDesc* fd);
SSLHashType PskHashType();
const SSLVersionRange& VersionRange();
SSLHashType PskHashType() {
if (config_ % 2) return ssl_hash_sha256;
return ssl_hash_sha384;
};
SSLVersionRange SslVersionRange() { return ssl_version_range_; };
bool EnableExtendedMasterSecret() { return config_ & (1 << 0); };
bool RequestCertificate() { return config_ & (1 << 1); };
bool RequireCertificate() { return config_ & (1 << 2); };
bool EnableDeflate() { return config_ & (1 << 3); };
bool EnableCbcRandomIv() { return config_ & (1 << 4); };
bool RequireSafeNegotiation() { return config_ & (1 << 5); };
bool NoCache() { return config_ & (1 << 6); };
bool EnableGrease() { return config_ & (1 << 7); };
bool SetCertificateCompressionAlgorithm() { return config_ & (1 << 8); };
bool SetVersionRange() { return config_ & (1 << 9); };
bool AddExternalPsk() { return config_ & (1 << 10); };
bool EnableZeroRtt() { return config_ & (1 << 11); };
bool EnableAlpn() { return config_ & (1 << 12); };
bool EnableFallbackScsv() { return config_ & (1 << 13); };
bool EnableSessionTickets() { return config_ & (1 << 14); };
bool NoLocks() { return config_ & (1 << 15); };
bool FailCertificateAuthentication() { return config_ & (1 << 16); }
private:
uint32_t config_;
SSLVersionRange ssl_version_range_;
};
std::ostream& operator<<(std::ostream& out,
std::unique_ptr<ServerConfig>& config);
std::ostream& operator<<(std::ostream& out, ServerConfig& config);
#endif // TLS_SERVER_CONFIG_H_

