Add four, basic fuzz tests.
This change adds fuzzing tests for:
∙ Certificate parsing
∙ Private key parsing
∙ ClientHello parsing
∙ Server first flow (ServerHello, Certificate, etc) parsing.
Change-Id: I5f53282263eaaff69b1a03c819cca73750433653
Reviewed-on: https://boringssl-review.googlesource.com/6460
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/fuzz/client.cc b/fuzz/client.cc
new file mode 100644
index 0000000..7cf41fc
--- /dev/null
+++ b/fuzz/client.cc
@@ -0,0 +1,30 @@
+#include <assert.h>
+
+#include <openssl/ssl.h>
+
+struct GlobalState {
+ GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {}
+
+ ~GlobalState() {
+ SSL_CTX_free(ctx);
+ }
+
+ SSL_CTX *const ctx;
+};
+
+static GlobalState g_state;
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+ // This only fuzzes the initial flow from the server so far.
+ SSL *client = SSL_new(g_state.ctx);
+ BIO *in = BIO_new(BIO_s_mem());
+ BIO *out = BIO_new(BIO_s_mem());
+ SSL_set_bio(client, in, out);
+ SSL_set_connect_state(client);
+
+ BIO_write(in, buf, len);
+ SSL_do_handshake(client);
+ SSL_free(client);
+
+ return 0;
+}