Share all of fuzz/{client,server}.cc into fuzzer.h.
There's a lot of duplicated code between the two. This is in preparation
for adding two more of these fuzzers, this time for DTLS.
Bug: 124
Change-Id: I8ca2a02d599e2c88e30838d04b7cf07d4221aa76
Reviewed-on: https://boringssl-review.googlesource.com/20106
Reviewed-by: Steven Valdez <svaldez@google.com>
Commit-Queue: Steven Valdez <svaldez@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
diff --git a/fuzz/client.cc b/fuzz/client.cc
index 32027d5..5f930b6 100644
--- a/fuzz/client.cc
+++ b/fuzz/client.cc
@@ -12,135 +12,11 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <assert.h>
-#include <stdlib.h>
-
-#include <openssl/bio.h>
-#include <openssl/bytestring.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
#include "../ssl/test/fuzzer.h"
-static const uint8_t kALPNProtocols[] = {
- 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
-};
-
-static const uint8_t kP256KeyPKCS8[] = {
- 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
- 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
- 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
- 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
- 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
- 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
- 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
- 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
- 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
- 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
- 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
- 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
-};
-
-static int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len,
- const uint8_t *in, unsigned in_len, void *arg) {
- static const uint8_t kProtocol[] = {'a', 'a'};
- *out = const_cast<uint8_t*>(kProtocol);
- *out_len = sizeof(kProtocol);
- return SSL_TLSEXT_ERR_OK;
-}
-
-struct GlobalState {
- GlobalState() : ctx(SSL_CTX_new(TLS_method())) {
- debug = getenv("BORINGSSL_FUZZER_DEBUG") != nullptr;
-
- const uint8_t *bufp = kRSAPrivateKeyDER;
- RSA *privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
- assert(privkey != nullptr);
-
- EVP_PKEY *pkey = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(pkey, privkey);
-
- SSL_CTX_use_PrivateKey(ctx, pkey);
- EVP_PKEY_free(pkey);
-
- bufp = kCertificateDER;
- X509 *cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
- assert(cert != nullptr);
-
- SSL_CTX_use_certificate(ctx, cert);
- X509_free(cert);
-
- SSL_CTX_set_next_proto_select_cb(ctx, NPNSelectCallback, nullptr);
-
- SSL_CTX_set_early_data_enabled(ctx, 1);
-
- CBS cbs;
- CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8));
- pkey = EVP_parse_private_key(&cbs);
- assert(pkey != nullptr);
- SSL_CTX_set1_tls_channel_id(ctx, pkey);
- EVP_PKEY_free(pkey);
- }
-
- ~GlobalState() {
- SSL_CTX_free(ctx);
- }
-
- bool debug;
- SSL_CTX *const ctx;
-};
-
-static GlobalState g_state;
+static TLSFuzzer g_fuzzer(TLSFuzzer::kClient);
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
- RAND_reset_for_fuzzing();
-
- CBS cbs;
- CBS_init(&cbs, buf, len);
- bssl::UniquePtr<SSL> client = SetupTest(&cbs, g_state.ctx, false);
- if (!client) {
- if (g_state.debug) {
- fprintf(stderr, "Error parsing parameters.\n");
- }
- return 0;
- }
-
- SSL_set_renegotiate_mode(client.get(), ssl_renegotiate_freely);
- SSL_set_max_proto_version(client.get(), TLS1_3_VERSION);
- SSL_set_min_proto_version(client.get(), SSL3_VERSION);
- SSL_enable_ocsp_stapling(client.get());
- SSL_enable_signed_cert_timestamps(client.get());
- SSL_set_tlsext_host_name(client.get(), "hostname");
- SSL_set_alpn_protos(client.get(), kALPNProtocols, sizeof(kALPNProtocols));
-
- // Enable ciphers that are off by default.
- SSL_set_strict_cipher_list(client.get(), "ALL:NULL-SHA");
-
- BIO *in = BIO_new(BIO_s_mem());
- BIO *out = BIO_new(BIO_s_mem());
- SSL_set_bio(client.get(), in, out); // Takes ownership of |in| and |out|.
-
- BIO_write(in, CBS_data(&cbs), CBS_len(&cbs));
- if (SSL_do_handshake(client.get()) == 1) {
- // Keep reading application data until error or EOF.
