1 #include "mbedtls/ssl.h"
2 #include "mbedtls/entropy.h"
3 #include "mbedtls/ctr_drbg.h"
4 #include "mbedtls/certs.h"
5 #include "common.h"
6 #include <string.h>
7 #include <stdlib.h>
8 #include <stdint.h>
9
10
11 #if defined(MBEDTLS_SSL_CLI_C) && \
12 defined(MBEDTLS_ENTROPY_C) && \
13 defined(MBEDTLS_CTR_DRBG_C)
14 static int initialized = 0;
15 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
16 static mbedtls_x509_crt cacert;
17 #endif
18 const char *alpn_list[3];
19
20
21 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
22 const unsigned char psk[] = {
23 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
24 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
25 };
26 const char psk_id[] = "Client_identity";
27 #endif
28
29 const char *pers = "fuzz_client";
30 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
31
32
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)33 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
34 {
35 #if defined(MBEDTLS_SSL_CLI_C) && \
36 defined(MBEDTLS_ENTROPY_C) && \
37 defined(MBEDTLS_CTR_DRBG_C)
38 int ret;
39 size_t len;
40 mbedtls_ssl_context ssl;
41 mbedtls_ssl_config conf;
42 mbedtls_ctr_drbg_context ctr_drbg;
43 mbedtls_entropy_context entropy;
44 unsigned char buf[4096];
45 fuzzBufferOffset_t biomemfuzz;
46 uint16_t options;
47
48 if (initialized == 0) {
49 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
50 defined(MBEDTLS_CERTS_C)
51 mbedtls_x509_crt_init(&cacert);
52 if (mbedtls_x509_crt_parse(&cacert, (const unsigned char *) mbedtls_test_cas_pem,
53 mbedtls_test_cas_pem_len) != 0) {
54 return 1;
55 }
56 #endif
57
58 alpn_list[0] = "HTTP";
59 alpn_list[1] = "fuzzalpn";
60 alpn_list[2] = NULL;
61
62 dummy_init();
63
64 initialized = 1;
65 }
66
67 //we take 1 byte as options input
68 if (Size < 2) {
69 return 0;
70 }
71 options = (Data[Size - 2] << 8) | Data[Size - 1];
72 //Avoid warnings if compile options imply no options
73 (void) options;
74
75 mbedtls_ssl_init(&ssl);
76 mbedtls_ssl_config_init(&conf);
77 mbedtls_ctr_drbg_init(&ctr_drbg);
78 mbedtls_entropy_init(&entropy);
79
80 #if defined(MBEDTLS_USE_PSA_CRYPTO)
81 psa_status_t status = psa_crypto_init();
82 if (status != PSA_SUCCESS) {
83 goto exit;
84 }
85 #endif /* MBEDTLS_USE_PSA_CRYPTO */
86
87 if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
88 (const unsigned char *) pers, strlen(pers)) != 0) {
89 goto exit;
90 }
91
92 if (mbedtls_ssl_config_defaults(&conf,
93 MBEDTLS_SSL_IS_CLIENT,
94 MBEDTLS_SSL_TRANSPORT_STREAM,
95 MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
96 goto exit;
97 }
98
99 #if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
100 if (options & 2) {
101 mbedtls_ssl_conf_psk(&conf, psk, sizeof(psk),
102 (const unsigned char *) psk_id, sizeof(psk_id) - 1);
103 }
104 #endif
105
106 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
107 if (options & 4) {
108 mbedtls_ssl_conf_ca_chain(&conf, &cacert, NULL);
109 mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_REQUIRED);
110 } else
111 #endif
112 {
113 mbedtls_ssl_conf_authmode(&conf, MBEDTLS_SSL_VERIFY_NONE);
114 }
115 #if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
116 mbedtls_ssl_conf_truncated_hmac(&conf,
117 (options &
118 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
119 #endif
120 #if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
121 mbedtls_ssl_conf_extended_master_secret(&conf,
122 (options &
123 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
124 #endif
125 #if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
126 mbedtls_ssl_conf_encrypt_then_mac(&conf,
127 (options &
128 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
129 #endif
130 #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
131 mbedtls_ssl_conf_cbc_record_splitting(&conf,
132 (options &
133 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED);
134 #endif
135 #if defined(MBEDTLS_SSL_RENEGOTIATION)
136 mbedtls_ssl_conf_renegotiation(&conf,
137 (options &
138 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED);
139 #endif
140 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
141 mbedtls_ssl_conf_session_tickets(&conf,
142 (options &
143 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED);
144 #endif
145 #if defined(MBEDTLS_SSL_ALPN)
146 if (options & 0x200) {
147 mbedtls_ssl_conf_alpn_protocols(&conf, alpn_list);
148 }
149 #endif
150 //There may be other options to add :
151 // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
152
153 srand(1);
154 mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
155
156 if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
157 goto exit;
158 }
159
160 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
161 if ((options & 1) == 0) {
162 if (mbedtls_ssl_set_hostname(&ssl, "localhost") != 0) {
163 goto exit;
164 }
165 }
166 #endif
167
168 biomemfuzz.Data = Data;
169 biomemfuzz.Size = Size-2;
170 biomemfuzz.Offset = 0;
171 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL);
172
173 ret = mbedtls_ssl_handshake(&ssl);
174 if (ret == 0) {
175 //keep reading data from server until the end
176 do {
177 len = sizeof(buf) - 1;
178 ret = mbedtls_ssl_read(&ssl, buf, len);
179
180 if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
181 continue;
182 } else if (ret <= 0) {
183 //EOF or error
184 break;
185 }
186 } while (1);
187 }
188
189 exit:
190 mbedtls_entropy_free(&entropy);
191 mbedtls_ctr_drbg_free(&ctr_drbg);
192 mbedtls_ssl_config_free(&conf);
193 mbedtls_ssl_free(&ssl);
194 #if defined(MBEDTLS_USE_PSA_CRYPTO)
195 mbedtls_psa_crypto_free();
196 #endif /* MBEDTLS_USE_PSA_CRYPTO */
197
198 #else
199 (void) Data;
200 (void) Size;
201 #endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
202
203 return 0;
204 }
205