diff options
author | Catena cyber <35799796+catenacyber@users.noreply.github.com> | 2019-07-12 16:59:39 +0200 |
---|---|---|
committer | Abhishek Arya <inferno@chromium.org> | 2019-07-12 07:59:39 -0700 |
commit | f49aaecdfcc86f8517d03f1db476fa1eae3cc23e (patch) | |
tree | be802587b2d32ce0da7ccb6ca16f7479fec749a2 /projects/mbedtls | |
parent | ab91fbd152a87c9d4fa20ac5143bfa5507c33a2d (diff) |
Use main repo for project MbedTLS (#2592)
* mbedtls ok
* Do not copy removed patch
Diffstat (limited to 'projects/mbedtls')
-rw-r--r-- | projects/mbedtls/Dockerfile | 1 | ||||
-rwxr-xr-x | projects/mbedtls/build.sh | 29 | ||||
-rw-r--r-- | projects/mbedtls/fuzzmbedtls.diff | 1539 |
3 files changed, 12 insertions, 1557 deletions
diff --git a/projects/mbedtls/Dockerfile b/projects/mbedtls/Dockerfile index d0e409de..9c49e60c 100644 --- a/projects/mbedtls/Dockerfile +++ b/projects/mbedtls/Dockerfile @@ -22,5 +22,4 @@ RUN git clone --recursive --depth 1 https://github.com/ARMmbed/mbedtls.git mbedt RUN git clone --depth 1 https://github.com/google/boringssl.git boringssl RUN git clone --depth 1 https://github.com/openssl/openssl.git openssl WORKDIR mbedtls -COPY fuzzmbedtls.diff $SRC/fuzz.diff COPY build.sh $SRC/ diff --git a/projects/mbedtls/build.sh b/projects/mbedtls/build.sh index 263ab545..62ab2970 100755 --- a/projects/mbedtls/build.sh +++ b/projects/mbedtls/build.sh @@ -16,22 +16,25 @@ ################################################################################ # build project -# TODO change when merged into master branch of official repo -git apply ../fuzz.diff -cmake . +perl scripts/config.pl set MBEDTLS_PLATFORM_TIME_ALT +mkdir build +cd build +cmake .. +# build including fuzzers make -j$(nproc) all +cp programs/fuzz/fuzz_* $OUT/ # build corpuses -cd tests +cd ../programs cp -r ../../openssl/fuzz/corpora/crl fuzz/corpuses/ cp -r ../../openssl/fuzz/corpora/x509 fuzz/corpuses/ cp -r ../../boringssl/fuzz/privkey_corpus fuzz/corpuses/ cp ../../boringssl/fuzz/cert_corpus/* fuzz/corpuses/x509/ -zip -r fuzz/fuzz_x509crl_seed_corpus.zip data_files/crl* fuzz/corpuses/crl -zip -r fuzz/fuzz_x509crt_seed_corpus.zip data_files/*.crt data_files/dir*/*.crt fuzz/corpuses/x509/ -zip -r fuzz/fuzz_x509csr_seed_corpus.zip data_files/*.csr data_files/*.req.* -zip -r fuzz/fuzz_privkey_seed_corpus.zip data_files/*.key data_files/*.pem fuzz/corpuses/privkey_corpus -zip -r fuzz/fuzz_pubkey_seed_corpus.zip data_files/*.pub data_files/*.pubkey data_files/*pub.pem +zip -r fuzz/fuzz_x509crl_seed_corpus.zip ../tests/data_files/crl* fuzz/corpuses/crl +zip -r fuzz/fuzz_x509crt_seed_corpus.zip ../tests/data_files/*.crt ../tests/data_files/dir*/*.crt fuzz/corpuses/x509/ +zip -r fuzz/fuzz_x509csr_seed_corpus.zip ../tests/data_files/*.csr ../tests/data_files/*.req.* +zip -r fuzz/fuzz_privkey_seed_corpus.zip ../tests/data_files/*.key ../tests/data_files/*.pem fuzz/corpuses/privkey_corpus +zip -r fuzz/fuzz_pubkey_seed_corpus.zip ../tests/data_files/*.pub ../tests/data_files/*.pubkey zip -r fuzz/fuzz_dtlsclient_seed_corpus.zip fuzz/corpuses/dtlsclient zip -r fuzz/fuzz_dtlsserver_seed_corpus.zip fuzz/corpuses/dtlsserver zip -r fuzz/fuzz_client_seed_corpus.zip fuzz/corpuses/client @@ -41,11 +44,3 @@ cd fuzz # export other associated stuff cp *.options $OUT/ cp fuzz_*_seed_corpus.zip $OUT/ - -# build fuzzers -for target in x509crl x509crt x509csr privkey pubkey client server dtlsclient dtlsserver -do - $CC $CFLAGS -I. -I ../../include -c fuzz_$target.c -o fuzz_$target.o - - $CXX $CXXFLAGS -std=c++11 fuzz_$target.o -o $OUT/fuzz_$target ../../library/libmbedx509.a ../../library/libmbedtls.a ../../crypto/library/libmbedcrypto.a $LIB_FUZZING_ENGINE -done diff --git a/projects/mbedtls/fuzzmbedtls.diff b/projects/mbedtls/fuzzmbedtls.diff deleted file mode 100644 index 307d1b2e..00000000 --- a/projects/mbedtls/fuzzmbedtls.diff +++ /dev/null @@ -1,1539 +0,0 @@ -diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h -index ac23cffe8..466963cfe 100644 ---- a/include/mbedtls/x509_crt.h -+++ b/include/mbedtls/x509_crt.h -@@ -32,6 +32,7 @@ - - #include "x509.h" - #include "x509_crl.h" -+#include "bignum.h" - - /** - * \addtogroup x509_module -diff --git a/library/ssl_cli.c b/library/ssl_cli.c -index ba59c4898..8f2e619d0 100644 ---- a/library/ssl_cli.c -+++ b/library/ssl_cli.c -@@ -678,7 +678,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) - { - int ret; - unsigned char *p = ssl->handshake->randbytes; --#if defined(MBEDTLS_HAVE_TIME) -+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - mbedtls_time_t t; - #endif - -@@ -693,7 +693,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl ) - } - #endif - --#if defined(MBEDTLS_HAVE_TIME) -+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); -diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c -index 56e9bdd2b..8ec34f3f1 100644 ---- a/library/ssl_cookie.c -+++ b/library/ssl_cookie.c -@@ -167,7 +167,9 @@ int mbedtls_ssl_cookie_write( void *p_ctx, - if( (size_t)( end - *p ) < COOKIE_LEN ) - return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL ); - --#if defined(MBEDTLS_HAVE_TIME) -+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) -+ t = 0x5af2a056; -+#elif defined(MBEDTLS_HAVE_TIME) - t = (unsigned long) mbedtls_time( NULL ); - #else - t = ctx->serial++; -@@ -237,7 +239,9 @@ int mbedtls_ssl_cookie_check( void *p_ctx, - if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 ) - return( -1 ); - --#if defined(MBEDTLS_HAVE_TIME) -+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) -+ cur_time = 0x5af2a056; -+#elif defined(MBEDTLS_HAVE_TIME) - cur_time = (unsigned long) mbedtls_time( NULL ); - #else - cur_time = ctx->serial; -diff --git a/library/ssl_srv.c b/library/ssl_srv.c -index 52087ae6e..265017bfa 100644 ---- a/library/ssl_srv.c -+++ b/library/ssl_srv.c -@@ -2398,7 +2398,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl ) - - static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) - { --#if defined(MBEDTLS_HAVE_TIME) -+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - mbedtls_time_t t; - #endif - int ret; -@@ -2441,7 +2441,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl ) - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]", - buf[4], buf[5] ) ); - --#if defined(MBEDTLS_HAVE_TIME) -+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION) - t = mbedtls_time( NULL ); - *p++ = (unsigned char)( t >> 24 ); - *p++ = (unsigned char)( t >> 16 ); -diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt -index 52632f87c..2b732899e 100644 ---- a/tests/CMakeLists.txt -+++ b/tests/CMakeLists.txt -@@ -127,3 +127,5 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR}) - link_to_source(scripts) - link_to_source(ssl-opt.sh) - endif() -+ -+add_subdirectory(fuzz) -diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt -new file mode 100644 -index 000000000..1392f63ca ---- /dev/null -+++ b/tests/fuzz/CMakeLists.txt -@@ -0,0 +1,38 @@ -+set(libs -+ mbedtls -+) -+ -+if(USE_PKCS11_HELPER_LIBRARY) -+ set(libs ${libs} pkcs11-helper) -+endif(USE_PKCS11_HELPER_LIBRARY) -+ -+if(ENABLE_ZLIB_SUPPORT) -+ set(libs ${libs} ${ZLIB_LIBRARIES}) -+endif(ENABLE_ZLIB_SUPPORT) -+ -+add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c) -+target_link_libraries(fuzz_x509csr ${libs}) -+ -+add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c) -+target_link_libraries(fuzz_x509crl ${libs}) -+ -+add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c) -+target_link_libraries(fuzz_x509crt ${libs}) -+ -+add_executable(fuzz_privkey fuzz_privkey.c onefile.c) -+target_link_libraries(fuzz_privkey ${libs}) -+ -+add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c) -+target_link_libraries(fuzz_pubkey ${libs}) -+ -+add_executable(fuzz_client fuzz_client.c onefile.c) -+target_link_libraries(fuzz_client ${libs}) -+ -+add_executable(fuzz_server fuzz_server.c onefile.c) -+target_link_libraries(fuzz_server ${libs}) -+ -+add_executable(fuzz_dtlsclient fuzz_dtlsclient.c onefile.c) -+target_link_libraries(fuzz_dtlsclient ${libs}) -+ -+add_executable(fuzz_dtlsserver fuzz_dtlsserver.c onefile.c) -+target_link_libraries(fuzz_dtlsserver ${libs}) -diff --git a/tests/fuzz/corpuses/client b/tests/fuzz/corpuses/client -new file mode 100644 -index 0000000000000000000000000000000000000000..48d0a67c8f36ace60ccf4013a5b985207703ed80 -GIT binary patch -literal 4037 -zcmeH~c{o)2AIHy`8T&qD>`Tbb8T(Gxk|o8ErjclDkqky<Pbg_@EtHUbNxH&RawA*G -zGPcN)kjTi=O%Yl8jp{x>_x`$1_j$U1{?2p$IG^wNp3n1rKA-RFyx(75I2>?<0l<DZ -z-1D&)(e|_DtSqJa=ECYLv#<vHWkKpx!U>#`t7=xuH8BqrwtHx79!|=M4uzdQ)O)jn -z@;IGr&&3`UxKmtzIJOP~0FKWf00ICC000&M1_HcrIBPWvz<L*8tpwn@P!wDfih_w| -z!(kwdc0+9ROmb(<&wgYBK{`4B(nYgCO!V-52zqYVp516Jh+{Kg=4P}Z_#6(fv)hg4 -zhfteCaBj{&hQ#dMiGgCqJ0TGi8yXF%pjFUnYHE-M4#lRjHH6fDm>daleofBgLvTIp -zbA&()grdOhTUQCv0q`i01E7sF!=gYCsJG60F+~yXM)X?*RHc=&2TkbcS$67h^LF7T -zD0#rSqIr>{sYMua@>|7#5Ch3;Yj@R3B^OVQ?Qo0FxGfW&GxR3@b&F8ygN=Fwrc$Ff -z@6*fj69dWhhshoojock}B{u^PF@*C+J(n90%^qYEQnc{+=qN=rqq3ae>&1EpNPamK -z#px0LtGztQJ@`V-_~Ay1kp<)Y5!QF4vpr@HyQ)gK;3B6SiUmYW_&7MukcLPmhsOCH -z<CU8|5<WQ%guj=LlLa3ovl~jkgPvHjzkN2++$?>xnNB~X38r^V*noqocGa<sXoX1~ -z;L25qJm;m2d&+Tp<bX0)^T#(x5V`_`(>k7K4Ox9@oG>>61_6*Tt&GC#2wntF0Ugz? -zYIxLz!v<;XQtVb{O)|a&iEh4@K=47lkvwGFL_y_94`%6pUttQzjKPEE_0L-iPTLl= -zf`dSY=RsL)cCcVkjZm?`EPud)5BoAvqhk_fg#>-(%loW`Hi(3isS^)n2l0y1{Kc#T -z`(^!XKR7(dlfiKf$Ys9ZjH!C0J~6XFbmk*03h9}9>Xk&4iK8d_6g~83=0eN`$`i41 -zZc3^_L5C06iuyNm*1`L<>q1feLVk~oJZtG*;K2ur8};j=EkTyUsA;P5?py8kfquz1 -zl;aCySUHTW@A~)P^%RbxEyqeiht^NZyuRBXG@I$wCs@$wN225(v?pCO<q<t%C>_*! -zuupkhda2MF7uUpQsr~fg)I&8K_oz8@-6wWAm|I@Re$AqI-a_679fDUI)P0?EcM0wS -z;3OJ7u{3%J-{=AUQl@{C9_Y{XK)9bv{v(L$Mm5(^zm2748lD|VRS7pK;LWCpzf0?# -zebW}khh@B6Fq{5}G%6sHrj-^e5?Ys_J*ws87sT-N`rsw%{Q%oX9eEJu#=?}5A5WV} -zZU9Teq|u7OWFdRy%B-bpU6m{ln6Y2CxB!vt|E?x_(C}HoxSm|nTWOcZ$60OFvo7KH -zUdO1^?p?+1*baB>CHJi^zDiZ{tD8`&SyP%H-?^_&O(|S5z^iRnIge3vxaWtnOX!>L -zg7YixC?Qv3P`~2|(gxhva(g!MYedZ)sFQGUcxigA^tqBucLdBzB756{mb)9%8&=;$ -zK~%Q?lgjj#o70U8ow2D&kua6(X;?yT-&crEr$DDKLadu`a3km-I0$~;Leh6Zas5it -zK?wJKl5!05^?#~$QQ%*<*%unC*6jxX`(%>TZRr;&l-!Ro48pN-mQ6ui0}OZix7#F| -z&)`E;;%Z%Y*?qoS`%Wp|zAnu$`@W_`fHRxffuw<5lq<Wl7+8^bCLPHMjlpS!A+0Xr -z@x%S~K08S1V|~M(bMZ%2`vbS@?S6hIL9RoAjqv~-6J4QpR;8!lc=Y7UB)cWgOU)~U -z6DC+BRj2pL)O4LeaY%rEtexnjLQKrmwd<!m21U~sxy^4|^K_3?NDc;tFRHg=`MZ14 -z-dYovMdNyLU6>B0#d0%SZy-^(o!|-rX>*x{j4l)vzAoYz)_-ua$F4u2t99B*j+xDA -z->kR|iuX0WCFRh_$FXVqAJEA1_gcpKzgouneJ#_3)M=Wfp{@y`H)-4q)xU***V2EM -z{Qorma~l7vWdAyU|EO7;{Qdclu*EXbw%HdNh02;m$b%}ueJWQDJ(Dx2jZ`c-^lH56 -zuu@gye8N+aVJ;tyyC=lT3U48A9-~C#+wo^+bp=?~d6-8eLTyU-4L2kqYak~?ZF0U` -zoPK)wr&pP-+l15YwOT!>cHaKoh3kR}BMX^Fy$;GbOJYJEw(eJ7p|2Or*12QV6;PAb -z;@KBH9X}Z?zNa$r(2RywRX*X&ZDfy~6t_wD=L)^C9y@)*8iP>Sg%8YrVcmC`DtH<6 -z{1>jyxCa4YvO5$@d{?5E*mA0-;zcsjPfs`!(@Zf^(@T6=$Jk75)E#tn_z-)_qP-pC -z4411#U5CjEx0^m?%831PWqX5i%%_h_?PzlV=0MX$49%1Ef7M1Npx$^q0&m<-g_!9X -zX%4eP9|4C!20wIwLXZIMk4m$b++XY^k?8Z)UYZ*J;V@MpZ51`Nx|+6{)+Uvkp~|=L -zr}Lkn`A>!~tA&B|bn>SWz;-wuKr{}?tL@apD#to(ti@H!8e8od^KE3`Z>Oq_?ZuEU -zq-e89j5?zv@#bp+DY6|3im?snFp*`?yl;xXsCp{oi>+#<R(K`8-+4>6k?efDXcwW6 -zUv{6@H9K7~vInn=sz~1HZ0L067OBZRCMIbC8p^i?-Qj-_A=&bLRU-`Y{VFw{kb5N0 -z_a@~0l5h006^Po>xIgduEp3E*0gwj_4K$MRL<gA^AUp`UqsKp#fBF1XgNqxg*C&E| -zHbU;j2I|RI^?O}r$@4r}Rax7up+fs)-818|glC;YwUz2N;PI<=G^0WWY3Rmr3FRu8 -zsf7$49V75y8EZvn;3+7J(fF1a?f3#-U<JSgIKY1f0nAO!w3fDE_zk6Mi*`QusOPBm -z-IgAKohwYAu0A^d+j^tV`}I|4`6Pmy_)MUfzQL;pSrwn3ceZ+~+NS9Ha8B+3_s(lh -zmD)WL{=ne6M!`F3?(2Tvu+z>E)>L1XYVbjFH9X0!^6LFayjhEnsTQMv&*TjYV%2V& -zEG};=>6`@LWKnvW6^>YUcd$0@nv-`yA31ow#REz*ezN8$al{1d4T}Qrg%x$?3PnXZ -zTd|fddp%b@CwQRx!=jVu1vhe^K!X1M8vVdvBzfZs=S!CB{Fe=Uw576{vRpE$yyi#& -zS@)=0BPRy%ZaUXH*U!J!n!{eme@|)FJEKXMTHSU2jkDIatfwJ~ULOQvoMmGp-?yHc -z%Z|vG%Zc|k%aB(*&Gqs%S<ZhhIJzmKE2V?-So&B}XRBP3K4X9kMVkwWLMo`+wl6Th -zCfBkL1yx#a8@I-RRvnk~OSl&}MoFsv;jv3oF_ngIO>U(;GeaZeTXL6~{1j}g2uDI+ -z3P&+E2wKG86mk`4T>%j6v?C@D?EwTgLm681<$}%|>5hE--TDBjbferpg=$#0GKxyL -zC(}}4l=wutqZ~z>{Oh;5;F+vFDNs6U#sRkHEC>H1XDK-^3uTUb-dwys)zv=G8#Zdq -zo}=u}MY@;Y>aL}nNl26FDMnK~D%u5M1!~N&Pz$^%+9Sla(rIsc(~aK*aeWuF->DbY -zxZqY}yMA@QBdOtf^};Jsv2F}CT4~{U*k$Sb21;9!