- uint8_t tmp[1024];
- for (;;) {
- if (SSL_read(client.get(), tmp, sizeof(tmp)) <= 0) {
- break;
- }
- }
- } else if (g_state.debug) {
- fprintf(stderr, "Handshake failed.\n");
- }
-
- if (g_state.debug) {
- ERR_print_errors_fp(stderr);
- }
- ERR_clear_error();
- return 0;
+ return g_fuzzer.TestOneInput(buf, len);
}
diff --git a/fuzz/server.cc b/fuzz/server.cc
index e19c7ec..1d5c7b9 100644
--- a/fuzz/server.cc
+++ b/fuzz/server.cc
@@ -12,129 +12,11 @@
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
-#include <assert.h>
-#include <stdlib.h>
-
-#include <openssl/bio.h>
-#include <openssl/bytestring.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/rsa.h>
-#include <openssl/ssl.h>
-#include <openssl/x509.h>
-
#include "../ssl/test/fuzzer.h"
-static const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
-static const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
-
-static int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
- const uint8_t *in, unsigned in_len, void *arg) {
- static const uint8_t kProtocol[] = {'a', 'a'};
- *out = kProtocol;
- *out_len = sizeof(kProtocol);
- return SSL_TLSEXT_ERR_OK;
-}
-
-static int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out,
- unsigned *out_len, void *arg) {
- static const uint8_t kProtocols[] = {
- 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
- };
- *out = kProtocols;
- *out_len = sizeof(kProtocols);
- return SSL_TLSEXT_ERR_OK;
-}
-
-struct GlobalState {
- GlobalState()
- : ctx(SSL_CTX_new(TLS_method())) {
- debug = getenv("BORINGSSL_FUZZER_DEBUG") != nullptr;
-
- const uint8_t *bufp = kRSAPrivateKeyDER;
- RSA *privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
- assert(privkey != nullptr);
-
- EVP_PKEY *pkey = EVP_PKEY_new();
- EVP_PKEY_assign_RSA(pkey, privkey);
-
- SSL_CTX_use_PrivateKey(ctx, pkey);
- EVP_PKEY_free(pkey);
-
- bufp = kCertificateDER;
- X509 *cert = d2i_X509(NULL, &bufp, sizeof(kCertificateDER));
- assert(cert != nullptr);
-
- SSL_CTX_use_certificate(ctx, cert);
- X509_free(cert);
-
- if (!SSL_CTX_set_ocsp_response(ctx, kOCSPResponse, sizeof(kOCSPResponse)) ||
- !SSL_CTX_set_signed_cert_timestamp_list(ctx, kSCT, sizeof(kSCT))) {
- abort();
- }
-
- SSL_CTX_set_alpn_select_cb(ctx, ALPNSelectCallback, nullptr);
- SSL_CTX_set_next_protos_advertised_cb(ctx, NPNAdvertiseCallback, nullptr);
- SSL_CTX_set_early_data_enabled(ctx, 1);
-
- // If accepting client certificates, allow any certificate.
- SSL_CTX_set_cert_verify_callback(
- ctx, [](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; },
- nullptr);
- }
-
- ~GlobalState() {
- SSL_CTX_free(ctx);
- }
-
- bool debug;
- SSL_CTX *const ctx;
-};
-
-static GlobalState g_state;
+static TLSFuzzer g_fuzzer(TLSFuzzer::kServer);
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
- RAND_reset_for_fuzzing();
-
- CBS cbs;
- CBS_init(&cbs, buf, len);
- bssl::UniquePtr<SSL> server = SetupTest(&cbs, g_state.ctx, true);
- if (!server) {
- if (g_state.debug) {
- fprintf(stderr, "Error parsing parameters.\n");
- }
- return 0;
- }
-
- SSL_set_max_proto_version(server.get(), TLS1_3_VERSION);
- SSL_set_min_proto_version(server.get(), SSL3_VERSION);
- SSL_set_tls_channel_id_enabled(server.get(), 1);
-
- // Enable ciphers that are off by default.
- SSL_set_strict_cipher_list(server.get(), "ALL:NULL-SHA");
-
- BIO *in = BIO_new(BIO_s_mem());
- BIO *out = BIO_new(BIO_s_mem());
- SSL_set_bio(server.get(), in, out); // Takes ownership of |in| and |out|.
-
- BIO_write(in, CBS_data(&cbs), CBS_len(&cbs));
- if (SSL_do_handshake(server.get()) == 1) {
- // Keep reading application data until error or EOF.
- uint8_t tmp[1024];
- for (;;) {
- if (SSL_read(server.get(), tmp, sizeof(tmp)) <= 0) {
- break;
- }
- }
- } else if (g_state.debug) {
- fprintf(stderr, "Handshake failed.\n");
- }
-
- if (g_state.debug) {
- ERR_print_errors_fp(stderr);
- }
- ERR_clear_error();
- return 0;
+ return g_fuzzer.TestOneInput(buf, len);
}
diff --git a/ssl/test/bssl_shim.cc b/ssl/test/bssl_shim.cc
index 1d48cca..316ae01 100644
--- a/ssl/test/bssl_shim.cc
+++ b/ssl/test/bssl_shim.cc
@@ -63,7 +63,7 @@
#include "../../crypto/internal.h"
#include "../internal.h"
#include "async_bio.h"
-#include "fuzzer.h"
+#include "fuzzer_tags.h"
#include "packeted_bio.h"
#include "test_config.h"
diff --git a/ssl/test/fuzzer.h b/ssl/test/fuzzer.h
index e52f55e..76d52de 100644
--- a/ssl/test/fuzzer.h
+++ b/ssl/test/fuzzer.h
@@ -15,104 +15,42 @@
#ifndef HEADER_SSL_TEST_FUZZER
#define HEADER_SSL_TEST_FUZZER
+#include <stdlib.h>
+
+#include <openssl/bio.h>
#include <openssl/bytestring.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+#include <openssl/rsa.h>
#include <openssl/ssl.h>
+#include <openssl/x509.h>
+
+#include "./fuzzer_tags.h"
-// SSL fuzzer utilities.
-//
-// The TLS client and server fuzzers coordinate with bssl_shim on a common
-// format to encode configuration parameters in a fuzzer file. To add a new
-// configuration, define a tag, update |SetupTest| below to parse it, and
-// update |WriteSettings| in bssl_shim to serialize it. Finally, record
-// transcripts from a test run, and use the BORINGSSL_FUZZER_DEBUG environment
-// variable to confirm the transcripts are compatible.
+namespace {
-// kDataTag denotes that the remainder of the input should be passed to the TLS
-// stack.
-static const uint16_t kDataTag = 0;
+const uint8_t kP256KeyPKCS8[] = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
+ 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
+ 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
+ 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
+ 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
+ 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
+ 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
+ 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
+ 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
+ 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
+ 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
+};
-// kSessionTag is followed by a u24-length-prefixed serialized SSL_SESSION to
-// resume.
-static const uint16_t kSessionTag = 1;
+const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
-// kRequestClientCert denotes that the server should request client
-// certificates.
-static const uint16_t kRequestClientCert = 2;
+const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
-// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure.
-static const uint16_t kTLS13Variant = 3;
-
-// SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
-// object or nullptr on error. On success, the caller should feed the remaining
-// input in |cbs| to the SSL stack.
-static inline bssl::UniquePtr<SSL> SetupTest(CBS *cbs, SSL_CTX *ctx,
- bool is_server) {
- // |ctx| is shared between runs, so we must clear any modifications to it made
- // later on in this function.
- SSL_CTX_flush_sessions(ctx, 0);
-
- bssl::UniquePtr<SSL> ssl(SSL_new(ctx));
- if (is_server) {
- SSL_set_accept_state(ssl.get());
- } else {
- SSL_set_connect_state(ssl.get());
- }
-
- for (;;) {
- uint16_t tag;
- if (!CBS_get_u16(cbs, &tag)) {
- return nullptr;
- }
- switch (tag) {
- case kDataTag:
- return ssl;
-
- case kSessionTag: {
- CBS data;
- if (!CBS_get_u24_length_prefixed(cbs, &data)) {
- return nullptr;
- }
- bssl::UniquePtr<SSL_SESSION> session(
- SSL_SESSION_from_bytes(CBS_data(&data), CBS_len(&data), ctx));
- if (!session) {
- return nullptr;
- }
-
- if (is_server) {
- SSL_CTX_add_session(ctx, session.get());
- } else {
- SSL_set_session(ssl.get(), session.get());
- }
- break;
- }
-
- case kRequestClientCert:
- if (!is_server) {
- return nullptr;
- }
- SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
- break;
-
- case kTLS13Variant: {
- uint8_t variant;
- if (!CBS_get_u8(cbs, &variant)) {
- return nullptr;
- }
- SSL_set_tls13_variant(ssl.get(), static_cast<tls13_variant_t>(variant));
- break;
- }
-
- default:
- return nullptr;
- }
- }
-}
-
-
-// Additional shared constants.
