1 /*
2  * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  * https://www.openssl.org/source/license.html
8  * or in the file LICENSE in the source distribution.
9  */
10 
11 #include <openssl/core_names.h>
12 #include <openssl/rand.h>
13 #include <openssl/provider.h>
14 #include "fuzzer.h"
15 
16 static OSSL_FUNC_rand_newctx_fn fuzz_rand_newctx;
17 static OSSL_FUNC_rand_freectx_fn fuzz_rand_freectx;
18 static OSSL_FUNC_rand_instantiate_fn fuzz_rand_instantiate;
19 static OSSL_FUNC_rand_uninstantiate_fn fuzz_rand_uninstantiate;
20 static OSSL_FUNC_rand_generate_fn fuzz_rand_generate;
21 static OSSL_FUNC_rand_gettable_ctx_params_fn fuzz_rand_gettable_ctx_params;
22 static OSSL_FUNC_rand_get_ctx_params_fn fuzz_rand_get_ctx_params;
23 static OSSL_FUNC_rand_enable_locking_fn fuzz_rand_enable_locking;
24 
fuzz_rand_newctx(void * provctx,void * parent,const OSSL_DISPATCH * parent_dispatch)25 static void *fuzz_rand_newctx(
26          void *provctx, void *parent, const OSSL_DISPATCH *parent_dispatch)
27 {
28     int *st = OPENSSL_malloc(sizeof(*st));
29 
30     if (st != NULL)
31         *st = EVP_RAND_STATE_UNINITIALISED;
32     return st;
33 }
34 
fuzz_rand_freectx(ossl_unused void * vrng)35 static void fuzz_rand_freectx(ossl_unused void *vrng)
36 {
37     OPENSSL_free(vrng);
38 }
39 
fuzz_rand_instantiate(ossl_unused void * vrng,ossl_unused unsigned int strength,ossl_unused int prediction_resistance,ossl_unused const unsigned char * pstr,ossl_unused size_t pstr_len,ossl_unused const OSSL_PARAM params[])40 static int fuzz_rand_instantiate(ossl_unused void *vrng,
41                                  ossl_unused unsigned int strength,
42                                  ossl_unused int prediction_resistance,
43                                  ossl_unused const unsigned char *pstr,
44                                  ossl_unused size_t pstr_len,
45                                  ossl_unused const OSSL_PARAM params[])
46 {
47     *(int *)vrng = EVP_RAND_STATE_READY;
48     return 1;
49 }
50 
fuzz_rand_uninstantiate(ossl_unused void * vrng)51 static int fuzz_rand_uninstantiate(ossl_unused void *vrng)
52 {
53     *(int *)vrng = EVP_RAND_STATE_UNINITIALISED;
54     return 1;
55 }
56 
fuzz_rand_generate(ossl_unused void * vdrbg,unsigned char * out,size_t outlen,ossl_unused unsigned int strength,ossl_unused int prediction_resistance,ossl_unused const unsigned char * adin,ossl_unused size_t adinlen)57 static int fuzz_rand_generate(ossl_unused void *vdrbg,
58                               unsigned char *out, size_t outlen,
59                               ossl_unused unsigned int strength,
60                               ossl_unused int prediction_resistance,
61                               ossl_unused const unsigned char *adin,
62                               ossl_unused size_t adinlen)
63 {
64     unsigned char val = 1;
65     size_t i;
66 
67     for (i = 0; i < outlen; i++)
68         out[i] = val++;
69     return 1;
70 }
71 
fuzz_rand_enable_locking(ossl_unused void * vrng)72 static int fuzz_rand_enable_locking(ossl_unused void *vrng)
73 {
74     return 1;
75 }
76 
fuzz_rand_get_ctx_params(void * vrng,OSSL_PARAM params[])77 static int fuzz_rand_get_ctx_params(void *vrng, OSSL_PARAM params[])
78 {
79     OSSL_PARAM *p;
80 
81     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE);
82     if (p != NULL && !OSSL_PARAM_set_int(p, *(int *)vrng))
83         return 0;
84 
