Add four, basic fuzz tests.

This change adds fuzzing tests for:
  ∙ Certificate parsing
  ∙ Private key parsing
  ∙ ClientHello parsing
  ∙ Server first flow (ServerHello, Certificate, etc) parsing.

Change-Id: I5f53282263eaaff69b1a03c819cca73750433653
Reviewed-on: https://boringssl-review.googlesource.com/6460
Reviewed-by: Adam Langley <agl@google.com>

1 files changed, 30 insertions, 0 deletions

diff --git a/fuzz/client.cc b/fuzz/client.cc
new file mode 100644
index 0000000..7cf41fc
--- /dev/null
+++ b/fuzz/client.cc
@@ -0,0 +1,30 @@
+#include <assert.h>
+
+#include <openssl/ssl.h>
+
+struct GlobalState {
+  GlobalState() : ctx(SSL_CTX_new(SSLv23_method())) {}
+
+  ~GlobalState() {
+    SSL_CTX_free(ctx);
+  }
+
+  SSL_CTX *const ctx;
+};
+
+static GlobalState g_state;
+
+extern "C" int LLVMFuzzerTestOneInput(uint8_t *buf, size_t len) {
+  // This only fuzzes the initial flow from the server so far.
+  SSL *client = SSL_new(g_state.ctx);
+  BIO *in = BIO_new(BIO_s_mem());
+  BIO *out = BIO_new(BIO_s_mem());
+  SSL_set_bio(client, in, out);
+  SSL_set_connect_state(client);
+
+  BIO_write(in, buf, len);
+  SSL_do_handshake(client);
+  SSL_free(client);
+
+  return 0;
+}