From dd27691c61ec3f19c24063511ef66b8d74bb3770 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 2 Apr 2025 15:55:04 +0100 Subject: [PATCH 01/21] remove fuzz_privkey.c and fuzz_pubkey.c Signed-off-by: Ben Taylor --- programs/fuzz/.gitignore | 2 - programs/fuzz/CMakeLists.txt | 2 - programs/fuzz/fuzz_privkey.c | 105 ----------------------------------- programs/fuzz/fuzz_pubkey.c | 93 ------------------------------- 4 files changed, 202 deletions(-) delete mode 100644 programs/fuzz/fuzz_privkey.c delete mode 100644 programs/fuzz/fuzz_pubkey.c diff --git a/programs/fuzz/.gitignore b/programs/fuzz/.gitignore index 34e3ed088..9b8da6195 100644 --- a/programs/fuzz/.gitignore +++ b/programs/fuzz/.gitignore @@ -2,8 +2,6 @@ fuzz_client fuzz_dtlsclient fuzz_dtlsserver fuzz_pkcs7 -fuzz_privkey -fuzz_pubkey fuzz_server fuzz_x509crl fuzz_x509crt diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 8f463178b..54b07b4dd 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -9,7 +9,6 @@ if(FUZZINGENGINE_LIB) endif() set(executables_no_common_c - fuzz_pubkey fuzz_x509crl fuzz_x509crt fuzz_x509csr @@ -18,7 +17,6 @@ set(executables_no_common_c add_dependencies(${programs_target} ${executables_no_common_c}) set(executables_with_common_c - fuzz_privkey fuzz_client fuzz_dtlsclient fuzz_dtlsserver diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c deleted file mode 100644 index 8055603c6..000000000 --- a/programs/fuzz/fuzz_privkey.c +++ /dev/null @@ -1,105 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "mbedtls/pk.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "common.h" - -//4 Kb should be enough for every bug ;-) -#define MAX_LEN 0x1000 - -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) -const char *pers = "fuzz_privkey"; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) && defined(MBEDTLS_ENTROPY_C) - int ret; - mbedtls_pk_context pk; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - - if (Size > MAX_LEN) { - //only work on small inputs - Size = MAX_LEN; - } - - mbedtls_ctr_drbg_init(&ctr_drbg); - mbedtls_entropy_init(&entropy); - mbedtls_pk_init(&pk); - -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - - if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen(pers)) != 0) { - goto exit; - } - - ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != 0) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -exit: - mbedtls_entropy_free(&entropy); - mbedtls_ctr_drbg_free(&ctr_drbg); - mbedtls_pk_free(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ -#else - (void) Data; - (void) Size; -#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C && MBEDTLS_ENTROPY_C - - return 0; -} diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c deleted file mode 100644 index 69e85e038..000000000 --- a/programs/fuzz/fuzz_pubkey.c +++ /dev/null @@ -1,93 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include "mbedtls/pk.h" -#include "common.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) -{ -#ifdef MBEDTLS_PK_PARSE_C - int ret; - mbedtls_pk_context pk; - - mbedtls_pk_init(&pk); -#if defined(MBEDTLS_USE_PSA_CRYPTO) - psa_status_t status = psa_crypto_init(); - if (status != PSA_SUCCESS) { - goto exit; - } -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - ret = mbedtls_pk_parse_public_key(&pk, Data, Size); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_RSA) { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q); - mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP); - mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP); - - rsa = mbedtls_pk_rsa(pk); - if (mbedtls_rsa_export(rsa, &N, NULL, NULL, NULL, &E) != 0) { - abort(); - } - if (mbedtls_rsa_export(rsa, &N, &P, &Q, &D, &E) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - if (mbedtls_rsa_export_crt(rsa, &DP, &DQ, &QP) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA) { - abort(); - } - - mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q); - mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP); - mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP); - - } else -#endif -#if defined(MBEDTLS_ECP_C) - if (mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type(&pk) == MBEDTLS_PK_ECKEY_DH) { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec(pk); - mbedtls_ecp_group_id grp_id = mbedtls_ecp_keypair_get_group_id(ecp); - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id(grp_id); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if (curve_info == NULL) { - abort(); - } - - /* It's a public key, so the private value should not have - * been changed from its initialization to 0. */ - mbedtls_mpi d; - mbedtls_mpi_init(&d); - if (mbedtls_ecp_export(ecp, NULL, &d, NULL) != 0) { - abort(); - } - if (mbedtls_mpi_cmp_int(&d, 0) != 0) { - abort(); - } - mbedtls_mpi_free(&d); - } else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort(); - } - } -#if defined(MBEDTLS_USE_PSA_CRYPTO) -exit: - mbedtls_psa_crypto_free(); -#endif /* MBEDTLS_USE_PSA_CRYPTO */ - mbedtls_pk_free(&pk); -#else - (void) Data; - (void) Size; -#endif //MBEDTLS_PK_PARSE_C - - return 0; -} From 107b21ce533bbd8fc4c5018ecf2d383894e8b74d Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 10:06:53 +0100 Subject: [PATCH 02/21] removed common.