/src/mbedtls/programs/fuzz/fuzz_server.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include "mbedtls/ssl.h" |
2 | | #include "mbedtls/entropy.h" |
3 | | #include "mbedtls/ctr_drbg.h" |
4 | | #include "mbedtls/ssl_ticket.h" |
5 | | #include "test/certs.h" |
6 | | #include "common.h" |
7 | | #include <string.h> |
8 | | #include <stdlib.h> |
9 | | #include <stdint.h> |
10 | | |
11 | | |
12 | | #if defined(MBEDTLS_SSL_SRV_C) && \ |
13 | | defined(MBEDTLS_ENTROPY_C) && \ |
14 | | defined(MBEDTLS_CTR_DRBG_C) |
15 | | const char *pers = "fuzz_server"; |
16 | | static int initialized = 0; |
17 | | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
18 | | static mbedtls_x509_crt srvcert; |
19 | | static mbedtls_pk_context pkey; |
20 | | #endif |
21 | | const char *alpn_list[3]; |
22 | | |
23 | | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
24 | | const unsigned char psk[] = { |
25 | | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
26 | | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f |
27 | | }; |
28 | | const char psk_id[] = "Client_identity"; |
29 | | #endif |
30 | | #endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C |
31 | | |
32 | | |
33 | | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
34 | 1.59k | { |
35 | 1.59k | #if defined(MBEDTLS_SSL_SRV_C) && \ |
36 | 1.59k | defined(MBEDTLS_ENTROPY_C) && \ |
37 | 1.59k | defined(MBEDTLS_CTR_DRBG_C) |
38 | 1.59k | int ret; |
39 | 1.59k | size_t len; |
40 | 1.59k | mbedtls_ssl_context ssl; |
41 | 1.59k | mbedtls_ssl_config conf; |
42 | 1.59k | mbedtls_ctr_drbg_context ctr_drbg; |
43 | 1.59k | mbedtls_entropy_context entropy; |
44 | 1.59k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
45 | 1.59k | mbedtls_ssl_ticket_context ticket_ctx; |
46 | 1.59k | #endif |
47 | 1.59k | unsigned char buf[4096]; |
48 | 1.59k | fuzzBufferOffset_t biomemfuzz; |
49 | 1.59k | uint8_t options; |
50 | | |
51 | | //we take 1 byte as options input |
52 | 1.59k | if (Size < 1) { |
53 | 0 | return 0; |
54 | 0 | } |
55 | 1.59k | options = Data[Size - 1]; |
56 | | |
57 | 1.59k | mbedtls_ctr_drbg_init(&ctr_drbg); |
58 | 1.59k | mbedtls_entropy_init(&entropy); |
59 | 1.59k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
60 | 1.59k | mbedtls_x509_crt_init(&srvcert); |
61 | 1.59k | mbedtls_pk_init(&pkey); |
62 | 1.59k | #endif |
63 | 1.59k | mbedtls_ssl_init(&ssl); |
64 | 1.59k | mbedtls_ssl_config_init(&conf); |
65 | 1.59k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
66 | 1.59k | mbedtls_ssl_ticket_init(&ticket_ctx); |
67 | 1.59k | #endif |
68 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
69 | | psa_status_t status = psa_crypto_init(); |
70 | | if (status != PSA_SUCCESS) { |
71 | | goto exit; |
72 | | } |
73 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
74 | | |
75 | 1.59k | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, |
76 | 1.59k | (const unsigned char *) pers, strlen(pers)) != 0) { |
77 | 0 | return 1; |
78 | 0 | } |
79 | | |
80 | 1.59k | if (initialized == 0) { |
81 | | |
82 | 1 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
83 | 1 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, |
84 | 1 | mbedtls_test_srv_crt_len) != 0) { |
85 | 0 | return 1; |
86 | 0 | } |
87 | 1 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, |
88 | 1 | mbedtls_test_cas_pem_len) != 0) { |
89 | 0 | return 1; |
90 | 0 | } |
91 | 1 | if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, |
92 | 1 | mbedtls_test_srv_key_len, NULL, 0, |
93 | 1 | dummy_random, &ctr_drbg) != 0) { |
94 | 0 | return 1; |
95 | 0 | } |
96 | 1 | #endif |
97 | | |
98 | 1 | alpn_list[0] = "HTTP"; |
99 | 1 | alpn_list[1] = "fuzzalpn"; |
100 | 1 | alpn_list[2] = NULL; |
101 | | |
102 | 1 | dummy_init(); |
103 | | |
104 | 1 | initialized = 1; |
105 | 1 | } |
106 | | |
107 | 1.59k | if (mbedtls_ssl_config_defaults(&conf, |
108 | 1.59k | MBEDTLS_SSL_IS_SERVER, |
109 | 1.59k | MBEDTLS_SSL_TRANSPORT_STREAM, |
110 | 1.59k | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { |
111 | 0 | goto exit; |
112 | 0 | } |
113 | | |
114 | 1.59k | srand(1); |
115 | 1.59k | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); |
116 | | |
117 | 1.59k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
118 | 1.59k | mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); |
119 | 1.59k | if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { |
120 | 0 | goto exit; |
121 | 0 | } |
122 | 1.59k | #endif |
123 | | |
124 | 1.59k | mbedtls_ssl_conf_cert_req_ca_list(&conf, |
125 | 1.59k | (options & |
126 | 1.59k | 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED); |
127 | 1.59k | #if defined(MBEDTLS_SSL_ALPN) |
128 | 1.59k | if (options & 0x2) { |
129 | 740 | mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); |
130 | 740 | } |
131 | 1.59k | #endif |
132 | 1.59k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
133 | 1.59k | if (options & 0x4) { |
134 | 753 | if (mbedtls_ssl_ticket_setup(&ticket_ctx, |
135 | 753 | dummy_random, &ctr_drbg, |
136 | 753 | MBEDTLS_CIPHER_AES_256_GCM, |
137 | 753 | 86400) != 0) { |
138 | 0 | goto exit; |
139 | 0 | } |
140 | | |
141 | 753 | mbedtls_ssl_conf_session_tickets_cb(&conf, |
142 | 753 | mbedtls_ssl_ticket_write, |
143 | 753 | mbedtls_ssl_ticket_parse, |
144 | 753 | &ticket_ctx); |
145 | 753 | } |
146 | 1.59k | #endif |
147 | 1.59k | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
148 | 1.59k | mbedtls_ssl_conf_extended_master_secret(&conf, |
149 | 1.59k | (options & |
150 | 1.59k | 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); |
151 | 1.59k | #endif |
152 | 1.59k | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
153 | 1.59k | mbedtls_ssl_conf_encrypt_then_mac(&conf, |
154 | 1.59k | (options & |
155 | 1.59k | 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); |
156 | 1.59k | #endif |
157 | 1.59k | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
158 | 1.59k | if (options & 0x40) { |
159 | 710 | mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), |
160 | 710 | (const unsigned char *) psk_id, sizeof(psk_id) - 1); |
161 | 710 | } |
162 | 1.59k | #endif |
163 | 1.59k | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
164 | 1.59k | mbedtls_ssl_conf_renegotiation(&conf, |
165 | 1.59k | (options & |
166 | 1.59k | 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); |
167 | 1.59k | #endif |
168 | | |
169 | 1.59k | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { |
170 | 0 | goto exit; |
171 | 0 | } |
172 | | |
173 | 1.59k | biomemfuzz.Data = Data; |
174 | 1.59k | biomemfuzz.Size = Size-1; |
175 | 1.59k | biomemfuzz.Offset = 0; |
176 | 1.59k | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); |
177 | | |
178 | 1.59k | mbedtls_ssl_session_reset(&ssl); |
179 | 1.59k | ret = mbedtls_ssl_handshake(&ssl); |
180 | 1.59k | if (ret == 0) { |
181 | | //keep reading data from server until the end |
182 | 0 | do { |
183 | 0 | len = sizeof(buf) - 1; |
184 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); |
185 | |
|
186 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { |
187 | 0 | continue; |
188 | 0 | } else if (ret <= 0) { |
189 | | //EOF or error |
190 | 0 | break; |
191 | 0 | } |
192 | 0 | } while (1); |
193 | 0 | } |
194 | | |
195 | 1.59k | exit: |
196 | 1.59k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
197 | 1.59k | mbedtls_ssl_ticket_free(&ticket_ctx); |
198 | 1.59k | #endif |
199 | 1.59k | mbedtls_entropy_free(&entropy); |
200 | 1.59k | mbedtls_ctr_drbg_free(&ctr_drbg); |
201 | 1.59k | mbedtls_ssl_config_free(&conf); |
202 | 1.59k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
203 | 1.59k | mbedtls_x509_crt_free(&srvcert); |
204 | 1.59k | mbedtls_pk_free(&pkey); |
205 | 1.59k | #endif |
206 | 1.59k | mbedtls_ssl_free(&ssl); |
207 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
208 | | mbedtls_psa_crypto_free(); |
209 | | #endif |
210 | | #else |
211 | | (void) Data; |
212 | | (void) Size; |
213 | | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ |
214 | | |
215 | 1.59k | return 0; |
216 | 1.59k | } |