>8RhnF1{6#h%P1obEzSvF~vK< -z)MDW+u7WM+@iKYdq!W=3af-@0Fw02F*iUF|qb*tB+mc~|&77<CT&)Q@&&txM(%Lz{ -ImjJ+j04YTqLI3~& - -literal 0 -HcmV?d00001 - -diff --git a/tests/fuzz/corpuses/dtlsclient b/tests/fuzz/corpuses/dtlsclient -new file mode 100644 -index 0000000000000000000000000000000000000000..87c3ca333a37338f74a136fb4af241f0bbe2f6da -GIT binary patch -literal 4058 -zcmeH~cT^ME7sqFk&=Zg%p?8HKWfFSFMWic+77;;0i3k!Pr~w3NiY(Ovh=9^Xlm%%< -zS1}06A{{|GB7%S*F1TQ$Y_PKXbB}wD`{yrbPG;_#ckj%3_kQMnAOFfS@cE|<2LS0$ -zhV;s^gyVd+z0b}3R(Z@-yYnW_!yT-27-CC9du>3RYt+2AHUAf15O9M5fCB)2@OD^P -z_QavCV+nbVoAxrH2~*BpSIS%NXH?p9b4CVkmDC%Ik?@<+&)NE9iKGvPr9B_?PEFEu -zlAkHld5<gAwVe?daH2y1z_kjlMMN`#asV(8`1(8;@-7E}tOghl1=h~U3IMJHMZz_p -zNSJsw90tM|2ZUl~lRsg4;x!5cnV0}b2g?DmF~jW;%)GE2mRN3xYt3NiWwj>zxCYqR -zSYibs^x6=dcf;o)30n_JpoGy@NDPg_Vj&zBhgDToh14C<DBOAzQvGgl9%#eI;A}o* -zH&>tiWJ(|u2}-ShOOOeGM}k}cW1Jlp34%baRo>7<i)aU;$1H%BewC9trmbt<rp?RW -z?l{(x2b{b#E9RYg316A~QZXP{U*`N$wdz%wg(D-I-QzRM<U(`$pT|FI6iL0cQj5S> -zsCVVPdvfh?Z*r|`r6*oJce73Ll|W~fP{GIn`CjqtK9q=}ndj?0n<(2SIey;hg{%US -zpY%s=@C^OMc1xT`(5akJ*SZ!%GuGMt$ho)^o!jrU(~7y_V#n-@gv7Q9aB&@v>yO*! -zJSuRXsNCS0@NRE!=quS+40tb@(?E6(`pum4<)h(-23hY0CcWT#nC^K|eXdE>b9<U7 -z7WmX&?p%fNlU`bm54p;QcPn!@ynfCDLTNBKqXP1*Ad3%)6Xiv~AOI3&ETbqVf*-+G -zz%=Pj8+^Qv%bLe(Uy*yMRh-coNPO+KG(rI459h0N94n|8?!+(N=q^m*n%2M7u)Ml{ -z!5L-2Sa1-?BspOS*+IgWZi^HN%?Jj}`*6OYsJD)zEqFkm*=yYv{VNpmk<_s}m_DMS -ztY8tc*8$_V>ks=|d2){2z4BQ@8=`6V)W)V)C@uoz1rc3Sl5TNWsU&u+ThUW*`bDs* -z(6vNDth<s5mFl{Cm$-k!20FZ3iyngR5%IfcNUC8PB7(OTR%(~U8>!}l=&4C%%aZ2W -zK)>Y6%JGHKNG?OGYX456u7Wq#e55#}fBA^qv+5q|OqN%-a6y}2TuZ)_ZQN;NKJonq -zveY)GZsk$g#X>8`*m{(?*2B{icT^pDADgn%-*L*r-1CARG%m&S7xLd~6+U-Y&DSN@ -zMA!s?$1&)MVbDYVL=W({W%@7af&NMl<oIL3zXuWhvBnbm*OAmLgA>E4xX^6{{Mjv% -zbLm|(&zp`45LnL^%w*h)dn_cDu9+Sq7D7+ZdaSwEkIM4!Lf@Im8v(oSwdO(i%kvY4 -zetb>aasxQ-jvKz!A1~yrcspb6MyFwbz)T07q5?#+|J?1UK7&UEqq_1*FJ<@D-M`p$ -zb7o)Y^=Hwznw{?no2B4;x+=ThFFZ|E@}rL_-Ck0f9o=e2S5*p?3Giw%xyEN06-xT! -z#3J^}Tu^>_l@ia}X!P$yvaCKY;hHT<@;pT&2Wlgq9$cJSx;mgF*AWJ@kj~yXuj%2= -z_8jS(D2&eb|E(gU@yb-)d|OOvQaB8EA)P?Z?fwW+L<$sf8bYqY!HZym;2^lVj-+pb -z;`WgwC&=;JB;^?7>-|vbBEi3x*#{bF%eK9MZF1bEGTEV&mfY9TETS>7=JizWUY4pJ -zDeFYjX<{%gw#LoGX0^IzPAT4&o^FtRLqj^i1+{&5Qm;u%n&m|nBoC2ITV_nXZ%UzG -zvz>CtwWro+b6mzq_aNy-ythhEpp>rVKvjZ#s{)F3HxnCEq1MF;lJIEM_>&}?Mbepu -zx8%dy2t1S8U1<|jbp4{>0KFI+@o|Od=!x?ej(PTpXDslVmRa$2442FFQ9~EhnhAm( -zo#`*FC~w4LyByo`t!xX|w(mLsB<eJi-9RAyMOGo}z80K7J7t96-#6ZA)05EtU}~>C -zJ8G}pjHET1{~5D+i}Ud7kty5n(8%%6y$t!ky$t#7UZw%5F?yD|ng)bjqjAkt`(*x8 -zO8;H(|I_&IY5dyB{&W8RRkGIj`|B5Bon&H^*#{a$N*lx~`*1<sxHRWS^7=L5ip9=P -zN9$dcXmzs*55)$#eblQDOOzIt@LW0A5=Cq#9-q+>;#lTmAC?ZWzG^pkH;Lyqv=>p6 -zoG%}%mvQag(=4}*q8YZD4?HJr4)}KzE(<FR&u4jiImx@o;Dhfxa8P^8Tq~TdU1iZ8 -za67$`)EzYyKOQ8xqax9HT3wTtPd;A8(`mDbcU#A5x$a1(jh?}6{SerxKiK__c2u*K -z^Rwvs&!3z2paMrRn-z<F-$pH>a%dCrVwo8cV|ys+#`sNBivkx9qKvK8>~*vS5Iahv -z4(y3Fcym+SZLm_Ito~h=oWxIQQg@Z3-@RUJ#+m{!dq!WxGc;Mx$KJ>W)EbS35sjKB -zA$Dd~hQe&sL%?B>{&y9i2qeV#qB7(q?+1BFq4<21m&Qh)6{ZTLg;T|<scNZeu2H#W -z;y#%_9RDywf3kddTNud9v?T%oNWqB!qOO07>Q)Vca*X}TQtVBPk;RS?-#ShQ8x<`= -z7rydTiWZ0TV;8gx(R4{D1=Fga7<2a|KD_kNfh&?jw1*<T1lohia<9Z!TT3u?l`e-a -znUK2$F?L?(ZFD3mJ^A;kh~-6OLlIf)T20nL2^llcU`rFVO7K>gOyj_N^`nsQ$5umv -zJi__DH6iDxe8V4Ifyi}<`)k#&OC#J1fIMMXpstcgv6o8$La98PJN-ih-~4<||MZH= -zg|VQ{mEh|!fx260Jzi%y@<>N$6*V2|IEKqIDf6r}iEe+>LS-Xx|7kOpRUtF3|MDSe -zWt!Z?d?uf^A?Q?!EN=@u23=$|Dv|iQoq>btNB~R#82c}PafSne#}QyIzvg&*gpZ<b -zN6S@XOc{>Y?z2OC<VKGrCZ(h)z7s5uSDA}bIin=uUQ)mpg6u#^HO6{mF5U1mv^NN- -zF%d8alU{Xfb-6yR?k&;7%1N%+nZEH7Uql*g-ng=I>}lrfz~-I%7h;?HH9Qr(Ce0p% -z3B>1^CB4`g6lf-gcar>7?YCFV3~3xw<nudA;!(+;#=&~S%a6x9Pu@6)(#Bf{O}%q2 -zo0}~(t)GpqZY^6e_=PC#Wwk2I+y3a3GtYqm_5BGLREbcyGV=@L%hZj08*Vx8+#TK@ -zl<%3zg(cio;%^oSBegEj$b&4Ufz@_TJv>k@cLp32i*v}n@bfjlI#|nl_X_j>GIZjs -zL8y3#t=^&JqLtxeHZwpeM*GeI*70XMOyN%1bgjL<EjrMllq7}BRm)tD`4A=cO-qY= -zA`9)BYJ!V&4GuUQ7p<Wk3L7xLX{rCpUT-LfYRFk|hTF_Sq~ZdTlb>&J59Q9r;pzKr -z+tFE@3vcUOL_|cLtxR}caLOCda^CedO9%kTxt1Wr+8+S$ecAmo0U)?G?c?qj0HDuT -z&id`LQeE9i24*F2(or_*bb*l=?CqOIPo8kfl`;WYrX043LSQ8p{lyssBtJQWzgvJC -zhKOEO_gDrr)8x+554UKhgz`QyZrJ!`HVhE@G#l1lH6pcBTeNsq{uxgX9PgCc`zK~= -B`4|8I - -literal 0 -HcmV?d00001 - -diff --git a/tests/fuzz/corpuses/dtlsserver b/tests/fuzz/corpuses/dtlsserver -new file mode 100644 -index 0000000000000000000000000000000000000000..7a7a117900781be46a5b985b275d625ef98b8c96 -GIT binary patch -literal 1189 -zcmeHGYfQ~y9Dd&OKed!oraGZql5k2FMY=IQC>?!Zlr0-G3@h3y2VpKLUDct`kxFiL -zI@MfO(=3nsd|;W|T-LITvM_BKnvOSJKKta8=gaT;-S+<8-}AoOek+C`jthv~K}Y2F -z|JrnKOX_l~zFYUOxwfaTBWlmBmEYYvKNJ`e{MQFpJTL*mma`a$3f8fL(>N1}w5JQg -z*ub+q%slR8DtF)xvgykJl+(g;dT|CeaTJ{q%z9Qai@Dsx6dKTi#kAvCXi>|H48;|O -zz(^xc@dRsO<^|5fWzIzri+G$SnmGrBIL*_TkGTw@51r`G>9pY)?gnv)1>D6PZbuo* -z5QzZJrjCyEqc_#8WICF$i22;fY^K4U8Y-wm6H0iDrLdq8#XQQBIEEUYM*|92$P(6| -zn&(iDd>&yjtC0t*021Wh95EUgm6W`GUDD>{)HG=1O<ZghTVbQv2(_XXilPXWq7tyj -zIGGy{4{6=uCiw)o!UfJ43kS#o8G(!gUXqSTBt)Z>$PAg6%QydpL{k!aD&v!y&pq<d -zS>jC5YuX;$QKk01-+D78Z(T-D;xh4H!ha&+uK~#<R5&^Y$dYydS($1PAMNDV`6ax` -z(fjq?Z!C`W?)rFpyjM_LerEp<-wl^yHCJ2o-9~Hh;};RRH!frw?2OM%k*!g2i4N(V -zm!~|hdI;@K$Db(&3v>s{3VYWqz0{Yv%U$#2?KR;OS5)KIu)%fV2}8-ZCHmf{)6Q&l -z`Wj@ezdduJ@=~YnePn8R7weHT)un%UJOx5%rT6EB$pHh0nOm69Ps&R#Ee{{vl#uQa -z6*IZLyl+*;oW>RLapA2+_O`~3lWiL}zj7OC7VsQu7N0X?t_LSahlF-py54Bl1}u2i -nv9Hu>xftj=Qmv9dVDL~?`zO!puqtOwgrV+z*#6Zm+cJIwp9Z@o - -literal 0 -HcmV?d00001 - -diff --git a/tests/fuzz/corpuses/server b/tests/fuzz/corpuses/server -new file mode 100644 -index 0000000000000000000000000000000000000000..fbeb019f200a63d8f40815551f07375c0265c4e6 -GIT binary patch -literal 675 -zcmXYsSxD4z6ot>v|0wF@SUPGhQKaUUySADrl!Z=#p*;u%p=F^VsJTZNxsH>2mbq6h -z<AxeaKG-2EC{T+^v!IlM)C4h7Dk1w9-j{ng_j~xRwIqa2Kom(*{IiQGk?Y}$Zezop -z-`75e<vfo1X+QT>mlop{>)-gi7Q%?T>4Qdgvyo18MFLH!#(wtlE(@sT6{av9Pf$n? -zdZU3|Y@j1u5Kj|Y!k;~CVLpqQ!(^sm1V?C03s|F*ZQO?e?m;=rd51OZgr2S3i+%>8 -zjAgvZTIv~qQq;2^hY(0Vy3?Fq+(kn+GaJNp>X^wQUPc}35Cm`f(v2#5(wPc2F$=>8 -zWeGD_$W)lpj1syrglbmuHo7o~Dpv3oD$&9F=!K4@tY!z=c@I4(;SE-?9a^jlAO?U6 -zn*fu<q}a2G7m`v^VJ3f~Hj<2lp=2l&l0rz5Bn%`20aI+1Z?<rdw>@m+YzHf-VF?Q; -zAp>#)xd$BOC`l;Z4CLo2#Hpj^o^wkFhE&cUp02V=<2=7GYU}9tu_W)$FORrBjoE{d -z@Wt|V|5sB7iyyTXrWuz{)&{){i%w8x&Gqk?Y#D=fhU$0nHJw{-UFpi1h`zPFOnbA} -zvk!