boringssl/fuzz/client.cc

#include <assert.h>

#include <openssl/rand.h>
#include <openssl/ssl.h>

struct GlobalState {
  GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {}

  ~GlobalState() {
    SSL_CTX_free(ctx);
  }

  SSL_CTX *const ctx;
};

static GlobalState g_state;

extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
  RAND_reset_for_fuzzing();

  SSL *client = SSL_new(g_state.ctx);
  BIO *in = BIO_new(BIO_s_mem());
  BIO *out = BIO_new(BIO_s_mem());
  SSL_set_bio(client, in, out);
  SSL_set_connect_state(client);
  SSL_set_renegotiate_mode(client, ssl_renegotiate_freely);

  BIO_write(in, buf, len);
  if (SSL_do_handshake(client) == 1) {
    // Keep reading application data until error or EOF.
    uint8_t tmp[1024];
    for (;;) {
      if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {
        break;
      }
    }
  }
  SSL_free(client);

  return 0;
}
Add four, basic fuzz tests. This change adds fuzzing tests for: ∙ Certificate parsing ∙ Private key parsing ∙ ClientHello parsing ∙ Server first flow (ServerHello, Certificate, etc) parsing. Change-Id: I5f53282263eaaff69b1a03c819cca73750433653 Reviewed-on: https://boringssl-review.googlesource.com/6460 Reviewed-by: Adam Langley <agl@google.com> 2015-11-09 21:57:26 +00:00			`#include <assert.h>`

Add a deterministic PRNG for fuzzing. If running the stack through a fuzzer, we would like execution to be completely deterministic. This is gated on a BORINGSSL_UNSAFE_FUZZER_MODE #ifdef. For now, this just uses the zero ChaCha20 key and a global counter. As needed, we can extend this to a thread-local counter and a separate ChaCha20 stream and counter per input length. Change-Id: Ic6c9d8a25e70d68e5dc6804e2c234faf48e51395 Reviewed-on: https://boringssl-review.googlesource.com/7286 Reviewed-by: Adam Langley <agl@google.com> 2016-03-02 03:57:32 +00:00			`#include <openssl/rand.h>`
Add four, basic fuzz tests. This change adds fuzzing tests for: ∙ Certificate parsing ∙ Private key parsing ∙ ClientHello parsing ∙ Server first flow (ServerHello, Certificate, etc) parsing. Change-Id: I5f53282263eaaff69b1a03c819cca73750433653 Reviewed-on: https://boringssl-review.googlesource.com/6460 Reviewed-by: Adam Langley <agl@google.com> 2015-11-09 21:57:26 +00:00			`#include <openssl/ssl.h>`

			`struct GlobalState {`
			`GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {}`

			`~GlobalState() {`
			`SSL_CTX_free(ctx);`
			`}`

			`SSL_CTX *const ctx;`
			`};`

			`static GlobalState g_state;`

			`extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {`
Add a deterministic PRNG for fuzzing. If running the stack through a fuzzer, we would like execution to be completely deterministic. This is gated on a BORINGSSL_UNSAFE_FUZZER_MODE #ifdef. For now, this just uses the zero ChaCha20 key and a global counter. As needed, we can extend this to a thread-local counter and a separate ChaCha20 stream and counter per input length. Change-Id: Ic6c9d8a25e70d68e5dc6804e2c234faf48e51395 Reviewed-on: https://boringssl-review.googlesource.com/7286 Reviewed-by: Adam Langley <agl@google.com> 2016-03-02 03:57:32 +00:00			`RAND_reset_for_fuzzing();`

Add four, basic fuzz tests. This change adds fuzzing tests for: ∙ Certificate parsing ∙ Private key parsing ∙ ClientHello parsing ∙ Server first flow (ServerHello, Certificate, etc) parsing. Change-Id: I5f53282263eaaff69b1a03c819cca73750433653 Reviewed-on: https://boringssl-review.googlesource.com/6460 Reviewed-by: Adam Langley <agl@google.com> 2015-11-09 21:57:26 +00:00			`SSL *client = SSL_new(g_state.ctx);`
			`BIO *in = BIO_new(BIO_s_mem());`
			`BIO *out = BIO_new(BIO_s_mem());`
			`SSL_set_bio(client, in, out);`
			`SSL_set_connect_state(client);`
Enable renegotiation in the client fuzzer and read app data. As long as the HTTP/1.1 client auth hack forces use to support renego, having it on seems much more useful than having it off for fuzzing purposes. Also read app data to exercise that code and, on the client, trigger renegotiations as needed. Change-Id: I1941ded6ec9bd764abd199d1518420a1075ed1b2 Reviewed-on: https://boringssl-review.googlesource.com/7291 Reviewed-by: Adam Langley <agl@google.com> 2016-03-02 19:53:11 +00:00			`SSL_set_renegotiate_mode(client, ssl_renegotiate_freely);`
Add four, basic fuzz tests. This change adds fuzzing tests for: ∙ Certificate parsing ∙ Private key parsing ∙ ClientHello parsing ∙ Server first flow (ServerHello, Certificate, etc) parsing. Change-Id: I5f53282263eaaff69b1a03c819cca73750433653 Reviewed-on: https://boringssl-review.googlesource.com/6460 Reviewed-by: Adam Langley <agl@google.com> 2015-11-09 21:57:26 +00:00
			`BIO_write(in, buf, len);`
Enable renegotiation in the client fuzzer and read app data. As long as the HTTP/1.1 client auth hack forces use to support renego, having it on seems much more useful than having it off for fuzzing purposes. Also read app data to exercise that code and, on the client, trigger renegotiations as needed. Change-Id: I1941ded6ec9bd764abd199d1518420a1075ed1b2 Reviewed-on: https://boringssl-review.googlesource.com/7291 Reviewed-by: Adam Langley <agl@google.com> 2016-03-02 19:53:11 +00:00			`if (SSL_do_handshake(client) == 1) {`
			`// Keep reading application data until error or EOF.`
			`uint8_t tmp[1024];`
			`for (;;) {`
			`if (SSL_read(client, tmp, sizeof(tmp)) <= 0) {`
			`break;`
			`}`
			`}`
			`}`
Add four, basic fuzz tests. This change adds fuzzing tests for: ∙ Certificate parsing ∙ Private key parsing ∙ ClientHello parsing ∙ Server first flow (ServerHello, Certificate, etc) parsing. Change-Id: I5f53282263eaaff69b1a03c819cca73750433653 Reviewed-on: https://boringssl-review.googlesource.com/6460 Reviewed-by: Adam Langley <agl@google.com> 2015-11-09 21:57:26 +00:00			`SSL_free(client);`

			`return 0;`
			`}`