summaryrefslogtreecommitdiff
path: root/fuzz/tls_client_target.cc
diff options
context:
space:
mode:
authorTim Taubert <ttaubert@mozilla.com>2017-03-14 15:24:18 +0100
committerTim Taubert <ttaubert@mozilla.com>2017-03-14 15:24:18 +0100
commited93b3356bba914d6d7ec72c2e03fc5bd1925326 (patch)
tree7e81ffdeb2181c102102e20514140c19dbd16d08 /fuzz/tls_client_target.cc
parentc84fb4afcdeb8920340aa985718227efd8399efc (diff)
downloadnss-hg-ed93b3356bba914d6d7ec72c2e03fc5bd1925326.tar.gz
Bug 1339768 - Add TLS server fuzzers r=franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D229
Diffstat (limited to 'fuzz/tls_client_target.cc')
-rw-r--r--fuzz/tls_client_target.cc63
1 files changed, 18 insertions, 45 deletions
diff --git a/fuzz/tls_client_target.cc b/fuzz/tls_client_target.cc
index d1dda12d4..5cb071250 100644
--- a/fuzz/tls_client_target.cc
+++ b/fuzz/tls_client_target.cc
@@ -12,19 +12,8 @@
#include "shared.h"
#include "tls_client_config.h"
-#include "tls_client_socket.h"
-
-static PRStatus EnableAllProtocolVersions() {
- SSLVersionRange supported;
-
- SECStatus rv = SSL_VersionRangeGetSupported(ssl_variant_stream, &supported);
- assert(rv == SECSuccess);
-
- rv = SSL_VersionRangeSetDefault(ssl_variant_stream, &supported);
- assert(rv == SECSuccess);
-
- return PR_SUCCESS;
-}
+#include "tls_common.h"
+#include "tls_socket.h"
static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig,
PRBool isServer) {
@@ -35,8 +24,7 @@ static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig,
static void SetSocketOptions(PRFileDesc* fd,
std::unique_ptr<ClientConfig>& config) {
- // Disable session cache for now.
- SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, true);
+ SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, config->EnableCache());
assert(rv == SECSuccess);
rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
@@ -50,18 +38,21 @@ static void SetSocketOptions(PRFileDesc* fd,
rv = SSL_OptionSet(fd, SSL_ENABLE_FALSE_START, config->EnableFalseStart());
assert(rv == SECSuccess);
+ rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, config->EnableDeflate());
+ assert(rv == SECSuccess);
+
+ rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, config->EnableCbcRandomIv());
+ assert(rv == SECSuccess);
+
+ rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION,
+ config->RequireSafeNegotiation());
+ assert(rv == SECSuccess);
+
rv =
SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
assert(rv == SECSuccess);
}
-static void EnableAllCipherSuites(PRFileDesc* fd) {
- for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
- SECStatus rv = SSL_CipherPrefSet(fd, SSL_ImplementedCiphers[i], true);
- assert(rv == SECSuccess);
- }
-}
-
// This is only called when we set SSL_ENABLE_FALSE_START=1,
// so we can always just set *canFalseStart=true.
static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg,
@@ -78,26 +69,6 @@ static void SetupCallbacks(PRFileDesc* fd, ClientConfig* config) {
assert(rv == SECSuccess);
}
-static void DoHandshake(PRFileDesc* fd) {
- SECStatus rv = SSL_ResetHandshake(fd, false /* asServer */);
- assert(rv == SECSuccess);
-
- do {
- rv = SSL_ForceHandshake(fd);
- } while (rv != SECSuccess && PR_GetError() == PR_WOULD_BLOCK_ERROR);
-
- // If the handshake succeeds, let's read some data from the server, if any.
- if (rv == SECSuccess) {
- uint8_t block[1024];
- int32_t nb;
-
- // Read application data and echo it back.
- while ((nb = PR_Read(fd, block, sizeof(block))) > 0) {
- PR_Write(fd, block, nb);
- }
- }
-}
-
extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
assert(db != nullptr);
@@ -105,10 +76,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
EnableAllProtocolVersions();
std::unique_ptr<ClientConfig> config(new ClientConfig(data, len));
+ // Clear the cache. We never want to resume as we couldn't reproduce that.
+ SSL_ClearSessionCache();
+
#ifdef UNSAFE_FUZZER_MODE
// Reset the RNG state.
- SECStatus rv = RNG_ResetForFuzzing();
- assert(rv == SECSuccess);
+ assert(RNG_ResetForFuzzing() == SECSuccess);
#endif
// Create and import dummy socket.
@@ -124,7 +97,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
SetSocketOptions(ssl_fd, config);
EnableAllCipherSuites(ssl_fd);
SetupCallbacks(ssl_fd, config.get());
- DoHandshake(ssl_fd);
+ DoHandshake(ssl_fd, false);
return 0;
}