diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2017-03-14 15:24:18 +0100 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2017-03-14 15:24:18 +0100 |
commit | ed93b3356bba914d6d7ec72c2e03fc5bd1925326 (patch) | |
tree | 7e81ffdeb2181c102102e20514140c19dbd16d08 /fuzz/tls_client_target.cc | |
parent | c84fb4afcdeb8920340aa985718227efd8399efc (diff) | |
download | nss-hg-ed93b3356bba914d6d7ec72c2e03fc5bd1925326.tar.gz |
Bug 1339768 - Add TLS server fuzzers r=franziskus
Differential Revision: https://nss-review.dev.mozaws.net/D229
Diffstat (limited to 'fuzz/tls_client_target.cc')
-rw-r--r-- | fuzz/tls_client_target.cc | 63 |
1 files changed, 18 insertions, 45 deletions
diff --git a/fuzz/tls_client_target.cc b/fuzz/tls_client_target.cc index d1dda12d4..5cb071250 100644 --- a/fuzz/tls_client_target.cc +++ b/fuzz/tls_client_target.cc @@ -12,19 +12,8 @@ #include "shared.h" #include "tls_client_config.h" -#include "tls_client_socket.h" - -static PRStatus EnableAllProtocolVersions() { - SSLVersionRange supported; - - SECStatus rv = SSL_VersionRangeGetSupported(ssl_variant_stream, &supported); - assert(rv == SECSuccess); - - rv = SSL_VersionRangeSetDefault(ssl_variant_stream, &supported); - assert(rv == SECSuccess); - - return PR_SUCCESS; -} +#include "tls_common.h" +#include "tls_socket.h" static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig, PRBool isServer) { @@ -35,8 +24,7 @@ static SECStatus AuthCertificateHook(void* arg, PRFileDesc* fd, PRBool checksig, static void SetSocketOptions(PRFileDesc* fd, std::unique_ptr<ClientConfig>& config) { - // Disable session cache for now. - SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, true); + SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, config->EnableCache()); assert(rv == SECSuccess); rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET, @@ -50,18 +38,21 @@ static void SetSocketOptions(PRFileDesc* fd, rv = SSL_OptionSet(fd, SSL_ENABLE_FALSE_START, config->EnableFalseStart()); assert(rv == SECSuccess); + rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, config->EnableDeflate()); + assert(rv == SECSuccess); + + rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, config->EnableCbcRandomIv()); + assert(rv == SECSuccess); + + rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION, + config->RequireSafeNegotiation()); + assert(rv == SECSuccess); + rv = SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED); assert(rv == SECSuccess); } -static void EnableAllCipherSuites(PRFileDesc* fd) { - for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) { - SECStatus rv = SSL_CipherPrefSet(fd, SSL_ImplementedCiphers[i], true); - assert(rv == SECSuccess); - } -} - // This is only called when we set SSL_ENABLE_FALSE_START=1, // so we can always just set *canFalseStart=true. static SECStatus CanFalseStartCallback(PRFileDesc* fd, void* arg, @@ -78,26 +69,6 @@ static void SetupCallbacks(PRFileDesc* fd, ClientConfig* config) { assert(rv == SECSuccess); } -static void DoHandshake(PRFileDesc* fd) { - SECStatus rv = SSL_ResetHandshake(fd, false /* asServer */); - assert(rv == SECSuccess); - - do { - rv = SSL_ForceHandshake(fd); - } while (rv != SECSuccess && PR_GetError() == PR_WOULD_BLOCK_ERROR); - - // If the handshake succeeds, let's read some data from the server, if any. - if (rv == SECSuccess) { - uint8_t block[1024]; - int32_t nb; - - // Read application data and echo it back. - while ((nb = PR_Read(fd, block, sizeof(block))) > 0) { - PR_Write(fd, block, nb); - } - } -} - extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { static std::unique_ptr<NSSDatabase> db(new NSSDatabase()); assert(db != nullptr); @@ -105,10 +76,12 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { EnableAllProtocolVersions(); std::unique_ptr<ClientConfig> config(new ClientConfig(data, len)); + // Clear the cache. We never want to resume as we couldn't reproduce that. + SSL_ClearSessionCache(); + #ifdef UNSAFE_FUZZER_MODE // Reset the RNG state. - SECStatus rv = RNG_ResetForFuzzing(); - assert(rv == SECSuccess); + assert(RNG_ResetForFuzzing() == SECSuccess); #endif // Create and import dummy socket. @@ -124,7 +97,7 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) { SetSocketOptions(ssl_fd, config); EnableAllCipherSuites(ssl_fd); SetupCallbacks(ssl_fd, config.get()); - DoHandshake(ssl_fd); + DoHandshake(ssl_fd, false); return 0; } |