* from programs/fuzz Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 3 +- programs/fuzz/common.c | 107 ----------------------------------- programs/fuzz/common.h | 28 --------- 3 files changed, 2 insertions(+), 136 deletions(-) delete mode 100644 programs/fuzz/common.c delete mode 100644 programs/fuzz/common.h diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 54b07b4dd..5dbc92890 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,12 +37,13 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) + list(APPEND exe_sources ../../tf-psa-crypto/programs/fuzz/common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include + ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c deleted file mode 100644 index 41fa858a4..000000000 --- a/programs/fuzz/common.c +++ /dev/null @@ -1,107 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include "common.h" -#include -#include -#include -#include -#include "mbedtls/ctr_drbg.h" - -#if defined(MBEDTLS_PLATFORM_TIME_ALT) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) -{ - (void) time; - return 0x5af2a056; -} -#endif - -void dummy_init(void) -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time(dummy_constant_time); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send(void *ctx, const unsigned char *buf, size_t len) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if (len > INT_MAX) { - return -1; - } - return (int) len; -} - -int fuzz_recv(void *ctx, unsigned char *buf, size_t len) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if (biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return 0; - } - if (len > INT_MAX) { - return -1; - } - if (len + biomemfuzz->Offset > biomemfuzz->Size) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return (int) len; -} - -int dummy_random(void *p_rng, unsigned char *output, size_t output_len) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng - if (p_rng != NULL) { - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); - } else { - //fall through to pseudo-random - ret = 0; - } -#else - (void) p_rng; - ret = 0; -#endif - for (i = 0; i < output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return ret; -} - -int dummy_entropy(void *data, unsigned char *output, size_t len) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i = 0; i < len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return 0; -} - -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h deleted file mode 100644 index 88dceacf7..000000000 --- a/programs/fuzz/common.h +++ /dev/null @@ -1,28 +0,0 @@ -#include "mbedtls/build_info.h" - -#if defined(MBEDTLS_HAVE_TIME) -#include "mbedtls/platform_time.h" -#endif -#include -#include - -typedef struct fuzzBufferOffset { - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -#if defined(MBEDTLS_HAVE_TIME) -mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); -#endif -void dummy_init(void); - -int dummy_send(void *ctx, const unsigned char *buf, size_t len); -int fuzz_recv(void *ctx, unsigned char *buf, size_t len); -int dummy_random(void *p_rng, unsigned char *output, size_t output_len); -int dummy_entropy(void *data, unsigned char *output, size_t len); -int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, - uint32_t timeout); - -/* Implemented in the fuzz_*.c sources and required by onefile.c */ -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); From 2584eaddf919af004f34e42f94589edb83f68ed4 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Thu, 3 Apr 2025 13:46:13 +0100 Subject: [PATCH 03/21] add fix for fuzz Makefile for new common path Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 71cba0bcd..5548148cf 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -9,6 +9,8 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif +LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ + # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) @@ -28,13 +30,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o common.o $(DEP) - echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP) - echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From eea3ddaf2c6b416dc349400a5dede9deedd99b0b Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Apr 2025 13:24:51 +0100 Subject: [PATCH 04/21] corrected cmake path Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 5dbc92890..61c5b63c0 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,7 +37,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources ../../tf-psa-crypto/programs/fuzz/common.