1 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
2
3 #include <string.h>
4 #include <stdlib.h>
5 #include <stdint.h>
6 #include "common.h"
7 #include "mbedtls/ssl.h"
8 #if defined(MBEDTLS_SSL_PROTO_DTLS)
9 #include "mbedtls/entropy.h"
10 #include "mbedtls/ctr_drbg.h"
11 #include "mbedtls/timing.h"
12 #include "test/certs.h"
13
14 #if defined(MBEDTLS_SSL_CLI_C) && \
15 defined(MBEDTLS_ENTROPY_C) && \
16 defined(MBEDTLS_CTR_DRBG_C) && \
17 defined(MBEDTLS_TIMING_C)
18 static int initialized = 0;
19 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
20 static mbedtls_x509_crt cacert;
21 #endif
22
23 const char *pers = "fuzz_dtlsclient";
24 #endif
25 #endif // MBEDTLS_SSL_PROTO_DTLS
26
27
28
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)29 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
30 #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
31 defined(MBEDTLS_SSL_CLI_C) && \
32 defined(MBEDTLS_ENTROPY_C) && \
33 defined(MBEDTLS_CTR_DRBG_C) && \
34 defined(MBEDTLS_TIMING_C)
35 int ret;
36 size_t len;
37 mbedtls_ssl_context ssl;
38 mbedtls_ssl_config conf;
39 mbedtls_ctr_drbg_context ctr_drbg;
40 mbedtls_entropy_context entropy;
41 mbedtls_timing_delay_context timer;
42 unsigned char buf[4096];
43 fuzzBufferOffset_t biomemfuzz;
44
45 if (initialized == 0) {
46 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
47 mbedtls_x509_crt_init( &cacert );
48 if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
49 mbedtls_test_cas_pem_len ) != 0)
50 return 1;
51 #endif
52 dummy_init();
53
54 initialized = 1;
55 }
56
57 mbedtls_ssl_init( &ssl );
58 mbedtls_ssl_config_init( &conf );
59 mbedtls_ctr_drbg_init( &ctr_drbg );
60 mbedtls_entropy_init( &entropy );
61
62 srand(1);
63 if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
64 (const unsigned char *) pers, strlen( pers ) ) != 0 )
65 goto exit;
66
67 if( mbedtls_ssl_config_defaults( &conf,
68 MBEDTLS_SSL_IS_CLIENT,
69 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
70 MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
71 goto exit;
72
73 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
74 mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
75 #endif
76 mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
77 mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
78
79 if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
80 goto exit;
81
82 mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
83 mbedtls_timing_get_delay );
84
85 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
86 if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
87 goto exit;
88 #endif
89
90 biomemfuzz.Data = Data;
91 biomemfuzz.Size = Size;
92 biomemfuzz.Offset = 0;
93 mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
94
95 ret = mbedtls_ssl_handshake( &ssl );
96 if( ret == 0 )
97 {
98 //keep reading data from server until the end
99 do
100 {
101 len = sizeof( buf ) - 1;
102 ret = mbedtls_ssl_read( &ssl, buf, len );
103
104 if( ret == MBEDTLS_ERR_SSL_WANT_READ )
105 continue;
106 else if( ret <= 0 )
107 //EOF or error
108 break;
109 }
110 while( 1 );
111 }
112
113 exit:
114 mbedtls_entropy_free( &entropy );
115 mbedtls_ctr_drbg_free( &ctr_drbg );
116 mbedtls_ssl_config_free( &conf );
117 mbedtls_ssl_free( &ssl );
118
119 #else
120 (void) Data;
121 (void) Size;
122 #endif
123 return 0;
124 }
125