%PbXkXIZ=6*~O<MKpvGA2QPR*Chm;LlTqpsVeX*b2nc<sm+jYH8+wX7q=KPgw) -z@BgqX<HSU$SJ8Xr&Gg=7pWy&br#cAjaMZ+Azu-^Dl{PZ$zQKw%U#}^{fuV}rrMKS( -zw=8JGevC&3t7_iO&qg@t(_b{XY`2neyA9mHryzUgu(RfL^U3ow^&#g>#{2OX(K-Ys - -literal 0 -HcmV?d00001 - -diff --git a/tests/fuzz/fuzz_client.c b/tests/fuzz/fuzz_client.c -new file mode 100644 -index 000000000..7860177a1 ---- /dev/null -+++ b/tests/fuzz/fuzz_client.c -@@ -0,0 +1,227 @@ -+#include "mbedtls/ssl.h" -+#include "mbedtls/entropy.h" -+#include "mbedtls/ctr_drbg.h" -+#include "mbedtls/certs.h" -+#include <string.h> -+#include <stdlib.h> -+#include <stdbool.h> -+#include <stdint.h> -+ -+ -+static bool initialized = 0; -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+static mbedtls_x509_crt cacert; -+#endif -+const char *alpn_list[3]; -+ -+ -+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -+const unsigned char psk[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -+}; -+const char psk_id[] = "Client_identity"; -+#endif -+ -+const char *pers = "fuzz_client"; -+ -+ -+typedef struct fuzzBufferOffset -+{ -+ const uint8_t *Data; -+ size_t Size; -+ size_t Offset; -+} fuzzBufferOffset_t; -+ -+static int dummy_send( void *ctx, const unsigned char *buf, size_t len ) -+{ -+ //silence warning about unused parameter -+ (void) ctx; -+ (void) buf; -+ -+ //pretends we wrote everything ok -+ return( len ); -+} -+ -+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len ) -+{ -+ //reads from the buffer from fuzzer -+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx; -+ -+ if (biomemfuzz->Offset == biomemfuzz->Size) { -+ //EOF -+ return (0); -+ } -+ if (len + biomemfuzz->Offset > biomemfuzz->Size) { -+ //do not overflow -+ len = biomemfuzz->Size - biomemfuzz->Offset; -+ } -+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); -+ biomemfuzz->Offset += len; -+ return( len ); -+} -+ -+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -+{ -+ int ret; -+ size_t i; -+ -+ //use mbedtls_ctr_drbg_random to find bugs in it -+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); -+ for (i=0; i<output_len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( ret ); -+} -+ -+static int dummy_entropy( void *data, unsigned char *output, size_t len ) -+{ -+ size_t i; -+ -+ //use mbedtls_entropy_func to find bugs in it -+ //test performance impact of entropy -+ //ret = mbedtls_entropy_func(data, output, len); -+ for (i=0; i<len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( 0 ); -+} -+ -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+ int ret; -+ size_t len; -+ mbedtls_ssl_context ssl; -+ mbedtls_ssl_config conf; -+ mbedtls_ctr_drbg_context ctr_drbg; -+ mbedtls_entropy_context entropy; -+ unsigned char buf[4096]; -+ fuzzBufferOffset_t biomemfuzz; -+ uint16_t options; -+ -+ if (initialized == 0) { -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_x509_crt_init( &cacert ); -+ if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, -+ mbedtls_test_cas_pem_len ) != 0) -+ return 1; -+#endif -+ -+ alpn_list[0] = "HTTP"; -+ alpn_list[1] = "fuzzalpn"; -+ alpn_list[2] = NULL; -+ -+ initialized = 1; -+ } -+ -+ //we take 1 byte as options input -+ if (Size < 2) { -+ return 0; -+ } -+ options = (Data[Size - 2] << 8) | Data[Size - 1]; -+ //Avoid warnings if compile options imply no options -+ (void) options; -+ -+ mbedtls_ssl_init( &ssl ); -+ mbedtls_ssl_config_init( &conf ); -+ mbedtls_ctr_drbg_init( &ctr_drbg ); -+ mbedtls_entropy_init( &entropy ); -+ -+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, -+ (const unsigned char *) pers, strlen( pers ) ) != 0 ) -+ goto exit; -+ -+ if( mbedtls_ssl_config_defaults( &conf, -+ MBEDTLS_SSL_IS_CLIENT, -+ MBEDTLS_SSL_TRANSPORT_STREAM, -+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) -+ goto exit; -+ -+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -+ if (options & 2) { -+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ), -+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 ); -+ } -+#endif -+ -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ if (options & 4) { -+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); -+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); -+ } else -+#endif -+ { -+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); -+ } -+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -+ mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -+#endif -+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -+ mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -+#endif -+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -+ mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED); -+#endif -+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) -+ mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); -+#endif -+#if defined(MBEDTLS_SSL_RENEGOTIATION) -+ mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED ); -+#endif -+#if defined(MBEDTLS_SSL_SESSION_TICKETS) -+ mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED ); -+#endif -+#if defined(MBEDTLS_SSL_ALPN) -+ if (options & 0x200) { -+ mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ); -+ } -+#endif -+ //There may be other options to add : -+ // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes -+ -+ srandom(1); -+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); -+ -+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) -+ goto exit; -+ -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ if ((options & 1) == 0) { -+ if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 ) -+ goto exit; -+ } -+#endif -+ -+ biomemfuzz.Data = Data; -+ biomemfuzz.Size = Size-2; -+ biomemfuzz.Offset = 0; -+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL ); -+ -+ ret = mbedtls_ssl_handshake( &ssl ); -+ if( ret == 0 ) -+ { -+ //keep reading data from server until the end -+ do -+ { -+ len = sizeof( buf ) - 1; -+ ret = mbedtls_ssl_read( &ssl, buf, len ); -+ -+ if( ret == MBEDTLS_ERR_SSL_WANT_READ ) -+ continue; -+ else if( ret <= 0 ) -+ //EOF or error -+ break; -+ } -+ while( 1 ); -+ } -+ -+exit: -+ mbedtls_entropy_free( &entropy ); -+ mbedtls_ctr_drbg_free( &ctr_drbg ); -+ mbedtls_ssl_config_free( &conf ); -+ mbedtls_ssl_free( &ssl ); -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_client.options b/tests/fuzz/fuzz_client.options -new file mode 100644 -index 000000000..4d7340f49 ---- /dev/null -+++ b/tests/fuzz/fuzz_client.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 1048575 -diff --git a/tests/fuzz/fuzz_dtlsclient.c b/tests/fuzz/fuzz_dtlsclient.c -new file mode 100644 -index 000000000..c88b33b73 ---- /dev/null -+++ b/tests/fuzz/fuzz_dtlsclient.c -@@ -0,0 +1,185 @@ -+#include <string.h> -+#include <stdlib.h> -+#include <stdbool.h> -+#include <stdint.h> -+#include "mbedtls/ssl.h" -+#if defined(MBEDTLS_SSL_PROTO_DTLS) -+#include "mbedtls/entropy.h" -+#include "mbedtls/ctr_drbg.h" -+#include "mbedtls/certs.h" -+#include "mbedtls/timing.h" -+ -+ -+static bool initialized = 0; -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+static mbedtls_x509_crt cacert; -+#endif -+ -+ -+const char *pers = "fuzz_dtlsclient"; -+ -+ -+typedef struct fuzzBufferOffset -+{ -+ const uint8_t *Data; -+ size_t Size; -+ size_t Offset; -+} fuzzBufferOffset_t; -+ -+static int dummy_send( void *ctx, const unsigned char *buf, size_t len ) -+{ -+ //silence warning about unused parameter -+ (void) ctx; -+ (void) buf; -+ -+ //pretends we wrote everything ok -+ return( len ); -+} -+ -+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len ) -+{ -+ //reads from the buffer from fuzzer -+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx; -+ -+ if (biomemfuzz->Offset == biomemfuzz->Size) { -+ //EOF -+ return (0); -+ } -+ if (len + biomemfuzz->Offset > biomemfuzz->Size) { -+ //do not overflow -+ len = biomemfuzz->Size - biomemfuzz->Offset; -+ } -+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); -+ biomemfuzz->Offset += len; -+ return( len ); -+} -+ -+static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len, -+ uint32_t timeout ) -+{ -+ (void) timeout; -+ -+ return fuzz_recv(ctx, buf, len); -+} -+ -+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -+{ -+ int ret; -+ size_t i; -+ -+ //use mbedtls_ctr_drbg_random to find bugs in it -+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); -+ for (i=0; i<output_len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( ret ); -+} -+ -+static int dummy_entropy( void *data, unsigned char *output, size_t len ) -+{ -+ size_t i; -+ -+ //use mbedtls_entropy_func to find bugs in it -+ //test performance impact of entropy -+ //ret = mbedtls_entropy_func(data, output, len); -+ for (i=0; i<len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( 0 ); -+} -+#endif -+ -+ -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#if defined(MBEDTLS_SSL_PROTO_DTLS) -+ int ret; -+ size_t len; -+ mbedtls_ssl_context ssl; -+ mbedtls_ssl_config conf; -+ mbedtls_ctr_drbg_context ctr_drbg; -+ mbedtls_entropy_context entropy; -+ mbedtls_timing_delay_context timer; -+ unsigned char buf[4096]; -+ fuzzBufferOffset_t biomemfuzz; -+ -+ if (initialized == 0) { -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_x509_crt_init( &cacert ); -+ if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, -+ mbedtls_test_cas_pem_len ) != 0) -+ return 1; -+#endif -+ initialized = 1; -+ } -+ -+ mbedtls_ssl_init( &ssl ); -+ mbedtls_ssl_config_init( &conf ); -+ mbedtls_ctr_drbg_init( &ctr_drbg ); -+ mbedtls_entropy_init( &entropy ); -+ -+ srandom(1); -+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, -+ (const unsigned char *) pers, strlen( pers ) ) != 0 ) -+ goto exit; -+ -+ if( mbedtls_ssl_config_defaults( &conf, -+ MBEDTLS_SSL_IS_CLIENT, -+ MBEDTLS_SSL_TRANSPORT_DATAGRAM, -+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) -+ goto exit; -+ -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); -+#endif -+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); -+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); -+ -+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) -+ goto exit; -+ -+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, -+ mbedtls_timing_get_delay ); -+ -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 ) -+ goto exit; -+#endif -+ -+ biomemfuzz.Data = Data; -+ biomemfuzz.Size = Size; -+ biomemfuzz.Offset = 0; -+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout ); -+ -+ ret = mbedtls_ssl_handshake( &ssl ); -+ if( ret == 0 ) -+ { -+ //keep reading data from server until the end -+ do -+ { -+ len = sizeof( buf ) - 1; -+ ret = mbedtls_ssl_read( &ssl, buf, len ); -+ -+ if( ret == MBEDTLS_ERR_SSL_WANT_READ ) -+ continue; -+ else if( ret <= 0 ) -+ //EOF or error -+ break; -+ } -+ while( 1 ); -+ } -+ -+exit: -+ mbedtls_entropy_free( &entropy ); -+ mbedtls_ctr_drbg_free( &ctr_drbg ); -+ mbedtls_ssl_config_free( &conf ); -+ mbedtls_ssl_free( &ssl ); -+ -+#else -+ (void) Data; -+ (void) Size; -+#endif -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_dtlsclient.options b/tests/fuzz/fuzz_dtlsclient.options -new file mode 100644 -index 000000000..4d7340f49 ---- /dev/null -+++ b/tests/fuzz/fuzz_dtlsclient.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 1048575 -diff --git a/tests/fuzz/fuzz_dtlsserver.c b/tests/fuzz/fuzz_dtlsserver.c -new file mode 100644 -index 000000000..6e59a85a7 ---- /dev/null -+++ b/tests/fuzz/fuzz_dtlsserver.c -@@ -0,0 +1,209 @@ -+#include <string.h> -+#include <stdlib.h> -+#include <stdbool.h> -+#include <stdint.h> -+#include "mbedtls/ssl.h" -+#if defined(MBEDTLS_SSL_PROTO_DTLS) -+#include "mbedtls/entropy.h" -+#include "mbedtls/ctr_drbg.h" -+#include "mbedtls/certs.h" -+#include "mbedtls/timing.h" -+#include "mbedtls/ssl_cookie.h" -+ -+ -+const char *pers = "fuzz_dtlsserver"; -+const unsigned char client_ip[4] = {0x7F, 0, 0, 1}; -+static bool initialized = 0; -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+static mbedtls_x509_crt srvcert; -+static mbedtls_pk_context pkey; -+#endif -+ -+typedef struct fuzzBufferOffset -+{ -+ const uint8_t *Data; -+ size_t Size; -+ size_t Offset; -+} fuzzBufferOffset_t; -+ -+ -+static int dummy_send( void *ctx, const unsigned char *buf, size_t len ) -+{ -+ //silence warning about unused parameter -+ (void) ctx; -+ (void) buf; -+ -+ //pretends we wrote everything ok -+ return( len ); -+} -+ -+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len ) -+{ -+ //reads from the buffer from fuzzer -+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx; -+ -+ if (biomemfuzz->Offset == biomemfuzz->Size) { -+ //EOF -+ return (0); -+ } -+ if (len + biomemfuzz->Offset > biomemfuzz->Size) { -+ //do not overflow -+ len = biomemfuzz->Size - biomemfuzz->Offset; -+ } -+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); -+ biomemfuzz->Offset += len; -+ return( len ); -+} -+ -+static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len, -+ uint32_t timeout ) -+{ -+ (void) timeout; -+ -+ return fuzz_recv(ctx, buf, len); -+} -+ -+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -+{ -+ int ret; -+ size_t i; -+ -+ //use mbedtls_ctr_drbg_random to find bugs in it -+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); -+ for (i=0; i<output_len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( ret ); -+} -+ -+static int dummy_entropy( void *data, unsigned char *output, size_t len ) -+{ -+ size_t i; -+ -+ //use mbedtls_entropy_func to find bugs in it -+ //test performance impact of entropy -+ //ret = mbedtls_entropy_func(data, output, len); -+ for (i=0; i<len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( 0 ); -+} -+#endif -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#if defined(MBEDTLS_SSL_PROTO_DTLS) -+ int ret; -+ size_t len; -+ mbedtls_ssl_context ssl; -+ mbedtls_ssl_config conf; -+ mbedtls_ctr_drbg_context ctr_drbg; -+ mbedtls_entropy_context entropy; -+ mbedtls_timing_delay_context timer; -+ mbedtls_ssl_cookie_ctx cookie_ctx; -+ unsigned char buf[4096]; -+ fuzzBufferOffset_t biomemfuzz; -+ -+ if (initialized == 0) { -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_x509_crt_init( &srvcert ); -+ mbedtls_pk_init( &pkey ); -+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt, -+ mbedtls_test_srv_crt_len ) != 0) -+ return 1; -+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem, -+ mbedtls_test_cas_pem_len ) != 0) -+ return 1; -+ if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, -+ mbedtls_test_srv_key_len, NULL, 0 ) != 0) -+ return 1; -+#endif -+ initialized = 1; -+ } -+ mbedtls_ssl_init( &ssl ); -+ mbedtls_ssl_config_init( &conf ); -+ mbedtls_ctr_drbg_init( &ctr_drbg ); -+ mbedtls_entropy_init( &entropy ); -+ mbedtls_ssl_cookie_init( &cookie_ctx ); -+ -+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, -+ (const unsigned char *) pers, strlen( pers ) ) != 0 ) -+ goto exit; -+ -+ -+ if( mbedtls_ssl_config_defaults( &conf, -+ MBEDTLS_SSL_IS_SERVER, -+ MBEDTLS_SSL_TRANSPORT_DATAGRAM, -+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) -+ goto exit; -+ -+ -+ srandom(1); -+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); -+ -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); -+ if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 ) -+ goto exit; -+#endif -+ -+ if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 ) -+ goto exit; -+ -+ mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx ); -+ -+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) -+ goto exit; -+ -+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, -+ mbedtls_timing_get_delay ); -+ -+ biomemfuzz.Data = Data; -+ biomemfuzz.Size = Size; -+ biomemfuzz.Offset = 0; -+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout ); -+ if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 ) -+ goto exit; -+ -+ ret = mbedtls_ssl_handshake( &ssl ); -+ -+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { -+ biomemfuzz.Offset = ssl.next_record_offset; -+ mbedtls_ssl_session_reset( &ssl ); -+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout ); -+ if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 ) -+ goto exit; -+ -+ ret = mbedtls_ssl_handshake( &ssl ); -+ -+ if( ret == 0 ) -+ { -+ //keep reading data from server until the end -+ do -+ { -+ len = sizeof( buf ) - 1; -+ ret = mbedtls_ssl_read( &ssl, buf, len ); -+ if( ret == MBEDTLS_ERR_SSL_WANT_READ ) -+ continue; -+ else if( ret <= 0 ) -+ //EOF or error -+ break; -+ } -+ while( 1 ); -+ } -+ } -+ -+exit: -+ mbedtls_ssl_cookie_free( &cookie_ctx ); -+ mbedtls_entropy_free( &entropy ); -+ mbedtls_ctr_drbg_free( &ctr_drbg ); -+ mbedtls_ssl_config_free( &conf ); -+ mbedtls_ssl_free( &ssl ); -+ -+#else -+ (void) Data; -+ (void) Size; -+#endif -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_dtlsserver.options b/tests/fuzz/fuzz_dtlsserver.options -new file mode 100644 -index 000000000..4d7340f49 ---- /dev/null -+++ b/tests/fuzz/fuzz_dtlsserver.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 1048575 -diff --git a/tests/fuzz/fuzz_privkey.c b/tests/fuzz/fuzz_privkey.c -new file mode 100644 -index 000000000..533a647dc ---- /dev/null -+++ b/tests/fuzz/fuzz_privkey.c -@@ -0,0 +1,64 @@ -+#include <stdint.h> -+#include "mbedtls/pk.h" -+ -+//4 Kb should be enough for every bug ;-) -+#define MAX_LEN 0x1000 -+ -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#ifdef MBEDTLS_PK_PARSE_C -+ int ret; -+ mbedtls_pk_context pk; -+ -+ if (Size > MAX_LEN) { -+ //only work on small inputs -+ Size = MAX_LEN; -+ } -+ -+ mbedtls_pk_init( &pk ); -+ ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 ); -+ if (ret == 0) { -+#if defined(MBEDTLS_RSA_C) -+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) -+ { -+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -+ mbedtls_rsa_context *rsa; -+ -+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); -+ mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); -+ mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); -+ -+ rsa = mbedtls_pk_rsa( pk ); -+ mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ); -+ mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); -+ -+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); -+ mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); -+ mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); -+ } -+ else -+#endif -+#if defined(MBEDTLS_ECP_C) -+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) -+ { -+ mbedtls_ecp_keypair *ecp; -+ -+ ecp = mbedtls_pk_ec( pk ); -+ if (ecp) { -+ ret = 0; -+ } -+ } -+ else -+#endif -+ { -+ ret = 0; -+ } -+ } -+ mbedtls_pk_free( &pk ); -+#else -+ (void) Data; -+ (void) Size; -+#endif //MBEDTLS_PK_PARSE_C -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_privkey.options b/tests/fuzz/fuzz_privkey.options -new file mode 100644 -index 000000000..0824b19fa ---- /dev/null -+++ b/tests/fuzz/fuzz_privkey.