Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/fuzz/client.c
34859 views
1
/*

2
 * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License");

5
 * you may not use this file except in compliance with the License.

6
 * You may obtain a copy of the License at

7
 * https://www.openssl.org/source/license.html

8
 * or in the file LICENSE in the source distribution.

9
 */

10


11
#include <time.h>

12
#include <openssl/rand.h>

13
#include <openssl/ssl.h>

14
#include <openssl/rsa.h>

15
#include <openssl/dsa.h>

16
#include <openssl/ec.h>

17
#include <openssl/dh.h>

18
#include <openssl/err.h>

19
#include "fuzzer.h"

20


21
/* unused, to avoid warning. */

22
static int idx;

23


24
#define FUZZTIME 1485898104

25


26
#define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }

27


28
/*

29
 * This might not work in all cases (and definitely not on Windows

30
 * because of the way linkers are) and callees can still get the

31
 * current time instead of the fixed time. This will just result

32
 * in things not being fully reproducible and have a slightly

33
 * different coverage.

34
 */

35
#if !defined(_WIN32)

36
time_t time(time_t *t) TIME_IMPL(t)

37
#endif

38


39
int FuzzerInitialize(int *argc, char ***argv)

40
{

41
    STACK_OF(SSL_COMP) *comp_methods;

42


43
    FuzzerSetRand();

44
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);

45
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);

46
    ERR_clear_error();

47
    CRYPTO_free_ex_index(0, -1);

48
    idx = SSL_get_ex_data_X509_STORE_CTX_idx();

49
    comp_methods = SSL_COMP_get_compression_methods();

50
    if (comp_methods != NULL)

51
        sk_SSL_COMP_sort(comp_methods);

52


53
    return 1;

54
}

55


56
int FuzzerTestOneInput(const uint8_t *buf, size_t len)

57
{

58
    SSL *client = NULL;

59
    BIO *in;

60
    BIO *out;

61
    SSL_CTX *ctx;

62


63
    if (len == 0)

64
        return 0;

65


66
    /* This only fuzzes the initial flow from the client so far. */

67
    ctx = SSL_CTX_new(SSLv23_method());

68
    if (ctx == NULL)

69
        goto end;

70


71
    client = SSL_new(ctx);

72
    if (client == NULL)

73
        goto end;

74
    OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);

75
    OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);

76
    SSL_set_tlsext_host_name(client, "localhost");

77
    in = BIO_new(BIO_s_mem());

78
    if (in == NULL)

79
        goto end;

80
    out = BIO_new(BIO_s_mem());

81
    if (out == NULL) {

82
        BIO_free(in);

83
        goto end;

84
    }

85
    SSL_set_bio(client, in, out);

86
    SSL_set_connect_state(client);

87
    OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);

88
    if (SSL_do_handshake(client) == 1) {

89
        /* Keep reading application data until error or EOF. */

90
        uint8_t tmp[1024];

91
        for (;;) {

92
            if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {

93
                break;

94
            }

95
        }

96
    }

97
 end:

98
    SSL_free(client);

99
    ERR_clear_error();

100
    SSL_CTX_free(ctx);

101


102
    return 0;

103
}

104


105
void FuzzerCleanup(void)

106
{

107
    FuzzerClearRand();

108
}

109


110