diff options
| author | Robert Swiecki <robert@swiecki.net> | 2017-11-09 13:50:53 +0100 |
|---|---|---|
| committer | Robert Swiecki <robert@swiecki.net> | 2017-11-09 13:50:53 +0100 |
| commit | 97df415e758e7be8cd2852d2f05938efc016c9fe (patch) | |
| tree | 6d2586a2f0514e57fbe74a2ec5d2d7bf2d93a018 /examples | |
| parent | 75cbd626849f7f9ab62feeed14202d27659ab31f (diff) | |
| parent | dcc19040395a4045ae53f180d0b2ccd913561a54 (diff) | |
| download | honggfuzz-97df415e758e7be8cd2852d2f05938efc016c9fe.tar.gz | |
Merge branch 'master' of ssh://github.com/google/honggfuzz
Diffstat (limited to 'examples')
| -rw-r--r-- | examples/openssl/client.c | 19 | ||||
| -rw-r--r-- | examples/openssl/hf_ssl_lib.h | 18 | ||||
| -rwxr-xr-x | examples/openssl/make.sh | 12 | ||||
| -rw-r--r-- | examples/openssl/privkey.c | 2 | ||||
| -rw-r--r-- | examples/openssl/server.c | 27 | ||||
| -rw-r--r-- | examples/openssl/x509.c | 2 |
6 files changed, 51 insertions, 29 deletions
diff --git a/examples/openssl/client.c b/examples/openssl/client.c index 3f888fcd..38fb0f1e 100644 --- a/examples/openssl/client.c +++ b/examples/openssl/client.c @@ -13,9 +13,7 @@ extern "C" { #include <unistd.h> #include <hf_ssl_lib.h> -#if !defined(HF_NO_INC) #include <libhfuzz/libhfuzz.h> -#endif /* !defined(HF_NO_INC) */ static const uint8_t kCertificateDER[] = { 0x30, 0x82, 0x05, 0x65, 0x30, 0x82, 0x03, 0x4d, 0x02, 0x09, 0x00, 0xe8, 0x66, 0xed, 0xc9, 0x66, 0xa7, 0xd1, 0xac, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, @@ -530,35 +528,40 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) SSL* client = SSL_new(ctx); SSL_set_tlsext_host_name(client, "localhost"); +#if defined(HF_SSL_FROM_STDIN) + BIO* in = BIO_new(BIO_s_fd()); + BIO_set_fd(in, 0, BIO_NOCLOSE); +#else /* defined(HF_SSL_FROM_STDIN) */ BIO* in = BIO_new(BIO_s_mem()); BIO_write(in, buf, len); +#endif /* defined(HF_SSL_FROM_STDIN) */ BIO* out = BIO_new(BIO_s_fd()); BIO_set_fd(out, 1, BIO_NOCLOSE); SSL_set_bio(client, in, out); -#if defined(HF_SSL_IS_OPENSSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) SSL_enable_ct(client, SSL_CT_VALIDATION_PERMISSIVE); SSL_set_dh_auto(client, 1); SSL_set_max_early_data(client, 128); static const uint8_t edata_buf[128] = { 1, 0 }; size_t written = 0; SSL_write_early_data(client, edata_buf, sizeof(edata_buf), &written); -#endif // defined(HF_SSL_IS_OPENSSL) +#endif // defined(HF_SSL_IS_OPENSSL_GE_1_1) -#if !defined(HF_SSL_IS_LIBRESSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) || defined(HF_SSL_IS_BORINGSSL) SSL_set_min_proto_version(client, SSL3_VERSION); SSL_set_max_proto_version(client, TLS1_3_VERSION); -#endif // !defined(HF_SSL_IS_LIBRESSL) +#endif // defined(HF_SSL_IS_OPENSSL_GE_1_1) || defined(HF_SSL_IS_BORINGSSL) /* Try it two times to test SSL_clear() */ for (unsigned i = 0; i < 2; i++) { if (SSL_connect(client) == 1) { uint8_t tmp[1024 * 1024]; -#if defined(HF_SSL_IS_OPENSSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) size_t readbytes = 0; SSL_read_early_data(client, tmp, sizeof(tmp), &readbytes); -#endif // defined(HF_SSL_IS_OPENSSL) +#endif // defined(HF_SSL_IS_OPENSSL_GE_1_1) X509* peer; if ((peer = SSL_get_peer_certificate(client)) != NULL) { SSL_get_verify_result(client); diff --git a/examples/openssl/hf_ssl_lib.h b/examples/openssl/hf_ssl_lib.h index 8a4b5750..4a4b32fb 100644 --- a/examples/openssl/hf_ssl_lib.h +++ b/examples/openssl/hf_ssl_lib.h @@ -1,6 +1,8 @@ #include <openssl/opensslv.h> #include <openssl/rand.h> +#include <libhfuzz/libhfuzz.h> + #ifdef __cplusplus extern "C" { #endif @@ -11,8 +13,9 @@ extern "C" { #if defined(BORINGSSL_API_VERSION) #define HF_SSL_IS_BORINGSSL 1 #endif -#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION) -#define HF_SSL_IS_OPENSSL 1 +#if !defined(LIBRESSL_VERSION_NUMBER) && !defined(BORINGSSL_API_VERSION) \ + && OPENSSL_VERSION_NUMBER >= 0x10100000 +#define HF_SSL_IS_OPENSSL_GE_1_1 1 #endif #if defined(HF_SSL_IS_BORINGSSL) @@ -40,6 +43,17 @@ static RAND_METHOD hf_method = { static void HFResetRand(void) { RAND_set_rand_method(&hf_method); } +#if defined(HF_SSL_FROM_STDIN) +int LLVMFuzzerInitialize(int* argc, char*** argv) __attribute__((weak)); + +int main(int argc, char** argv) +{ + if (LLVMFuzzerInitialize) { + LLVMFuzzerInitialize(&argc, &argv); + } + return LLVMFuzzerTestOneInput(NULL, 0U); +} +#endif /* defined(HF_SSL_FROM_STDIN) */ #ifdef __cplusplus } // extern "C" #endif diff --git a/examples/openssl/make.sh b/examples/openssl/make.sh index abb1f680..15631e06 100755 --- a/examples/openssl/make.sh +++ b/examples/openssl/make.sh @@ -13,9 +13,15 @@ CC="$HFUZZ_SRC/hfuzz_cc/hfuzz-clang" CXX="$HFUZZ_SRC/hfuzz_cc/hfuzz-clang++" COMMON_FLAGS="-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE -DBORINGSSL_UNSAFE_FUZZER_MODE -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DBN_DEBUG \ -O3 -g -DFuzzerInitialize=LLVMFuzzerInitialize -DFuzzerTestOneInput=LLVMFuzzerTestOneInput \ - -I./$DIR/include -I$HFUZZ_SRC/examples/openssl" + -I./$DIR/include -I$HFUZZ_SRC/examples/openssl -I$HFUZZ_SRC" COMMON_LDFLAGS="-lpthread -lz -Wl,-z,now" +SUFFIX= +if [ -n "$HF_SSL_FROM_STDIN" ]; then + SUFFIX=".stdin" + COMMON_FLAGS="$COMMON_FLAGS -DHF_SSL_FROM_STDIN" +fi + if [ -z "$DIR" ]; then echo "$0" DIR SANITIZE exit 1 @@ -44,9 +50,9 @@ if [ -n "$SAN" ]; then fi for x in x509 privkey client server; do - $CC $COMMON_FLAGS -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "$TYPE$SAN.$x" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE + $CC $COMMON_FLAGS -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "$TYPE$SAN.$x$SUFFIX" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE done for x in x509 privkey client server; do - clang++$CLANG_VER -DHF_NO_INC $COMMON_FLAGS -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "libfuzzer.$TYPE$SAN.$x" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE -lFuzzer + clang++$CLANG_VER $COMMON_FLAGS -g "$HFUZZ_SRC/examples/openssl/$x.c" -o "libfuzzer.$TYPE$SAN.$x$SUFFIX" "$LIBSSL" "$LIBCRYPTO" $COMMON_LDFLAGS $SAN_COMPILE -lFuzzer done diff --git a/examples/openssl/privkey.c b/examples/openssl/privkey.c index 3af1f14b..210f0211 100644 --- a/examples/openssl/privkey.c +++ b/examples/openssl/privkey.c @@ -4,9 +4,7 @@ #include <openssl/ssl.h> #include <hf_ssl_lib.h> -#if !defined(HF_NO_INC) #include <libhfuzz/libhfuzz.h> -#endif /* !defined(HF_NO_INC) */ #ifdef __cplusplus extern "C" { diff --git a/examples/openssl/server.c b/examples/openssl/server.c index d8c6da46..a058c7dc 100644 --- a/examples/openssl/server.c +++ b/examples/openssl/server.c @@ -13,9 +13,7 @@ extern "C" { #include <unistd.h> #include <hf_ssl_lib.h> -#if !defined(HF_NO_INC) #include <libhfuzz/libhfuzz.h> -#endif /* !defined(HF_NO_INC) */ static const uint8_t