/src/openssl/fuzz/dtlsclient.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"); |
5 | | * you may not use this file except in compliance with the License. |
6 | | * You may obtain a copy of the License at |
7 | | * https://www.openssl.org/source/license.html |
8 | | * or in the file LICENSE in the source distribution. |
9 | | */ |
10 | | |
11 | | #include <time.h> |
12 | | #include <openssl/rand.h> |
13 | | #include <openssl/ssl.h> |
14 | | #include <openssl/rsa.h> |
15 | | #include <openssl/dsa.h> |
16 | | #include <openssl/ec.h> |
17 | | #include <openssl/dh.h> |
18 | | #include <openssl/err.h> |
19 | | #include "fuzzer.h" |
20 | | |
21 | | /* unused, to avoid warning. */ |
22 | | static int idx; |
23 | | |
24 | 13.1k | #define FUZZTIME 1485898104 |
25 | | |
26 | | #define TIME_IMPL(t) \ |
27 | 12.1k | { \ |
28 | 12.1k | if (t != NULL) \ |
29 | 12.1k | *t = FUZZTIME; \ |
30 | 12.1k | return FUZZTIME; \ |
31 | 12.1k | } |
32 | | |
33 | | /* |
34 | | * This might not work in all cases (and definitely not on Windows |
35 | | * because of the way linkers are) and callees can still get the |
36 | | * current time instead of the fixed time. This will just result |
37 | | * in things not being fully reproducible and have a slightly |
38 | | * different coverage. |
39 | | */ |
40 | | #if !defined(_WIN32) |
41 | 12.1k | time_t time(time_t *t) TIME_IMPL(t) |
42 | | #endif |
43 | | |
44 | | int FuzzerInitialize(int *argc, char ***argv) |
45 | 60 | { |
46 | 60 | STACK_OF(SSL_COMP) *comp_methods; |
47 | | |
48 | 60 | FuzzerSetRand(); |
49 | 60 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); |
50 | 60 | OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
51 | 60 | ERR_clear_error(); |
52 | 60 | CRYPTO_free_ex_index(0, -1); |
53 | 60 | idx = SSL_get_ex_data_X509_STORE_CTX_idx(); |
54 | 60 | comp_methods = SSL_COMP_get_compression_methods(); |
55 | 60 | if (comp_methods != NULL) |
56 | 60 | sk_SSL_COMP_sort(comp_methods); |
57 | | |
58 | 60 | return 1; |
59 | 60 | } |
60 | | |
61 | | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
62 | 19.0k | { |
63 | 19.0k | SSL *client = NULL; |
64 | 19.0k | BIO *in; |
65 | 19.0k | BIO *out; |
66 | 19.0k | SSL_CTX *ctx; |
67 | | |
68 | 19.0k | if (len == 0 || len > INT_MAX) |
69 | 0 | return 0; |
70 | | |
71 | | /* This only fuzzes the initial flow from the client so far. */ |
72 | 19.0k | ctx = SSL_CTX_new(DTLS_client_method()); |
73 | 19.0k | if (ctx == NULL) |
74 | 0 | goto end; |
75 | | |
76 | 19.0k | client = SSL_new(ctx); |
77 | 19.0k | if (client == NULL) |
78 | 0 | goto end; |
79 | 19.0k | OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); |
80 | 19.0k | OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); |
81 | 19.0k | SSL_set_tlsext_host_name(client, "localhost"); |
82 | 19.0k | in = BIO_new(BIO_s_mem()); |
83 | 19.0k | if (in == NULL) |
84 | 0 | goto end; |
85 | 19.0k | out = BIO_new(BIO_s_mem()); |
86 | 19.0k | if (out == NULL) { |
87 | 0 | BIO_free(in); |
88 | 0 | goto end; |
89 | 0 | } |
90 | 19.0k | SSL_set_bio(client, in, out); |
91 | 19.0k | SSL_set_connect_state(client); |
92 | 19.0k | OPENSSL_assert((size_t)BIO_write(in, buf, (int)len) == len); |
93 | 19.0k | if (SSL_do_handshake(client) == 1) { |
94 | | /* Keep reading application data until error or EOF. */ |
95 | 587 | uint8_t tmp[1024]; |
96 | 684 | for (;;) { |
97 | 684 | if (SSL_read(client, tmp, sizeof(tmp)) <= 0) { |
98 | 587 | break; |
99 | 587 | } |
100 | 684 | } |
101 | 587 | } |
102 | 19.0k | end: |
103 | 19.0k | SSL_free(client); |
104 | 19.0k | ERR_clear_error(); |
105 | 19.0k | SSL_CTX_free(ctx); |
106 | | |
107 | 19.0k | return 0; |
108 | 19.0k | } |
109 | | |
110 | | void FuzzerCleanup(void) |
111 | 0 | { |
112 | 0 | FuzzerClearRand(); |
113 | 0 | } |