diff options
| author | Robert Swiecki <robert@swiecki.net> | 2019-05-11 19:13:30 +0200 |
|---|---|---|
| committer | Robert Swiecki <robert@swiecki.net> | 2019-05-11 19:13:30 +0200 |
| commit | effc92568744e89c8918f03b4f91d71f806fe9aa (patch) | |
| tree | 46a80e4a9eb25c55c374baccff8ed8e5607cdd03 | |
| parent | dfb83475879120a332450b32cf0fd415060978b0 (diff) | |
| download | honggfuzz-effc92568744e89c8918f03b4f91d71f806fe9aa.tar.gz | |
examples/openssl: move init to CTX
| -rw-r--r-- | examples/openssl/client.c | 16 | ||||
| -rw-r--r-- | examples/openssl/server.c | 16 |
2 files changed, 18 insertions, 14 deletions
diff --git a/examples/openssl/client.c b/examples/openssl/client.c index a3a85b18..a709f973 100644 --- a/examples/openssl/client.c +++ b/examples/openssl/client.c @@ -556,6 +556,15 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { #endif /* defined(HF_SSL_IS_BORINGSSL) */ SSL_CTX_set_ecdh_auto(ctx, 1); + SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); + SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) + SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_STRICT); + SSL_CTX_set_max_early_data(ctx, 1024); +#endif /* defined(HF_SSL_IS_OPENSSL_GE_1_1) */ +#if !defined(HF_SSL_IS_BORINGSSL) + SSL_CTX_set_dh_auto(ctx, 1); +#endif /* !defined(HF_SSL_IS_BORINGSSL) */ long opts = SSL_CTX_get_options(ctx); opts |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; @@ -579,9 +588,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { SSL_set_renegotiate_mode(client, ssl_renegotiate_freely); #endif /* defined(HF_SSL_IS_BORINGSSL) */ - SSL_set_min_proto_version(client, SSL3_VERSION); - SSL_set_max_proto_version(client, TLS1_3_VERSION); - #if defined(HF_SSL_FROM_STDIN) BIO* in = BIO_new(BIO_s_fd()); BIO_set_fd(in, 0, BIO_NOCLOSE); @@ -597,10 +603,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { SSL_set_connect_state(client); #if defined(HF_SSL_IS_OPENSSL_GE_1_1) - SSL_enable_ct(client, SSL_CT_VALIDATION_PERMISSIVE); - SSL_set_dh_auto(client, 1); - - SSL_set_max_early_data(client, 1024); for (;;) { size_t sz; uint8_t edata_rbuf[128]; diff --git a/examples/openssl/server.c b/examples/openssl/server.c index fe117bad..46566c0f 100644 --- a/examples/openssl/server.c +++ b/examples/openssl/server.c @@ -612,6 +612,15 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) { SSL_CTX_set_alpn_select_cb(ctx, alpn_callback, NULL); SSL_CTX_set_next_protos_advertised_cb(ctx, npn_callback, NULL); SSL_CTX_set_ecdh_auto(ctx, 1); + SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION); + SSL_CTX_set_max_proto_version(ctx, TLS1_3_VERSION); +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) + SSL_CTX_enable_ct(ctx, SSL_CT_VALIDATION_STRICT); + SSL_CTX_set_max_early_data(ctx, 1024); +#endif /* defined(HF_SSL_IS_OPENSSL_GE_1_1) */ +#if !defined(HF_SSL_IS_BORINGSSL) + SSL_CTX_set_dh_auto(ctx, 1); +#endif /* !defined(HF_SSL_IS_BORINGSSL) */ long opts = SSL_CTX_get_options(ctx); opts |= SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION; @@ -633,9 +642,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { SSL* server = SSL_new(ctx); - SSL_set_min_proto_version(server, SSL3_VERSION); - SSL_set_max_proto_version(server, TLS1_3_VERSION); - #if defined(HF_SSL_FROM_STDIN) BIO* in = BIO_new(BIO_s_fd()); BIO_set_fd(in, 0, BIO_NOCLOSE); @@ -651,10 +657,6 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) { SSL_set_accept_state(server); #if defined(HF_SSL_IS_OPENSSL_GE_1_1) - SSL_enable_ct(server, SSL_CT_VALIDATION_STRICT); - SSL_set_dh_auto(server, 1); - - SSL_set_max_early_data(server, 1024); for (;;) { size_t sz; uint8_t edata_rbuf[128]; |