/src/mbedtls/programs/fuzz/fuzz_server.c
Line | Count | Source (jump to first uncovered line) |
1 | | #include "mbedtls/ssl.h" |
2 | | #include "mbedtls/entropy.h" |
3 | | #include "mbedtls/ctr_drbg.h" |
4 | | #include "mbedtls/ssl_ticket.h" |
5 | | #include "test/certs.h" |
6 | | #include "common.h" |
7 | | #include <string.h> |
8 | | #include <stdlib.h> |
9 | | #include <stdint.h> |
10 | | |
11 | | |
12 | | #if defined(MBEDTLS_SSL_SRV_C) && \ |
13 | | defined(MBEDTLS_ENTROPY_C) && \ |
14 | | defined(MBEDTLS_CTR_DRBG_C) |
15 | | const char *pers = "fuzz_server"; |
16 | | static int initialized = 0; |
17 | | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
18 | | static mbedtls_x509_crt srvcert; |
19 | | static mbedtls_pk_context pkey; |
20 | | #endif |
21 | | const char *alpn_list[3]; |
22 | | |
23 | | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
24 | | const unsigned char psk[] = { |
25 | | 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, |
26 | | 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f |
27 | | }; |
28 | | const char psk_id[] = "Client_identity"; |
29 | | #endif |
30 | | #endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C |
31 | | |
32 | | |
33 | | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
34 | 1.63k | { |
35 | 1.63k | #if defined(MBEDTLS_SSL_SRV_C) && \ |
36 | 1.63k | defined(MBEDTLS_ENTROPY_C) && \ |
37 | 1.63k | defined(MBEDTLS_CTR_DRBG_C) |
38 | 1.63k | int ret; |
39 | 1.63k | size_t len; |
40 | 1.63k | mbedtls_ssl_context ssl; |
41 | 1.63k | mbedtls_ssl_config conf; |
42 | 1.63k | mbedtls_ctr_drbg_context ctr_drbg; |
43 | 1.63k | mbedtls_entropy_context entropy; |
44 | 1.63k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
45 | 1.63k | mbedtls_ssl_ticket_context ticket_ctx; |
46 | 1.63k | #endif |
47 | 1.63k | unsigned char buf[4096]; |
48 | 1.63k | fuzzBufferOffset_t biomemfuzz; |
49 | 1.63k | uint8_t options; |
50 | | |
51 | | //we take 1 byte as options input |
52 | 1.63k | if (Size < 1) { |
53 | 0 | return 0; |
54 | 0 | } |
55 | 1.63k | options = Data[Size - 1]; |
56 | | |
57 | 1.63k | mbedtls_ctr_drbg_init(&ctr_drbg); |
58 | 1.63k | mbedtls_entropy_init(&entropy); |
59 | 1.63k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
60 | 1.63k | mbedtls_x509_crt_init(&srvcert); |
61 | 1.63k | mbedtls_pk_init(&pkey); |
62 | 1.63k | #endif |
63 | 1.63k | mbedtls_ssl_init(&ssl); |
64 | 1.63k | mbedtls_ssl_config_init(&conf); |
65 | 1.63k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
66 | 1.63k | mbedtls_ssl_ticket_init(&ticket_ctx); |
67 | 1.63k | #endif |
68 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
69 | | psa_status_t status = psa_crypto_init(); |
70 | 21 | if (status != PSA_SUCCESS) { |
71 | 21 | goto exit; |
72 | 21 | } |
73 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
74 | | |
75 | 1.61k | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, |
76 | 1.61k | (const unsigned char *) pers, strlen(pers)) != 0) { |
77 | 0 | return 1; |
78 | 0 | } |
79 | | |
80 | 1.61k | if (initialized == 0) { |
81 | | |
82 | 1 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
83 | 1 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, |
84 | 1 | mbedtls_test_srv_crt_len) != 0) { |
85 | 0 | return 1; |
86 | 0 | } |
87 | 1 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, |
88 | 1 | mbedtls_test_cas_pem_len) != 0) { |
89 | 0 | return 1; |
90 | 0 | } |
91 | 1 | if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, |
92 | 1 | mbedtls_test_srv_key_len, NULL, 0, |
93 | 1 | dummy_random, &ctr_drbg) != 0) { |