kCertificateDER[] = { 0x30, 0x82, 0x05, 0x65, 0x30, 0x82, 0x03, 0x4d, 0x02, 0x09, 0x00, 0xe8, 0x66, 0xed, 0xc9, 0x66, 0xa7, 0xd1, 0xac, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, @@ -440,7 +438,7 @@ unsigned int psk_callback( return max_psk_len; } -#if defined(HF_SSL_IS_OPENSSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) static int srp_callback(SSL* s, int* ad, void* arg) { if (strcmp(SSL_get_srp_username(s), "USER") != 0) { @@ -453,7 +451,7 @@ static int srp_callback(SSL* s, int* ad, void* arg) } return SSL_ERROR_NONE; } -#endif /* defined(HF_SSL_IS_OPENSSL) */ +#endif /* defined(HF_SSL_IS_OPENSSL_GE_1_1) */ int alpn_callback(SSL* ssl, const unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen, void* arg) @@ -550,12 +548,12 @@ int LLVMFuzzerInitialize(int* argc, char*** argv) assert(ret == 1); #endif /* !defined(HF_SSL_IS_LIBRESSL) */ -#if defined(HF_SSL_IS_OPENSSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) ret = SSL_CTX_set_srp_username_callback(ctx, srp_callback); assert(ret == 1); ret = SSL_CTX_set_srp_cb_arg(ctx, NULL); assert(ret == 1); -#endif /* defined(HF_SSL_IS_OPENSSL) */ +#endif /* defined(HF_SSL_IS_OPENSSL_GE_1_1) */ SSL_CTX_set_alpn_select_cb(ctx, alpn_callback, NULL); SSL_CTX_set_next_protos_advertised_cb(ctx, npn_callback, NULL); @@ -579,37 +577,42 @@ int LLVMFuzzerTestOneInput(const uint8_t* buf, size_t len) SSL* server = SSL_new(ctx); +#if defined(HF_SSL_FROM_STDIN) + BIO* in = BIO_new(BIO_s_fd()); + BIO_set_fd(in, 0, BIO_NOCLOSE); +#else /* defined(HF_SSL_FROM_STDIN) */ BIO* in = BIO_new(BIO_s_mem()); BIO_write(in, buf, len); +#endif /* defined(HF_SSL_FROM_STDIN) */ BIO* out = BIO_new(BIO_s_fd()); BIO_set_fd(out, 1, BIO_NOCLOSE); SSL_set_bio(server, in, out); -#if defined(HF_SSL_IS_OPENSSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) SSL_enable_ct(server, SSL_CT_VALIDATION_STRICT); SSL_set_dh_auto(server, 1); SSL_set_max_early_data(server, 128); static const uint8_t edata_buf[128] = { 1, 0 }; size_t written = 0; SSL_write_early_data(server, edata_buf, sizeof(edata_buf), &written); -#endif // defined(HF_SSL_IS_OPENSSL) +#endif // defined(HF_SSL_IS_OPENSSL_GE_1_1) -#if !defined(HF_SSL_IS_LIBRESSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) || defined(HF_SSL_IS_BORINGSSL) SSL_set_min_proto_version(server, SSL3_VERSION); SSL_set_max_proto_version(server, TLS1_3_VERSION); -#endif // !defined(HF_SSL_IS_LIBRESSL) +#endif // defined(HF_SSL_IS_OPENSSL_GE_1_1) || defined(HF_SSL_IS_BORINGSSL) /* Try it two times to test SSL_clear() */ for (unsigned i = 0; i < 2; i++) { if (SSL_accept(server) == 1) { uint8_t tmp[1024 * 1024]; -#if defined(HF_SSL_IS_OPENSSL) +#if defined(HF_SSL_IS_OPENSSL_GE_1_1) static const uint8_t early_data_buf[128] = { 1, 0 }; size_t readbytes = 0; SSL_read_early_data(server, tmp, sizeof(tmp), &readbytes); -#endif // defined(HF_SSL_IS_OPENSSL) +#endif // defined(HF_SSL_IS_OPENSSL_GE_1_1) X509* peer; if ((peer = SSL_get_peer_certificate(server)) != NULL) { diff --git a/examples/openssl/x509.c b/examples/openssl/x509.c index 5b1e82b9..27b36332 100644 --- a/examples/openssl/x509.c +++ b/examples/openssl/x509.c @@ -12,9 +12,7 @@ extern "C" { #include <stdio.h> #include <hf_ssl_lib.h> -#if !defined(HF_NO_INC) #include <libhfuzz/libhfuzz.h> -#endif /* !defined(HF_NO_INC) */ int LLVMFuzzerInitialize(int* argc, char*** argv) { |