/src/mbedtls/programs/fuzz/fuzz_dtlsclient.c
Line | Count | Source |
1 | | #include <string.h> |
2 | | #include <stdlib.h> |
3 | | #include <stdint.h> |
4 | | #include "common.h" |
5 | | #include "mbedtls/ssl.h" |
6 | | #if defined(MBEDTLS_SSL_PROTO_DTLS) |
7 | | #include "mbedtls/entropy.h" |
8 | | #include "mbedtls/ctr_drbg.h" |
9 | | #include "mbedtls/timing.h" |
10 | | #include "test/certs.h" |
11 | | |
12 | | #if defined(MBEDTLS_SSL_CLI_C) && \ |
13 | | defined(MBEDTLS_ENTROPY_C) && \ |
14 | | defined(MBEDTLS_CTR_DRBG_C) && \ |
15 | | defined(MBEDTLS_TIMING_C) |
16 | | static int initialized = 0; |
17 | | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
18 | | static mbedtls_x509_crt cacert; |
19 | | #endif |
20 | | |
21 | | const char *pers = "fuzz_dtlsclient"; |
22 | | #endif |
23 | | #endif // MBEDTLS_SSL_PROTO_DTLS |
24 | | |
25 | | |
26 | | |
27 | | int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) |
28 | 4.42k | { |
29 | 4.42k | #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ |
30 | 4.42k | defined(MBEDTLS_SSL_CLI_C) && \ |
31 | 4.42k | defined(MBEDTLS_ENTROPY_C) && \ |
32 | 4.42k | defined(MBEDTLS_CTR_DRBG_C) && \ |
33 | 4.42k | defined(MBEDTLS_TIMING_C) |
34 | 4.42k | int ret; |
35 | 4.42k | size_t len; |
36 | 4.42k | mbedtls_ssl_context ssl; |
37 | 4.42k | mbedtls_ssl_config conf; |
38 | 4.42k | mbedtls_ctr_drbg_context ctr_drbg; |
39 | 4.42k | mbedtls_entropy_context entropy; |
40 | 4.42k | mbedtls_timing_delay_context timer; |
41 | 4.42k | unsigned char buf[4096]; |
42 | 4.42k | fuzzBufferOffset_t biomemfuzz; |
43 | | |
44 | 4.42k | if (initialized == 0) { |
45 | 2 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
46 | 2 | mbedtls_x509_crt_init(&cacert); |
47 | 2 | if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, |
48 | 2 | mbedtls_test_cas_pem_len) != 0) { |
49 | 0 | return 1; |
50 | 0 | } |
51 | 2 | #endif |
52 | 2 | dummy_init(); |
53 | | |
54 | 2 | initialized = 1; |
55 | 2 | } |
56 | | |
57 | 4.42k | mbedtls_ssl_init(&ssl); |
58 | 4.42k | mbedtls_ssl_config_init(&conf); |
59 | 4.42k | mbedtls_ctr_drbg_init(&ctr_drbg); |
60 | 4.42k | mbedtls_entropy_init(&entropy); |
61 | | |
62 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
63 | | psa_status_t status = psa_crypto_init(); |
64 | 2 | if (status != PSA_SUCCESS) { |
65 | 2 | goto exit; |
66 | 2 | } |
67 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
68 | | |
69 | 0 | srand(1); |
70 | 4.41k | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, |
71 | 4.41k | (const unsigned char *) pers, strlen(pers)) != 0) { |
72 | 0 | goto exit; |
73 | 0 | } |
74 | | |
75 | 4.41k | if (mbedtls_ssl_config_defaults(&conf, |
76 | 4.41k | MBEDTLS_SSL_IS_CLIENT, |
77 | 4.41k | MBEDTLS_SSL_TRANSPORT_DATAGRAM, |
78 | 4.41k | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { |
79 | 0 | goto exit; |
80 | 0 | } |
81 | | |
82 | 4.41k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
83 | 4.41k | mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); |
84 | 4.41k | #endif |
85 | 4.41k | mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); |
86 | 4.41k | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); |
87 | | |
88 | 4.41k | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { |
89 | 0 | goto exit; |
90 | 0 | } |
91 | | |
92 | 4.41k | mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, |
93 | 4.41k | mbedtls_timing_get_delay); |
94 | | |
95 | 4.41k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) |
96 | 4.41k | if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { |
97 | 0 | goto exit; |
98 | 0 | } |
99 | 4.41k | #endif |
100 | | |
101 | 4.41k | biomemfuzz.Data = Data; |
102 | 4.41k | biomemfuzz.Size = Size; |
103 | 4.41k | biomemfuzz.Offset = 0; |
104 | 4.41k | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); |
105 | | |
106 | 4.41k | ret = mbedtls_ssl_handshake(&ssl); |
107 | 4.41k | if (ret == 0) { |
108 | | //keep reading data from server until the end |
109 | 0 | do { |
110 | 0 | len = sizeof(buf) - 1; |
111 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); |
112 | |
|
