1 #include <string.h>
2 #include <stdlib.h>
3 #include <stdint.h>
4 #include "common.h"
5 #include "mbedtls/ssl.h"
6 #if defined(MBEDTLS_SSL_PROTO_DTLS)
7 #include "mbedtls/entropy.h"
8 #include "mbedtls/ctr_drbg.h"
9 #include "mbedtls/certs.h"
10 #include "mbedtls/timing.h"
11 #include "mbedtls/ssl_cookie.h"
12
13 #if defined(MBEDTLS_SSL_SRV_C) && \
14 defined(MBEDTLS_ENTROPY_C) && \
15 defined(MBEDTLS_CTR_DRBG_C) && \
16 defined(MBEDTLS_TIMING_C) && \
17 (defined(MBEDTLS_SHA256_C) || \
18 (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)))
19 const char *pers = "fuzz_dtlsserver";
20 const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
21 static int initialized = 0;
22 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
23 static mbedtls_x509_crt srvcert;
24 static mbedtls_pk_context pkey;
25 #endif
26 #endif
27 #endif // MBEDTLS_SSL_PROTO_DTLS
28
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)29 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
30 {
31 #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
32 defined(MBEDTLS_SSL_SRV_C) && \
33 defined(MBEDTLS_ENTROPY_C) && \
34 defined(MBEDTLS_CTR_DRBG_C) && \
35 defined(MBEDTLS_TIMING_C) && \
36 (defined(MBEDTLS_SHA256_C) || \
37 (defined(MBEDTLS_SHA512_C) && !defined(MBEDTLS_SHA512_NO_SHA384)))
38 int ret;
39 size_t len;
40 mbedtls_ssl_context ssl;
41 mbedtls_ssl_config conf;
42 mbedtls_ctr_drbg_context ctr_drbg;
43 mbedtls_entropy_context entropy;
44 mbedtls_timing_delay_context timer;
45 mbedtls_ssl_cookie_ctx cookie_ctx;
46 unsigned char buf[4096];
47 fuzzBufferOffset_t biomemfuzz;
48
49 if (initialized == 0) {
50 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) && \
51 defined(MBEDTLS_CERTS_C)
52 mbedtls_x509_crt_init(&srvcert);
53 mbedtls_pk_init(&pkey);
54 if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
55 mbedtls_test_srv_crt_len) != 0) {
56 return 1;
57 }
58 if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
59 mbedtls_test_cas_pem_len) != 0) {
60 return 1;
61 }
62 if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
63 mbedtls_test_srv_key_len, NULL, 0) != 0) {
64 return 1;
65 }
66 #endif
67 dummy_init();
68
69 initialized = 1;
70 }
71 mbedtls_ssl_init(&ssl);
72 mbedtls_ssl_config_init(&conf);
73 mbedtls_ctr_drbg_init(&ctr_drbg);
74 mbedtls_entropy_init(&entropy);
75 mbedtls_ssl_cookie_init(&cookie_ctx);
76
77 #if defined(MBEDTLS_USE_PSA_CRYPTO)
78 psa_status_t status = psa_crypto_init();
79 if (status != PSA_SUCCESS) {
80 goto exit;
81 }
82 #endif /* MBEDTLS_USE_PSA_CRYPTO */
83
84 if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
85 (const unsigned char *) pers, strlen(pers)) != 0) {
86 goto exit;
87 }
88
89
90 if (mbedtls_ssl_config_defaults(&conf,
91 MBEDTLS_SSL_IS_SERVER,
92 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
93 MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
94 goto exit;
95 }
96
97
98 srand(1);
99 mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
100
101 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
102 mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
103 if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
104 goto exit;
105 }
106 #endif
107
108 if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) {
109 goto exit;
110 }
111
112 mbedtls_ssl_conf_dtls_cookies(&conf,
113 mbedtls_ssl_cookie_write,
114 mbedtls_ssl_cookie_check,
115 &cookie_ctx);
116
117 if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
118 goto exit;
119 }
120
121 mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
122 mbedtls_timing_get_delay);
123
124 biomemfuzz.Data = Data;
125 biomemfuzz.Size = Size;
126 biomemfuzz.Offset = 0;
127 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
128 if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
129 goto exit;
130 }
131
132 ret = mbedtls_ssl_handshake(&ssl);
133
134 if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
135 biomemfuzz.Offset = ssl.next_record_offset;
136 mbedtls_ssl_session_reset(&ssl);
137 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
138 if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
139 goto exit;
140 }
141
142 ret = mbedtls_ssl_handshake(&ssl);
143
144 if (ret == 0) {
145 //keep reading data from server until the end
146 do {
147 len = sizeof(buf) - 1;
148 ret = mbedtls_ssl_read(&ssl, buf, len);
149 if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
150 continue;
151 } else if (ret <= 0) {
152 //EOF or error
153 break;
154 }
155 } while (1);
156 }
157 }
158
159 exit:
160 mbedtls_ssl_cookie_free(&cookie_ctx);
161 mbedtls_entropy_free(&entropy);
162 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
163 mbedtls_pk_free(&pkey);
164 mbedtls_x509_crt_free(&srvcert);
165 #endif
166 mbedtls_ctr_drbg_free(&ctr_drbg);
167 mbedtls_ssl_config_free(&conf);
168 mbedtls_ssl_free(&ssl);
169 #if defined(MBEDTLS_USE_PSA_CRYPTO)
170 mbedtls_psa_crypto_free();
171 #endif /* MBEDTLS_USE_PSA_CRYPTO */
172
173 #else
174 (void) Data;
175 (void) Size;
176 #endif
177 return 0;
178 }
179