Adding a fuzzer for Sessions

Change-Id: I69cbb0679e1dbb6292a8f4737851736e58c17508
Reviewed-on: https://boringssl-review.googlesource.com/12481
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

FUZZING.md

@@ -37,6 +37,7 @@ The recommended values of `max_len` for each test are:
 | `pkcs8`       | 2048            |
 | `privkey`     | 2048            |
 | `server`      | 4096            |
+| `session`     | 8192            |
 | `spki`        | 1024            |
 | `read_pem`    | 512             |
 | `ssl_ctx_api` | 256             |

fuzz/CMakeLists.txt

@@ -74,3 +74,15 @@ add_executable(
 target_link_libraries(ssl_ctx_api Fuzzer)
 target_link_libraries(ssl_ctx_api crypto)
 target_link_libraries(ssl_ctx_api ssl)
+
+add_executable(
+  session
+
+  session.cc
+
+  $<TARGET_OBJECTS:test_support>
+)
+
+target_link_libraries(session Fuzzer)
+target_link_libraries(session crypto)
+target_link_libraries(session ssl)

fuzz/session.cc

@@ -0,0 +1,39 @@
+/* Copyright (c) 2016, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#include <stdio.h>
+
+#include <openssl/mem.h>
+#include <openssl/ssl.h>
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+  // Parse in our session.
+  bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(buf, len));
+
+  // If the format was invalid, just return.
+  if (!session) {
+    return 0;
+  }
+
+  // Stress the encoder.
+  size_t encoded_len;
+  uint8_t *encoded;
+  if (!SSL_SESSION_to_bytes(session.get(), &encoded, &encoded_len)) {
+    fprintf(stderr, "SSL_SESSION_to_bytes failed.\n");
+    return 1;
+  }
+
+  OPENSSL_free(encoded);
+  return 0;
+}