static int fuzzSession( const CRYPT_SESSION_TYPE sessionType ) { CRYPT_SESSION cryptSession; const BOOLEAN isServer = \ ( sessionType == CRYPT_SESSION_SSH_SERVER || \ sessionType == CRYPT_SESSION_SSL_SERVER || \ sessionType == CRYPT_SESSION_OCSP_SERVER || \ sessionType == CRYPT_SESSION_TSP_SERVER || \ sessionType == CRYPT_SESSION_CMP_SERVER || \ sessionType == CRYPT_SESSION_SCEP_SERVER ) ? \ TRUE : FALSE; int status; /* Create the session */ status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType ); if( cryptStatusError( status ) ) return( status ); /* Set up the various attributes needed to establish a minimal session */ if( !isServer ) { status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_SERVER_NAME, "www.example.com", 15 ); if( cryptStatusError( status ) ) return( status ); } if( isServer ) { CRYPT_CONTEXT cryptPrivKey; char filenameBuffer[ FILENAME_BUFFER_SIZE ]; filenameFromTemplate( filenameBuffer, SERVER_PRIVKEY_FILE_TEMPLATE, 1 ); status = getPrivateKey( &cryptPrivKey, filenameBuffer, USER_PRIVKEY_LABEL, TEST_PRIVKEY_PASSWORD ); if( cryptStatusOK( status ) ) { status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_PRIVATEKEY, cryptPrivKey ); cryptDestroyContext( cryptPrivKey ); } if( cryptStatusError( status ) ) return( status ); } if( sessionType == CRYPT_SESSION_SSH || \ sessionType == CRYPT_SESSION_SSH_SERVER ) { status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_USERNAME, SSH_USER_NAME, paramStrlen( SSH_USER_NAME ) ); if( cryptStatusOK( status ) ) { status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_PASSWORD, SSH_PASSWORD, paramStrlen( SSH_PASSWORD ) ); } if( cryptStatusError( status ) ) return( status ); } status = cryptSetFuzzData( cryptSession, NULL, 0 ); cryptDestroySession( cryptSession ); return( CRYPT_OK ); }
static int fuzzSession( const CRYPT_SESSION_TYPE sessionType, const char *fuzzFileName ) { CRYPT_SESSION cryptSession; CRYPT_CONTEXT cryptPrivKey = CRYPT_UNUSED; BYTE buffer[ 4096 ]; const BOOLEAN isServer = \ ( sessionType == CRYPT_SESSION_SSH_SERVER || \ sessionType == CRYPT_SESSION_SSL_SERVER || \ sessionType == CRYPT_SESSION_OCSP_SERVER || \ sessionType == CRYPT_SESSION_RTCS_SERVER || \ sessionType == CRYPT_SESSION_TSP_SERVER || \ sessionType == CRYPT_SESSION_CMP_SERVER || \ sessionType == CRYPT_SESSION_SCEP_SERVER ) ? \ TRUE : FALSE; int length, status; /* Create the session */ status = cryptCreateSession( &cryptSession, CRYPT_UNUSED, sessionType ); if( cryptStatusError( status ) ) return( status ); /* Set up the various attributes needed to establish a minimal session */ if( !isServer ) { status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_SERVER_NAME, "localhost", 9 ); if( cryptStatusError( status ) ) return( status ); } if( isServer ) { if( !loadRSAContexts( CRYPT_UNUSED, NULL, &cryptPrivKey ) ) return( CRYPT_ERROR_FAILED ); } if( sessionType == CRYPT_SESSION_SSH || \ sessionType == CRYPT_SESSION_CMP ) { status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_USERNAME, SSH_USER_NAME, paramStrlen( SSH_USER_NAME ) ); if( cryptStatusOK( status ) ) { status = cryptSetAttributeString( cryptSession, CRYPT_SESSINFO_PASSWORD, SSH_PASSWORD, paramStrlen( SSH_PASSWORD ) ); } if( cryptStatusError( status ) ) return( status ); } if( sessionType == CRYPT_SESSION_CMP ) { status = cryptSetAttribute( cryptSession, CRYPT_SESSINFO_CMP_REQUESTTYPE, CRYPT_REQUESTTYPE_INITIALISATION ); if( cryptStatusError( status ) ) return( status ); } /* Perform any final session initialisation */ cryptFuzzInit( cryptSession, cryptPrivKey ); /* We're ready to go, start the forkserver and read the mutable data */ #ifndef __WINDOWS__ __afl_manual_init(); #endif /* !__WINDOWS__ */ length = readFileData( fuzzFileName, fuzzFileName, buffer, 4096, 32, TRUE ); if( length < 32 ) return( CRYPT_ERROR_READ ); /* Perform the fuzzing */ ( void ) cryptSetFuzzData( cryptSession, buffer, length ); cryptDestroySession( cryptSession ); if( cryptPrivKey != CRYPT_UNUSED ) cryptDestroyContext( cryptPrivKey ); return( CRYPT_OK ); }