113 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { |
114 | 0 | continue; |
115 | 0 | } else if (ret <= 0) { |
116 | | //EOF or error |
117 | 0 | break; |
118 | 0 | } |
119 | 0 | } while (1); |
120 | 0 | } |
121 | | |
122 | 4.42k | exit: |
123 | 4.42k | mbedtls_entropy_free(&entropy); |
124 | 4.42k | mbedtls_ctr_drbg_free(&ctr_drbg); |
125 | 4.42k | mbedtls_ssl_config_free(&conf); |
126 | 4.42k | mbedtls_ssl_free(&ssl); |
127 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) |
128 | | mbedtls_psa_crypto_free(); |
129 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ |
130 | | |
131 | | #else |
132 | | (void) Data; |
133 | | (void) Size; |
134 | | #endif |
135 | 4.42k | return 0; |
136 | 4.41k | } Line | Count | Source | 28 | 2 | { | 29 | 2 | #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ | 30 | 2 | defined(MBEDTLS_SSL_CLI_C) && \ | 31 | 2 | defined(MBEDTLS_ENTROPY_C) && \ | 32 | 2 | defined(MBEDTLS_CTR_DRBG_C) && \ | 33 | 2 | defined(MBEDTLS_TIMING_C) | 34 | 2 | int ret; | 35 | 2 | size_t len; | 36 | 2 | mbedtls_ssl_context ssl; | 37 | 2 | mbedtls_ssl_config conf; | 38 | 2 | mbedtls_ctr_drbg_context ctr_drbg; | 39 | 2 | mbedtls_entropy_context entropy; | 40 | 2 | mbedtls_timing_delay_context timer; | 41 | 2 | unsigned char buf[4096]; | 42 | 2 | fuzzBufferOffset_t biomemfuzz; | 43 | | | 44 | 2 | if (initialized == 0) { | 45 | 1 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 46 | 1 | mbedtls_x509_crt_init(&cacert); | 47 | 1 | if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, | 48 | 1 | mbedtls_test_cas_pem_len) != 0) { | 49 | 0 | return 1; | 50 | 0 | } | 51 | 1 | #endif | 52 | 1 | dummy_init(); | 53 | | | 54 | 1 | initialized = 1; | 55 | 1 | } | 56 | | | 57 | 2 | mbedtls_ssl_init(&ssl); | 58 | 2 | mbedtls_ssl_config_init(&conf); | 59 | 2 | mbedtls_ctr_drbg_init(&ctr_drbg); | 60 | 2 | mbedtls_entropy_init(&entropy); | 61 | | | 62 | 2 | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 63 | 2 | psa_status_t status = psa_crypto_init(); | 64 | 2 | if (status != PSA_SUCCESS) { | 65 | 2 | goto exit; | 66 | 2 | } | 67 | 0 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ | 68 | | | 69 | 0 | srand(1); | 70 | 0 | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, | 71 | 0 | (const unsigned char *) pers, strlen(pers)) != 0) { | 72 | 0 | goto exit; | 73 | 0 | } | 74 | | | 75 | 0 | if (mbedtls_ssl_config_defaults(&conf, | 76 | 0 | MBEDTLS_SSL_IS_CLIENT, | 77 | 0 | MBEDTLS_SSL_TRANSPORT_DATAGRAM, | 78 | 0 | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { | 79 | 0 | goto exit; | 80 | 0 | } | 81 | | | 82 | 0 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 83 | 0 | mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); | 84 | 0 | #endif | 85 | 0 | mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); | 86 | 0 | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); | 87 | |
| 88 | 0 | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { | 89 | 0 | goto exit; | 90 | 0 | } | 91 | | | 92 | 0 | mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, | 93 | 0 | mbedtls_timing_get_delay); | 94 | |
| 95 | 0 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 96 | 0 | if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { | 97 | 0 | goto exit; | 98 | 0 | } | 99 | 0 | #endif | 100 | | | 101 | 0 | biomemfuzz.Data = Data; | 102 | 0 | biomemfuzz.Size = Size; | 103 | 0 | biomemfuzz.Offset = 0; | 104 | 0 | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); | 105 | |
| 106 | 0 | ret = mbedtls_ssl_handshake(&ssl); | 107 | 0 | if (ret == 0) { | 108 | | //keep reading data from server until the end | 109 | 0 | do { | 110 | 0 | len = sizeof(buf) - 1; | 111 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); | 112 | |
| 113 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { | 114 | 0 | continue; | 115 | 0 | } else if (ret <= 0) { | 116 | | //EOF or error | 117 | 0 | break; | 118 | 0 | } | 119 | 0 | } while (1); | 120 | 0 | } | 121 | |
