diff options
| -rw-r--r-- | gtests/ssl_gtest/ssl_fuzz_unittest.cc | 27 | ||||
| -rw-r--r-- | gtests/ssl_gtest/tls_agent.cc | 1 | ||||
| -rw-r--r-- | lib/freebl/rsa.c | 5 |
3 files changed, 18 insertions, 15 deletions
diff --git a/gtests/ssl_gtest/ssl_fuzz_unittest.cc b/gtests/ssl_gtest/ssl_fuzz_unittest.cc index d144cd7d9..b97e89153 100644 --- a/gtests/ssl_gtest/ssl_fuzz_unittest.cc +++ b/gtests/ssl_gtest/ssl_fuzz_unittest.cc @@ -61,17 +61,6 @@ class TlsSignatureDamager : public TlsHandshakeFilter { uint8_t type_; }; -void ResetState() { - // Clear the list of RSA blinding params. - BL_Cleanup(); - - // Reinit the list of RSA blinding params. - EXPECT_EQ(SECSuccess, BL_Init()); - - // Reset the RNG state. - EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing()); -} - // Ensure that ssl_Time() returns a constant value. TEST_F(TlsFuzzTest, Fuzz_SSL_Time_Constant) { PRInt32 now = ssl_Time(); @@ -85,10 +74,15 @@ TEST_P(TlsConnectGeneric, Fuzz_DeterministicExporter) { const char kLabel[] = "label"; std::vector<unsigned char> out1(32), out2(32); + // Make sure we have RSA blinding params. + Connect(); + + Reset(); ConfigureSessionCache(RESUME_NONE, RESUME_NONE); DisableECDHEServerKeyReuse(); - ResetState(); + // Reset the RNG state. + EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing()); Connect(); // Export a key derived from the MS and nonces. @@ -101,7 +95,8 @@ TEST_P(TlsConnectGeneric, Fuzz_DeterministicExporter) { ConfigureSessionCache(RESUME_NONE, RESUME_NONE); DisableECDHEServerKeyReuse(); - ResetState(); + // Reset the RNG state. + EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing()); Connect(); // Export another key derived from the MS and nonces. @@ -116,6 +111,9 @@ TEST_P(TlsConnectGeneric, Fuzz_DeterministicExporter) { // Check that due to the deterministic RNG two consecutive // TLS sessions will have the exact same transcript. TEST_P(TlsConnectGeneric, Fuzz_DeterministicTranscript) { + // Make sure we have RSA blinding params. + Connect(); + // Connect a few times and compare the transcripts byte-by-byte. DataBuffer last; for (size_t i = 0; i < 5; i++) { @@ -127,7 +125,8 @@ TEST_P(TlsConnectGeneric, Fuzz_DeterministicTranscript) { client_->SetPacketFilter(new TlsConversationRecorder(buffer)); server_->SetPacketFilter(new TlsConversationRecorder(buffer)); - ResetState(); + // Reset the RNG state. + EXPECT_EQ(SECSuccess, RNG_ResetForFuzzing()); Connect(); // Ensure the filters go away before |buffer| does. diff --git a/gtests/ssl_gtest/tls_agent.cc b/gtests/ssl_gtest/tls_agent.cc index 4ba2ad24b..746b87871 100644 --- a/gtests/ssl_gtest/tls_agent.cc +++ b/gtests/ssl_gtest/tls_agent.cc @@ -849,6 +849,7 @@ void TlsAgent::ConfigureSessionCache(SessionResumptionMode mode) { } void TlsAgent::DisableECDHEServerKeyReuse() { + ASSERT_TRUE(EnsureTlsSetup()); ASSERT_EQ(TlsAgent::SERVER, role_); SECStatus rv = SSL_OptionSet(ssl_fd_, SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE); EXPECT_EQ(SECSuccess, rv); diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c index ff8c40ed9..3617afa8d 100644 --- a/lib/freebl/rsa.c +++ b/lib/freebl/rsa.c @@ -1236,7 +1236,10 @@ get_blinding_params(RSAPrivateKey *key, mp_int *n, unsigned int modLen, * Now, search its list of ready blinding params for a usable one. */ while (0 != (bp = rsabp->bp)) { - if (--(bp->counter) > 0) { +#ifndef UNSAFE_FUZZER_MODE + if (--(bp->counter) > 0) +#endif + { /* Found a match and there are still remaining uses left */ /* Return the parameters */ CHECK_MPI_OK(mp_copy(&bp->f, f)); |