/src/gnutls/fuzz/gnutls_handshake_server_fuzzer.c
Line | Count | Source |
1 | | /* |
2 | | # Copyright 2017 Red Hat, Inc. |
3 | | # |
4 | | # Licensed under the Apache License, Version 2.0 (the "License"); |
5 | | # you may not use this file except in compliance with the License. |
6 | | # You may obtain a copy of the License at |
7 | | # |
8 | | # https://www.apache.org/licenses/LICENSE-2.0 |
9 | | # |
10 | | # Unless required by applicable law or agreed to in writing, software |
11 | | # distributed under the License is distributed on an "AS IS" BASIS, |
12 | | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | | # See the License for the specific language governing permissions and |
14 | | # limitations under the License. |
15 | | # |
16 | | ################################################################################ |
17 | | */ |
18 | | |
19 | | #include <assert.h> |
20 | | #include <stdint.h> |
21 | | #include <unistd.h> |
22 | | #include <string.h> |
23 | | #include <stdlib.h> |
24 | | |
25 | | #include <gnutls/crypto.h> |
26 | | #include <gnutls/gnutls.h> |
27 | | |
28 | | #include "certs.h" |
29 | | #include "handshake.h" |
30 | | #include "fuzzer.h" |
31 | | |
32 | | int __attribute__((visibility("protected"))) |
33 | | gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len) |
34 | 40.9k | { |
35 | 40.9k | memset(data, 0xff, len); |
36 | | |
37 | | /* Flip the first byte to avoid infinite loop in the RSA |
38 | | * blinding code of Nettle */ |
39 | 40.9k | if (len > 0) |
40 | 40.9k | memset(data, 0x0, 1); |
41 | 40.9k | return 0; |
42 | 40.9k | } |
43 | | |
44 | | int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |
45 | 2.55k | { |
46 | 2.55k | int res; |
47 | 2.55k | gnutls_datum_t rsa_cert, rsa_key; |
48 | 2.55k | gnutls_datum_t ecdsa_cert, ecdsa_key; |
49 | 2.55k | gnutls_datum_t ed25519_cert, ed25519_key; |
50 | 2.55k | gnutls_datum_t ed448_cert, ed448_key; |
51 | 2.55k | gnutls_session_t session; |
52 | 2.55k | gnutls_certificate_credentials_t xcred; |
53 | 2.55k | struct mem_st memdata; |
54 | 2.55k | unsigned int retry; |
55 | | |
56 | 2.55k | res = gnutls_init(&session, GNUTLS_SERVER); |
57 | 2.55k | assert(res >= 0); |
58 | | |
59 | 2.55k | res = gnutls_certificate_allocate_credentials(&xcred); |
60 | 2.55k | assert(res >= 0); |
61 | | |
62 | 2.55k | rsa_cert.data = (unsigned char *)kRSACertificateDER; |
63 | 2.55k | rsa_cert.size = sizeof(kRSACertificateDER); |
64 | 2.55k | rsa_key.data = (unsigned char *)kRSAPrivateKeyDER; |
65 | 2.55k | rsa_key.size = sizeof(kRSAPrivateKeyDER); |
66 | | |
67 | 2.55k | ecdsa_cert.data = (unsigned char *)kECDSACertificateDER; |
68 | 2.55k | ecdsa_cert.size = sizeof(kECDSACertificateDER); |
69 | 2.55k | ecdsa_key.data = (unsigned char *)kECDSAPrivateKeyDER; |
70 | 2.55k | ecdsa_key.size = sizeof(kECDSAPrivateKeyDER); |
71 | | |
72 | 2.55k | ed25519_cert.data = (unsigned char *)kEd25519CertificateDER; |
73 | 2.55k | ed25519_cert.size = sizeof(kEd25519CertificateDER); |
74 | 2.55k | ed25519_key.data = (unsigned char *)kEd25519PrivateKeyDER; |
75 | 2.55k | ed25519_key.size = sizeof(kEd25519PrivateKeyDER); |
76 | | |
77 | 2.55k | ed448_cert.data = (unsigned char *)kEd448CertificateDER; |
78 | 2.55k | ed448_cert.size = sizeof(kEd448CertificateDER); |
79 | 2.55k | ed448_key.data = (unsigned char *)kEd448PrivateKeyDER; |
80 | 2.55k | ed448_key.size = sizeof(kEd448PrivateKeyDER); |
81 | | |
82 | 2.55k | res = gnutls_certificate_set_x509_key_mem(xcred, &rsa_cert, &rsa_key, |
83 | 2.55k | GNUTLS_X509_FMT_DER); |
84 | 2.55k | assert(res >= 0); |
85 | | |
86 | 2.55k | res = gnutls_certificate_set_x509_key_mem( |
87 | 2.55k | xcred, &ecdsa_cert, &ecdsa_key, GNUTLS_X509_FMT_DER); |
88 | 2.55k | assert(res >= 0); |
89 | | |
90 | 2.55k | res = gnutls_certificate_set_x509_key_mem( |
91 | 2.55k | xcred, &ed25519_cert, &ed25519_key, GNUTLS_X509_FMT_DER); |
92 | 2.55k | assert(res >= 0); |
93 | | |
94 | 2.55k | res = gnutls_certificate_set_x509_key_mem( |
95 | 2.55k | xcred, &ed448_cert, &ed448_key, GNUTLS_X509_FMT_DER); |
96 | 2.55k | assert(res >= 0); |
97 | | |
98 | 2.55k | gnutls_certificate_set_known_dh_params(xcred, GNUTLS_SEC_PARAM_MEDIUM); |
99 | | |
100 | 2.55k | res = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred); |
101 | 2.55k | assert(res >= 0); |
102 | | |
103 | | /*res = gnutls_set_default_priority(session); */ |
104 | 2.55k | res = gnutls_priority_set_direct( |
105 | 2.55k | session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL); |
106 | 2.55k | assert(res >= 0); |
107 | | |
108 | 2.55k | memdata.data = data; |
109 | 2.55k | memdata.size = size; |
110 | | |
111 | 2.55k | gnutls_transport_set_push_function(session, error_push); |
112 | 2.55k | gnutls_transport_set_pull_function(session, error_pull); |
113 | 2.55k | gnutls_handshake_set_read_function(session, handshake_discard); |
114 | | |
115 | 2.55k | retry = 0; |
116 | 6.01k | do { |
117 | 6.01k | res = gnutls_handshake(session); |
118 | 6.01k | if (res == GNUTLS_E_AGAIN) { |
119 | 4.28k | if (handshake_pull(session, &memdata) < 0) { |
120 | 822 | res = GNUTLS_E_INTERNAL_ERROR; |
121 | 822 | break; |
122 | 822 | } |
123 | 3.46k | if (retry > HANDSHAKE_MAX_RETRY_COUNT) { |
124 | 5 | break; |
125 | 5 | } |
126 | 3.46k | retry++; |
127 | 3.46k | } else { |
128 | 1.72k | retry = 0; |
129 | 1.72k | } |
130 | 6.01k | } while (res < 0 && gnutls_error_is_fatal(res) == 0); |
131 | | |
132 | 2.55k | gnutls_deinit(session); |
133 | 2.55k | gnutls_certificate_free_credentials(xcred); |
134 | 2.55k | return 0; |
135 | 2.55k | } |