/src/mbedtls/programs/fuzz/fuzz_server.c

Source (jump to first uncovered line)
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/ssl_ticket.h"
#include "test/certs.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>
#include <stdint.h>


#if defined(MBEDTLS_SSL_SRV_C) && \
    defined(MBEDTLS_ENTROPY_C) && \
    defined(MBEDTLS_CTR_DRBG_C)
const char *pers = "fuzz_server";
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt srvcert;
static mbedtls_pk_context pkey;
#endif
const char *alpn_list[3];

#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
const unsigned char psk[] = {
    0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
    0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
const char psk_id[] = "Client_identity";
#endif
#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C


int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
{
#if defined(MBEDTLS_SSL_SRV_C) && \
    defined(MBEDTLS_ENTROPY_C) && \
    defined(MBEDTLS_CTR_DRBG_C)
    int ret;
    size_t len;
    mbedtls_ssl_context ssl;
    mbedtls_ssl_config conf;
    mbedtls_ctr_drbg_context ctr_drbg;
    mbedtls_entropy_context entropy;
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
    mbedtls_ssl_ticket_context ticket_ctx;
#endif
    unsigned char buf[4096];
    fuzzBufferOffset_t biomemfuzz;
    uint8_t options;

    //we take 1 byte as options input
    if (Size < 1) {
        return 0;
    }
    options = Data[Size - 1];

    mbedtls_ctr_drbg_init(&ctr_drbg);
    mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
    mbedtls_x509_crt_init(&srvcert);
    mbedtls_pk_init(&pkey);
#endif
    mbedtls_ssl_init(&ssl);
    mbedtls_ssl_config_init(&conf);
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
    mbedtls_ssl_ticket_init(&ticket_ctx);
#endif
#if defined(MBEDTLS_USE_PSA_CRYPTO)
    psa_status_t status = psa_crypto_init();
    if (status != PSA_SUCCESS) {
        goto exit;
    }
#endif /* MBEDTLS_USE_PSA_CRYPTO */

    if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
                              (const unsigned char *) pers, strlen(pers)) != 0) {
        return 1;
    }

    if (initialized == 0) {

#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
        if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
                                   mbedtls_test_srv_crt_len) != 0) {
            return 1;
        }
        if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
                                   mbedtls_test_cas_pem_len) != 0) {
            return 1;
        }
        if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
                                 mbedtls_test_srv_key_len, NULL, 0,
                                 dummy_random, &ctr_drbg) != 0) {
            return 1;
        }
#endif

        alpn_list[0] = "HTTP";
        alpn_list[1] = "fuzzalpn";
        alpn_list[2] = NULL;

        dummy_init();

        initialized = 1;
    }

    if (mbedtls_ssl_config_defaults(&conf,
                                    MBEDTLS_SSL_IS_SERVER,
                                    MBEDTLS_SSL_TRANSPORT_STREAM,
                                    MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
        goto exit;
    }

    srand(1);
    mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);

#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
    mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
    if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
        goto exit;
    }
#endif

    mbedtls_ssl_conf_cert_req_ca_list(&conf,
                                      (options &
                                       0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
#if defined(MBEDTLS_SSL_ALPN)
    if (options & 0x2) {
        mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
    }
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
    if (options & 0x4) {
        if (mbedtls_ssl_ticket_setup(&ticket_ctx,
                                     dummy_random, &ctr_drbg,
                                     MBEDTLS_CIPHER_AES_256_GCM,
                                     86400) != 0) {
            goto exit;
        }

        mbedtls_ssl_conf_session_tickets_cb(&conf,
                                            mbedtls_ssl_ticket_write,
                                            mbedtls_ssl_ticket_parse,
                                            &ticket_ctx);
    }
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
    mbedtls_ssl_conf_extended_master_secret(&conf,
                                            (options &
                                             0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
    mbedtls_ssl_conf_encrypt_then_mac(&conf,
                                      (options &
                                       0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
    if (options & 0x40) {
        mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
                             (const unsigned char *) psk_id, sizeof(psk_id) - 1);
    }
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
    mbedtls_ssl_conf_renegotiation(&conf,
                                   (options &
                                    0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
#endif

    if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
        goto exit;
    }

    biomemfuzz.Data = Data;
    biomemfuzz.Size = Size-1;
    biomemfuzz.Offset = 0;
    mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);

