Domovská stránka Prehľadávať Pomoc
Prihlásiť sa
OWEALs
/
openssl
zrkadlo git://git.openssl.org/openssl.git
2
0
Fork 0
Súbory Issues 1 Wiki
Strom: 67eacb60a8
Branche Tagy
openssl
/
fuzz
/
client.c

client.c 2.6 KB
História Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. /*
    2. 

  2.  * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License");
    5. 

  5.  * you may not use this file except in compliance with the License.
    6. 

  6.  * You may obtain a copy of the License at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  * or in the file LICENSE in the source distribution.
    9. 

  9.  */
    10. 

  10. 

  11. #include <time.h>
    12. 

  12. #include <openssl/rand.h>
    13. 

  13. #include <openssl/ssl.h>
    14. 

  14. #include <openssl/rsa.h>
    15. 

  15. #include <openssl/dsa.h>
    16. 

  16. #include <openssl/ec.h>
    17. 

  17. #include <openssl/dh.h>
    18. 

  18. #include <openssl/err.h>
    19. 

  19. #include "fuzzer.h"
    20. 

  20. 

  21. /* unused, to avoid warning. */
    22. 

  22. static int idx;
    23. 

  23. 

  24. #define FUZZTIME 1485898104
    25. 

  25. 

  26. #define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
    27. 

  27. 

  28. /*
    29. 

  29.  * This might not work in all cases (and definitely not on Windows
    30. 

  30.  * because of the way linkers are) and callees can still get the
    31. 

  31.  * current time instead of the fixed time. This will just result
    32. 

  32.  * in things not being fully reproducible and have a slightly
    33. 

  33.  * different coverage.
    34. 

  34.  */
    35. 

  35. #if !defined(_WIN32)
    36. 

  36. time_t time(time_t *t) TIME_IMPL(t)
    37. 

  37. #endif
    38. 

  38. 

  39. int FuzzerInitialize(int *argc, char ***argv)
    40. 

  40. {
    41. 

  41.     STACK_OF(SSL_COMP) *comp_methods;
    42. 

  42. 

  43.     FuzzerSetRand();
    44. 

  44.     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
    45. 

  45.     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
    46. 

  46.     ERR_clear_error();
    47. 

  47.     CRYPTO_free_ex_index(0, -1);
    48. 

  48.     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
    49. 

  49.     comp_methods = SSL_COMP_get_compression_methods();
    50. 

  50.     if (comp_methods != NULL)
    51. 

  51.         sk_SSL_COMP_sort(comp_methods);
    52. 

  52. 

  53.     return 1;
    54. 

  54. }
    55. 

  55. 

  56. int FuzzerTestOneInput(const uint8_t *buf, size_t len)
    57. 

  57. {
    58. 

  58.     SSL *client;
    59. 

  59.     BIO *in;
    60. 

  60.     BIO *out;
    61. 

  61.     SSL_CTX *ctx;
    62. 

  62. 

  63.     if (len == 0)
    64. 

  64.         return 0;
    65. 

  65. 

  66.     /* This only fuzzes the initial flow from the client so far. */
    67. 

  67.     ctx = SSL_CTX_new(SSLv23_method());
    68. 

  68. 

  69.     client = SSL_new(ctx);
    70. 

  70.     OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
    71. 

  71.     OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
    72. 

  72.     SSL_set_tlsext_host_name(client, "localhost");
    73. 

  73.     in = BIO_new(BIO_s_mem());
    74. 

  74.     out = BIO_new(BIO_s_mem());
    75. 

  75.     SSL_set_bio(client, in, out);
    76. 

  76.     SSL_set_connect_state(client);
    77. 

  77.     OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
    78. 

  78.     if (SSL_do_handshake(client) == 1) {
    79. 

  79.         /* Keep reading application data until error or EOF. */
    80. 

  80.         uint8_t tmp[1024];
    81. 

  81.         for (;;) {
    82. 

  82.             if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
    83. 

  83.                 break;
    84. 

  84.             }
    85. 

  85.         }
    86. 

  86.     }
    87. 

  87.     SSL_free(client);
    88. 

  88.     ERR_clear_error();
    89. 

  89.     SSL_CTX_free(ctx);
    90. 

  90. 

  91.     return 0;
    92. 

  92. }
    93. 

  93. 

  94. void FuzzerCleanup(void)
    95. 

  95. {
    96. 

  96.     FuzzerClearRand();
    97. 

  97. }
    98.