| 122 | 2 | exit: | 123 | 2 | mbedtls_entropy_free(&entropy); | 124 | 2 | mbedtls_ctr_drbg_free(&ctr_drbg); | 125 | 2 | mbedtls_ssl_config_free(&conf); | 126 | 2 | mbedtls_ssl_free(&ssl); | 127 | 2 | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 128 | 2 | mbedtls_psa_crypto_free(); | 129 | 2 | #endif /* MBEDTLS_USE_PSA_CRYPTO */ | 130 | | | 131 | | #else | 132 | | (void) Data; | 133 | | (void) Size; | 134 | | #endif | 135 | 2 | return 0; | 136 | 0 | } |
Line | Count | Source | 28 | 4.41k | { | 29 | 4.41k | #if defined(MBEDTLS_SSL_PROTO_DTLS) && \ | 30 | 4.41k | defined(MBEDTLS_SSL_CLI_C) && \ | 31 | 4.41k | defined(MBEDTLS_ENTROPY_C) && \ | 32 | 4.41k | defined(MBEDTLS_CTR_DRBG_C) && \ | 33 | 4.41k | defined(MBEDTLS_TIMING_C) | 34 | 4.41k | int ret; | 35 | 4.41k | size_t len; | 36 | 4.41k | mbedtls_ssl_context ssl; | 37 | 4.41k | mbedtls_ssl_config conf; | 38 | 4.41k | mbedtls_ctr_drbg_context ctr_drbg; | 39 | 4.41k | mbedtls_entropy_context entropy; | 40 | 4.41k | mbedtls_timing_delay_context timer; | 41 | 4.41k | unsigned char buf[4096]; | 42 | 4.41k | fuzzBufferOffset_t biomemfuzz; | 43 | | | 44 | 4.41k | if (initialized == 0) { | 45 | 1 | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 46 | 1 | mbedtls_x509_crt_init(&cacert); | 47 | 1 | if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem, | 48 | 1 | mbedtls_test_cas_pem_len) != 0) { | 49 | 0 | return 1; | 50 | 0 | } | 51 | 1 | #endif | 52 | 1 | dummy_init(); | 53 | | | 54 | 1 | initialized = 1; | 55 | 1 | } | 56 | | | 57 | 4.41k | mbedtls_ssl_init(&ssl); | 58 | 4.41k | mbedtls_ssl_config_init(&conf); | 59 | 4.41k | mbedtls_ctr_drbg_init(&ctr_drbg); | 60 | 4.41k | mbedtls_entropy_init(&entropy); | 61 | | | 62 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 63 | | psa_status_t status = psa_crypto_init(); | 64 | | if (status != PSA_SUCCESS) { | 65 | | goto exit; | 66 | | } | 67 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ | 68 | | | 69 | 4.41k | srand(1); | 70 | 4.41k | if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, | 71 | 4.41k | (const unsigned char *) pers, strlen(pers)) != 0) { | 72 | 0 | goto exit; | 73 | 0 | } | 74 | | | 75 | 4.41k | if (mbedtls_ssl_config_defaults(&conf, | 76 | 4.41k | MBEDTLS_SSL_IS_CLIENT, | 77 | 4.41k | MBEDTLS_SSL_TRANSPORT_DATAGRAM, | 78 | 4.41k | MBEDTLS_SSL_PRESET_DEFAULT) != 0) { | 79 | 0 | goto exit; | 80 | 0 | } | 81 | | | 82 | 4.41k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 83 | 4.41k | mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL); | 84 | 4.41k | #endif | 85 | 4.41k | mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE); | 86 | 4.41k | mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg); | 87 | | | 88 | 4.41k | if (mbedtls_ssl_setup(&ssl, &conf) != 0) { | 89 | 0 | goto exit; | 90 | 0 | } | 91 | | | 92 | 4.41k | mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay, | 93 | 4.41k | mbedtls_timing_get_delay); | 94 | | | 95 | 4.41k | #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) | 96 | 4.41k | if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) { | 97 | 0 | goto exit; | 98 | 0 | } | 99 | 4.41k | #endif | 100 | | | 101 | 4.41k | biomemfuzz.Data = Data; | 102 | 4.41k | biomemfuzz.Size = Size; | 103 | 4.41k | biomemfuzz.Offset = 0; | 104 | 4.41k | mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout); | 105 | | | 106 | 4.41k | ret = mbedtls_ssl_handshake(&ssl); | 107 | 4.41k | if (ret == 0) { | 108 | | //keep reading data from server until the end | 109 | 0 | do { | 110 | 0 | len = sizeof(buf) - 1; | 111 | 0 | ret = mbedtls_ssl_read(&ssl, buf, len); | 112 | |
| 113 | 0 | if (ret == MBEDTLS_ERR_SSL_WANT_READ) { | 114 | 0 | continue; | 115 | 0 | } else if (ret <= 0) { | 116 | | //EOF or error | 117 | 0 | break; | 118 | 0 | } | 119 | 0 | } while (1); | 120 | 0 | } | 121 | | | 122 | 4.41k | exit: | 123 | 4.41k | mbedtls_entropy_free(&entropy); | 124 | 4.41k | mbedtls_ctr_drbg_free(&ctr_drbg); | 125 | 4.41k | mbedtls_ssl_config_free(&conf); | 126 | 4.41k | mbedtls_ssl_free(&ssl); | 127 | | #if defined(MBEDTLS_USE_PSA_CRYPTO) | 128 | | mbedtls_psa_crypto_free(); | 129 | | #endif /* MBEDTLS_USE_PSA_CRYPTO */ | 130 | | | 131 | | #else | 132 | | (void) Data; | 133 | | (void) Size; | 134 | | #endif | 135 | 4.41k | return 0; | 136 | 4.41k | } |
|