#!/bin/bash -eu
# Copyright 2021 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################

BASE=${SRC}/openvpn/src/openvpn

apply_sed_changes() {
  sed -i 's/read(/fuzz_read(/g' ${BASE}/console_systemd.c
  sed -i 's/fgets(/fuzz_fgets(/g' ${BASE}/console_builtin.c
  sed -i 's/fgets(/fuzz_fgets(/g' ${BASE}/misc.c
  sed -i 's/#include "forward.h"/#include "fuzz_header.h"\n#include "forward.h"/g' ${BASE}/proxy.c
  sed -i 's/select(/fuzz_select(/g' ${BASE}/proxy.c
  sed -i 's/send(/fuzz_send(/g' ${BASE}/proxy.c
  sed -i 's/recv(/fuzz_recv(/g' ${BASE}/proxy.c
  sed -i 's/isatty/fuzz_isatty/g' ${BASE}/console_builtin.c

  sed -i 's/fopen/fuzz_fopen/g' ${BASE}/console_builtin.c
  sed -i 's/fclose/fuzz_fclose/g' ${BASE}/console_builtin.c

  sed -i 's/sendto/fuzz_sendto/g' ${BASE}/socket.h
  sed -i 's/#include "misc.h"/#include "misc.h"\nextern size_t fuzz_sendto(int sockfd, void *buf, size_t len, int flags, struct sockaddr *dest_addr, socklen_t addrlen);/g' ${BASE}/socket.h

  sed -i 's/fp = (flags/fp = stdout;\n\/\//g' ${BASE}/error.c

  sed -i 's/crypto_msg(M_FATAL/crypto_msg(M_WARN/g' ${BASE}/crypto_openssl.c
  sed -i 's/msg(M_FATAL, \"Cipher/return;msg(M_FATAL, \"Cipher/g' ${BASE}/crypto.c
  sed -i 's/msg(M_FATAL/msg(M_WARN/g' ${BASE}/crypto.c

  sed -i 's/= write/= fuzz_write/g' ${BASE}/packet_id.c
}

# Changes in the code so we can fuzz it.
git apply $SRC/crypto_patch.txt

echo "" >> ${BASE}/openvpn.c
echo "#include \"fake_fuzz_header.h\"" >> ${BASE}/openvpn.c
echo "ssize_t fuzz_get_random_data(void *buf, size_t len) { return 0; }" >> ${BASE}/fake_fuzz_header.h
echo "int fuzz_success;" >> ${BASE}/fake_fuzz_header.h

# Apply hooking changes
apply_sed_changes

# Copy corpuses out
zip -r $OUT/fuzz_verify_cert_seed_corpus.zip $SRC/boringssl/fuzz/cert_corpus

# Build openvpn
autoreconf -ivf
./configure --disable-lz4 --with-crypto-library=openssl OPENSSL_LIBS="-L/usr/local/ssl/ -lssl -lcrypto" OPENSSL_CFLAGS="-I/usr/local/ssl/include/"
make

# Make openvpn object files into a library we can link fuzzers to
cd src/openvpn
rm openvpn.o
ar r libopenvpn.a *.o

# Compile our fuzz helper
$CXX $CXXFLAGS -g -c $SRC/fuzz_randomizer.cpp -o $SRC/fuzz_randomizer.o

# Compile the fuzzers
for fuzzname in dhcp misc base64 proxy buffer route packet_id mroute list verify_cert; do
    $CC -DHAVE_CONFIG_H -I. -I../.. -I../../include -I../../src/compat \
      -DPLUGIN_LIBDIR=\"/usr/local/lib/openvpn/plugins\" -std=c99 $CFLAGS \
      -c $SRC/fuzz_${fuzzname}.c -o $SRC/fuzz_${fuzzname}.o

    # Link with CXX
    $CXX ${CXXFLAGS} ${LIB_FUZZING_ENGINE} $SRC/fuzz_${fuzzname}.o -o $OUT/fuzz_${fuzzname} $SRC/fuzz_randomizer.o \
        libopenvpn.a ../../src/compat/.libs/libcompat.a /usr/lib/x86_64-linux-gnu/libnsl.a \
        /usr/lib/x86_64-linux-gnu/libresolv.a /usr/lib/x86_64-linux-gnu/liblzo2.a \
        -lssl -lcrypto -ldl
done