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) From dc027791e903047001f39c498f5a4dd1d0b97d61 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 7 Apr 2025 15:33:41 +0100 Subject: [PATCH 05/21] update common. to fuzz_common.h Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- programs/fuzz/onefile.c | 70 --------------------------------- 10 files changed, 9 insertions(+), 79 deletions(-) delete mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 61c5b63c0..bd9bf91d9 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,7 +31,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) + list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 6d3b73fa9..440c0245f 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index efe136227..7a1da13c3 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 31eb51427..98a70216e 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "common.h" +#include "fuzz_common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index 9ec935179..f236190c2 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index bb9dd0a58..05b7480cb 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "common.h" +#include "fuzz_common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 2840fbbb0..92e0f5d12 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 29331b94d..c99ae2e7b 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index e0aaabc01..4ab071f1c 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "common.h" +#include "fuzz_common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c deleted file mode 100644 index 6c02a641d..000000000 --- a/programs/fuzz/onefile.c +++ /dev/null @@ -1,70 +0,0 @@ -#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS - -#include -#include -#include -#include "common.h" - -/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#include "mbedtls/build_info.h" - -int main(int argc, char **argv) -{ - FILE *fp; - uint8_t *Data; - size_t Size; - const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; - - if (argc != 2) { - fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - fprintf(stderr, "%s: Error in fopen\n", argv0); - perror(argv[1]); - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fprintf(stderr, "%s: Error in ftell\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fprintf(stderr, "%s: Error in fseek(0)\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fprintf(stderr, "%s: Could not allocate memory\n", argv0); - perror(argv[1]); - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - fprintf(stderr, "%s: Error in fread\n", argv0); - perror(argv[1]); - free(Data); - fclose(fp); - return 2; - } - - //launch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} From a59cef43f2327be71ba69769e5d1f0b9328a3ba8 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 8 Apr 2025 08:45:21 +0100 Subject: [PATCH 06/21] add fixes for the fuzz Make system Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 5548148cf..71f1a580f 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,6 +13,7 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) +APPS += $(basename $(wildcard (MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_*.c)) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -30,13 +31,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From aa5aa47aa5658d6b5c0421af39cf51deed134578 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 8 Apr 2025 09:15:43 +0100 Subject: [PATCH 07/21] corrected Makefile path for fuzz progs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 71f1a580f..833055246 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,7 +13,8 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(wildcard (MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_*.c)) +APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c)) +APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c)) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From c42f5d4c901d3a4f4c2e59b9d10dcbb76d57bb20 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 11 Apr 2025 09:53:57 +0100 Subject: [PATCH 08/21] added fix for Makefile in fuzz programs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 833055246..3edd9e0c6 