Startsida Utforska Hjälp
Logga in
OWEALs
/
openssl
spegling av git://git.openssl.org/openssl.git
2
0
Fork 0
Filer Ärenden 1 Wiki
Träd: cd32a0f589
Grenar Taggar
openssl
/
fuzz
/
client.c

client.c 2.7 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102 
  1. /*
    2. 

  2.  * Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
    3. 

  3.  *
    4. 

  4.  * Licensed under the Apache License 2.0 (the "License");
    5. 

  5.  * you may not use this file except in compliance with the License.
    6. 

  6.  * You may obtain a copy of the License at
    7. 

  7.  * https://www.openssl.org/source/license.html
    8. 

  8.  * or in the file LICENSE in the source distribution.
    9. 

  9.  */
    10. 

  10. 

  11. #include <time.h>
    12. 

  12. #include <openssl/rand.h>
    13. 

  13. #include <openssl/ssl.h>
    14. 

  14. #include <openssl/rsa.h>
    15. 

  15. #include <openssl/dsa.h>
    16. 

  16. #include <openssl/ec.h>
    17. 

  17. #include <openssl/dh.h>
    18. 

  18. #include <openssl/err.h>
    19. 

  19. #include "fuzzer.h"
    20. 

  20. 

  21. #include "rand.inc"
    22. 

  22. 

  23. /* unused, to avoid warning. */
    24. 

  24. static int idx;
    25. 

  25. 

  26. #define FUZZTIME 1485898104
    27. 

  27. 

  28. #define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
    29. 

  29. 

  30. /*
    31. 

  31.  * This might not work in all cases (and definitely not on Windows
    32. 

  32.  * because of the way linkers are) and callees can still get the
    33. 

  33.  * current time instead of the fixed time. This will just result
    34. 

  34.  * in things not being fully reproducible and have a slightly
    35. 

  35.  * different coverage.
    36. 

  36.  */
    37. 

  37. #if !defined(_WIN32)
    38. 

  38. time_t time(time_t *t) TIME_IMPL(t)
    39. 

  39. #endif
    40. 

  40. 

  41. int FuzzerInitialize(int *argc, char ***argv)
    42. 

  42. {
    43. 

  43.     STACK_OF(SSL_COMP) *comp_methods;
    44. 

  44. 

  45.     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
    46. 

  46.     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
    47. 

  47.     ERR_clear_error();
    48. 

  48.     CRYPTO_free_ex_index(0, -1);
    49. 

  49.     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
    50. 

  50.     FuzzerSetRand();
    51. 

  51.     comp_methods = SSL_COMP_get_compression_methods();
    52. 

  52.     if (comp_methods != NULL)
    53. 

  53.         sk_SSL_COMP_sort(comp_methods);
    54. 

  54. 

  55.     return 1;
    56. 

  56. }
    57. 

  57. 

  58. int FuzzerTestOneInput(const uint8_t *buf, size_t len)
    59. 

  59. {
    60. 

  60.     SSL *client;
    61. 

  61.     BIO *in;
    62. 

  62.     BIO *out;
    63. 

  63.     SSL_CTX *ctx;
    64. 

  64. 

  65.     if (len == 0)
    66. 

  66.         return 0;
    67. 

  67. 

  68.     /*
    69. 

  69.      * TODO: use the ossltest engine (optionally?) to disable crypto checks.
    70. 

  70.      */
    71. 

  71. 

  72.     /* This only fuzzes the initial flow from the client so far. */
    73. 

  73.     ctx = SSL_CTX_new(SSLv23_method());
    74. 

  74. 

  75.     client = SSL_new(ctx);
    76. 

  76.     OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
    77. 

  77.     OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
    78. 

  78.     SSL_set_tlsext_host_name(client, "localhost");
    79. 

  79.     in = BIO_new(BIO_s_mem());
    80. 

  80.     out = BIO_new(BIO_s_mem());
    81. 

  81.     SSL_set_bio(client, in, out);
    82. 

  82.     SSL_set_connect_state(client);
    83. 

  83.     OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
    84. 

  84.     if (SSL_do_handshake(client) == 1) {
    85. 

  85.         /* Keep reading application data until error or EOF. */
    86. 

  86.         uint8_t tmp[1024];
    87. 

  87.         for (;;) {
    88. 

  88.             if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
    89. 

  89.                 break;
    90. 

  90.             }
    91. 

  91.         }
    92. 

  92.     }
    93. 

  93.     SSL_free(client);
    94. 

  94.     ERR_clear_error();
    95. 

  95.     SSL_CTX_free(ctx);
    96. 

  96. 

  97.     return 0;
    98. 

  98. }
    99. 

  99. 

  100. void FuzzerCleanup(void)
    101. 

  101. {
    102. 

  102. }
    103.