133
security/nss/fuzz/tls_server_target.cc
View File

@ -5,15 +5,13 @@
#include <cassert>
#include <cstdint>
#include <iostream>
#include <memory>
#include "blapi.h"
#include "prinit.h"
#include "seccomon.h"
#include "shared.h"
#include "ssl.h"
#include "sslexp.h"
#include "sslimpl.h"
#include "shared.h"
#include "tls_common.h"
#include "tls_mutators.h"
#include "tls_server_certs.h"
@ -30,10 +28,6 @@ __attribute__((constructor)) static void set_is_dtls() {
#define ImportFD SSL_ImportFD
#endif
const SSLCertificateCompressionAlgorithm kCompressionAlg = {
0x1337, "fuzz", DummyCompressionEncode, DummyCompressionDecode};
const PRUint8 kPskIdentity[] = "fuzz-identity";
class SSLServerSessionCache {
public:
SSLServerSessionCache() {
@ -45,84 +39,6 @@ class SSLServerSessionCache {
}
};
static void SetSocketOptions(PRFileDesc* fd,
std::unique_ptr<ServerConfig>& config) {
SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, config->NoCache());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
config->EnableExtendedMasterSecret());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUEST_CERTIFICATE, config->RequestCertificate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_CERTIFICATE, config->RequireCertificate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, config->EnableDeflate());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, config->EnableCbcRandomIv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION,
config->RequireSafeNegotiation());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_GREASE, config->EnableGrease());
assert(rv == SECSuccess);
if (config->SetCertificateCompressionAlgorithm()) {
rv = SSL_SetCertificateCompressionAlgorithm(fd, kCompressionAlg);
assert(rv == SECSuccess);
}
if (config->SetVersionRange()) {
rv = SSL_VersionRangeSet(fd, &config->VersionRange());
assert(rv == SECSuccess);
}
if (config->AddExternalPsk()) {
PK11SlotInfo* slot = PK11_GetInternalSlot();
assert(slot);
PK11SymKey* key =
PK11_KeyGen(slot, CKM_NSS_CHACHA20_POLY1305, nullptr, 32, nullptr);
assert(key);
rv = SSL_AddExternalPsk(fd, key, kPskIdentity, sizeof(kPskIdentity) - 1,
ssl_hash_sha256);
assert(rv == SECSuccess);
PK11_FreeSlot(slot);
PK11_FreeSymKey(key);
}
rv = SSL_OptionSet(fd, SSL_ENABLE_0RTT_DATA, config->EnableZeroRtt());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_ALPN, config->EnableAlpn());
assert(rv == SECSuccess);
rv =
SSL_OptionSet(fd, SSL_ENABLE_FALLBACK_SCSV, config->EnableFallbackScsv());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS,
config->EnableSessionTickets());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_NO_LOCKS, config->NoLocks());
assert(rv == SECSuccess);
#ifndef IS_DTLS_FUZZ
rv =
SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
assert(rv == SECSuccess);
#endif
}
static PRStatus InitModelSocket(void* arg) {
PRFileDesc* fd = reinterpret_cast<PRFileDesc*>(arg);
@ -133,15 +49,9 @@ static PRStatus InitModelSocket(void* arg) {
}
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
static std::unique_ptr<SSLServerSessionCache> cache(
new SSLServerSessionCache());
EnableAllProtocolVersions();
std::unique_ptr<ServerConfig> config(new ServerConfig(data, len));
// Reset the RNG state.
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
static NSSDatabase db = NSSDatabase();
static SSLServerSessionCache cache = SSLServerSessionCache();
static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-server");
// Create model socket.
static ScopedPRFileDesc model(ImportFD(nullptr, PR_NewTCPSocket()));
@ -151,21 +61,34 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
static PRCallOnceType initModelOnce;
PR_CallOnceWithArg(&initModelOnce, InitModelSocket, model.get());
// Create and import dummy socket.
std::unique_ptr<DummyPrSocket> socket(new DummyPrSocket(data, len));
static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-server");
ScopedPRFileDesc fd(DummyIOLayerMethods::CreateFD(id, socket.get()));
PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get());
assert(ssl_fd == fd.get());
EnableAllProtocolVersions();
// Create and import dummy socket.
DummyPrSocket socket = DummyPrSocket(data, len);
ScopedPRFileDesc prFd(DummyIOLayerMethods::CreateFD(id, &socket));
PRFileDesc* sslFd = ImportFD(model.get(), prFd.get());
assert(sslFd == prFd.get());
// Derive server config from input data.
ServerConfig config = ServerConfig(data, len);
// Print the server config for debugging.
if (ssl_trace >= 90) {
std::cerr << config << "\n";
}
FixTime(ssl_fd);
SetSocketOptions(ssl_fd, config);
DoHandshake(ssl_fd, true);
// Keeping things determinstic.
assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
assert(SSL_SetURL(sslFd, "fuzz.server") == SECSuccess);
FixTime(sslFd);
EnableAllCipherSuites(sslFd);
// Set socket options from server config.
config.SetCallbacks(sslFd);
config.SetSocketOptions(sslFd);
// Perform the acutal handshake.
DoHandshake(sslFd, true);
// Clear the cache. We never want to resume as we couldn't reproduce that.
SSL_ClearSessionCache();

4
security/nss/gtests/ssl_gtest/ssl_drop_unittest.cc
View File

@ -937,8 +937,8 @@ class FirstDropThenKeepHandshakeFilter : public TlsHandshakeFilter {
};
// This test is responsible for checking that when DTLS fragments the message,
// the hanshake will be successfully reconstructed, but if one of handshakes
// was dropped, they are not going to be glued all together.
// the hanshake will be successfully reconstructed, but if one of handshakes
// was dropped, they are not going to be glued all together.
// See: https://bugzilla.mozilla.org/show_bug.cgi?id=1874451
TEST_F(TlsConnectDatagram13, PreviousHandshakeRemovedWhenDropped) {

7
security/nss/lib/dev/devutil.c
View File

@ -359,7 +359,6 @@ create_object(
* in it should not hold references to the token.
*/
(void)nssToken_Destroy(object->token);
object->token = NULL;
rvCachedObject->object = object;
rvCachedObject->attributes = nss_ZNEWARRAY(arena, CK_ATTRIBUTE, numTypes);
if (!rvCachedObject->attributes) {
@ -578,9 +577,9 @@ get_token_objects_for_cache(
} else {
PRUint32 j;
for (j = 0; j < i; j++) {
/* create_object() allocates an arena into
* cache->objects[objectType][j]->arena on success.
*/
/* Any token references that were removed in successful loop iterations
* need to be restored before we call nssCryptokiObjectArray_Destroy */
nssToken_AddRef(cache->objects[objectType][j]->object->token);
nssArena_Destroy(cache->objects[objectType][j]->arena);
}
nss_ZFreeIf(cache->objects[objectType]);