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -33,8 +33,8 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE $(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.c $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ + echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else $(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" From 728704058742fc2e3db0bb005533e21e8196b740 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 08:43:59 +0100 Subject: [PATCH 09/21] fixed issue with binary cleanup in fuzz programs Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 3edd9e0c6..93dd4c92b 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -44,7 +44,9 @@ endif clean: ifndef WINDOWS rm -rf $(BINARIES) *.o + rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe + rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o endif From 38b063a91ec343f12f0b36d7af46cbec26259361 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 14 Apr 2025 13:50:27 +0100 Subject: [PATCH 10/21] add fix to fuzz makefile for windows Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 93dd4c92b..50857ca48 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -48,5 +48,5 @@ ifndef WINDOWS else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - rm -rf $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o + if exist $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o del /Q /F $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o endif From 51ab2d4ffb1c19971b3b998210e89e6788772b2e Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 29 Apr 2025 10:33:59 +0100 Subject: [PATCH 11/21] Add ChangeLog Signed-off-by: Ben Taylor --- ChangeLog.d/remove-fuzz-progs.txt | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 ChangeLog.d/remove-fuzz-progs.txt diff --git a/ChangeLog.d/remove-fuzz-progs.txt b/ChangeLog.d/remove-fuzz-progs.txt new file mode 100644 index 000000000..84aeec9a8 --- /dev/null +++ b/ChangeLog.d/remove-fuzz-progs.txt @@ -0,0 +1,2 @@ +Removals + * Remove fuzz_privkey and fuzz_pubkey. From ebaf90ff3f7b78d183b26d44299164404332f820 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 30 Apr 2025 07:58:30 +0100 Subject: [PATCH 12/21] Remove ChangeLog as it is not required Signed-off-by: Ben Taylor --- ChangeLog.d/remove-fuzz-progs.txt | 2 -- 1 file changed, 2 deletions(-) delete mode 100644 ChangeLog.d/remove-fuzz-progs.txt diff --git a/ChangeLog.d/remove-fuzz-progs.txt b/ChangeLog.d/remove-fuzz-progs.txt deleted file mode 100644 index 84aeec9a8..000000000 --- a/ChangeLog.d/remove-fuzz-progs.txt +++ /dev/null @@ -1,2 +0,0 @@ -Removals - * Remove fuzz_privkey and fuzz_pubkey. From 9784b40ba7f814f4db65199141c0259de9d8f154 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 21 May 2025 08:01:28 +0100 Subject: [PATCH 13/21] Remove wildcard as it is no longer required Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 50857ca48..09e8600d7 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -13,8 +13,8 @@ LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c)) -APPS += $(basename $(wildcard $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c)) +APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c) +APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) From 946b0d982abf51bab79383858927caefe58df3ab Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 21 May 2025 08:06:15 +0100 Subject: [PATCH 14/21] Corrected windows paths Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 09e8600d7..bac5cd38e 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -48,5 +48,5 @@ ifndef WINDOWS else if exist *.o del /Q /F *.o if exist *.exe del /Q /F *.exe - if exist $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o del /Q /F $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/*.o + if exist $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o del /Q /F $(MBEDTLS_PATH)\tf-psa-crypto\programs\fuzz\*.o endif From 80490a2f1a5090424480548e93983b015eec1019 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 08:24:01 +0100 Subject: [PATCH 15/21] Revert some changes to allow merge Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 5 +- programs/fuzz/fuzz_common.c | 107 +++++++++++++++++++++++++++++++++++ programs/fuzz/fuzz_common.h | 28 +++++++++ programs/fuzz/onefile.c | 70 +++++++++++++++++++++++ 4 files changed, 207 insertions(+), 3 deletions(-) create mode 100644 programs/fuzz/fuzz_common.c create mode 100644 programs/fuzz/fuzz_common.h create mode 100644 programs/fuzz/onefile.c diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index bd9bf91d9..53d771cc1 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -31,19 +31,18 