cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-11-03 12:11:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/development' into development-restricted

Browse Source 
* origin/development: (36 commits)
  Do not build fuzz on windows
  No booleans and import config
  Removing space before opening parenthesis
  Style corrections
  Syntax fix
  Fixes warnings from MSVC
  Add a linker flag to enable gcov in basic-build-test.sh
  tests: Limit each log to 10 GiB
  Fix parsing issue when int parameter is in base 16
  checks MBEDTLS_PEM_PARSE_C
  Restore programs/fuzz/Makefile after in-tree cmake
  Move fuzz directory to programs
  Documentation for corpus generation
  Restore tests/fuzz/Makefile after in-tree cmake
  Adding ifdefs to avoid warnings for unused globals
  Adds LDFLAGS fsanitize=address
  Refactor receive_uint32()
  Refactor get_byte function
  Make the script portable to both pythons
  Update the test encoding to support python3
  ...
This commit is contained in:
Jaeden Amero 2019-07-12 10:15:49 +01:00
commit e637061dec
39 changed files with 1291 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -128,6 +128,8 @@ Changes
* Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable * Add `reproducible` option to `ssl_client2` and `ssl_server2` to enable
test runs without variability. Contributed by Philippe Antoine (Catena test runs without variability. Contributed by Philippe Antoine (Catena
cyber) in #2681. cyber) in #2681.
* Adds fuzz targets, especially for continuous fuzzing with OSS-Fuzz.
Contributed by Philippe Antoine (Catena cyber).
= mbed TLS 2.17.0 branch released 2019-03-19 = mbed TLS 2.17.0 branch released 2019-03-19

1
include/mbedtls/x509_crt.h
View File

@ -32,6 +32,7 @@
#include "x509.h" #include "x509.h"
#include "x509_crl.h" #include "x509_crl.h"
#include "bignum.h"
/** /**
* \addtogroup x509_module * \addtogroup x509_module

3
programs/CMakeLists.txt
View File

@ -6,3 +6,6 @@ add_subdirectory(ssl)
add_subdirectory(test) add_subdirectory(test)
add_subdirectory(x509) add_subdirectory(x509)
add_subdirectory(util) add_subdirectory(util)
if (NOT WIN32)
add_subdirectory(fuzz)
endif()

12
programs/Makefile
View File

@ -90,9 +90,18 @@ endif
.SILENT: .SILENT:
.PHONY: all clean list .PHONY: all clean list fuzz
all: $(APPS) all: $(APPS)
ifndef WINDOWS
# APPS doesn't include the fuzzing programs, which aren't "normal"
# sample or test programs, and don't build with MSVC which is
# warning about fopen
all: fuzz
endif
fuzz:
$(MAKE) -C fuzz
$(DEP): $(DEP):
$(MAKE) -C ../library $(MAKE) -C ../library
@ -305,6 +314,7 @@ ifndef WINDOWS
else else
del /S /Q /F *.o *.exe del /S /Q /F *.o *.exe
endif endif
$(MAKE) -C fuzz clean
list: list:
echo $(APPS) echo $(APPS)

10
programs/fuzz/.gitignore vendored Normal file
View File

@ -0,0 +1,10 @@
*.o
fuzz_client
fuzz_dtlsclient
fuzz_dtlsserver
fuzz_privkey
fuzz_pubkey
fuzz_server
fuzz_x509crl
fuzz_x509crt
fuzz_x509csr

