xref: /netbsd-src/crypto/external/bsd/openssl/dist/fuzz/client.c (revision b0d1725196a7921d003d2c66a14f186abda4176b) 
113d40330Schristos /*
2*b0d17251Schristos  * Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
313d40330Schristos  *
4*b0d17251Schristos  * Licensed under the Apache License 2.0 (the "License");
513d40330Schristos  * you may not use this file except in compliance with the License.
613d40330Schristos  * You may obtain a copy of the License at
713d40330Schristos  * https://www.openssl.org/source/license.html
813d40330Schristos  * or in the file LICENSE in the source distribution.
913d40330Schristos  */
1013d40330Schristos 
1113d40330Schristos #include <time.h>
1213d40330Schristos #include <openssl/rand.h>
1313d40330Schristos #include <openssl/ssl.h>
1413d40330Schristos #include <openssl/rsa.h>
1513d40330Schristos #include <openssl/dsa.h>
1613d40330Schristos #include <openssl/ec.h>
1713d40330Schristos #include <openssl/dh.h>
1813d40330Schristos #include <openssl/err.h>
1913d40330Schristos #include "fuzzer.h"
2013d40330Schristos 
2113d40330Schristos /* unused, to avoid warning. */
2213d40330Schristos static int idx;
2313d40330Schristos 
2413d40330Schristos #define FUZZTIME 1485898104
2513d40330Schristos 
2613d40330Schristos #define TIME_IMPL(t) { if (t != NULL) *t = FUZZTIME; return FUZZTIME; }
2713d40330Schristos 
2813d40330Schristos /*
2913d40330Schristos  * This might not work in all cases (and definitely not on Windows
3013d40330Schristos  * because of the way linkers are) and callees can still get the
3113d40330Schristos  * current time instead of the fixed time. This will just result
3213d40330Schristos  * in things not being fully reproducible and have a slightly
3313d40330Schristos  * different coverage.
3413d40330Schristos  */
3513d40330Schristos #if !defined(_WIN32)
time(time_t * t)3613d40330Schristos time_t time(time_t *t) TIME_IMPL(t)
3713d40330Schristos #endif
3813d40330Schristos 
3913d40330Schristos int FuzzerInitialize(int *argc, char ***argv)
4013d40330Schristos {
4113d40330Schristos     STACK_OF(SSL_COMP) *comp_methods;
4213d40330Schristos 
43*b0d17251Schristos     FuzzerSetRand();
4413d40330Schristos     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ASYNC, NULL);
4513d40330Schristos     OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
46*b0d17251Schristos     ERR_clear_error();
4713d40330Schristos     CRYPTO_free_ex_index(0, -1);
4813d40330Schristos     idx = SSL_get_ex_data_X509_STORE_CTX_idx();
4913d40330Schristos     comp_methods = SSL_COMP_get_compression_methods();
5013d40330Schristos     if (comp_methods != NULL)
5113d40330Schristos         sk_SSL_COMP_sort(comp_methods);
5213d40330Schristos 
5313d40330Schristos     return 1;
5413d40330Schristos }
5513d40330Schristos 
FuzzerTestOneInput(const uint8_t * buf,size_t len)5613d40330Schristos int FuzzerTestOneInput(const uint8_t *buf, size_t len)
5713d40330Schristos {
58*b0d17251Schristos     SSL *client = NULL;
5913d40330Schristos     BIO *in;
6013d40330Schristos     BIO *out;
6113d40330Schristos     SSL_CTX *ctx;
6213d40330Schristos 
6313d40330Schristos     if (len == 0)
6413d40330Schristos         return 0;
6513d40330Schristos 
6613d40330Schristos     /* This only fuzzes the initial flow from the client so far. */
6713d40330Schristos     ctx = SSL_CTX_new(SSLv23_method());
68*b0d17251Schristos     if (ctx == NULL)
69*b0d17251Schristos         goto end;
7013d40330Schristos 
7113d40330Schristos     client = SSL_new(ctx);
72*b0d17251Schristos     if (client == NULL)
73*b0d17251Schristos         goto end;
7413d40330Schristos     OPENSSL_assert(SSL_set_min_proto_version(client, 0) == 1);
7513d40330Schristos     OPENSSL_assert(SSL_set_cipher_list(client, "ALL:eNULL:@SECLEVEL=0") == 1);
7613d40330Schristos     SSL_set_tlsext_host_name(client, "localhost");
7713d40330Schristos     in = BIO_new(BIO_s_mem());
78*b0d17251Schristos     if (in == NULL)
79*b0d17251Schristos         goto end;
8013d40330Schristos     out = BIO_new(BIO_s_mem());
81*b0d17251Schristos     if (out == NULL) {
82*b0d17251Schristos         BIO_free(in);
83*b0d17251Schristos         goto end;
84*b0d17251Schristos     }
8513d40330Schristos     SSL_set_bio(client, in, out);
8613d40330Schristos     SSL_set_connect_state(client);
8713d40330Schristos     OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
8813d40330Schristos     if (SSL_do_handshake(client) == 1) {
8913d40330Schristos         /* Keep reading application data until error or EOF. */
9013d40330Schristos         uint8_t tmp[1024];
9113d40330Schristos         for (;;) {
9213d40330Schristos             if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
9313d40330Schristos                 break;
9413d40330Schristos             }
9513d40330Schristos         }
9613d40330Schristos     }
97*b0d17251Schristos  end:
9813d40330Schristos     SSL_free(client);
9913d40330Schristos     ERR_clear_error();
10013d40330Schristos     SSL_CTX_free(ctx);
10113d40330Schristos 
10213d40330Schristos     return 0;
10313d40330Schristos }
10413d40330Schristos 
FuzzerCleanup(void)10513d40330Schristos void FuzzerCleanup(void)
10613d40330Schristos {
107*b0d17251Schristos     FuzzerClearRand();
10813d40330Schristos }
109