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) $ $) if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/onefile.c) + list(APPEND exe_sources onefile.c) endif() # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources ${MBEDTLS_DIR}/tf-psa-crypto/programs/fuzz/fuzz_common.c) + list(APPEND exe_sources fuzz_common.c) endif() add_executable(${exe} ${exe_sources}) set_base_compile_options(${exe}) target_include_directories(${exe} PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/../../framework/tests/include - ${CMAKE_CURRENT_SOURCE_DIR}/../../tf-psa-crypto/programs/fuzz/ ${CMAKE_CURRENT_SOURCE_DIR}/../../tests/include) if (NOT FUZZINGENGINE_LIB) diff --git a/programs/fuzz/fuzz_common.c b/programs/fuzz/fuzz_common.c new file mode 100644 index 000000000..de1691372 --- /dev/null +++ b/programs/fuzz/fuzz_common.c @@ -0,0 +1,107 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include "fuzz_common.h" +#include +#include +#include +#include +#include "mbedtls/ctr_drbg.h" + +#if defined(MBEDTLS_PLATFORM_TIME_ALT) +mbedtls_time_t dummy_constant_time(mbedtls_time_t *time) +{ + (void) time; + return 0x5af2a056; +} +#endif + +void dummy_init(void) +{ +#if defined(MBEDTLS_PLATFORM_TIME_ALT) + mbedtls_platform_set_time(dummy_constant_time); +#else + fprintf(stderr, "Warning: fuzzing without constant time\n"); +#endif +} + +int dummy_send(void *ctx, const unsigned char *buf, size_t len) +{ + //silence warning about unused parameter + (void) ctx; + (void) buf; + + //pretends we wrote everything ok + if (len > INT_MAX) { + return -1; + } + return (int) len; +} + +int fuzz_recv(void *ctx, unsigned char *buf, size_t len) +{ + //reads from the buffer from fuzzer + fuzzBufferOffset_t *biomemfuzz = (fuzzBufferOffset_t *) ctx; + + if (biomemfuzz->Offset == biomemfuzz->Size) { + //EOF + return 0; + } + if (len > INT_MAX) { + return -1; + } + if (len + biomemfuzz->Offset > biomemfuzz->Size) { + //do not overflow + len = biomemfuzz->Size - biomemfuzz->Offset; + } + memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); + biomemfuzz->Offset += len; + return (int) len; +} + +int dummy_random(void *p_rng, unsigned char *output, size_t output_len) +{ + int ret; + size_t i; + +#if defined(MBEDTLS_CTR_DRBG_C) + //mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng + if (p_rng != NULL) { + //use mbedtls_ctr_drbg_random to find bugs in it + ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); + } else { + //fall through to pseudo-random + ret = 0; + } +#else + (void) p_rng; + ret = 0; +#endif + for (i = 0; i < output_len; i++) { + //replace result with pseudo random + output[i] = (unsigned char) rand(); + } + return ret; +} + +int dummy_entropy(void *data, unsigned char *output, size_t len) +{ + size_t i; + (void) data; + + //use mbedtls_entropy_func to find bugs in it + //test performance impact of entropy + //ret = mbedtls_entropy_func(data, output, len); + for (i = 0; i < len; i++) { + //replace result with pseudo random + output[i] = (unsigned char) rand(); + } + return 0; +} + +int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout) +{ + (void) timeout; + + return fuzz_recv(ctx, buf, len); +} diff --git a/programs/fuzz/fuzz_common.h b/programs/fuzz/fuzz_common.h new file mode 100644 index 000000000..88dceacf7 --- /dev/null +++ b/programs/fuzz/fuzz_common.h @@ -0,0 +1,28 @@ +#include "mbedtls/build_info.h" + +#if defined(MBEDTLS_HAVE_TIME) +#include "mbedtls/platform_time.h" +#endif +#include +#include + +typedef struct fuzzBufferOffset { + const uint8_t *Data; + size_t Size; + size_t Offset; +} fuzzBufferOffset_t; + +#if defined(MBEDTLS_HAVE_TIME) +mbedtls_time_t dummy_constant_time(mbedtls_time_t *time); +#endif +void dummy_init(void); + +int dummy_send(void *ctx, const unsigned char *buf, size_t len); +int fuzz_recv(void *ctx, unsigned char *buf, size_t len); +int dummy_random(void *p_rng, unsigned char *output, size_t output_len); +int dummy_entropy(void *data, unsigned char *output, size_t len); +int fuzz_recv_timeout(void *ctx, unsigned char *buf, size_t len, + uint32_t timeout); + +/* Implemented in the fuzz_*.c sources and required by onefile.c */ +int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c new file mode 100644 index 000000000..483512855 --- /dev/null +++ b/programs/fuzz/onefile.c @@ -0,0 +1,70 @@ +#define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS + +#include +#include +#include +#include "fuzz_common.h" + +/* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway + * in case it contains platform-specific #defines related to malloc or + * stdio functions. */ +#include "mbedtls/build_info.h" + +int