• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 #include "common.h"
2 #include <limits.h>
3 #include <stdio.h>
4 #include <string.h>
5 #include <stdlib.h>
6 #include "mbedtls/ctr_drbg.h"
7 
8 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
dummy_constant_time(mbedtls_time_t * time)9 mbedtls_time_t dummy_constant_time(mbedtls_time_t *time)
10 {
11     (void) time;
12     return 0x5af2a056;
13 }
14 #endif
15 
dummy_init()16 void dummy_init()
17 {
18 #if defined(MBEDTLS_PLATFORM_TIME_ALT)
19     mbedtls_platform_set_time(dummy_constant_time);
20 #else
21     fprintf(stderr, "Warning: fuzzing without constant time\n");
22 #endif
23 }
24 
dummy_send(void * ctx,const unsigned char * buf,size_t len)25 int dummy_send(void *ctx, const unsigned char *buf, size_t len)
26 {
27     //silence warning about unused parameter
28     (void) ctx;
29     (void) buf;
30 
31     //pretends we wrote everything ok
32     if (len > INT_MAX) {
33         return -1;
34     }
35     return (int) len;
36 }
37 
fuzz_recv(void * ctx,unsigned char * buf,size_t len)38 int fuzz_recv(void *ctx, unsigned char *buf, size_t len)
39 {
40     //reads from the buffer from fuzzer
41     fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx;
42 
43     if (biomemfuzz->Offset == biomemfuzz->Size) {
44         //EOF
45         return 0;
46     }
47     if (len > INT_MAX) {
48         return -1;
49     }
50     if (len + biomemfuzz->Offset > biomemfuzz->Size) {
51         //do not overflow
52         len = biomemfuzz->Size - biomemfuzz->Offset;
53     }
54     memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
55     biomemfuzz->Offset += len;
56     return (int) len;
57 }
58 
dummy_random(void * p_rng,unsigned char * output,size_t output_len)59 int dummy_random(void *p_rng, unsigned char *output, size_t output_len)
60 {
61     int ret;
62     size_t i;
63 
64 #if defined(MBEDTLS_CTR_DRBG_C)
65     //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng
66     if (p_rng != NULL) {
67         //use mbedtls_ctr_drbg_random to find bugs in it
68         ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
69     } else {
70         //fall through to pseudo-random
71         ret = 0;
72     }
73 #else
74     (void) p_rng;
75     ret = 0;
76 #endif
77     for (i = 0; i < output_len; i++) {
78         //replace result with pseudo random
79         output[i] = (unsigned char) rand();
80     }
81     return ret;
82 }
83 
dummy_entropy(void * data,unsigned char * output,size_t len)84 int dummy_entropy(void *data, unsigned char *output, size_t len)
85 {
86     size_t i;
87     (void) data;
88 
89     //use mbedtls_entropy_func to find bugs in it
90     //test performance impact of entropy
91     //ret = mbedtls_entropy_func(data, output, len);
92     for (i = 0; i < len; i++) {
93         //replace result with pseudo random
94         output[i] = (unsigned char) rand();
95     }
96     return 0;
97 }
98 
fuzz_recv_timeout(void * ctx,unsigned char * buf,size_t len,uint32_t timeout)99 int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len,
100                       uint32_t timeout)
101 {
102     (void) timeout;
103 
104     return fuzz_recv(ctx, buf, len);
105 }
106