94 | 0 | return 1; |
95 | 0 | } |
96 | 1 | #endif |
97 | | |
98 | 1 | alpn_list[0] = "HTTP"; |
99 | 1 | alpn_list[1] = "fuzzalpn"; |
100 | 1 | alpn_list[2] = NULL; |
101 | | |
102 | 1 | dummy_init(); |
103 | | |
104 | 1 | initialized = 1; |
105 | 1 | } |
106 | | |
107 | 1.61k | if (mbedtls_ssl_config_defaults(&conf, |
108 | 1.61k | MBEDTLS_SSL_IS_SERVER, |
109 | 1.61k | MBEDTLS_SSL_TRANSPORT_STREAM, |
110 | 1.61k | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { |
111 | 0 | goto exit; |
112 | 0 | } |
113 | | |
114 | 1.61k | srand(1); |
115 | 1.61k | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); |
116 | | |
117 | 1.61k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
118 | 1.61k | mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); |
119 | 1.61k | if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { |
120 | 0 | goto exit; |
121 | 0 | } |
122 | 1.61k | #endif |
123 | | |
124 | 1.61k | mbedtls_ssl_conf_cert_req_ca_list(&conf, |
125 | 1.61k | (options & |
126 | 1.61k | 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED); |
127 | 1.61k | #if defined(MBEDTLS_SSL_ALPN) |
128 | 1.61k | if (options & 0x2) { |
129 | 746 | mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); |
130 | 746 | } |
131 | 1.61k | #endif |
132 | 1.61k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
133 | 1.61k | if (options & 0x4) { |
134 | 834 | if (mbedtls_ssl_ticket_setup(&ticket_ctx, |
135 | 834 | dummy_random, &ctr_drbg, |
136 | 834 | MBEDTLS_CIPHER_AES_256_GCM, |
137 | 834 | 86400) != 0) { |
138 | 0 | goto exit; |
139 | 0 | } |
140 | | |
141 | 834 | mbedtls_ssl_conf_session_tickets_cb(&conf, |
142 | 834 | mbedtls_ssl_ticket_write, |
143 | 834 | mbedtls_ssl_ticket_parse, |
144 | 834 | &ticket_ctx); |
145 | 834 | } |
146 | 1.61k | #endif |
147 | 1.61k | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) |
148 | 1.61k | mbedtls_ssl_conf_extended_master_secret(&conf, |
149 | 1.61k | (options & |
150 | 1.61k | 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); |
151 | 1.61k | #endif |
152 | 1.61k | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) |
153 | 1.61k | mbedtls_ssl_conf_encrypt_then_mac(&conf, |
154 | 1.61k | (options & |
155 | 1.61k | 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); |
156 | 1.61k | #endif |
157 | 1.61k | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) |
158 | 1.61k | if (options & 0x40) { |
159 | 738 | mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), |
160 | 738 | (const unsigned char *) psk_id, sizeof(psk_id) - 1); |
161 | 738 | } |
162 | 1.61k | #endif |
163 | 1.61k | #if defined(MBEDTLS_SSL_RENEGOTIATION) |
164 | 1.61k | mbedtls_ssl_conf_renegotiation(&conf, |
165 | 1.61k | (options & |
166 | 1.61k | 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); |
167 | 1.61k | #endif |
168 | | |
169 | 1.61k | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { |
170 | 0 | goto exit; |
171 | 0 | } |
172 | | |
173 | 1.61k | biomemfuzz.Data = Data; |
174 | 1.61k | biomemfuzz.Size = Size-1; |
175 | 1.61k | biomemfuzz.Offset = 0; |
176 | 1.61k | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); |
177 | | |
178 | 1.61k | mbedtls_ssl_session_reset(&ssl); |
179 | 1.61k | ret = mbedtls_ssl_handshake(&ssl); |
180 | 1.61k | if (ret == 0) { |
181 | | //keep reading data from server until the end |
182 | 0 | do { |
183 | 0 | len = sizeof(buf) - 1; |
184 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); |
185 | |
|
186 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { |
187 | 0 | continue; |
188 | 0 | } else if (ret <= 0) { |
