1 | /*
|
---|
2 | * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the Apache License 2.0 (the "License");
|
---|
5 | * you may not use this file except in compliance with the License.
|
---|
6 | * You may obtain a copy of the License at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | * or in the file LICENSE in the source distribution.
|
---|
9 | */
|
---|
10 |
|
---|
11 | #include <time.h>
|
---|
12 | #include <openssl/rand.h>
|
---|
13 | #include <openssl/ssl.h>
|
---|
14 | #include <openssl/rsa.h>
|
---|
15 | #include <openssl/dsa.h>
|
---|
16 | #include <openssl/ec.h>
|
---|
17 | #include <openssl/dh.h>
|
---|
18 | #include <openssl/err.h>
|
---|
19 | #include "fuzzer.h"
|
---|
20 |
|
---|
21 | /* unused, to avoid warning. */
|
---|
22 | static int idx;
|
---|
23 |
|
---|
24 | #define FUZZTIME 1485898104
|
---|
25 |
|
---|
26 | #define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
|
---|
27 |
|
---|
28 | /*
|
---|
29 | * This might not work in all cases (and definitely not on Windows
|
---|
30 | * because of the way linkers are) and callees can still get the
|
---|
31 | * current time instead of the fixed time. This will just result
|
---|
32 | * in things not being fully reproducible and have a slightly
|
---|
33 | * different coverage.
|
---|
34 | */
|
---|
35 | #if !defined(_WIN32)
|
---|
36 | time_t time(time_t *t) TIME_IMPL(t)
|
---|
37 | #endif
|
---|
38 |
|
---|
39 | int FuzzerInitialize(int *argc, char ***argv)
|
---|
40 | {
|
---|
41 | STACK_OF(SSL_COMP) *comp_methods;
|
---|
42 |
|
---|
43 | FuzzerSetRand();
|
---|
44 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
|
---|
45 | OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
|
---|
46 | ERR_clear_error();
|
---|
47 | CRYPTO_free_ex_index(0, -1);
|
---|
48 | idx = SSL_get_ex_data_X509_STORE_CTX_idx();
|
---|
49 | comp_methods = SSL_COMP_get_compression_methods();
|
---|
50 | if (comp_methods != NULL)
|
---|
51 | sk_SSL_COMP_sort(comp_methods);
|
---|
52 |
|
---|
53 | return 1;
|
---|
54 | }
|
---|
55 |
|
---|
56 | int FuzzerTestOneInput(const uint8_t *buf, size_t len)
|
---|
57 | {
|
---|
58 | SSL *client;
|
---|
59 | BIO *in;
|
---|
60 | BIO *out;
|
---|
61 | SSL_CTX *ctx;
|
---|
62 |
|
---|
63 | if (len == 0)
|
---|
64 | return 0;
|
---|
65 |
|
---|
66 | /* This only fuzzes the initial flow from the client so far. */
|
---|
67 | ctx = SSL_CTX_new(SSLv23_method());
|
---|
68 |
|
---|
69 | client = SSL_new(ctx);
|
---|
70 | OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
|
---|
71 | OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
|
---|
72 | SSL_set_tlsext_host_name(client, "localhost");
|
---|
73 | in = BIO_new(BIO_s_mem());
|
---|
74 | out = BIO_new(BIO_s_mem());
|
---|
75 | SSL_set_bio(client, in, out);
|
---|
76 | SSL_set_connect_state(client);
|
---|
77 | OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
|
---|
78 | if (SSL_do_handshake(client) == 1) {
|
---|
79 | /* Keep reading application data until error or EOF. */
|
---|
80 | uint8_t tmp[1024];
|
---|
81 | for (;;) {
|
---|
82 | if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
|
---|
83 | break;
|
---|
84 | }
|
---|
85 | }
|
---|
86 | }
|
---|
87 | SSL_free(client);
|
---|
88 | ERR_clear_error();
|
---|
89 | SSL_CTX_free(ctx);
|
---|
90 |
|
---|
91 | return 0;
|
---|
92 | }
|
---|
93 |
|
---|
94 | void FuzzerCleanup(void)
|
---|
95 | {
|
---|
96 | FuzzerClearRand();
|
---|
97 | }
|
---|