4
security/nss/lib/nss/nss.h
View File

@ -22,12 +22,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define NSS_VERSION "3.107" _NSS_CUSTOMIZED " Beta"
#define NSS_VERSION "3.107" _NSS_CUSTOMIZED
#define NSS_VMAJOR 3
#define NSS_VMINOR 107
#define NSS_VPATCH 0
#define NSS_VBUILD 0
#define NSS_BETA PR_TRUE
#define NSS_BETA PR_FALSE
#ifndef RC_INVOKED

4
security/nss/lib/softoken/softkver.h
View File

@ -17,11 +17,11 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <ECC>][ <Beta>]"
*/
#define SOFTOKEN_VERSION "3.107" SOFTOKEN_ECC_STRING " Beta"
#define SOFTOKEN_VERSION "3.107" SOFTOKEN_ECC_STRING
#define SOFTOKEN_VMAJOR 3
#define SOFTOKEN_VMINOR 107
#define SOFTOKEN_VPATCH 0
#define SOFTOKEN_VBUILD 0
#define SOFTOKEN_BETA PR_TRUE
#define SOFTOKEN_BETA PR_FALSE
#endif /* _SOFTKVER_H_ */

14
security/nss/lib/ssl/sslsock.c
View File

@ -126,7 +126,6 @@ static PRDescIdentity ssl_layer_id;
static PRCallOnceType ssl_setDefaultsFromEnvironment = { 0 };
PRBool locksEverDisabled; /* implicitly PR_FALSE */
PRBool ssl_force_locks; /* implicitly PR_FALSE */
int ssl_lock_readers = 1; /* default true. */
char ssl_debug;
@ -138,9 +137,6 @@ FILE *ssl_keylog_iob;
PZLock *ssl_keylog_lock;
#endif
char lockStatus[] = "Locks are ENABLED. ";
#define LOCKSTATUS_OFFSET 10 /* offset of ENABLED */
/* SRTP_NULL_HMAC_SHA1_80 and SRTP_NULL_HMAC_SHA1_32 are not implemented. */
static const PRUint16 srtpCiphers[] = {
SRTP_AES128_CM_HMAC_SHA1_80,
@ -782,10 +778,7 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRIntn val)
if (val && ssl_force_locks)
val = PR_FALSE; /* silent override */
ss->opt.noLocks = val;
if (val) {
locksEverDisabled = PR_TRUE;
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
} else if (!holdingLocks) {
if (!val && !holdingLocks) {
rv = ssl_MakeLocks(ss);
if (rv != SECSuccess) {
ss->opt.noLocks = PR_TRUE;
@ -1318,10 +1311,6 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val)
if (val && ssl_force_locks)
val = PR_FALSE; /* silent override */
ssl_defaults.noLocks = val;
if (val) {
locksEverDisabled = PR_TRUE;
strcpy(lockStatus + LOCKSTATUS_OFFSET, "DISABLED.");
}
break;
case SSL_ENABLE_SESSION_TICKETS:
@ -3964,7 +3953,6 @@ ssl_SetDefaultsFromEnvironmentCallOnce(void)
if (ev && ev[0] == '1') {
ssl_force_locks = PR_TRUE;
ssl_defaults.noLocks = 0;
strcpy(lockStatus + LOCKSTATUS_OFFSET, "FORCED. ");
SSL_TRACE(("SSL: force_locks set to %d", ssl_force_locks));
}
ev = PR_GetEnvSecure("NSS_SSL_ENABLE_RENEGOTIATION");

4
security/nss/lib/util/nssutil.h
View File

@ -19,12 +19,12 @@
* The format of the version string should be
* "<major version>.<minor version>[.<patch level>[.<build number>]][ <Beta>]"
*/
#define NSSUTIL_VERSION "3.107 Beta"
#define NSSUTIL_VERSION "3.107"
#define NSSUTIL_VMAJOR 3
#define NSSUTIL_VMINOR 107
#define NSSUTIL_VPATCH 0
#define NSSUTIL_VBUILD 0
#define NSSUTIL_BETA PR_TRUE
#define NSSUTIL_BETA PR_FALSE
SEC_BEGIN_PROTOS