80
programs/fuzz/CMakeLists.txt Normal file
View File

@ -0,0 +1,80 @@
set(libs
mbedtls
)
if(USE_PKCS11_HELPER_LIBRARY)
set(libs ${libs} pkcs11-helper)
endif(USE_PKCS11_HELPER_LIBRARY)
if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT)
find_library(FUZZINGENGINE_LIB FuzzingEngine)
if(NOT FUZZINGENGINE_LIB)
add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c)
target_link_libraries(fuzz_x509csr ${libs})
add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c)
target_link_libraries(fuzz_x509crl ${libs})
add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c)
target_link_libraries(fuzz_x509crt ${libs})
add_executable(fuzz_privkey fuzz_privkey.c onefile.c)
target_link_libraries(fuzz_privkey ${libs})
add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c)
target_link_libraries(fuzz_pubkey ${libs})
add_executable(fuzz_client fuzz_client.c common.c onefile.c)
target_link_libraries(fuzz_client ${libs})
add_executable(fuzz_server fuzz_server.c common.c onefile.c)
target_link_libraries(fuzz_server ${libs})
add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c onefile.c)
target_link_libraries(fuzz_dtlsclient ${libs})
add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c onefile.c)
target_link_libraries(fuzz_dtlsserver ${libs})
else()
project(fuzz CXX)
add_executable(fuzz_x509csr fuzz_x509csr.c)
target_link_libraries(fuzz_x509csr ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_x509csr PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_x509crl fuzz_x509crl.c)
target_link_libraries(fuzz_x509crl ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_x509crl PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_x509crt fuzz_x509crt.c)
target_link_libraries(fuzz_x509crt ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_x509crt PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_privkey fuzz_privkey.c)
target_link_libraries(fuzz_privkey ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_privkey PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_pubkey fuzz_pubkey.c)
target_link_libraries(fuzz_pubkey ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_pubkey PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_client fuzz_client.c common.c)
target_link_libraries(fuzz_client ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_client PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_server fuzz_server.c common.c)
target_link_libraries(fuzz_server ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_server PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c)
target_link_libraries(fuzz_dtlsclient ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_dtlsclient PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c)
target_link_libraries(fuzz_dtlsserver ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_dtlsserver PROPERTIES LINKER_LANGUAGE CXX)
endif()

72
programs/fuzz/Makefile Normal file
View File

@ -0,0 +1,72 @@
LOCAL_CFLAGS = -I../../include -D_FILE_OFFSET_BITS=64
LOCAL_LDFLAGS = -L../../library \
-lmbedtls$(SHARED_SUFFIX) \
-lmbedx509$(SHARED_SUFFIX) \
-lmbedcrypto$(SHARED_SUFFIX)
LOCAL_LDFLAGS += -L../../crypto/library
LOCAL_CFLAGS += -I../../crypto/include
CRYPTO := ../../crypto/library/
ifndef SHARED
DEP=$(CRYPTO)libmbedcrypto.a ../../library/libmbedx509.a ../../library/libmbedtls.a
else
DEP=$(CRYPTO)libmbedcrypto.$(DLEXT) ../../library/libmbedx509.$(DLEXT) ../../library/libmbedtls.$(DLEXT)
endif
DLEXT ?= so
EXEXT=
SHARED_SUFFIX=
# python2 for POSIX since FreeBSD has only python2 as default.
PYTHON ?= python2
# Zlib shared library extensions:
ifdef ZLIB
LOCAL_LDFLAGS += -lz
endif
ifdef FUZZINGENGINE
LOCAL_LDFLAGS += -lFuzzingEngine
endif
# A test application is built for each suites/test_suite_*.data file.
# Application name is same as .data file's base name and can be
# constructed by stripping path 'suites/' and extension .data.
APPS = $(basename $(wildcard fuzz_*.c))
# Construct executable name by adding OS specific suffix $(EXEXT).
BINARIES := $(addsuffix $(EXEXT),$(APPS))
.SILENT:
.PHONY: all check test clean
all: $(BINARIES)
$(DEP):
$(MAKE) -C ../../library
C_FILES := $(addsuffix .c,$(APPS))
%.o: %.c
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@
ifdef FUZZINGENGINE
$(BINARIES): %$(EXEXT): %.o common.o $(DEP)
echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
$(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
else
$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP)
echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@"
$(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
endif
clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.o
else
del /Q /F *.o *.exe
endif

