diff options
author | Jack Lloyd <[email protected]> | 2018-04-01 11:38:02 -0400 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-04-01 11:38:02 -0400 |
commit | 982fce377c4be28a067dad9422b8e791a74a9c93 (patch) | |
tree | 1adf4d10dd192b05522a7ae3ae9f949eb701cd38 /src/fuzzer/tls_client.cpp | |
parent | cc10d01f7f9cfa4d4507419363e1c2266d01b046 (diff) |
Update tls_client fuzzer to skip validation results
Currently OSS-Fuzz stops cold at receiving the certificate message
since the odds of libFuzzer forging an RSA signature are not high.
Diffstat (limited to 'src/fuzzer/tls_client.cpp')
-rw-r--r-- | src/fuzzer/tls_client.cpp | 68 |
1 files changed, 53 insertions, 15 deletions
diff --git a/src/fuzzer/tls_client.cpp b/src/fuzzer/tls_client.cpp index 197e97928..2ccd70961 100644 --- a/src/fuzzer/tls_client.cpp +++ b/src/fuzzer/tls_client.cpp @@ -18,32 +18,70 @@ class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager } }; +class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks + { + public: + void tls_emit_data(const uint8_t[], size_t) override + { + // discard + } + + void tls_record_received(uint64_t, const uint8_t[], size_t) override + { + // ignore peer data + } + + void tls_alert(Botan::TLS::Alert) override + { + // ignore alert + } + + bool tls_session_established(const Botan::TLS::Session&) + { + return true; // cache it + } + + void tls_verify_cert_chain( + const std::vector<Botan::X509_Certificate>& cert_chain, + const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses, + const std::vector<Botan::Certificate_Store*>& trusted_roots, + Botan::Usage_Type usage, + const std::string& hostname, + const Botan::TLS::Policy& policy) override + { + try + { + // try to validate to exercise those code paths + Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, + trusted_roots, usage, hostname, policy); + } + catch(...) + { + // ignore validation result + } + } + + }; + void fuzz(const uint8_t in[], size_t len) { if(len == 0) return; - auto dev_null = [](const uint8_t[], size_t) {}; - - auto ignore_alerts = [](Botan::TLS::Alert, const uint8_t[], size_t) {}; - auto ignore_hs = [](const Botan::TLS::Session&) { abort(); return true; }; - Botan::TLS::Session_Manager_Noop session_manager; Botan::TLS::Policy policy; Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12; Botan::TLS::Server_Information info("server.name", 443); + Fuzzer_TLS_Client_Callbacks callbacks; Fuzzer_TLS_Client_Creds creds; - Botan::TLS::Client client(dev_null, - dev_null, - ignore_alerts, - ignore_hs, - session_manager, - creds, - policy, - fuzzer_rng(), - info, - client_offer); + Botan::TLS::Client client(callbacks, + session_manager, + creds, + policy, + fuzzer_rng(), + info, + client_offer); try { |