main(int argc, char **argv) +{ + FILE *fp; + uint8_t *Data; + size_t Size; + const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0]; + + if (argc != 2) { + fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0); + return 1; + } + //opens the file, get its size, and reads it into a buffer + fp = fopen(argv[1], "rb"); + if (fp == NULL) { + fprintf(stderr, "%s: Error in fopen\n", argv0); + perror(argv[1]); + return 2; + } + if (fseek(fp, 0L, SEEK_END) != 0) { + fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + Size = ftell(fp); + if (Size == (size_t) -1) { + fprintf(stderr, "%s: Error in ftell\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + if (fseek(fp, 0L, SEEK_SET) != 0) { + fprintf(stderr, "%s: Error in fseek(0)\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + Data = malloc(Size); + if (Data == NULL) { + fprintf(stderr, "%s: Could not allocate memory\n", argv0); + perror(argv[1]); + fclose(fp); + return 2; + } + if (fread(Data, Size, 1, fp) != 1) { + fprintf(stderr, "%s: Error in fread\n", argv0); + perror(argv[1]); + free(Data); + fclose(fp); + return 2; + } + + //launch fuzzer + LLVMFuzzerTestOneInput(Data, Size); + free(Data); + fclose(fp); + return 0; +} From d6cc47e45064cbddc74e945ca2de60a5d5580ca3 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Wed, 4 Jun 2025 09:24:43 +0100 Subject: [PATCH 16/21] Add some name changes in to allow merge Signed-off-by: Ben Taylor --- programs/fuzz/CMakeLists.txt | 2 +- programs/fuzz/{fuzz_common.c => common.c} | 2 +- programs/fuzz/{fuzz_common.h => common.h} | 0 programs/fuzz/fuzz_client.c | 2 +- programs/fuzz/fuzz_dtlsclient.c | 2 +- programs/fuzz/fuzz_dtlsserver.c | 2 +- programs/fuzz/fuzz_pkcs7.c | 2 +- programs/fuzz/fuzz_server.c | 2 +- programs/fuzz/fuzz_x509crl.c | 2 +- programs/fuzz/fuzz_x509crt.c | 2 +- programs/fuzz/fuzz_x509csr.c | 2 +- programs/fuzz/onefile.c | 2 +- 12 files changed, 11 insertions(+), 11 deletions(-) rename programs/fuzz/{fuzz_common.c => common.c} (99%) rename programs/fuzz/{fuzz_common.h => common.h} (100%) diff --git a/programs/fuzz/CMakeLists.txt b/programs/fuzz/CMakeLists.txt index 53d771cc1..54b07b4dd 100644 --- a/programs/fuzz/CMakeLists.txt +++ b/programs/fuzz/CMakeLists.txt @@ -37,7 +37,7 @@ foreach(exe IN LISTS executables_no_common_c executables_with_common_c) # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 list(FIND executables_with_common_c ${exe} exe_index) if(${exe_index} GREATER -1) - list(APPEND exe_sources fuzz_common.c) + list(APPEND exe_sources common.c) endif() add_executable(${exe} ${exe_sources}) diff --git a/programs/fuzz/fuzz_common.c b/programs/fuzz/common.c similarity index 99% rename from programs/fuzz/fuzz_common.c rename to programs/fuzz/common.c index de1691372..41fa858a4 100644 --- a/programs/fuzz/fuzz_common.c +++ b/programs/fuzz/common.c @@ -1,6 +1,6 @@ #define MBEDTLS_DECLARE_PRIVATE_IDENTIFIERS -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_common.h b/programs/fuzz/common.h similarity index 100% rename from programs/fuzz/fuzz_common.h rename to programs/fuzz/common.h diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c index 440c0245f..6d3b73fa9 100644 --- a/programs/fuzz/fuzz_client.c +++ b/programs/fuzz/fuzz_client.c @@ -4,7 +4,7 @@ #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" #include "test/certs.h" -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c index 7a1da13c3..efe136227 100644 --- a/programs/fuzz/fuzz_dtlsclient.c +++ b/programs/fuzz/fuzz_dtlsclient.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" #include "mbedtls/ssl.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) #include "mbedtls/entropy.h" diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c index 98a70216e..31eb51427 100644 --- a/programs/fuzz/fuzz_dtlsserver.c +++ b/programs/fuzz/fuzz_dtlsserver.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" #include "mbedtls/ssl.h" #include "test/certs.h" #if defined(MBEDTLS_SSL_PROTO_DTLS) diff --git a/programs/fuzz/fuzz_pkcs7.c b/programs/fuzz/fuzz_pkcs7.c index f236190c2..9ec935179 100644 --- a/programs/fuzz/fuzz_pkcs7.c +++ b/programs/fuzz/fuzz_pkcs7.c @@ -2,7 +2,7 @@ #include #include "mbedtls/pkcs7.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c index 05b7480cb..bb9dd0a58 100644 --- a/programs/fuzz/fuzz_server.c +++ b/programs/fuzz/fuzz_server.c @@ -5,7 +5,7 @@ #include "mbedtls/ctr_drbg.h" #include "mbedtls/ssl_ticket.h" #include "test/certs.h" -#include "fuzz_common.h" +#include "common.h" #include #include #include diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 92e0f5d12..2840fbbb0 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crl.