-
-static const uint8_t kCertificateDER[] = {
+const uint8_t kCertificateDER[] = {
0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
@@ -180,7 +118,7 @@
0x76, 0x8a, 0xbb,
};
-static const uint8_t kRSAPrivateKeyDER[] = {
+const uint8_t kRSAPrivateKeyDER[] = {
0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
@@ -283,5 +221,227 @@
0x98, 0x46, 0x89, 0x82, 0x40,
};
+const uint8_t kALPNProtocols[] = {
+ 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
+};
+
+int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
+ const uint8_t *in, unsigned in_len, void *arg) {
+ static const uint8_t kProtocol[] = {'a', 'a'};
+ *out = kProtocol;
+ *out_len = sizeof(kProtocol);
+ return SSL_TLSEXT_ERR_OK;
+}
+
+int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len,
+ const uint8_t *in, unsigned in_len, void *arg) {
+ static const uint8_t kProtocol[] = {'a', 'a'};
+ *out = const_cast<uint8_t *>(kProtocol);
+ *out_len = sizeof(kProtocol);
+ return SSL_TLSEXT_ERR_OK;
+}
+
+int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out, unsigned *out_len,
+ void *arg) {
+ static const uint8_t kProtocols[] = {
+ 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
+ };
+ *out = kProtocols;
+ *out_len = sizeof(kProtocols);
+ return SSL_TLSEXT_ERR_OK;
+}
+
+class TLSFuzzer {
+ public:
+ enum Role {
+ kClient,
+ kServer,
+ };
+
+ explicit TLSFuzzer(Role role)
+ : debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr),
+ role_(role) {
+ if (!Init()) {
+ abort();
+ }
+ }
+
+ int TestOneInput(const uint8_t *buf, size_t len) {
+ RAND_reset_for_fuzzing();
+
+ CBS cbs;
+ CBS_init(&cbs, buf, len);
+ bssl::UniquePtr<SSL> ssl = SetupTest(&cbs);
+ if (!ssl) {
+ if (debug_) {
+ fprintf(stderr, "Error parsing parameters.\n");
+ }
+ return 0;
+ }
+
+ if (role_ == kClient) {
+ SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
+ SSL_set_tlsext_host_name(ssl.get(), "hostname");
+ }
+
+ BIO *in = BIO_new(BIO_s_mem());
+ BIO *out = BIO_new(BIO_s_mem());
+ SSL_set_bio(ssl.get(), in, out); // Takes ownership of |in| and |out|.
+
+ BIO_write(in, CBS_data(&cbs), CBS_len(&cbs));
+ if (SSL_do_handshake(ssl.get()) == 1) {
+ // Keep reading application data until error or EOF.
+ uint8_t tmp[1024];
+ for (;;) {
+ if (SSL_read(ssl.get(), tmp, sizeof(tmp)) <= 0) {
+ break;
+ }
+ }
+ } else if (debug_) {
+ fprintf(stderr, "Handshake failed.\n");
+ }
+
+ if (debug_) {
+ ERR_print_errors_fp(stderr);
+ }
+ ERR_clear_error();
+ return 0;
+ }
+
+ private:
+ // Init initializes |ctx_| with settings common to all inputs.
+ bool Init() {
+ ctx_.reset(SSL_CTX_new(TLS_method()));
+ bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
+ bssl::UniquePtr<RSA> privkey(RSA_private_key_from_bytes(
+ kRSAPrivateKeyDER, sizeof(kRSAPrivateKeyDER)));
+ if (!ctx_ || !privkey || !pkey ||
+ !EVP_PKEY_set1_RSA(pkey.get(), privkey.get()) ||
+ !SSL_CTX_use_PrivateKey(ctx_.get(), pkey.get())) {
+ return false;
+ }
+
+ const uint8_t *bufp = kCertificateDER;
+ bssl::UniquePtr<X509> cert(d2i_X509(NULL, &bufp, sizeof(kCertificateDER)));
+ if (!cert ||
+ !SSL_CTX_use_certificate(ctx_.get(), cert.get()) ||
+ !SSL_CTX_set_ocsp_response(ctx_.get(), kOCSPResponse,
+ sizeof(kOCSPResponse)) ||
+ !SSL_CTX_set_signed_cert_timestamp_list(ctx_.get(), kSCT,
+ sizeof(kSCT))) {
+ return false;
+ }
+
+ // When accepting peer certificates, allow any certificate.
+ SSL_CTX_set_cert_verify_callback(
+ ctx_.get(),
+ [](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; }, nullptr);
+
+ SSL_CTX_enable_signed_cert_timestamps(ctx_.get());
+ SSL_CTX_enable_ocsp_stapling(ctx_.get());
+
+ // Enable versions and ciphers that are off by default.
