| lh | 9ed821d | 2023-04-07 01:36:19 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved. |
| 3 | * |
| 4 | * Licensed under the OpenSSL licenses, (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * https://www.openssl.org/source/license.html |
| 8 | * or in the file LICENSE in the source distribution. |
| 9 | */ |
| 10 | |
| 11 | #include <time.h> |
| 12 | #include <openssl/rand.h> |
| 13 | #include <openssl/ssl.h> |
| 14 | #include <openssl/rsa.h> |
| 15 | #include <openssl/dsa.h> |
| 16 | #include <openssl/ec.h> |
| 17 | #include <openssl/dh.h> |
| 18 | #include <openssl/err.h> |
| 19 | #include "fuzzer.h" |
| 20 | |
| 21 | #include "rand.inc" |
| 22 | |
| 23 | /* unused, to avoid warning. */ |
| 24 | static int idx; |
| 25 | |
| 26 | #define FUZZTIME 1485898104 |
| 27 | |
| 28 | #define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; } |
| 29 | |
| 30 | /* |
| 31 | * This might not work in all cases (and definitely not on Windows |
| 32 | * because of the way linkers are) and callees can still get the |
| 33 | * current time instead of the fixed time. This will just result |
| 34 | * in things not being fully reproducible and have a slightly |
| 35 | * different coverage. |
| 36 | */ |
| 37 | #if !defined(_WIN32) |
| 38 | time_t time(time_t *t) TIME_IMPL(t) |
| 39 | #endif |
| 40 | |
| 41 | int FuzzerInitialize(int *argc, char ***argv) |
| 42 | { |
| 43 | STACK_OF(SSL_COMP) *comp_methods; |
| 44 | |
| 45 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL); |
| 46 | OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); |
| 47 | ERR_get_state(); |
| 48 | CRYPTO_free_ex_index(0, -1); |
| 49 | idx = SSL_get_ex_data_X509_STORE_CTX_idx(); |
| 50 | FuzzerSetRand(); |
| 51 | comp_methods = SSL_COMP_get_compression_methods(); |
| 52 | if (comp_methods != NULL) |
| 53 | sk_SSL_COMP_sort(comp_methods); |
| 54 | |
| 55 | return 1; |
| 56 | } |
| 57 | |
| 58 | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
| 59 | { |
| 60 | SSL *client; |
| 61 | BIO *in; |
| 62 | BIO *out; |
| 63 | SSL_CTX *ctx; |
| 64 | |
| 65 | if (len == 0) |
| 66 | return 0; |
| 67 | |
| 68 | /* |
| 69 | * TODO: use the ossltest engine (optionally?) to disable crypto checks. |
| 70 | */ |
| 71 | |
| 72 | /* This only fuzzes the initial flow from the client so far. */ |
| 73 | ctx = SSL_CTX_new(SSLv23_method()); |
| 74 | |
| 75 | client = SSL_new(ctx); |
| 76 | OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1); |
| 77 | OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1); |
| 78 | SSL_set_tlsext_host_name(client, "localhost"); |
| 79 | in = BIO_new(BIO_s_mem()); |
| 80 | out = BIO_new(BIO_s_mem()); |
| 81 | SSL_set_bio(client, in, out); |
| 82 | SSL_set_connect_state(client); |
| 83 | OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); |
| 84 | if (SSL_do_handshake(client) == 1) { |
| 85 | /* Keep reading application data until error or EOF. */ |
| 86 | uint8_t tmp[1024]; |
| 87 | for (;;) { |
| 88 | if (SSL_read(client, tmp, sizeof(tmp)) <= 0) { |
| 89 | break; |
| 90 | } |
| 91 | } |
| 92 | } |
| 93 | SSL_free(client); |
| 94 | ERR_clear_error(); |
| 95 | SSL_CTX_free(ctx); |
| 96 | |
| 97 | return 0; |
| 98 | } |
| 99 | |
| 100 | void FuzzerCleanup(void) |
| 101 | { |
| 102 | } |