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index c99ae2e7b..29331b94d 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_crt.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 4ab071f1c..e0aaabc01 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -2,7 +2,7 @@ #include #include "mbedtls/x509_csr.h" -#include "fuzz_common.h" +#include "common.h" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c index 483512855..6c02a641d 100644 --- a/programs/fuzz/onefile.c +++ b/programs/fuzz/onefile.c @@ -3,7 +3,7 @@ #include #include #include -#include "fuzz_common.h" +#include "common.h" /* This file doesn't use any Mbed TLS function, but grab mbedtls_config.h anyway * in case it contains platform-specific #defines related to malloc or From c9b7175a6876bcfef375c08dd53475c10d665996 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Tue, 10 Jun 2025 13:16:32 +0100 Subject: [PATCH 17/21] Add in fuzz path variable Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bac5cd38e..b7664414b 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,6 +3,8 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ + DEP=${MBEDLIBS} ifdef FUZZINGENGINE @@ -32,13 +34,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) - echo " $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From 56d54c6349d8b23508d98f9f3920c275873e5dcd Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Fri, 13 Jun 2025 10:29:21 +0100 Subject: [PATCH 18/21] Remove fuzz progs from Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index b7664414b..fd565069a 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz/ DEP=${MBEDLIBS} @@ -11,12 +11,10 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -LOCAL_CFLAGS += -I$(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/ +LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)/fuzz/ # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) -APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_privkey.c) -APPS += $(basename $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/fuzz_pubkey.c) # Construct executable name by adding OS specific suffix $(EXEXT). BINARIES := $(addsuffix $(EXEXT),$(APPS)) @@ -34,13 +32,13 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(DEP) - echo " $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/ommon.o $(DEP) + echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $(DEP) - echo " $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) $(PROGRAM_FUZZ_PATH)/fuzz_common.o $(MBEDTLS_PATH)/tf-psa-crypto/programs/fuzz/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $(DEP) + echo " $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" + $(CC) $(PROGRAM_FUZZ_PATH)/common.o $(PROGRAM_FUZZ_PATH)/onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ endif clean: From d9fc98a569491a88e1e02bd2434958e94f5b21db Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:21:01 +0100 Subject: [PATCH 19/21] Correct CFLAGS path int Makefile Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index fd565069a..bcd67f336 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -11,7 +11,7 @@ ifdef FUZZINGENGINE LOCAL_LDFLAGS += -lFuzzingEngine endif -LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH)/fuzz/ +LOCAL_CFLAGS += -I$(PROGRAM_FUZZ_PATH) # A test application is built for each fuzz_*.c file. APPS = $(basename $(wildcard fuzz_*.c)) From 5578c06ab317eac0d7ecf3bad1d7d783b9bc5e33 Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:22:14 +0100 Subject: [PATCH 20/21] Remove duplicated slash Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index bcd67f336..1945a08f2 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -3,7 +3,7 @@ MBEDTLS_TEST_PATH:=../../tests MBEDTLS_PATH := ../.. include ../../scripts/common.make -PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz/ +PROGRAM_FUZZ_PATH:=$(MBEDTLS_PATH)/programs/fuzz DEP=${MBEDLIBS} From b8ebc21ea2be839aac4d06f99b09913eb59f875f Mon Sep 17 00:00:00 2001 From: Ben Taylor Date: Mon, 30 Jun 2025 11:23:18 +0100 Subject: [PATCH 21/21] Correct typo Signed-off-by: Ben Taylor --- programs/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/fuzz/Makefile b/programs/fuzz/Makefile index 1945a08f2..29483eafd 100644 --- a/programs/fuzz/Makefile +++ b/programs/fuzz/Makefile @@ -32,7 +32,7 @@ C_FILES := $(addsuffix .c,$(APPS)) ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/ommon.o $(DEP) +$(BINARIES): %$(EXEXT): %.o $(PROGRAM_FUZZ_PATH)/common.o $(DEP) echo " $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" $(CXX) $(PROGRAM_FUZZ_PATH)/common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ else