aboutsummaryrefslogtreecommitdiffstats
path: root/src/fuzzer
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-04-01 11:38:02 -0400
committerJack Lloyd <[email protected]>2018-04-01 11:38:02 -0400
commit982fce377c4be28a067dad9422b8e791a74a9c93 (patch)
tree1adf4d10dd192b05522a7ae3ae9f949eb701cd38 /src/fuzzer
parentcc10d01f7f9cfa4d4507419363e1c2266d01b046 (diff)
Update tls_client fuzzer to skip validation results
Currently OSS-Fuzz stops cold at receiving the certificate message since the odds of libFuzzer forging an RSA signature are not high.
Diffstat (limited to 'src/fuzzer')
-rw-r--r--src/fuzzer/tls_client.cpp68
1 files changed, 53 insertions, 15 deletions
diff --git a/src/fuzzer/tls_client.cpp b/src/fuzzer/tls_client.cpp
index 197e97928..2ccd70961 100644
--- a/src/fuzzer/tls_client.cpp
+++ b/src/fuzzer/tls_client.cpp
@@ -18,32 +18,70 @@ class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager
}
};
+class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks
+ {
+ public:
+ void tls_emit_data(const uint8_t[], size_t) override
+ {
+ // discard
+ }
+
+ void tls_record_received(uint64_t, const uint8_t[], size_t) override
+ {
+ // ignore peer data
+ }
+
+ void tls_alert(Botan::TLS::Alert) override
+ {
+ // ignore alert
+ }
+
+ bool tls_session_established(const Botan::TLS::Session&)
+ {
+ return true; // cache it
+ }
+
+ void tls_verify_cert_chain(
+ const std::vector<Botan::X509_Certificate>& cert_chain,
+ const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses,
+ const std::vector<Botan::Certificate_Store*>& trusted_roots,
+ Botan::Usage_Type usage,
+ const std::string& hostname,
+ const Botan::TLS::Policy& policy) override
+ {
+ try
+ {
+ // try to validate to exercise those code paths
+ Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses,
+ trusted_roots, usage, hostname, policy);
+ }
+ catch(...)
+ {
+ // ignore validation result
+ }
+ }
+
+ };
+
void fuzz(const uint8_t in[], size_t len)
{
if(len == 0)
return;
- auto dev_null = [](const uint8_t[], size_t) {};
-
- auto ignore_alerts = [](Botan::TLS::Alert, const uint8_t[], size_t) {};
- auto ignore_hs = [](const Botan::TLS::Session&) { abort(); return true; };
-
Botan::TLS::Session_Manager_Noop session_manager;
Botan::TLS::Policy policy;
Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;
Botan::TLS::Server_Information info("server.name", 443);
+ Fuzzer_TLS_Client_Callbacks callbacks;
Fuzzer_TLS_Client_Creds creds;
- Botan::TLS::Client client(dev_null,
- dev_null,
- ignore_alerts,
- ignore_hs,
- session_manager,
- creds,
- policy,
- fuzzer_rng(),
- info,
- client_offer);
+ Botan::TLS::Client client(callbacks,
+ session_manager,
+ creds,
+ policy,
+ fuzzer_rng(),
+ info,
+ client_offer);
try
{