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 65535 -diff --git a/tests/fuzz/fuzz_pubkey.c b/tests/fuzz/fuzz_pubkey.c -new file mode 100644 -index 000000000..df42f7d53 ---- /dev/null -+++ b/tests/fuzz/fuzz_pubkey.c -@@ -0,0 +1,57 @@ -+#include <stdint.h> -+#include "mbedtls/pk.h" -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#ifdef MBEDTLS_PK_PARSE_C -+ int ret; -+ mbedtls_pk_context pk; -+ -+ mbedtls_pk_init( &pk ); -+ ret = mbedtls_pk_parse_public_key( &pk, Data, Size ); -+ if (ret == 0) { -+#if defined(MBEDTLS_RSA_C) -+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) -+ { -+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; -+ mbedtls_rsa_context *rsa; -+ -+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); -+ mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); -+ mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); -+ -+ rsa = mbedtls_pk_rsa( pk ); -+ ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ); -+ ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ); -+ -+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); -+ mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); -+ mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); -+ -+ } -+ else -+#endif -+#if defined(MBEDTLS_ECP_C) -+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY ) -+ { -+ mbedtls_ecp_keypair *ecp; -+ -+ ecp = mbedtls_pk_ec( pk ); -+ //dummy use of value -+ if (ecp) { -+ ret = 0; -+ } -+ } -+ else -+#endif -+ { -+ ret = 0; -+ } -+ } -+ mbedtls_pk_free( &pk ); -+#else -+ (void) Data; -+ (void) Size; -+#endif //MBEDTLS_PK_PARSE_C -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_pubkey.options b/tests/fuzz/fuzz_pubkey.options -new file mode 100644 -index 000000000..0824b19fa ---- /dev/null -+++ b/tests/fuzz/fuzz_pubkey.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 65535 -diff --git a/tests/fuzz/fuzz_server.c b/tests/fuzz/fuzz_server.c -new file mode 100644 -index 000000000..770a38633 ---- /dev/null -+++ b/tests/fuzz/fuzz_server.c -@@ -0,0 +1,240 @@ -+#include "mbedtls/ssl.h" -+#include "mbedtls/entropy.h" -+#include "mbedtls/ctr_drbg.h" -+#include "mbedtls/certs.h" -+#include "mbedtls/ssl_ticket.h" -+#include <string.h> -+#include <stdlib.h> -+#include <stdbool.h> -+#include <stdint.h> -+ -+ -+const char *pers = "fuzz_server"; -+static bool initialized = 0; -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+static mbedtls_x509_crt srvcert; -+static mbedtls_pk_context pkey; -+#endif -+const char *alpn_list[3]; -+ -+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -+const unsigned char psk[] = { -+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, -+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -+}; -+const char psk_id[] = "Client_identity"; -+#endif -+ -+ -+typedef struct fuzzBufferOffset -+{ -+ const uint8_t *Data; -+ size_t Size; -+ size_t Offset; -+} fuzzBufferOffset_t; -+ -+ -+static int dummy_send( void *ctx, const unsigned char *buf, size_t len ) -+{ -+ //silence warning about unused parameter -+ (void) ctx; -+ (void) buf; -+ -+ //pretends we wrote everything ok -+ return( len ); -+} -+ -+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len ) -+{ -+ //reads from the buffer from fuzzer -+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx; -+ -+ if (biomemfuzz->Offset == biomemfuzz->Size) { -+ //EOF -+ return (0); -+ } -+ if (len + biomemfuzz->Offset > biomemfuzz->Size) { -+ //do not overflow -+ len = biomemfuzz->Size - biomemfuzz->Offset; -+ } -+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); -+ biomemfuzz->Offset += len; -+ return( len ); -+} -+ -+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -+{ -+ int ret; -+ size_t i; -+ -+ //use mbedtls_ctr_drbg_random to find bugs in it -+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); -+ for (i=0; i<output_len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( ret ); -+} -+ -+static int dummy_entropy( void *data, unsigned char *output, size_t len ) -+{ -+ size_t i; -+ -+ //use mbedtls_entropy_func to find bugs in it -+ //test performance impact of entropy -+ //ret = mbedtls_entropy_func(data, output, len); -+ for (i=0; i<len; i++) { -+ //replace result with pseudo random -+ output[i] = (unsigned char) random(); -+ } -+ return( 0 ); -+} -+ -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+ int ret; -+ size_t len; -+ mbedtls_ssl_context ssl; -+ mbedtls_ssl_config conf; -+ mbedtls_ctr_drbg_context ctr_drbg; -+ mbedtls_entropy_context entropy; -+#if defined(MBEDTLS_SSL_SESSION_TICKETS) -+ mbedtls_ssl_ticket_context ticket_ctx; -+#endif -+ unsigned char buf[4096]; -+ fuzzBufferOffset_t biomemfuzz; -+ uint8_t options; -+ -+ //we take 1 byte as options input -+ if (Size < 1) { -+ return 0; -+ } -+ options = Data[Size - 1]; -+ -+ if (initialized == 0) { -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_x509_crt_init( &srvcert ); -+ mbedtls_pk_init( &pkey ); -+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt, -+ mbedtls_test_srv_crt_len ) != 0) -+ return 1; -+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem, -+ mbedtls_test_cas_pem_len ) != 0) -+ return 1; -+ if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, -+ mbedtls_test_srv_key_len, NULL, 0 ) != 0) -+ return 1; -+#endif -+ -+ alpn_list[0] = "HTTP"; -+ alpn_list[1] = "fuzzalpn"; -+ alpn_list[2] = NULL; -+ -+ initialized = 1; -+ } -+ mbedtls_ssl_init( &ssl ); -+ mbedtls_ssl_config_init( &conf ); -+ mbedtls_ctr_drbg_init( &ctr_drbg ); -+ mbedtls_entropy_init( &entropy ); -+#if defined(MBEDTLS_SSL_SESSION_TICKETS) -+ mbedtls_ssl_ticket_init( &ticket_ctx ); -+#endif -+ -+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, -+ (const unsigned char *) pers, strlen( pers ) ) != 0 ) -+ goto exit; -+ -+ -+ if( mbedtls_ssl_config_defaults( &conf, -+ MBEDTLS_SSL_IS_SERVER, -+ MBEDTLS_SSL_TRANSPORT_STREAM, -+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) -+ goto exit; -+ -+ srandom(1); -+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); -+ -+#if defined(MBEDTLS_X509_CRT_PARSE_C) -+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); -+ if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 ) -+ goto