189 | | //EOF or error |
190 | 0 | break; |
191 | 0 | } |
192 | 0 | } while (1); |
193 | 0 | } |
194 | | |
195 | 1.63k | exit: |
196 | 1.63k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) |
197 | 1.63k | mbedtls_ssl_ticket_free(&ticket_ctx); |
198 | 1.63k | #endif |
199 | 1.63k | mbedtls_entropy_free(&entropy); |
200 | 1.63k | mbedtls_ctr_drbg_free(&ctr_drbg); |
201 | 1.63k | mbedtls_ssl_config_free(&conf); |
202 | 1.63k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
203 | 1.63k | mbedtls_x509_crt_free(&srvcert); |
204 | 1.63k | mbedtls_pk_free(&pkey); |
205 | 1.63k | #endif |
206 | 1.63k | mbedtls_ssl_free(&ssl); |
207 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
208 | | mbedtls_psa_crypto_free(); |
209 | | #endif |
210 | | #else |
211 | | (void) Data; |
212 | | (void) Size; |
213 | | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ |
214 | | |
215 | 1.63k | return 0; |
216 | 1.61k | } Line | Count | Source | 34 | 1.61k | { | 35 | 1.61k | #if defined(MBEDTLS_SSL_SRV_C) && \ | 36 | 1.61k | defined(MBEDTLS_ENTROPY_C) && \ | 37 | 1.61k | defined(MBEDTLS_CTR_DRBG_C) | 38 | 1.61k | int ret; | 39 | 1.61k | size_t len; | 40 | 1.61k | mbedtls_ssl_context ssl; | 41 | 1.61k | mbedtls_ssl_config conf; | 42 | 1.61k | mbedtls_ctr_drbg_context ctr_drbg; | 43 | 1.61k | mbedtls_entropy_context entropy; | 44 | 1.61k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 45 | 1.61k | mbedtls_ssl_ticket_context ticket_ctx; | 46 | 1.61k | #endif | 47 | 1.61k | unsigned char buf[4096]; | 48 | 1.61k | fuzzBufferOffset_t biomemfuzz; | 49 | 1.61k | uint8_t options; | 50 | | | 51 | | //we take 1 byte as options input | 52 | 1.61k | if (Size < 1) { | 53 | 0 | return 0; | 54 | 0 | } | 55 | 1.61k | options = Data[Size - 1]; | 56 | | | 57 | 1.61k | mbedtls_ctr_drbg_init(&ctr_drbg); | 58 | 1.61k | mbedtls_entropy_init(&entropy); | 59 | 1.61k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 60 | 1.61k | mbedtls_x509_crt_init(&srvcert); | 61 | 1.61k | mbedtls_pk_init(&pkey); | 62 | 1.61k | #endif | 63 | 1.61k | mbedtls_ssl_init(&ssl); | 64 | 1.61k | mbedtls_ssl_config_init(&conf); | 65 | 1.61k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 66 | 1.61k | mbedtls_ssl_ticket_init(&ticket_ctx); | 67 | 1.61k | #endif | 68 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 69 | | psa_status_t status = psa_crypto_init(); | 70 | | if (status != PSA_SUCCESS) { | 71 | | goto exit; | 72 | | } | 73 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ | 74 | | | 75 | 1.61k | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, | 76 | 1.61k | (const unsigned char *) pers, strlen(pers)) != 0) { | 77 | 0 | return 1; | 78 | 0 | } | 79 | | | 80 | 1.61k | if (initialized == 0) { | 81 | | | 82 | 1 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 83 | 1 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, | 84 | 1 | mbedtls_test_srv_crt_len) != 0) { | 85 | 0 | return 1; | 86 | 0 | } | 87 | 1 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, | 88 | 1 | mbedtls_test_cas_pem_len) != 0) { | 89 | 0 | return 1; | 90 | 0 | } | 91 | 1 | if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, | 92 | 1 | mbedtls_test_srv_key_len, NULL, 0, | 93 | 1 | dummy_random, &ctr_drbg) != 0) { | 94 | 0 | return 1; | 95 | 0 | } | 96 | 1 | #endif | 97 | | | 98 | 1 | alpn_list[0] = "HTTP"; | 99 | 1 | alpn_list[1] = "fuzzalpn"; | 100 | 1 | alpn_list[2] = NULL; | 101 | | | 102 | 1 | dummy_init(); | 103 | | | 104 | 1 | initialized = 1; | 105 | 1 | } | 106 | | | 107 | 1.61k | if (mbedtls_ssl_config_defaults(&conf, | 108 | 1.61k | MBEDTLS_SSL_IS_SERVER, | 109 | 1.61k | MBEDTLS_SSL_TRANSPORT_STREAM, | 110 | 1.61k | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { | 111 | 0 | goto exit; | 112 | 0 | } | 113 | | | 114 | 1.61k | srand(1); | 115 | 1.61k | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); | 116 | | | 117 | 1.61k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 118 | 1.61k | mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); | 119 | 1.61k | if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { | 120 | 0 | goto exit; | 121 | 0 | } | 122 | 1.61k | #endif | 123 | | | 124 | 1.61k | mbedtls_ssl_conf_cert_req_ca_list(&conf, | 125 | 1.61k | (options & | 126 | 1.61k | 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED); | 127 | 1.61k | #if defined(MBEDTLS_SSL_ALPN) | 128 | 1.61k | if (options & 0x2) { | 129 | 746 | mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); | 130 | 746 | } | 131 | 1.61k | #endif | 132 | 1.61k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 133 | 1.61k | if (options & 0x4) { | 134 | 834 | if (mbedtls_ssl_ticket_setup(&ticket_ctx, | 135 | 834 | dummy_random, &ctr_drbg, | 136 | 834 | MBEDTLS_CIPHER_AES_256_GCM, | 137 | 834 | 86400) != 0) { | 138 | 0 | goto exit; | 139 | 0 | } | 140 | | | 141 | 834 | mbedtls_ssl_conf_session_tickets_cb(&conf, | 142 | 834 | mbedtls_ssl_ticket_write, | 143 | 834 | mbedtls_ssl_ticket_parse, | 144 | 834 | &ticket_ctx); | 145 | 834 | } | 146 | 1.61k | #endif | 147 | 1.61k | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) | 148 | 1.61k | mbedtls_ssl_conf_extended_master_secret(&conf, | 149 | 1.61k | (options & | 150 | 1.61k | 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); | 151 | 1.61k | #endif | 152 | 1.61k | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) | 153 | 1.61k | mbedtls_ssl_conf_encrypt_then_mac(&conf, | 154 | 1.61k | (options & | 155 | 1.61k | 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); | 156 | 1.61k | #endif | 157 | 1.61k | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) | 158 | 1.61k | if (options & 0x40) { | 159 | 738 | mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), | 160 | 738 | (const unsigned char *) psk_id, sizeof(psk_id) - 1); | 161 | 738 | } | 162 | 1.61k | #endif | 163 | 1.61k | #if defined(MBEDTLS_SSL_RENEGOTIATION) | 164 | 1.61k | mbedtls_ssl_conf_renegotiation(&conf, | 165 | 1.61k | (options & | 166 | 1.61k | 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); | 167 | 1.61k | #endif | 168 | | | 169 | 1.61k | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { | 170 | 0 | goto exit; | 171 | 0 | } | 172 | | | 173 | 1.61k | biomemfuzz.Data = Data; | 174 | 1.61k | biomemfuzz.Size = Size-1; | 175 | 1.61k | biomemfuzz.Offset = 0; | 176 | 1.61k | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); | 177 | | | 178 | 1.61k | mbedtls_ssl_session_reset(&ssl); | 179 | 1.61k | ret = mbedtls_ssl_handshake(&ssl); | 180 | 1.61k | if (ret == 0) { | 181 | | //keep reading data from server until the end | 182 | 0 | do { | 183 | 0 | len = sizeof(buf) - 1; | 184 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); | 185 | |