68
programs/fuzz/README.md Normal file
View File

@ -0,0 +1,68 @@
What is it?
------
This directory contains fuzz targets.
Fuzz targets are simple codes using the library.
They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance).
These targets were meant to be used with oss-fuzz but can be used in other contexts.
This code was contributed by Philippe Antoine ( Catena cyber ).
How to run?
------
To run the fuzz targets like oss-fuzz:
```
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python infra/helper.py build_image mbedtls
python infra/helper.py build_fuzzers --sanitizer address mbedtls
python infra/helper.py run_fuzzer mbedtls fuzz_client
```
You can use `undefined` sanitizer as well as `address` sanitizer.
And you can run any of the fuzz targets like `fuzz_client`.
To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance).
Then you need to compile the code with the compiler flags of the wished sanitizer.
```
perl scripts/config.pl set MBEDTLS_PLATFORM_TIME_ALT
mkdir build
cd build
cmake ..
make
```
Finally, you can run the targets like `./test/fuzz/fuzz_client`.
Corpus generation for network trafic targets
------
These targets use network trafic as inputs :
* client : simulates a client against (fuzzed) server traffic
* server : simulates a server against (fuzzed) client traffic
* dtls_client
* dtls_server
They also use the last bytes as configuration options.
To generate corpus for these targets, you can do the following, not fully automated steps :
* Build mbedtls programs ssl_server2 and ssl_client2
* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap
* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
* Finally, you can add the options by appending the last bytes to the file test.cor
Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command)
```
import sys
import binascii
f = open(sys.argv[1])
for l in f.readlines():
portAndPl=l.split()
if len(portAndPl) == 2:
# determine client or server based on port
if portAndPl[0] == "4433":
print(binascii.unhexlify(portAndPl[1].replace(":","")))
```

91
programs/fuzz/common.c Normal file
View File

@ -0,0 +1,91 @@
#include "common.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "mbedtls/ctr_drbg.h"
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
{
(void) time;
return 0x5af2a056;
}
void dummy_init()
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time( dummy_constant_time );
#else
fprintf(stderr, "Warning: fuzzing without constant time\n");
#endif
}
int dummy_send( void *ctx, const unsigned char *buf, size_t len )
{
//silence warning about unused parameter
(void) ctx;
(void) buf;
//pretends we wrote everything ok
if( len > INT_MAX ) {
return( -1 );
}
return( (int) len );
}
int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
{
//reads from the buffer from fuzzer
fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
if(biomemfuzz->Offset == biomemfuzz->Size) {
//EOF
return( 0 );
}
if( len > INT_MAX ) {
return( -1 );
}
if( len + biomemfuzz->Offset > biomemfuzz->Size ) {
//do not overflow
len = biomemfuzz->Size - biomemfuzz->Offset;
}
memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
biomemfuzz->Offset += len;
return( (int) len );
}
int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
{
int ret;
size_t i;
//use mbedtls_ctr_drbg_random to find bugs in it
ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
for (i=0; i<output_len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( ret );
}
int dummy_entropy( void *data, unsigned char *output, size_t len )
{
size_t i;
(void) data;
//use mbedtls_entropy_func to find bugs in it
//test performance impact of entropy
//ret = mbedtls_entropy_func(data, output, len);
for (i=0; i<len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( 0 );
}
int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout )
{
(void) timeout;
return fuzz_recv(ctx, buf, len);
}

19
programs/fuzz/common.h Normal file
View File

@ -0,0 +1,19 @@
#include "mbedtls/platform_time.h"
#include <stdint.h>
typedef struct fuzzBufferOffset
{
const uint8_t *Data;
size_t Size;
size_t Offset;
} fuzzBufferOffset_t;
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time );
void dummy_init();
int dummy_send( void *ctx, const unsigned char *buf, size_t len );
int fuzz_recv( void *ctx, unsigned char *buf, size_t len );
int dummy_random( void *p_rng, unsigned char *output, size_t output_len );
int dummy_entropy( void *data, unsigned char *output, size_t len );
int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout );

BIN
programs/fuzz/corpuses/client Normal file
View File

Binary file not shown.

BIN
programs/fuzz/corpuses/dtlsclient Normal file
View File

Binary file not shown.

BIN
programs/fuzz/corpuses/dtlsserver Normal file
View File

Binary file not shown.

BIN
programs/fuzz/corpuses/server Normal file
View File

Binary file not shown.