    mbedtls_ssl_session_reset(&ssl);
    ret = mbedtls_ssl_handshake(&ssl);
    if (ret == 0) {
        //keep reading data from server until the end
        do {
            len = sizeof(buf) - 1;
            ret = mbedtls_ssl_read(&ssl, buf, len);

            if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
                continue;
            } else if (ret <= 0) {
                //EOF or error
                break;
            }
        } while (1);
    }

exit:
#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
    mbedtls_ssl_ticket_free(&ticket_ctx);
#endif
    mbedtls_entropy_free(&entropy);
    mbedtls_ctr_drbg_free(&ctr_drbg);
    mbedtls_ssl_config_free(&conf);
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
    mbedtls_x509_crt_free(&srvcert);
    mbedtls_pk_free(&pkey);
#endif
    mbedtls_ssl_free(&ssl);
#if defined(MBEDTLS_USE_PSA_CRYPTO)
    mbedtls_psa_crypto_free();
#endif
#else
    (void) Data;
    (void) Size;
#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */

    return 0;
}

Coverage Report

Created: 2025-03-01 06:26

Line	Count	Source (jump to first uncovered line)
1		#include "mbedtls/ssl.h"
2		#include "mbedtls/entropy.h"
3		#include "mbedtls/ctr_drbg.h"
4		#include "mbedtls/ssl_ticket.h"
5		#include "test/certs.h"
6		#include "common.h"
7		#include <string.h>
8		#include <stdlib.h>
9		#include <stdint.h>
10
11
12		#if defined(MBEDTLS_SSL_SRV_C) && \
13		defined(MBEDTLS_ENTROPY_C) && \
14		defined(MBEDTLS_CTR_DRBG_C)
15		const char *pers = "fuzz_server";
16		static int initialized = 0;
17		#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
18		static mbedtls_x509_crt srvcert;
19		static mbedtls_pk_context pkey;
20		#endif
21		const char *alpn_list[3];
22
23		#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
24		const unsigned char psk[] = {
25		0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
26		0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
27		};
28		const char psk_id[] = "Client_identity";
29		#endif
30		#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C
31
32
33		int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
34	1.59k	{
35	1.59k	#if defined(MBEDTLS_SSL_SRV_C) && \
36	1.59k	defined(MBEDTLS_ENTROPY_C) && \
37	1.59k	defined(MBEDTLS_CTR_DRBG_C)
38	1.59k	int ret;
39	1.59k	size_t len;
40	1.59k	mbedtls_ssl_context ssl;
41	1.59k	mbedtls_ssl_config conf;
42	1.59k	mbedtls_ctr_drbg_context ctr_drbg;
43	1.59k	mbedtls_entropy_context entropy;
44	1.59k	#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
45	1.59k	mbedtls_ssl_ticket_context ticket_ctx;
46	1.59k	#endif
47	1.59k	unsigned char buf[4096];
48	1.59k	fuzzBufferOffset_t biomemfuzz;
49	1.59k	uint8_t options;
50
51		//we take 1 byte as options input
52	1.59k	if (Size < 1) {
53	0	return 0;
54	0	}
55	1.59k	options = Data[Size - 1];
56
57	1.59k	mbedtls_ctr_drbg_init(&ctr_drbg);
58	1.59k	mbedtls_entropy_init(&entropy);
59	1.59k	#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
60	1.59k	mbedtls_x509_crt_init(&srvcert);
61	1.59k	mbedtls_pk_init(&pkey);
62	1.59k	#endif
63	1.59k	mbedtls_ssl_init(&ssl);
64	1.59k	mbedtls_ssl_config_init(&conf);
65	1.59k	#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
66	1.59k	mbedtls_ssl_ticket_init(&ticket_ctx);
67	1.59k	#endif
68		#if defined(MBEDTLS_USE_PSA_CRYPTO)
69		psa_status_t status = psa_crypto_init();
70		if (status != PSA_SUCCESS) {
71		goto exit;
72		}
73		#endif /* MBEDTLS_USE_PSA_CRYPTO */
74
75	1.59k	if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
76	1.59k	(const unsigned char *) pers, strlen(pers)) != 0) {
77	0	return 1;
78	0	}
79
80	1.59k	if (initialized == 0) {
81
82	1	#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
83	1	if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
84	1	mbedtls_test_srv_crt_len) != 0) {
85	0	return 1;
86	0	}
87	1	if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
88	1	mbedtls_test_cas_pem_len) != 0) {
89	0	return 1;
90	0	}
91	1	if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
92	1	mbedtls_test_srv_key_len, NULL, 0,
93	1	dummy_random, &ctr_drbg) != 0) {
94	0	return 1;
95	0	}
96	1	#endif
97
98	1	alpn_list[0] = "HTTP";
99	1	alpn_list[1] = "fuzzalpn";
100	1	alpn_list[2] = NULL;
101
102	1	dummy_init();
103
104	1	initialized = 1;
105	1	}
106
107	1.59k	if (mbedtls_ssl_config_defaults(&conf,
108	1.59k	MBEDTLS_SSL_IS_SERVER,
109	1.59k	MBEDTLS_SSL_TRANSPORT_STREAM,
110	1.59k	MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
111	0	goto exit;
112	0	}
113
114	1.59k	srand(1);
115	1.59k	mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
116
117	1.59k	#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
118	1.59k	mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
119	1.59k	if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
120	0	goto exit;
121	0	}
122	1.59k	#endif
123
124	1.59k	mbedtls_ssl_conf_cert_req_ca_list(&conf,
125	1.59k	(options &
126	1.59k	0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED);
127	1.59k	#if defined(MBEDTLS_SSL_ALPN)
128	1.59k	if (options & 0x2) {
129	740	mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
130	740	}
131	1.59k	#endif
132	1.59k	#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
133	1.59k	if (options & 0x4) {
134	753	if (mbedtls_ssl_ticket_setup(&ticket_ctx,
135	753	dummy_random, &ctr_drbg,
136	753	MBEDTLS_CIPHER_AES_256_GCM,
137	753	86400) != 0) {
138	0	goto exit;
139	0	}
140
141	753	mbedtls_ssl_conf_session_tickets_cb(&conf,
142	753	mbedtls_ssl_ticket_write,
143	753	mbedtls_ssl_ticket_parse,
144	753	&ticket_ctx);
145	753	}
146	1.59k	#endif
147	1.59k	#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
148	1.59k	mbedtls_ssl_conf_extended_master_secret(&conf,
149	1.59k	(options &
150	1.59k	0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
151	1.59k	#endif
152	1.59k	#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
153	1.59k	mbedtls_ssl_conf_encrypt_then_mac(&conf,
154	1.59k	(options &
155	1.59k	0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
156	1.59k	#endif
157	1.59k	#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
158	1.59k	if (options & 0x40) {
159	710	mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
160	710	(const unsigned char *) psk_id, sizeof(psk_id) - 1);
161	710	}
162	1.59k	#endif
163	1.59k	#if defined(MBEDTLS_SSL_RENEGOTIATION)
164	1.59k	mbedtls_ssl_conf_renegotiation(&conf,
165	1.59k	(options &
166	1.59k	0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
167	1.59k	#endif
168
169	1.59k	if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
170	0	goto exit;
171	0	}
172
173	1.59k	biomemfuzz.Data = Data;
174	1.59k	biomemfuzz.Size = Size-1;
175	1.59k	biomemfuzz.Offset = 0;
176	1.59k	mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
177
178	1.59k	mbedtls_ssl_session_reset(&ssl);
179	1.59k	ret = mbedtls_ssl_handshake(&ssl);
180	1.59k	if (ret == 0) {
181		//keep reading data from server until the end
182	0	do {
183	0	len = sizeof(buf) - 1;
184	0	ret = mbedtls_ssl_read(&ssl, buf, len);
185
186	0	if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
187	0	continue;
188	0	} else if (ret <= 0) {
189		//EOF or error
190	0	break;
191	0	}
192	0	} while (1);
193	0	}
194
195	1.59k	exit:
196	1.59k	#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C)
197	1.59k	mbedtls_ssl_ticket_free(&ticket_ctx);
198	1.59k	#endif
199	1.59k	mbedtls_entropy_free(&entropy);
200	1.59k	mbedtls_ctr_drbg_free(&ctr_drbg);
201	1.59k	mbedtls_ssl_config_free(&conf);
202	1.59k	#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
203	1.59k	mbedtls_x509_crt_free(&srvcert);
204	1.59k	mbedtls_pk_free(&pkey);
205	1.59k	#endif
206	1.59k	mbedtls_ssl_free(&ssl);
207		#if defined(MBEDTLS_USE_PSA_CRYPTO)
208		mbedtls_psa_crypto_free();
209		#endif
210		#else
211		(void) Data;
212		(void) Size;
213		#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
214
215	1.59k	return 0;
216	1.59k	}