exit; -+#endif -+ -+ mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED ); -+#if defined(MBEDTLS_SSL_ALPN) -+ if (options & 0x2) { -+ mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ); -+ } -+#endif -+#if defined(MBEDTLS_SSL_SESSION_TICKETS) -+ if( options & 0x4 ) -+ { -+ if( mbedtls_ssl_ticket_setup( &ticket_ctx, -+ dummy_random, &ctr_drbg, -+ MBEDTLS_CIPHER_AES_256_GCM, -+ 86400 ) != 0 ) -+ goto exit; -+ -+ mbedtls_ssl_conf_session_tickets_cb( &conf, -+ mbedtls_ssl_ticket_write, -+ mbedtls_ssl_ticket_parse, -+ &ticket_ctx ); -+ } -+#endif -+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) -+ mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -+#endif -+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) -+ mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -+#endif -+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) -+ mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); -+#endif -+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -+ if (options & 0x40) { -+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ), -+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 ); -+ } -+#endif -+#if defined(MBEDTLS_SSL_RENEGOTIATION) -+ mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED ); -+#endif -+ -+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) -+ goto exit; -+ -+ biomemfuzz.Data = Data; -+ biomemfuzz.Size = Size-1; -+ biomemfuzz.Offset = 0; -+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL ); -+ -+ mbedtls_ssl_session_reset( &ssl ); -+ ret = mbedtls_ssl_handshake( &ssl ); -+ if( ret == 0 ) -+ { -+ //keep reading data from server until the end -+ do -+ { -+ len = sizeof( buf ) - 1; -+ ret = mbedtls_ssl_read( &ssl, buf, len ); -+ -+ if( ret == MBEDTLS_ERR_SSL_WANT_READ ) -+ continue; -+ else if( ret <= 0 ) -+ //EOF or error -+ break; -+ } -+ while( 1 ); -+ } -+ -+exit: -+#if defined(MBEDTLS_SSL_SESSION_TICKETS) -+ mbedtls_ssl_ticket_free( &ticket_ctx ); -+#endif -+ mbedtls_entropy_free( &entropy ); -+ mbedtls_ctr_drbg_free( &ctr_drbg ); -+ mbedtls_ssl_config_free( &conf ); -+ mbedtls_ssl_free( &ssl ); -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_server.options b/tests/fuzz/fuzz_server.options -new file mode 100644 -index 000000000..4d7340f49 ---- /dev/null -+++ b/tests/fuzz/fuzz_server.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 1048575 -diff --git a/tests/fuzz/fuzz_x509crl.c b/tests/fuzz/fuzz_x509crl.c -new file mode 100644 -index 000000000..02f521cc8 ---- /dev/null -+++ b/tests/fuzz/fuzz_x509crl.c -@@ -0,0 +1,22 @@ -+#include <stdint.h> -+#include "mbedtls/x509_crl.h" -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#ifdef MBEDTLS_X509_CRL_PARSE_C -+ int ret; -+ mbedtls_x509_crl crl; -+ unsigned char buf[4096]; -+ -+ mbedtls_x509_crl_init( &crl ); -+ ret = mbedtls_x509_crl_parse( &crl, Data, Size ); -+ if (ret == 0) { -+ ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl ); -+ } -+ mbedtls_x509_crl_free( &crl ); -+#else -+ (void) Data; -+ (void) Size; -+#endif -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_x509crl.options b/tests/fuzz/fuzz_x509crl.options -new file mode 100644 -index 000000000..0824b19fa ---- /dev/null -+++ b/tests/fuzz/fuzz_x509crl.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 65535 -diff --git a/tests/fuzz/fuzz_x509crt.c b/tests/fuzz/fuzz_x509crt.c -new file mode 100644 -index 000000000..8f593a141 ---- /dev/null -+++ b/tests/fuzz/fuzz_x509crt.c -@@ -0,0 +1,22 @@ -+#include <stdint.h> -+#include "mbedtls/x509_crt.h" -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#ifdef MBEDTLS_X509_CRT_PARSE_C -+ int ret; -+ mbedtls_x509_crt crt; -+ unsigned char buf[4096]; -+ -+ mbedtls_x509_crt_init( &crt ); -+ ret = mbedtls_x509_crt_parse( &crt, Data, Size ); -+ if (ret == 0) { -+ ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt ); -+ } -+ mbedtls_x509_crt_free( &crt ); -+#else -+ (void) Data; -+ (void) Size; -+#endif -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_x509crt.options b/tests/fuzz/fuzz_x509crt.options -new file mode 100644 -index 000000000..0824b19fa ---- /dev/null -+++ b/tests/fuzz/fuzz_x509crt.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 65535 -diff --git a/tests/fuzz/fuzz_x509csr.c b/tests/fuzz/fuzz_x509csr.c -new file mode 100644 -index 000000000..3cf28a6fa ---- /dev/null -+++ b/tests/fuzz/fuzz_x509csr.c -@@ -0,0 +1,22 @@ -+#include <stdint.h> -+#include "mbedtls/x509_csr.h" -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+#ifdef MBEDTLS_X509_CSR_PARSE_C -+ int ret; -+ mbedtls_x509_csr csr; -+ unsigned char buf[4096]; -+ -+ mbedtls_x509_csr_init( &csr ); -+ ret = mbedtls_x509_csr_parse( &csr, Data, Size ); -+ if (ret == 0) { -+ ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr ); -+ } -+ mbedtls_x509_csr_free( &csr ); -+#else -+ (void) Data; -+ (void) Size; -+#endif -+ -+ return 0; -+} -diff --git a/tests/fuzz/fuzz_x509csr.options b/tests/fuzz/fuzz_x509csr.options -new file mode 100644 -index 000000000..0824b19fa ---- /dev/null -+++ b/tests/fuzz/fuzz_x509csr.options -@@ -0,0 +1,2 @@ -+[libfuzzer] -+max_len = 65535 -diff --git a/tests/fuzz/onefile.c b/tests/fuzz/onefile.c -new file mode 100644 -index 000000000..caf3ca565 ---- /dev/null -+++ b/tests/fuzz/onefile.c -@@ -0,0 +1,50 @@ -+#include <stdint.h> -+#include <unistd.h> -+#include <stdlib.h> -+#include <stdio.h> -+ -+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); -+ -+int main(int argc, char** argv) -+{ -+ FILE * fp; -+ uint8_t *Data; -+ size_t Size; -+ -+ if (argc != 2) { -+ return 1; -+ } -+ //opens the file, get its size, and reads it into a buffer -+ fp = fopen(argv[1], "rb"); -+ if (fp == NULL) { -+ return 2; -+ } -+ if (fseek(fp, 0L, SEEK_END) != 0) { -+ fclose(fp); -+ return 2; -+ } -+ Size = ftell(fp); -+ if (Size == (size_t) -1) { -+ fclose(fp); -+ return 2; -+ } -+ if (fseek(fp, 0L, SEEK_SET) != 0) { -+ fclose(fp); -+ return 2; -+ } -+ Data = malloc(Size); -+ if (Data == NULL) { -+ fclose(fp); -+ return 2; -+ } -+ if (fread(Data, Size, 1, fp) != 1) { -+ fclose(fp); -+ return 2; -+ } -+ -+ //lauch fuzzer -+ LLVMFuzzerTestOneInput(Data, Size); -+ fclose(fp); -+ return 0; -+} -+ |