1 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
2
3 #include <string.h>
4 #include <stdlib.h>
5 #include <stdint.h>
6 #include "common.h"
7 #include "mbedtls/ssl.h"
8 #if defined(MBEDTLS_SSL_PROTO_DTLS)
9 #include "mbedtls/entropy.h"
10 #include "mbedtls/ctr_drbg.h"
11 #include "mbedtls/timing.h"
12 #include "test/certs.h"
13
14 #if defined(MBEDTLS_SSL_CLI_C) && \
15 defined(MBEDTLS_ENTROPY_C) && \
16 defined(MBEDTLS_CTR_DRBG_C) && \
17 defined(MBEDTLS_TIMING_C)
18 static int initialized = 0;
19 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
20 static mbedtls_x509_crt cacert;
21 #endif
22
23 const char *pers = "fuzz_dtlsclient";
24 #endif
25 #endif // MBEDTLS_SSL_PROTO_DTLS
26
27
28
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)29 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
30 {
31 #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
32 defined(MBEDTLS_SSL_CLI_C) && \
33 defined(MBEDTLS_ENTROPY_C) && \
34 defined(MBEDTLS_CTR_DRBG_C) && \
35 defined(MBEDTLS_TIMING_C)
36 int ret;
37 size_t len;
38 mbedtls_ssl_context ssl;
39 mbedtls_ssl_config conf;
40 mbedtls_ctr_drbg_context ctr_drbg;
41 mbedtls_entropy_context entropy;
42 mbedtls_timing_delay_context timer;
43 unsigned char buf[4096];
44 fuzzBufferOffset_t biomemfuzz;
45
46 if (initialized == 0) {
47 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
48 mbedtls_x509_crt_init(&cacert);
49 if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
50 mbedtls_test_cas_pem_len) != 0) {
51 return 1;
52 }
53 #endif
54 dummy_init();
55
56 initialized = 1;
57 }
58
59 mbedtls_ssl_init(&ssl);
60 mbedtls_ssl_config_init(&conf);
61 mbedtls_ctr_drbg_init(&ctr_drbg);
62 mbedtls_entropy_init(&entropy);
63
64 #if defined(MBEDTLS_USE_PSA_CRYPTO)
65 psa_status_t status = psa_crypto_init();
66 if (status != PSA_SUCCESS) {
67 goto exit;
68 }
69 #endif /* MBEDTLS_USE_PSA_CRYPTO */
70
71 srand(1);
72 if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
73 (const unsigned char *) pers, strlen(pers)) != 0) {
74 goto exit;
75 }
76
77 if (mbedtls_ssl_config_defaults(&conf,
78 MBEDTLS_SSL_IS_CLIENT,
79 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
80 MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
81 goto exit;
82 }
83
84 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
85 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
86 #endif
87 mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
88 mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
89
90 if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
91 goto exit;
92 }
93
94 mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
95 mbedtls_timing_get_delay);
96
97 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
98 if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
99 goto exit;
100 }
101 #endif
102
103 biomemfuzz.Data = Data;
104 biomemfuzz.Size = Size;
105 biomemfuzz.Offset = 0;
106 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
107
108 ret = mbedtls_ssl_handshake(&ssl);
109 if (ret == 0) {
110 //keep reading data from server until the end
111 do {
112 len = sizeof(buf) - 1;
113 ret = mbedtls_ssl_read(&ssl, buf, len);
114
115 if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
116 continue;
117 } else if (ret <= 0) {
118 //EOF or error
119 break;
120 }
121 } while (1);
122 }
123
124 exit:
125 mbedtls_entropy_free(&entropy);
126 mbedtls_ctr_drbg_free(&ctr_drbg);
127 mbedtls_ssl_config_free(&conf);
128 mbedtls_ssl_free(&ssl);
129 #if defined(MBEDTLS_USE_PSA_CRYPTO)
130 mbedtls_psa_crypto_free();
131 #endif /* MBEDTLS_USE_PSA_CRYPTO */
132
133 #else
134 (void) Data;
135 (void) Size;
136 #endif
137 return 0;
138 }
139