85     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH);
86     if (p != NULL && !OSSL_PARAM_set_int(p, 500))
87         return 0;
88 
89     p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST);
90     if (p != NULL && !OSSL_PARAM_set_size_t(p, INT_MAX))
91         return 0;
92     return 1;
93 }
94 
fuzz_rand_gettable_ctx_params(ossl_unused void * vrng,ossl_unused void * provctx)95 static const OSSL_PARAM *fuzz_rand_gettable_ctx_params(ossl_unused void *vrng,
96                                                        ossl_unused void *provctx)
97 {
98     static const OSSL_PARAM known_gettable_ctx_params[] = {
99         OSSL_PARAM_int(OSSL_RAND_PARAM_STATE, NULL),
100         OSSL_PARAM_uint(OSSL_RAND_PARAM_STRENGTH, NULL),
101         OSSL_PARAM_size_t(OSSL_RAND_PARAM_MAX_REQUEST, NULL),
102         OSSL_PARAM_END
103     };
104     return known_gettable_ctx_params;
105 }
106 
107 static const OSSL_DISPATCH fuzz_rand_functions[] = {
108     { OSSL_FUNC_RAND_NEWCTX, (void (*)(void))fuzz_rand_newctx },
109     { OSSL_FUNC_RAND_FREECTX, (void (*)(void))fuzz_rand_freectx },
110     { OSSL_FUNC_RAND_INSTANTIATE, (void (*)(void))fuzz_rand_instantiate },
111     { OSSL_FUNC_RAND_UNINSTANTIATE, (void (*)(void))fuzz_rand_uninstantiate },
112     { OSSL_FUNC_RAND_GENERATE, (void (*)(void))fuzz_rand_generate },
113     { OSSL_FUNC_RAND_ENABLE_LOCKING, (void (*)(void))fuzz_rand_enable_locking },
114     { OSSL_FUNC_RAND_GETTABLE_CTX_PARAMS,
115       (void(*)(void))fuzz_rand_gettable_ctx_params },
116     { OSSL_FUNC_RAND_GET_CTX_PARAMS, (void(*)(void))fuzz_rand_get_ctx_params },
117     { 0, NULL }
118 };
119 
120 static const OSSL_ALGORITHM fuzz_rand_rand[] = {
121     { "fuzz", "provider=fuzz-rand", fuzz_rand_functions },
122     { NULL, NULL, NULL }
123 };
124 
fuzz_rand_query(void * provctx,int operation_id,int * no_cache)125 static const OSSL_ALGORITHM *fuzz_rand_query(void *provctx,
126                                              int operation_id,
127                                              int *no_cache)
128 {
129     *no_cache = 0;
130     switch (operation_id) {
131     case OSSL_OP_RAND:
132         return fuzz_rand_rand;
133     }
134     return NULL;
135 }
136 
137 /* Functions we provide to the core */
138 static const OSSL_DISPATCH fuzz_rand_method[] = {
139     { OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))OSSL_LIB_CTX_free },
140     { OSSL_FUNC_PROVIDER_QUERY_OPERATION, (void (*)(void))fuzz_rand_query },
141     { 0, NULL }
142 };
143 
fuzz_rand_provider_init(const OSSL_CORE_HANDLE * handle,const OSSL_DISPATCH * in,const OSSL_DISPATCH ** out,void ** provctx)144 static int fuzz_rand_provider_init(const OSSL_CORE_HANDLE *handle,
145                                    const OSSL_DISPATCH *in,
146                                    const OSSL_DISPATCH **out, void **provctx)
147 {
148     *provctx = OSSL_LIB_CTX_new();
149     if (*provctx == NULL)
150         return 0;
151     *out = fuzz_rand_method;
152     return 1;
153 }
154 
155 static OSSL_PROVIDER *r_prov;
156 
FuzzerSetRand(void)157 void FuzzerSetRand(void)
158 {
159     if (!OSSL_PROVIDER_add_builtin(NULL, "fuzz-rand", fuzz_rand_provider_init)
160         || !RAND_set_DRBG_type(NULL, "fuzz", NULL, NULL, NULL)
161         || (r_prov = OSSL_PROVIDER_try_load(NULL, "fuzz-rand", 1)) == NULL)
162         exit(1);
163 }
164 
FuzzerClearRand(void)165 void FuzzerClearRand(void)
166 {
167     OSSL_PROVIDER_unload(r_prov);
168 }
169