| 186 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { | 187 | 0 | continue; | 188 | 0 | } else if (ret <= 0) { | 189 | | //EOF or error | 190 | 0 | break; | 191 | 0 | } | 192 | 0 | } while (1); | 193 | 0 | } | 194 | | | 195 | 1.61k | exit: | 196 | 1.61k | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 197 | 1.61k | mbedtls_ssl_ticket_free(&ticket_ctx); | 198 | 1.61k | #endif | 199 | 1.61k | mbedtls_entropy_free(&entropy); | 200 | 1.61k | mbedtls_ctr_drbg_free(&ctr_drbg); | 201 | 1.61k | mbedtls_ssl_config_free(&conf); | 202 | 1.61k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 203 | 1.61k | mbedtls_x509_crt_free(&srvcert); | 204 | 1.61k | mbedtls_pk_free(&pkey); | 205 | 1.61k | #endif | 206 | 1.61k | mbedtls_ssl_free(&ssl); | 207 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 208 | | mbedtls_psa_crypto_free(); | 209 | | #endif | 210 | | #else | 211 | | (void) Data; | 212 | | (void) Size; | 213 | | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ | 214 | | | 215 | 1.61k | return 0; | 216 | 1.61k | } |
Line | Count | Source | 34 | 21 | { | 35 | 21 | #if defined(MBEDTLS_SSL_SRV_C) && \ | 36 | 21 | defined(MBEDTLS_ENTROPY_C) && \ | 37 | 21 | defined(MBEDTLS_CTR_DRBG_C) | 38 | 21 | int ret; | 39 | 21 | size_t len; | 40 | 21 | mbedtls_ssl_context ssl; | 41 | 21 | mbedtls_ssl_config conf; | 42 | 21 | mbedtls_ctr_drbg_context ctr_drbg; | 43 | 21 | mbedtls_entropy_context entropy; | 44 | 21 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 45 | 21 | mbedtls_ssl_ticket_context ticket_ctx; | 46 | 21 | #endif | 47 | 21 | unsigned char buf[4096]; | 48 | 21 | fuzzBufferOffset_t biomemfuzz; | 49 | 21 | uint8_t options; | 50 | | | 51 | | //we take 1 byte as options input | 52 | 21 | if (Size < 1) { | 53 | 0 | return 0; | 54 | 0 | } | 55 | 21 | options = Data[Size - 1]; | 56 | | | 57 | 21 | mbedtls_ctr_drbg_init(&ctr_drbg); | 58 | 21 | mbedtls_entropy_init(&entropy); | 59 | 21 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 60 | 21 | mbedtls_x509_crt_init(&srvcert); | 61 | 21 | mbedtls_pk_init(&pkey); | 62 | 21 | #endif | 63 | 21 | mbedtls_ssl_init(&ssl); | 64 | 21 | mbedtls_ssl_config_init(&conf); | 65 | 21 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 66 | 21 | mbedtls_ssl_ticket_init(&ticket_ctx); | 67 | 21 | #endif | 68 | 21 | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 69 | 21 | psa_status_t status = psa_crypto_init(); | 70 | 21 | if (status != PSA_SUCCESS) { | 71 | 21 | goto exit; | 72 | 21 | } | 73 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ | 74 | | | 75 | 0 | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, | 76 | 0 | (const unsigned char *) pers, strlen(pers)) != 0) { | 77 | 0 | return 1; | 78 | 0 | } | 79 | | | 80 | 0 | if (initialized == 0) { | 81 | |
| 82 | 0 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 83 | 0 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt, | 84 | 0 | mbedtls_test_srv_crt_len) != 0) { | 85 | 0 | return 1; | 86 | 0 | } | 87 | 0 | if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem, | 88 | 0 | mbedtls_test_cas_pem_len) != 0) { | 89 | 0 | return 1; | 90 | 0 | } | 91 | 0 | if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key, | 92 | 0 | mbedtls_test_srv_key_len, NULL, 0, | 93 | 0 | dummy_random, &ctr_drbg) != 0) { | 94 | 0 | return 1; | 95 | 0 | } | 96 | 0 | #endif | 97 | | | 98 | 0 | alpn_list[0] = "HTTP"; | 99 | 0 | alpn_list[1] = "fuzzalpn"; | 100 | 0 | alpn_list[2] = NULL; | 101 | |
| 102 | 0 | dummy_init(); | 103 | |
| 104 | 0 | initialized = 1; | 105 | 0 | } | 106 | | | 107 | 0 | if (mbedtls_ssl_config_defaults(&conf, | 108 | 0 | MBEDTLS_SSL_IS_SERVER, | 109 | 0 | MBEDTLS_SSL_TRANSPORT_STREAM, | 110 | 0 | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { | 111 | 0 | goto exit; | 112 | 0 | } | 113 | | | 114 | 0 | srand(1); | 115 | 0 | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); | 116 | |
