1 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
2
3 #include "mbedtls/ssl.h"
4 #include "mbedtls/entropy.h"
5 #include "mbedtls/ctr_drbg.h"
6 #include "test/certs.h"
7 #include "common.h"
8 #include <string.h>
9 #include <stdlib.h>
10 #include <stdint.h>
11
12
13 #if defined(MBEDTLS_SSL_CLI_C) && \
14 defined(MBEDTLS_ENTROPY_C) && \
15 defined(MBEDTLS_CTR_DRBG_C)
16 static int initialized = 0;
17 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
18 static mbedtls_x509_crt cacert;
19 #endif
20 const char *alpn_list[3];
21
22
23 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
24 const unsigned char psk[] = {
25 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
26 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
27 };
28 const char psk_id[] = "Client_identity";
29 #endif
30
31 const char *pers = "fuzz_client";
32 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
33
34
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)35 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
36 {
37 #if defined(MBEDTLS_SSL_CLI_C) && \
38 defined(MBEDTLS_ENTROPY_C) && \
39 defined(MBEDTLS_CTR_DRBG_C)
40 int ret;
41 size_t len;
42 mbedtls_ssl_context ssl;
43 mbedtls_ssl_config conf;
44 mbedtls_ctr_drbg_context ctr_drbg;
45 mbedtls_entropy_context entropy;
46 unsigned char buf[4096];
47 fuzzBufferOffset_t biomemfuzz;
48 uint16_t options;
49
50 if (initialized == 0) {
51 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
52 mbedtls_x509_crt_init(&cacert);
53 if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
54 mbedtls_test_cas_pem_len) != 0) {
55 return 1;
56 }
57 #endif
58
59 alpn_list[0] = "HTTP";
60 alpn_list[1] = "fuzzalpn";
61 alpn_list[2] = NULL;
62
63 dummy_init();
64
65 initialized = 1;
66 }
67
68 //we take 1 byte as options input
69 if (Size < 2) {
70 return 0;
71 }
72 options = (Data[Size - 2] << 8) | Data[Size - 1];
73 //Avoid warnings if compile options imply no options
74 (void) options;
75
76 mbedtls_ssl_init(&ssl);
77 mbedtls_ssl_config_init(&conf);
78 mbedtls_ctr_drbg_init(&ctr_drbg);
79 mbedtls_entropy_init(&entropy);
80
81 #if defined(MBEDTLS_USE_PSA_CRYPTO)
82 psa_status_t status = psa_crypto_init();
83 if (status != PSA_SUCCESS) {
84 goto exit;
85 }
86 #endif /* MBEDTLS_USE_PSA_CRYPTO */
87
88 if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
89 (const unsigned char *) pers, strlen(pers)) != 0) {
90 goto exit;
91 }
92
93 if (mbedtls_ssl_config_defaults(&conf,
94 MBEDTLS_SSL_IS_CLIENT,
95 MBEDTLS_SSL_TRANSPORT_STREAM,
96 MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
97 goto exit;
98 }
99
100 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
101 if (options & 2) {
102 mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
103 (const unsigned char *) psk_id, sizeof(psk_id) - 1);
104 }
105 #endif
106
107 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
108 if (options & 4) {
109 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
110 mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
111 } else
112 #endif
113 {
114 mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
115 }
116 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
117 mbedtls_ssl_conf_extended_master_secret(&conf,
118 (options &
119 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
120 #endif
121 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
122 mbedtls_ssl_conf_encrypt_then_mac(&conf,
123 (options &
124 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
125 #endif
126 #if defined(MBEDTLS_SSL_RENEGOTIATION)
127 mbedtls_ssl_conf_renegotiation(&conf,
128 (options &
129 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
130 #endif
131 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
132 mbedtls_ssl_conf_session_tickets(&conf,
133 (options &
134 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
135 #endif
136 #if defined(MBEDTLS_SSL_ALPN)
137 if (options & 0x200) {
138 mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
139 }
140 #endif
141 //There may be other options to add :
142 // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
143
144 srand(1);
145 mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
146
147 if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
148 goto exit;
149 }
150
151 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
152 if ((options & 1) == 0) {
153 if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
154 goto exit;
155 }
156 }
157 #endif
158
159 biomemfuzz.Data = Data;
160 biomemfuzz.Size = Size-2;
161 biomemfuzz.Offset = 0;
162 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
163
164 ret = mbedtls_ssl_handshake(&ssl);
165 if (ret == 0) {
166 //keep reading data from server until the end
167 do {
168 len = sizeof(buf) - 1;
169 ret = mbedtls_ssl_read(&ssl, buf, len);
170
171 if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
172 continue;
173 } else if (ret <= 0) {
174 //EOF or error
175 break;
176 }
177 } while (1);
178 }
179
180 exit:
181 mbedtls_entropy_free(&entropy);
182 mbedtls_ctr_drbg_free(&ctr_drbg);
183 mbedtls_ssl_config_free(&conf);
184 mbedtls_ssl_free(&ssl);
185 #if defined(MBEDTLS_USE_PSA_CRYPTO)
186 mbedtls_psa_crypto_free();
187 #endif /* MBEDTLS_USE_PSA_CRYPTO */
188
189 #else
190 (void) Data;
191 (void) Size;
192 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
193
194 return 0;
195 }
196