diff options
Diffstat (limited to 'comm/third_party/botan/src/fuzzer/tls_client.cpp')
| -rw-r--r-- | comm/third_party/botan/src/fuzzer/tls_client.cpp | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/comm/third_party/botan/src/fuzzer/tls_client.cpp b/comm/third_party/botan/src/fuzzer/tls_client.cpp new file mode 100644 index 0000000000..a5c8137bfc --- /dev/null +++ b/comm/third_party/botan/src/fuzzer/tls_client.cpp @@ -0,0 +1,130 @@ +/* +* (C) 2015,2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ + +#include "fuzzers.h" +#include <botan/tls_client.h> + +class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager + { + public: + std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; } + std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; } + Botan::SymmetricKey psk(const std::string&, const std::string&, const std::string&) override + { + return Botan::SymmetricKey("AABBCCDDEEFF00112233445566778899"); + } + }; + +class Fuzzer_TLS_Policy : public Botan::TLS::Policy + { + public: + std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version, + bool have_srp) const + { + std::vector<uint16_t> ciphersuites; + + for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) + { + if(suite.valid() == false) + continue; + + // Are we doing SRP? + if(!have_srp && suite.kex_method() == Botan::TLS::Kex_Algo::SRP_SHA) + continue; + + if(!version.supports_aead_modes()) + { + // Are we doing AEAD in a non-AEAD version? + if(suite.mac_algo() == "AEAD") + continue; + + // Older (v1.0/v1.1) versions also do not support any hash but SHA-1 + if(suite.mac_algo() != "SHA-1") + continue; + } + + ciphersuites.push_back(suite.ciphersuite_code()); + } + + return ciphersuites; + } + }; + +class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks + { + public: + void tls_emit_data(const uint8_t[], size_t) override + { + // discard + } + + void tls_record_received(uint64_t, const uint8_t[], size_t) override + { + // ignore peer data + } + + void tls_alert(Botan::TLS::Alert) override + { + // ignore alert + } + + bool tls_session_established(const Botan::TLS::Session&) override + { + return true; // cache it + } + + void tls_verify_cert_chain( + const std::vector<Botan::X509_Certificate>& cert_chain, + const std::vector<std::shared_ptr<const Botan::OCSP::Response>>& ocsp_responses, + const std::vector<Botan::Certificate_Store*>& trusted_roots, + Botan::Usage_Type usage, + const std::string& hostname, + const Botan::TLS::Policy& policy) override + { + try + { + // try to validate to exercise those code paths + Botan::TLS::Callbacks::tls_verify_cert_chain(cert_chain, ocsp_responses, + trusted_roots, usage, hostname, policy); + } + catch(...) + { + // ignore validation result + } + } + + }; + +void fuzz(const uint8_t in[], size_t len) + { + if(len == 0) + return; + + Botan::TLS::Session_Manager_Noop session_manager; + Fuzzer_TLS_Policy policy; + Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12; + Botan::TLS::Server_Information info("server.name", 443); + Fuzzer_TLS_Client_Callbacks callbacks; + Fuzzer_TLS_Client_Creds creds; + + Botan::TLS::Client client(callbacks, + session_manager, + creds, + policy, + fuzzer_rng(), + info, + client_offer); + + try + { + client.received_data(in, len); + } + catch(std::exception& e) + { + } + + } + |