173
programs/fuzz/fuzz_client.c Normal file
View File

@ -0,0 +1,173 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef MBEDTLS_SSL_CLI_C
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt cacert;
#endif
const char *alpn_list[3];
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const unsigned char psk[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
const char psk_id[] = "Client_identity";
#endif
const char *pers = "fuzz_client";
#endif //MBEDTLS_SSL_CLI_C
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_SSL_CLI_C
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
uint16_t options;
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &cacert );
if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
return 1;
#endif
alpn_list[0] = "HTTP";
alpn_list[1] = "fuzzalpn";
alpn_list[2] = NULL;
dummy_init();
initialized = 1;
}
//we take 1 byte as options input
if (Size < 2) {
return 0;
}
options = (Data[Size - 2] << 8) | Data[Size - 1];
//Avoid warnings if compile options imply no options
(void) options;
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
goto exit;
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
goto exit;
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if (options & 2) {
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if (options & 4) {
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
} else
#endif
{
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
}
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
#endif
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED );
#endif
#if defined(MBEDTLS_SSL_ALPN)
if (options & 0x200) {
mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
}
#endif
//There may be other options to add :
// mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
srand(1);
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
goto exit;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if ((options & 1) == 0) {
if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
goto exit;
}
#endif
biomemfuzz.Data = Data;
biomemfuzz.Size = Size-2;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
continue;
else if( ret <= 0 )
//EOF or error
break;
}
while( 1 );
}
exit:
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
#else
(void) Data;
(void) Size;
#endif //MBEDTLS_SSL_CLI_C
return 0;
}

2
programs/fuzz/fuzz_client.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 1048575

116
programs/fuzz/fuzz_dtlsclient.c Normal file
View File

@ -0,0 +1,116 @@
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "common.h"
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
#ifdef MBEDTLS_SSL_CLI_C
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt cacert;
#endif
const char *pers = "fuzz_dtlsclient";
#endif // MBEDTLS_SSL_CLI_C
#endif // MBEDTLS_SSL_PROTO_DTLS
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_CLI_C)
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_timing_delay_context timer;
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &cacert );
if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
return 1;
#endif
dummy_init();
initialized = 1;
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
srand(1);
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
goto exit;
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_CLIENT,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
goto exit;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
#endif
mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
goto exit;
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
goto exit;
#endif
biomemfuzz.Data = Data;
biomemfuzz.Size = Size;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
continue;
else if( ret <= 0 )
//EOF or error
break;
}
while( 1 );
}
exit:
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
#else
(void) Data;
(void) Size;
#endif
return 0;
}

2
programs/fuzz/fuzz_dtlsclient.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 1048575

141
programs/fuzz/fuzz_dtlsserver.c Normal file
View File

@ -0,0 +1,141 @@
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#include "common.h"
#include "mbedtls/ssl.h"
#if defined(MBEDTLS_SSL_PROTO_DTLS)
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/timing.h"
#include "mbedtls/ssl_cookie.h"
#ifdef MBEDTLS_SSL_SRV_C
const char *pers = "fuzz_dtlsserver";
const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt srvcert;
static mbedtls_pk_context pkey;
#endif
#endif // MBEDTLS_SSL_SRV_C
#endif // MBEDTLS_SSL_PROTO_DTLS
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
mbedtls_timing_delay_context timer;
mbedtls_ssl_cookie_ctx cookie_ctx;
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len ) != 0)
return 1;
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0)
return 1;
#endif
dummy_init();
initialized = 1;
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
mbedtls_ssl_cookie_init( &cookie_ctx );
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
goto exit;
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
goto exit;
srand(1);
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
goto exit;
#endif
if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
goto exit;
mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
goto exit;
mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
mbedtls_timing_get_delay );
biomemfuzz.Data = Data;
biomemfuzz.Size = Size;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
goto exit;
ret = mbedtls_ssl_handshake( &ssl );
if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
biomemfuzz.Offset = ssl.next_record_offset;
mbedtls_ssl_session_reset( &ssl );
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
goto exit;
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
continue;
else if( ret <= 0 )
//EOF or error
break;
}
while( 1 );
}
}
exit:
mbedtls_ssl_cookie_free( &cookie_ctx );
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
#else
(void) Data;
(void) Size;
#endif
return 0;
}

