File: s2n_server_fuzz_test_overrides.c

package info (click to toggle)
aws-crt-python 0.24.0%2Bdfsg-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 75,932 kB
  • sloc: ansic: 418,984; python: 23,626; makefile: 6,035; sh: 4,075; ruby: 208; java: 82; perl: 73; cpp: 25; xml: 11
file content (63 lines) | stat: -rw-r--r-- 2,221 bytes parent folder | download | duplicates (3) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
 
/*
 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
 *
 * Licensed under the Apache License, Version 2.0 (the "License").
 * You may not use this file except in compliance with the License.
 * A copy of the License is located at
 *
 *  http://aws.amazon.com/apache2.0
 *
 * or in the "license" file accompanying this file. This file is distributed
 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
 * express or implied. See the License for the specific language governing
 * permissions and limitations under the License.
 */

#define _GNU_SOURCE
#include <dlfcn.h>
#include <openssl/rsa.h>
#include <time.h>

#include "crypto/s2n_rsa.h"
#include "error/s2n_errno.h"
#include "tls/s2n_connection.h"
#include "utils/s2n_safety.h"

time_t time (time_t *__timer)
{
    /* Always assume the time is zero when fuzzing the server, this is to ensure that Fuzz tests are deterministic and
     * don't depend on the time the test was run.
     */
    return 0;
}


int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
                 const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
    /* Always assume that the RSA_verify function passes */
    return 1;
}

bool s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, uint32_t len)
{
    /* Allow all signatures checked with s2n_constant_time_equals to always pass verification even if they are invalid
     * in order to aid code coverage with server fuzz test.
     */
    return 1;
}

int s2n_rsa_client_key_recv(struct s2n_connection *conn, struct s2n_blob *shared_key)
{
    /* Perform the original function */
    typedef int (*orig_s2n_rsa_client_key_recv_func_type)(struct s2n_connection *conn, struct s2n_blob *shared_key);
    orig_s2n_rsa_client_key_recv_func_type orig_s2n_rsa_client_key_recv;
    orig_s2n_rsa_client_key_recv = (orig_s2n_rsa_client_key_recv_func_type) dlsym(RTLD_NEXT, "s2n_rsa_client_key_recv");
    int original_return_code = orig_s2n_rsa_client_key_recv(conn, shared_key);

    /* Then, overwrite the RSA Failed flag to false before returning, this will help fuzzing code coverage. */
    conn->handshake.rsa_failed = 0;

    return original_return_code;
}