tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

tls_client.cc (2628B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include <cassert>
      6 #include <cstddef>
      7 #include <cstdint>
      8 #include <iostream>
      9 
     10 #include "blapi.h"
     11 #include "seccomon.h"
     12 #include "ssl.h"
     13 #include "sslimpl.h"
     14 
     15 #include "base/database.h"
     16 #include "base/mutate.h"
     17 #include "tls/client_config.h"
     18 #include "tls/common.h"
     19 #include "tls/mutators.h"
     20 #include "tls/socket.h"
     21 
     22 #ifdef IS_DTLS_FUZZ
     23 #define ImportFD DTLS_ImportFD
     24 #else
     25 #define ImportFD SSL_ImportFD
     26 #endif  // IS_DTLS_FUZZ
     27 
     28 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size) {
     29  static NSSDatabase db = NSSDatabase();
     30  static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-client");
     31 
     32  // Create and import dummy socket.
     33  TlsSocket::DummyPrSocket socket = TlsSocket::DummyPrSocket(data, size);
     34  ScopedPRFileDesc prFd(DummyIOLayerMethods::CreateFD(id, &socket));
     35  PRFileDesc* sslFd = ImportFD(nullptr, prFd.get());
     36  assert(sslFd == prFd.get());
     37 
     38  // Derive client config from input data.
     39  TlsClient::Config config = TlsClient::Config(data, size);
     40 
     41  if (ssl_trace >= 90) {
     42    std::cerr << config << "\n";
     43  }
     44 
     45  // Reset the RNG state.
     46  assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
     47  assert(SSL_SetURL(sslFd, "fuzz.client") == SECSuccess);
     48 
     49  TlsCommon::EnableAllProtocolVersions();
     50  TlsCommon::EnableAllCipherSuites(sslFd);
     51  TlsCommon::FixTime(sslFd);
     52 
     53  // Set socket callbacks & options from client config.
     54  config.SetCallbacks(sslFd);
     55  config.SetSocketOptions(sslFd);
     56 
     57  // Perform the acutal handshake.
     58  TlsCommon::DoHandshake(sslFd, false);
     59 
     60  // Release all SIDs.
     61  SSL_ClearSessionCache();
     62 
     63  return 0;
     64 }
     65 
     66 extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
     67                                          size_t maxSize, unsigned int seed) {
     68  Mutators mutators = {TlsMutators::DropRecord, TlsMutators::ShuffleRecords,
     69                       TlsMutators::DuplicateRecord,
     70                       TlsMutators::TruncateRecord,
     71                       TlsMutators::FragmentRecord};
     72  return CustomMutate(mutators, data, size, maxSize, seed);
     73 }
     74 
     75 extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t* data1, size_t size1,
     76                                            const uint8_t* data2, size_t size2,
     77                                            uint8_t* out, size_t maxOutSize,
     78                                            unsigned int seed) {
     79  return TlsMutators::CrossOver(data1, size1, data2, size2, out, maxOutSize,
     80                                seed);
     81 }