1 /* This Source Code Form is subject to the terms of the Mozilla Public
2  * License, v. 2.0. If a copy of the MPL was not distributed with this
3  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4 
5 #include <assert.h>
6 #include <stdint.h>
7 #include <memory>
8 
9 #include "blapi.h"
10 #include "prinit.h"
11 #include "ssl.h"
12 
13 #include "shared.h"
14 #include "tls_common.h"
15 #include "tls_mutators.h"
16 #include "tls_server_certs.h"
17 #include "tls_server_config.h"
18 #include "tls_socket.h"
19 
20 #ifdef IS_DTLS
set_is_dtls()21 __attribute__((constructor)) static void set_is_dtls() {
22   TlsMutators::SetIsDTLS();
23 }
24 #endif
25 
ImportFD(PRFileDesc * model,PRFileDesc * fd)26 PRFileDesc* ImportFD(PRFileDesc* model, PRFileDesc* fd) {
27 #ifdef IS_DTLS
28   return DTLS_ImportFD(model, fd);
29 #else
30   return SSL_ImportFD(model, fd);
31 #endif
32 }
33 
34 class SSLServerSessionCache {
35  public:
SSLServerSessionCache()36   SSLServerSessionCache() {
37     assert(SSL_ConfigServerSessionIDCache(1024, 0, 0, ".") == SECSuccess);
38   }
39 
~SSLServerSessionCache()40   ~SSLServerSessionCache() {
41     assert(SSL_ShutdownServerSessionIDCache() == SECSuccess);
42   }
43 };
44 
SetSocketOptions(PRFileDesc * fd,std::unique_ptr<ServerConfig> & config)45 static void SetSocketOptions(PRFileDesc* fd,
46                              std::unique_ptr<ServerConfig>& config) {
47   SECStatus rv = SSL_OptionSet(fd, SSL_NO_CACHE, config->EnableCache());
48   assert(rv == SECSuccess);
49 
50   rv = SSL_OptionSet(fd, SSL_REUSE_SERVER_ECDHE_KEY, false);
51   assert(rv == SECSuccess);
52 
53   rv = SSL_OptionSet(fd, SSL_ENABLE_EXTENDED_MASTER_SECRET,
54                      config->EnableExtendedMasterSecret());
55   assert(rv == SECSuccess);
56 
57   rv = SSL_OptionSet(fd, SSL_REQUEST_CERTIFICATE, config->RequestCertificate());
58   assert(rv == SECSuccess);
59 
60   rv = SSL_OptionSet(fd, SSL_REQUIRE_CERTIFICATE, config->RequireCertificate());
61   assert(rv == SECSuccess);
62 
63   rv = SSL_OptionSet(fd, SSL_ENABLE_DEFLATE, config->EnableDeflate());
64   assert(rv == SECSuccess);
65 
66   rv = SSL_OptionSet(fd, SSL_CBC_RANDOM_IV, config->EnableCbcRandomIv());
67   assert(rv == SECSuccess);
68 
69   rv = SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION,
70                      config->RequireSafeNegotiation());
71   assert(rv == SECSuccess);
72 
73 #ifndef IS_DTLS
74   rv =
75       SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED);
76   assert(rv == SECSuccess);
77 #endif
78 }
79 
InitModelSocket(void * arg)80 static PRStatus InitModelSocket(void* arg) {
81   PRFileDesc* fd = reinterpret_cast<PRFileDesc*>(arg);
82 
83   EnableAllProtocolVersions();
84   EnableAllCipherSuites(fd);
85   InstallServerCertificates(fd);
86 
87   return PR_SUCCESS;
88 }
89 
LLVMFuzzerTestOneInput(const uint8_t * data,size_t len)90 extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t len) {
91   static std::unique_ptr<NSSDatabase> db(new NSSDatabase());
92   assert(db != nullptr);
93 
94   static std::unique_ptr<SSLServerSessionCache> cache(
95       new SSLServerSessionCache());
96   assert(cache != nullptr);
97 
98   std::unique_ptr<ServerConfig> config(new ServerConfig(data, len));
99 
100   // Clear the cache. We never want to resume as we couldn't reproduce that.
101   SSL_ClearSessionCache();
102 
103   // Reset the RNG state.
104   assert(RNG_RandomUpdate(NULL, 0) == SECSuccess);
105 
106   // Create model socket.
107   static ScopedPRFileDesc model(ImportFD(nullptr, PR_NewTCPSocket()));
108   assert(model);
109 
110   // Initialize the model socket once.
111   static PRCallOnceType initModelOnce;
112   PR_CallOnceWithArg(&initModelOnce, InitModelSocket, model.get());
113 
114   // Create and import dummy socket.
115   std::unique_ptr<DummyPrSocket> socket(new DummyPrSocket(data, len));
116   static PRDescIdentity id = PR_GetUniqueIdentity("fuzz-server");
117   ScopedPRFileDesc fd(DummyIOLayerMethods::CreateFD(id, socket.get()));
118   PRFileDesc* ssl_fd = ImportFD(model.get(), fd.get());
119   assert(ssl_fd == fd.get());
120 
121   FixTime(ssl_fd);
122   SetSocketOptions(ssl_fd, config);
123   DoHandshake(ssl_fd, true);
124 
125   return 0;
126 }
127 
LLVMFuzzerCustomMutator(uint8_t * data,size_t size,size_t max_size,unsigned int seed)128 extern "C" size_t LLVMFuzzerCustomMutator(uint8_t* data, size_t size,
129                                           size_t max_size, unsigned int seed) {
130   using namespace TlsMutators;
131   return CustomMutate({DropRecord, ShuffleRecords, DuplicateRecord,
132                        TruncateRecord, FragmentRecord},
133                       data, size, max_size, seed);
134 }
135 
LLVMFuzzerCustomCrossOver(const uint8_t * data1,size_t size1,const uint8_t * data2,size_t size2,uint8_t * out,size_t max_out_size,unsigned int seed)136 extern "C" size_t LLVMFuzzerCustomCrossOver(const uint8_t* data1, size_t size1,
137                                             const uint8_t* data2, size_t size2,
138                                             uint8_t* out, size_t max_out_size,
139                                             unsigned int seed) {
140   return TlsMutators::CrossOver(data1, size1, data2, size2, out, max_out_size,
141                                 seed);
142 }
143