Use the dedicated dummy_random in fuzzing programs

Also make sure to initialize the DRBG before using it in fuzz_server (dummy_random uses ctr_drbg internally). Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2025-11-03 20:22:59 -05:00 · 2021-06-16 10:20:30 +02:00 · 2021-06-16 10:20:30 +02:00 · 7f93da1265
commit 7f93da1265
parent 36a8963b3b
3 changed files with 11 additions and 12 deletions
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@ -6,7 +6,6 @@
 #include "common.h"
 #include "mbedtls/ssl.h"
 #include "test/certs.h"
-#include "test/random.h"
 #if defined(MBEDTLS_SSL_PROTO_DTLS)
 #include "mbedtls/entropy.h"
 #include "mbedtls/ctr_drbg.h"
@ -57,7 +56,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
            return 1;
        if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
                                 mbedtls_test_srv_key_len, NULL, 0,
-                                 mbedtls_test_rnd_std_rand, NULL ) != 0)
+                                 dummy_random, NULL ) != 0)
            return 1;
 #endif
        dummy_init();
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@ -3,7 +3,7 @@
 #include <stdint.h>
 #include <stdlib.h>
 #include "mbedtls/pk.h"
-#include "test/random.h"
+#include "common.h"

 //4 Kb should be enough for every bug ;-)
 #define MAX_LEN 0x1000
@ -21,7 +21,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

    mbedtls_pk_init( &pk );
    ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
-                                mbedtls_test_rnd_std_rand, NULL );
+                                dummy_random, NULL );
    if (ret == 0) {
 #if defined(MBEDTLS_RSA_C)
        if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@ -56,6 +56,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    options = Data[Size - 1];

    if (initialized == 0) {
+        mbedtls_ctr_drbg_init( &ctr_drbg );
+        mbedtls_entropy_init( &entropy );
+
+        if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+                                  (const unsigned char *) pers, strlen( pers ) ) != 0 )
+            return 1;
+
 #if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
        mbedtls_x509_crt_init( &srvcert );
        mbedtls_pk_init( &pkey );
@ -67,7 +74,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
            return 1;
        if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
                                 mbedtls_test_srv_key_len, NULL, 0,
-                                 mbedtls_ctr_drbg_random, &ctr_drbg ) != 0)
+                                 dummy_random, &ctr_drbg ) != 0)
            return 1;
 #endif

@ -81,17 +88,10 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
    }
    mbedtls_ssl_init( &ssl );
    mbedtls_ssl_config_init( &conf );
-    mbedtls_ctr_drbg_init( &ctr_drbg );
-    mbedtls_entropy_init( &entropy );
 #if defined(MBEDTLS_SSL_SESSION_TICKETS)
    mbedtls_ssl_ticket_init( &ticket_ctx );
 #endif

-    if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
-                              (const unsigned char *) pers, strlen( pers ) ) != 0 )
-        goto exit;
-
-
    if( mbedtls_ssl_config_defaults( &conf,
                                    MBEDTLS_SSL_IS_SERVER,
                                    MBEDTLS_SSL_TRANSPORT_STREAM,