+ if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:NULL-SHA") ||
+ !SSL_CTX_set_max_proto_version(ctx_.get(), TLS1_3_VERSION) ||
+ !SSL_CTX_set_min_proto_version(ctx_.get(), SSL3_VERSION)) {
+ return false;
+ }
+
+ SSL_CTX_set_early_data_enabled(ctx_.get(), 1);
+
+ SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr);
+ SSL_CTX_set_next_protos_advertised_cb(ctx_.get(), NPNAdvertiseCallback,
+ nullptr);
+
+ SSL_CTX_set_alpn_select_cb(ctx_.get(), ALPNSelectCallback, nullptr);
+ if (SSL_CTX_set_alpn_protos(ctx_.get(), kALPNProtocols,
+ sizeof(kALPNProtocols)) != 0) {
+ return false;
+ }
+
+ CBS cbs;
+ CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8));
+ pkey.reset(EVP_parse_private_key(&cbs));
+ if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx_.get(), pkey.get())) {
+ return false;
+ }
+ SSL_CTX_set_tls_channel_id_enabled(ctx_.get(), 1);
+
+ return true;
+ }
+
+ // SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
+ // object or nullptr on error. On success, the caller should feed the
+ // remaining input in |cbs| to the SSL stack.
+ bssl::UniquePtr<SSL> SetupTest(CBS *cbs) {
+ // |ctx| is shared between runs, so we must clear any modifications to it
+ // made later on in this function.
+ SSL_CTX_flush_sessions(ctx_.get(), 0);
+
+ bssl::UniquePtr<SSL> ssl(SSL_new(ctx_.get()));
+ if (role_ == kServer) {
+ SSL_set_accept_state(ssl.get());
+ } else {
+ SSL_set_connect_state(ssl.get());
+ }
+
+ for (;;) {
+ uint16_t tag;
+ if (!CBS_get_u16(cbs, &tag)) {
+ return nullptr;
+ }
+ switch (tag) {
+ case kDataTag:
+ return ssl;
+
+ case kSessionTag: {
+ CBS data;
+ if (!CBS_get_u24_length_prefixed(cbs, &data)) {
+ return nullptr;
+ }
+ bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
+ CBS_data(&data), CBS_len(&data), ctx_.get()));
+ if (!session) {
+ return nullptr;
+ }
+
+ if (role_ == kServer) {
+ SSL_CTX_add_session(ctx_.get(), session.get());
+ } else {
+ SSL_set_session(ssl.get(), session.get());
+ }
+ break;
+ }
+
+ case kRequestClientCert:
+ if (role_ == kClient) {
+ return nullptr;
+ }
+ SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
+ break;
+
+ case kTLS13Variant: {
+ uint8_t variant;
+ if (!CBS_get_u8(cbs, &variant)) {
+ return nullptr;
+ }
+ SSL_set_tls13_variant(ssl.get(),
+ static_cast<tls13_variant_t>(variant));
+ break;
+ }
+
+ default:
+ return nullptr;
+ }
+ }
+ }
+
+ bool debug_;
+ Role role_;
+ bssl::UniquePtr<SSL_CTX> ctx_;
+};
+
+} // namespace
+
#endif // HEADER_SSL_TEST_FUZZER
diff --git a/ssl/test/fuzzer_tags.h b/ssl/test/fuzzer_tags.h
new file mode 100644
index 0000000..b161d80
--- /dev/null
+++ b/ssl/test/fuzzer_tags.h
@@ -0,0 +1,45 @@
+/* Copyright (c) 2017, Google Inc.
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+ * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+ * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
+
+#ifndef HEADER_SSL_TEST_FUZZER_TAGS
+#define HEADER_SSL_TEST_FUZZER_TAGS
+
+#include <stdint.h>
+
+
+// SSL fuzzer tag constants.
+//
+// The TLS client and server fuzzers coordinate with bssl_shim on a common
+// format to encode configuration parameters in a fuzzer file. To add a new
+// configuration, define a tag, update |SetupTest| in fuzzer.h to parse it, and
+// update |WriteSettings| in bssl_shim to serialize it. Finally, record
+// transcripts from a test run, and use the BORINGSSL_FUZZER_DEBUG environment
+// variable to confirm the transcripts are compatible.
+
+// kDataTag denotes that the remainder of the input should be passed to the TLS
+// stack.
+static const uint16_t kDataTag = 0;
+
+// kSessionTag is followed by a u24-length-prefixed serialized SSL_SESSION to
+// resume.
+static const uint16_t kSessionTag = 1;
+
+// kRequestClientCert denotes that the server should request client
+// certificates.
+static const uint16_t kRequestClientCert = 2;
+
+// kTLS13Variant is followed by a u8 denoting the TLS 1.3 variant to configure.
+static const uint16_t kTLS13Variant = 3;
+
+#endif // HEADER_SSL_TEST_FUZZER_TAGS