/src/botan/src/fuzzer/tls_client.cpp
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * (C) 2015,2016 Jack Lloyd |
3 | | * |
4 | | * Botan is released under the Simplified BSD License (see license.txt) |
5 | | */ |
6 | | |
7 | | #include "fuzzers.h" |
8 | | #include <botan/tls_client.h> |
9 | | |
10 | | class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager |
11 | | { |
12 | | public: |
13 | 0 | std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; } |
14 | 0 | std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; } |
15 | | Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override |
16 | 0 | { |
17 | 0 | return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899"); |
18 | 0 | } |
19 | | }; |
20 | | |
21 | | class Fuzzer_TLS_Policy : public Botan::TLS::Policy |
22 | | { |
23 | | public: |
24 | | std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version) const override |
25 | 2.39k | { |
26 | 2.39k | std::vector<uint16_t> ciphersuites; |
27 | | |
28 | 2.39k | for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) |
29 | 225k | { |
30 | 225k | if(suite.valid() == false) |
31 | 0 | ciphersuites.push_back(suite.ciphersuite_code()); |
32 | 225k | } |
33 | | |
34 | 2.39k | return ciphersuites; |
35 | 2.39k | } |
36 | | }; |
37 | | |
38 | | class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks |
39 | | { |
40 | | public: |
41 | | void tls_emit_data(const uint8_t[], size_t) override |
42 | 4.49k | { |
43 | | // discard |
44 | 4.49k | } |
45 | | |
46 | | void tls_record_received(uint64_t, const uint8_t[], size_t) override |
47 | 0 | { |
48 | | // ignore peer data |
49 | 0 | } |
50 | | |
51 | | void tls_alert(Botan::TLS::Alert) override |
52 | 2.78k | { |
53 | | // ignore alert |
54 | 2.78k | } |
55 | | |
56 | | bool tls_session_established(const Botan::TLS::Session&) override |
57 | 0 | { |
58 | 0 | return true; // cache it |
59 | 0 | } |
60 | | |
61 | | void tls_verify_cert_chain( |
62 | | const std::vector<Botan::X509_Certificate>& cert_chain, |
63 | | const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses, |
64 | | const std::vector<Botan::Certificate_Store*>& trusted_roots, |
65 | | Botan::Usage_Type usage, |
66 | | const std::string& hostname, |
67 | | const Botan::TLS::Policy& policy) override |
68 | 0 | { |
69 | 0 | try |
70 | 0 | { |
71 | | // try to validate to exercise those code paths |
72 | 0 | Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, |
73 | 0 | trusted_roots, usage, hostname, policy); |
74 | 0 | } |
75 | 0 | catch(...) |
76 | 0 | { |
77 | | // ignore validation result |
78 | 0 | } |
79 | 0 | } |
80 | | |
81 | | }; |
82 | | |
83 | | void fuzz(const uint8_t in[], size_t len) |
84 | 2.39k | { |
85 | 2.39k | if(len == 0) |
86 | 0 | return; |
87 | | |
88 | 2.39k | Botan::TLS::Session_Manager_Noop session_manager; |
89 | 2.39k | Fuzzer_TLS_Policy policy; |
90 | 2.39k | Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12; |
91 | 2.39k | Botan::TLS::Server_Information info("server.name", 443); |
92 | 2.39k | Fuzzer_TLS_Client_Callbacks callbacks; |
93 | 2.39k | Fuzzer_TLS_Client_Creds creds; |
94 | | |
95 | 2.39k | Botan::TLS::Client client(callbacks, |
96 | 2.39k | session_manager, |
97 | 2.39k | creds, |
98 | 2.39k | policy, |
99 | 2.39k | fuzzer_rng(), |
100 | 2.39k | info, |
101 | 2.39k | client_offer); |
102 | | |
103 | 2.39k | try |
104 | 2.39k | { |
105 | 2.39k | client.received_data(in, len); |
106 | 2.39k | } |
107 | 2.39k | catch(std::exception& e) |
108 | 2.39k | { |
109 | 2.10k | } |
110 | | |
111 | 2.39k | } |
112 | | |