1 #define MBEDTLS_ALLOW_PRIVATE_ACCESS
2
3 #include <string.h>
4 #include <stdlib.h>
5 #include <stdint.h>
6 #include "common.h"
7 #include "mbedtls/ssl.h"
8 #include "test/certs.h"
9 #if defined(MBEDTLS_SSL_PROTO_DTLS)
10 #include "mbedtls/entropy.h"
11 #include "mbedtls/ctr_drbg.h"
12 #include "mbedtls/timing.h"
13 #include "mbedtls/ssl_cookie.h"
14
15 #if defined(MBEDTLS_SSL_SRV_C) && \
16 defined(MBEDTLS_ENTROPY_C) && \
17 defined(MBEDTLS_CTR_DRBG_C) && \
18 defined(MBEDTLS_TIMING_C) && \
19 (defined(MBEDTLS_MD_CAN_SHA384) || \
20 defined(MBEDTLS_MD_CAN_SHA256))
21 const char *pers = "fuzz_dtlsserver";
22 const unsigned char client_ip[4] = { 0x7F, 0, 0, 1 };
23 static int initialized = 0;
24 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
25 static mbedtls_x509_crt srvcert;
26 static mbedtls_pk_context pkey;
27 #endif
28 #endif
29 #endif // MBEDTLS_SSL_PROTO_DTLS
30
LLVMFuzzerTestOneInput(const uint8_t * Data,size_t Size)31 int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size)
32 {
33 #if defined(MBEDTLS_SSL_PROTO_DTLS) && \
34 defined(MBEDTLS_SSL_SRV_C) && \
35 defined(MBEDTLS_ENTROPY_C) && \
36 defined(MBEDTLS_CTR_DRBG_C) && \
37 defined(MBEDTLS_TIMING_C) && \
38 (defined(MBEDTLS_MD_CAN_SHA384) || \
39 defined(MBEDTLS_MD_CAN_SHA256))
40 int ret;
41 size_t len;
42 mbedtls_ssl_context ssl;
43 mbedtls_ssl_config conf;
44 mbedtls_ctr_drbg_context ctr_drbg;
45 mbedtls_entropy_context entropy;
46 mbedtls_timing_delay_context timer;
47 mbedtls_ssl_cookie_ctx cookie_ctx;
48 unsigned char buf[4096];
49 fuzzBufferOffset_t biomemfuzz;
50
51 mbedtls_ctr_drbg_init(&ctr_drbg);
52 mbedtls_entropy_init(&entropy);
53 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
54 mbedtls_x509_crt_init(&srvcert);
55 mbedtls_pk_init(&pkey);
56 #endif
57 mbedtls_ssl_init(&ssl);
58 mbedtls_ssl_config_init(&conf);
59 mbedtls_ssl_cookie_init(&cookie_ctx);
60
61 #if defined(MBEDTLS_USE_PSA_CRYPTO)
62 psa_status_t status = psa_crypto_init();
63 if (status != PSA_SUCCESS) {
64 goto exit;
65 }
66 #endif /* MBEDTLS_USE_PSA_CRYPTO */
67
68 if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
69 (const unsigned char *) pers, strlen(pers)) != 0) {
70 goto exit;
71 }
72
73 if (initialized == 0) {
74 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
75
76 if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_srv_crt,
77 mbedtls_test_srv_crt_len) != 0) {
78 return 1;
79 }
80 if (mbedtls_x509_crt_parse(&srvcert, (const unsigned char *) mbedtls_test_cas_pem,
81 mbedtls_test_cas_pem_len) != 0) {
82 return 1;
83 }
84 if (mbedtls_pk_parse_key(&pkey, (const unsigned char *) mbedtls_test_srv_key,
85 mbedtls_test_srv_key_len, NULL, 0,
86 dummy_random, &ctr_drbg) != 0) {
87 return 1;
88 }
89 #endif
90 dummy_init();
91
92 initialized = 1;
93 }
94
95 if (mbedtls_ssl_config_defaults(&conf,
96 MBEDTLS_SSL_IS_SERVER,
97 MBEDTLS_SSL_TRANSPORT_DATAGRAM,
98 MBEDTLS_SSL_PRESET_DEFAULT) != 0) {
99 goto exit;
100 }
101
102
103 srand(1);
104 mbedtls_ssl_conf_rng(&conf, dummy_random, &ctr_drbg);
105
106 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
107 mbedtls_ssl_conf_ca_chain(&conf, srvcert.next, NULL);
108 if (mbedtls_ssl_conf_own_cert(&conf, &srvcert, &pkey) != 0) {
109 goto exit;
110 }
111 #endif
112
113 if (mbedtls_ssl_cookie_setup(&cookie_ctx, dummy_random, &ctr_drbg) != 0) {
114 goto exit;
115 }
116
117 mbedtls_ssl_conf_dtls_cookies(&conf,
118 mbedtls_ssl_cookie_write,
119 mbedtls_ssl_cookie_check,
120 &cookie_ctx);
121
122 if (mbedtls_ssl_setup(&ssl, &conf) != 0) {
123 goto exit;
124 }
125
126 mbedtls_ssl_set_timer_cb(&ssl, &timer, mbedtls_timing_set_delay,
127 mbedtls_timing_get_delay);
128
129 biomemfuzz.Data = Data;
130 biomemfuzz.Size = Size;
131 biomemfuzz.Offset = 0;
132 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
133 if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
134 goto exit;
135 }
136
137 ret = mbedtls_ssl_handshake(&ssl);
138
139 if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
140 biomemfuzz.Offset = ssl.next_record_offset;
141 mbedtls_ssl_session_reset(&ssl);
142 mbedtls_ssl_set_bio(&ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout);
143 if (mbedtls_ssl_set_client_transport_id(&ssl, client_ip, sizeof(client_ip)) != 0) {
144 goto exit;
145 }
146
147 ret = mbedtls_ssl_handshake(&ssl);
148
149 if (ret == 0) {
150 //keep reading data from server until the end
151 do {
152 len = sizeof(buf) - 1;
153 ret = mbedtls_ssl_read(&ssl, buf, len);
154 if (ret == MBEDTLS_ERR_SSL_WANT_READ) {
155 continue;
156 } else if (ret <= 0) {
157 //EOF or error
158 break;
159 }
160 } while (1);
161 }
162 }
163
164 exit:
165 mbedtls_ssl_cookie_free(&cookie_ctx);
166 mbedtls_entropy_free(&entropy);
167 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
168 mbedtls_pk_free(&pkey);
169 mbedtls_x509_crt_free(&srvcert);
170 #endif
171 mbedtls_ctr_drbg_free(&ctr_drbg);
172 mbedtls_ssl_config_free(&conf);
173 mbedtls_ssl_free(&ssl);
174 #if defined(MBEDTLS_USE_PSA_CRYPTO)
175 mbedtls_psa_crypto_free();
176 #endif /* MBEDTLS_USE_PSA_CRYPTO */
177
178 #else
179 (void) Data;
180 (void) Size;
181 #endif
182 return 0;
183 }
184