/src/openssl31/fuzz/client.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"); |
5 | | * you may not use this file except in compliance with the License. |
6 | | * You may obtain a copy of the License at |
7 | | * https://www.openssl.org/source/license.html |
8 | | * or in the file LICENSE in the source distribution. |
9 | | */ |
10 | | |
11 | | #include <time.h> |
12 | | #include <openssl/rand.h> |
13 | | #include <openssl/ssl.h> |
14 | | #include <openssl/rsa.h> |
15 | | #include <openssl/dsa.h> |
16 | | #include <openssl/ec.h> |
17 | | #include <openssl/dh.h> |
18 | | #include <openssl/err.h> |
19 | | #include "fuzzer.h" |
20 | | |
21 | | /* unused, to avoid warning. */ |
22 | | static int idx; |
23 | | |
24 | 24.8k | #define FUZZTIME 1485898104 |
25 | | |
26 | 24.0k | #define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } |
27 | | |
28 | | /* |
29 | | * This might not work in all cases (and definitely not on Windows |
30 | | * because of the way linkers are) and callees can still get the |
31 | | * current time instead of the fixed time. This will just result |
32 | | * in things not being fully reproducible and have a slightly |
33 | | * different coverage. |
34 | | */ |
35 | | #if !defined(_WIN32) |
36 | | time_t time(time_t *t) TIME_IMPL(t) |
37 | | #endif |
38 | | |
39 | | int FuzzerInitialize(int *argc, char ***argv) |
40 | 26 | { |
41 | 26 | STACK_OF(SSL_COMP) *comp_methods; |
42 | | |
43 | 26 | FuzzerSetRand(); |
44 | 26 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); |
45 | 26 | OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
46 | 26 | ERR_clear_error(); |
47 | 26 | CRYPTO_free_ex_index(0, -1); |
48 | 26 | idx = SSL_get_ex_data_X509_STORE_CTX_idx(); |
49 | 26 | comp_methods = SSL_COMP_get_compression_methods(); |
50 | 26 | if (comp_methods != NULL) |
51 | 26 | sk_SSL_COMP_sort(comp_methods); |
52 | | |
53 | 26 | return 1; |
54 | 26 | } |
55 | | |
56 | | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
57 | 31.7k | { |
58 | 31.7k | SSL *client = NULL; |
59 | 31.7k | BIO *in; |
60 | 31.7k | BIO *out; |
61 | 31.7k | SSL_CTX *ctx; |
62 | | |
63 | 31.7k | if (len == 0) |
64 | 0 | return 0; |
65 | | |
66 | | /* This only fuzzes the initial flow from the client so far. */ |
67 | 31.7k | ctx = SSL_CTX_new(SSLv23_method()); |
68 | 31.7k | if (ctx == NULL) |
69 | 0 | goto end; |
70 | | |
71 | 31.7k | client = SSL_new(ctx); |
72 | 31.7k | if (client == NULL) |
73 | 0 | goto end; |
74 | 31.7k | OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); |
75 | 31.7k | OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); |
76 | 31.7k | SSL_set_tlsext_host_name(client, "localhost"); |
77 | 31.7k | in = BIO_new(BIO_s_mem()); |
78 | 31.7k | if (in == NULL) |
79 | 0 | goto end; |
80 | 31.7k | out = BIO_new(BIO_s_mem()); |
81 | 31.7k | if (out == NULL) { |
82 | 0 | BIO_free(in); |
83 | 0 | goto end; |
84 | 0 | } |
85 | 31.7k | SSL_set_bio(client, in, out); |
86 | 31.7k | SSL_set_connect_state(client); |
87 | 31.7k | OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); |
88 | 31.7k | if (SSL_do_handshake(client) == 1) { |
89 | | /* Keep reading application data until error or EOF. */ |
90 | 723 | uint8_t tmp[1024]; |
91 | 22.1k | for (;;) { |
92 | 22.1k | if (SSL_read(client, tmp, sizeof(tmp)) <= 0) { |
93 | 723 | break; |
94 | 723 | } |
95 | 22.1k | } |
96 | 723 | } |
97 | 31.7k | end: |
98 | 31.7k | SSL_free(client); |
99 | 31.7k | ERR_clear_error(); |
100 | 31.7k | SSL_CTX_free(ctx); |
101 | | |
102 | 31.7k | return 0; |
103 | 31.7k | } |
104 | | |
105 | | void FuzzerCleanup(void) |
106 | 0 | { |
107 | 0 | FuzzerClearRand(); |
108 | 0 | } |