1 /* 2 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * https://www.openssl.org/source/license.html 8 * or in the file LICENSE in the source distribution. 9 */ 10 11 #include <openssl/core_names.h> 12 #include <openssl/rand.h> 13 #include <openssl/provider.h> 14 #include "fuzzer.h" 15 16 static OSSL_FUNC_rand_newctx_fn fuzz_rand_newctx; 17 static OSSL_FUNC_rand_freectx_fn fuzz_rand_freectx; 18 static OSSL_FUNC_rand_instantiate_fn fuzz_rand_instantiate; 19 static OSSL_FUNC_rand_uninstantiate_fn fuzz_rand_uninstantiate; 20 static OSSL_FUNC_rand_generate_fn fuzz_rand_generate; 21 static OSSL_FUNC_rand_gettable_ctx_params_fn fuzz_rand_gettable_ctx_params; 22 static OSSL_FUNC_rand_get_ctx_params_fn fuzz_rand_get_ctx_params; 23 static OSSL_FUNC_rand_enable_locking_fn fuzz_rand_enable_locking; 24 25 static void *fuzz_rand_newctx( 26 void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch) 27 { 28 int *st = OPENSSL_malloc(sizeof(*st)); 29 30 if (st != NULL) 31 *st = EVP_RAND_STATE_UNINITIALISED; 32 return st; 33 } 34 35 static void fuzz_rand_freectx(ossl_unused void *vrng) 36 { 37 OPENSSL_free(vrng); 38 } 39 40 static int fuzz_rand_instantiate(ossl_unused void *vrng, 41 ossl_unused unsigned int strength, 42 ossl_unused int prediction_resistance, 43 ossl_unused const unsigned char *pstr, 44 ossl_unused size_t pstr_len, 45 ossl_unused const OSSL_PARAM params[]) 46 { 47 *(int *)vrng = EVP_RAND_STATE_READY; 48 return 1; 49 } 50 51 static int fuzz_rand_uninstantiate(ossl_unused void *vrng) 52 { 53 *(int *)vrng = EVP_RAND_STATE_UNINITIALISED; 54 return 1; 55 } 56 57 static int fuzz_rand_generate(ossl_unused void *vdrbg, 58 unsigned char *out, size_t outlen, 59 ossl_unused unsigned int strength, 60 ossl_unused int prediction_resistance, 61 ossl_unused const unsigned char *adin, 62 ossl_unused size_t adinlen) 63 { 64 unsigned char val = 1; 65 size_t i; 66 67 for (i = 0; i < outlen; i++) 68 out[i] = val++; 69 return 1; 70 } 71 72 static int fuzz_rand_enable_locking(ossl_unused void *vrng) 73 { 74 return 1; 75 } 76 77 static int fuzz_rand_get_ctx_params(void *vrng, OSSL_PARAM params[]) 78 { 79 OSSL_PARAM *p; 80 81 p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE); 82 if (p != NULL && !OSSL_PARAM_set_int(p, *(int *)vrng)) 83 return 0; 84 85 p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH); 86 if (p != NULL && !OSSL_PARAM_set_int(p, 500)) 87 return 0; 88 89 p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); 90 if (p != NULL && !OSSL_PARAM_set_size_t(p, INT_MAX)) 91 return 0; 92 return 1; 93 } 94 95 static const OSSL_PARAM *fuzz_rand_gettable_ctx_params(ossl_unused void *vrng, 96 ossl_unused void *provctx) 97 { 98 static const OSSL_PARAM known_gettable_ctx_params[] = { 99 OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL), 100 OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL), 101 OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL), 102 OSSL_PARAM_END 103 }; 104 return known_gettable_ctx_params; 105 } 106 107 static const OSSL_DISPATCH fuzz_rand_functions[] = { 108 { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))fuzz_rand_newctx }, 109 { OSSL_FUNC_RAND_FREECTX, (void (*)(void))fuzz_rand_freectx }, 110 { OSSL_FUNC_RAND_INSTANTIATE, (void (*)(void))fuzz_rand_instantiate }, 111 { OSSL_FUNC_RAND_UNINSTANTIATE, (void (*)(void))fuzz_rand_uninstantiate }, 112 { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fuzz_rand_generate }, 113 { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fuzz_rand_enable_locking }, 114 { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS, 115 (void(*)(void))fuzz_rand_gettable_ctx_params }, 116 { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fuzz_rand_get_ctx_params }, 117 { 0, NULL } 118 }; 119 120 static const OSSL_ALGORITHM fuzz_rand_rand[] = { 121 { "fuzz", "provider=fuzz-rand", fuzz_rand_functions }, 122 { NULL, NULL, NULL } 123 }; 124 125 static const OSSL_ALGORITHM *fuzz_rand_query(void *provctx, 126 int operation_id, 127 int *no_cache) 128 { 129 *no_cache = 0; 130 switch (operation_id) { 131 case OSSL_OP_RAND: 132 return fuzz_rand_rand; 133 } 134 return NULL; 135 } 136 137 /* Functions we provide to the core */ 138 static const OSSL_DISPATCH fuzz_rand_method[] = { 139 { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free }, 140 { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fuzz_rand_query }, 141 { 0, NULL } 142 }; 143 144 static int fuzz_rand_provider_init(const OSSL_CORE_HANDLE *handle, 145 const OSSL_DISPATCH *in, 146 const OSSL_DISPATCH **out, void **provctx) 147 { 148 *provctx = OSSL_LIB_CTX_new(); 149 if (*provctx == NULL) 150 return 0; 151 *out = fuzz_rand_method; 152 return 1; 153 } 154 155 static OSSL_PROVIDER *r_prov; 156 157 void FuzzerSetRand(void) 158 { 159 if (!OSSL_PROVIDER_add_builtin(NULL, "fuzz-rand", fuzz_rand_provider_init) 160 || !RAND_set_DRBG_type(NULL, "fuzz", NULL, NULL, NULL) 161 || (r_prov = OSSL_PROVIDER_try_load(NULL, "fuzz-rand", 1)) == NULL) 162 exit(1); 163 } 164 165 void FuzzerClearRand(void) 166 { 167 OSSL_PROVIDER_unload(r_prov); 168 } 169