| Adam Langley | 9a4beb8 | 2015-11-09 13:57:26 -0800 | [diff] [blame] | 1 | #include <assert.h> |
| 2 | |
| David Benjamin | bc5b2a2 | 2016-03-01 22:57:32 -0500 | [diff] [blame] | 3 | #include <openssl/rand.h> |
| Adam Langley | 9a4beb8 | 2015-11-09 13:57:26 -0800 | [diff] [blame] | 4 | #include <openssl/ssl.h> |
| 5 | |
| 6 | struct GlobalState { |
| 7 | GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {} |
| 8 | |
| 9 | ~GlobalState() { |
| 10 | SSL_CTX_free(ctx); |
| 11 | } |
| 12 | |
| 13 | SSL_CTX *const ctx; |
| 14 | }; |
| 15 | |
| 16 | static GlobalState g_state; |
| 17 | |
| 18 | extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) { |
| David Benjamin | bc5b2a2 | 2016-03-01 22:57:32 -0500 | [diff] [blame] | 19 | RAND_reset_for_fuzzing(); |
| 20 | |
| Adam Langley | 9a4beb8 | 2015-11-09 13:57:26 -0800 | [diff] [blame] | 21 | // This only fuzzes the initial flow from the server so far. |
| 22 | SSL *client = SSL_new(g_state.ctx); |
| 23 | BIO *in = BIO_new(BIO_s_mem()); |
| 24 | BIO *out = BIO_new(BIO_s_mem()); |
| 25 | SSL_set_bio(client, in, out); |
| 26 | SSL_set_connect_state(client); |
| David Benjamin | d86c8a4 | 2016-03-02 14:53:11 -0500 | [diff] [blame^] | 27 | SSL_set_renegotiate_mode(client, ssl_renegotiate_freely); |
| Adam Langley | 9a4beb8 | 2015-11-09 13:57:26 -0800 | [diff] [blame] | 28 | |
| 29 | BIO_write(in, buf, len); |
| David Benjamin | d86c8a4 | 2016-03-02 14:53:11 -0500 | [diff] [blame^] | 30 | if (SSL_do_handshake(client) == 1) { |
| 31 | // Keep reading application data until error or EOF. |
| 32 | uint8_t tmp[1024]; |
| 33 | for (;;) { |
| 34 | if (SSL_read(client, tmp, sizeof(tmp)) <= 0) { |
| 35 | break; |
| 36 | } |
| 37 | } |
| 38 | } |
| Adam Langley | 9a4beb8 | 2015-11-09 13:57:26 -0800 | [diff] [blame] | 39 | SSL_free(client); |
| 40 | |
| 41 | return 0; |
| 42 | } |