| 117 | 0 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 118 | 0 | mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL); | 119 | 0 | if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) { | 120 | 0 | goto exit; | 121 | 0 | } | 122 | 0 | #endif | 123 | | | 124 | 0 | mbedtls_ssl_conf_cert_req_ca_list(&conf, | 125 | 0 | (options & | 126 | 0 | 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED); | 127 | 0 | #if defined(MBEDTLS_SSL_ALPN) | 128 | 0 | if (options & 0x2) { | 129 | 0 | mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list); | 130 | 0 | } | 131 | 0 | #endif | 132 | 0 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 133 | 0 | if (options & 0x4) { | 134 | 0 | if (mbedtls_ssl_ticket_setup(&ticket_ctx, | 135 | 0 | dummy_random, &ctr_drbg, | 136 | 0 | MBEDTLS_CIPHER_AES_256_GCM, | 137 | 0 | 86400) != 0) { | 138 | 0 | goto exit; | 139 | 0 | } | 140 | | | 141 | 0 | mbedtls_ssl_conf_session_tickets_cb(&conf, | 142 | 0 | mbedtls_ssl_ticket_write, | 143 | 0 | mbedtls_ssl_ticket_parse, | 144 | 0 | &ticket_ctx); | 145 | 0 | } | 146 | 0 | #endif | 147 | 0 | #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) | 148 | 0 | mbedtls_ssl_conf_extended_master_secret(&conf, | 149 | 0 | (options & | 150 | 0 | 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); | 151 | 0 | #endif | 152 | 0 | #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) | 153 | 0 | mbedtls_ssl_conf_encrypt_then_mac(&conf, | 154 | 0 | (options & | 155 | 0 | 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); | 156 | 0 | #endif | 157 | 0 | #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) | 158 | 0 | if (options & 0x40) { | 159 | 0 | mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk), | 160 | 0 | (const unsigned char *) psk_id, sizeof(psk_id) - 1); | 161 | 0 | } | 162 | 0 | #endif | 163 | 0 | #if defined(MBEDTLS_SSL_RENEGOTIATION) | 164 | 0 | mbedtls_ssl_conf_renegotiation(&conf, | 165 | 0 | (options & | 166 | 0 | 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED); | 167 | 0 | #endif | 168 | |
| 169 | 0 | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { | 170 | 0 | goto exit; | 171 | 0 | } | 172 | | | 173 | 0 | biomemfuzz.Data = Data; | 174 | 0 | biomemfuzz.Size = Size-1; | 175 | 0 | biomemfuzz.Offset = 0; | 176 | 0 | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL); | 177 | |
| 178 | 0 | mbedtls_ssl_session_reset(&ssl); | 179 | 0 | ret = mbedtls_ssl_handshake(&ssl); | 180 | 0 | if (ret == 0) { | 181 | | //keep reading data from server until the end | 182 | 0 | do { | 183 | 0 | len = sizeof(buf) - 1; | 184 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); | 185 | |
| 186 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { | 187 | 0 | continue; | 188 | 0 | } else if (ret <= 0) { | 189 | | //EOF or error | 190 | 0 | break; | 191 | 0 | } | 192 | 0 | } while (1); | 193 | 0 | } | 194 | | | 195 | 21 | exit: | 196 | 21 | #if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_TICKET_C) | 197 | 21 | mbedtls_ssl_ticket_free(&ticket_ctx); | 198 | 21 | #endif | 199 | 21 | mbedtls_entropy_free(&entropy); | 200 | 21 | mbedtls_ctr_drbg_free(&ctr_drbg); | 201 | 21 | mbedtls_ssl_config_free(&conf); | 202 | 21 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 203 | 21 | mbedtls_x509_crt_free(&srvcert); | 204 | 21 | mbedtls_pk_free(&pkey); | 205 | 21 | #endif | 206 | 21 | mbedtls_ssl_free(&ssl); | 207 | 21 | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 208 | 21 | mbedtls_psa_crypto_free(); | 209 | 21 | #endif | 210 | | #else | 211 | | (void) Data; | 212 | | (void) Size; | 213 | | #endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ | 214 | | | 215 | 21 | return 0; | 216 | 0 | } |
|