2
programs/fuzz/fuzz_dtlsserver.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 1048575

64
programs/fuzz/fuzz_privkey.c Normal file
View File

@ -0,0 +1,64 @@
#include <stdint.h>
#include "mbedtls/pk.h"
//4 Kb should be enough for every bug ;-)
#define MAX_LEN 0x1000
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_PK_PARSE_C
int ret;
mbedtls_pk_context pk;
if (Size > MAX_LEN) {
//only work on small inputs
Size = MAX_LEN;
}
mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_context *rsa;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
rsa = mbedtls_pk_rsa( pk );
mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
}
else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp;
ecp = mbedtls_pk_ec( pk );
if (ecp) {
ret = 0;
}
}
else
#endif
{
ret = 0;
}
}
mbedtls_pk_free( &pk );
#else
(void) Data;
(void) Size;
#endif //MBEDTLS_PK_PARSE_C
return 0;
}

2
programs/fuzz/fuzz_privkey.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 65535

57
programs/fuzz/fuzz_pubkey.c Normal file
View File

@ -0,0 +1,57 @@
#include <stdint.h>
#include "mbedtls/pk.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_PK_PARSE_C
int ret;
mbedtls_pk_context pk;
mbedtls_pk_init( &pk );
ret = mbedtls_pk_parse_public_key( &pk, Data, Size );
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
{
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
mbedtls_rsa_context *rsa;
mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
rsa = mbedtls_pk_rsa( pk );
ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
}
else
#endif
#if defined(MBEDTLS_ECP_C)
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
{
mbedtls_ecp_keypair *ecp;
ecp = mbedtls_pk_ec( pk );
//dummy use of value
if (ecp) {
ret = 0;
}
}
else
#endif
{
ret = 0;
}
}
mbedtls_pk_free( &pk );
#else
(void) Data;
(void) Size;
#endif //MBEDTLS_PK_PARSE_C
return 0;
}

2
programs/fuzz/fuzz_pubkey.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 65535

185
programs/fuzz/fuzz_server.c Normal file
View File

@ -0,0 +1,185 @@
#include "mbedtls/ssl.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/ssl_ticket.h"
#include "common.h"
#include <string.h>
#include <stdlib.h>
#include <stdint.h>
#ifdef MBEDTLS_SSL_SRV_C
const char *pers = "fuzz_server";
static int initialized = 0;
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
static mbedtls_x509_crt srvcert;
static mbedtls_pk_context pkey;
#endif
const char *alpn_list[3];
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
const unsigned char psk[] = {
0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
};
const char psk_id[] = "Client_identity";
#endif
#endif // MBEDTLS_SSL_SRV_C
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_SSL_SRV_C
int ret;
size_t len;
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_context ticket_ctx;
#endif
unsigned char buf[4096];
fuzzBufferOffset_t biomemfuzz;
uint8_t options;
//we take 1 byte as options input
if (Size < 1) {
return 0;
}
options = Data[Size - 1];
if (initialized == 0) {
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_x509_crt_init( &srvcert );
mbedtls_pk_init( &pkey );
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
mbedtls_test_srv_crt_len ) != 0)
return 1;
if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
mbedtls_test_cas_pem_len ) != 0)
return 1;
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
mbedtls_test_srv_key_len, NULL, 0 ) != 0)
return 1;
#endif
alpn_list[0] = "HTTP";
alpn_list[1] = "fuzzalpn";
alpn_list[2] = NULL;
dummy_init();
initialized = 1;
}
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
mbedtls_ctr_drbg_init( &ctr_drbg );
mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_init( &ticket_ctx );
#endif
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen( pers ) ) != 0 )
goto exit;
if( mbedtls_ssl_config_defaults( &conf,
MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_STREAM,
MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
goto exit;
srand(1);
mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
goto exit;
#endif
mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
#if defined(MBEDTLS_SSL_ALPN)
if (options & 0x2) {
mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
}
#endif
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
if( options & 0x4 )
{
if( mbedtls_ssl_ticket_setup( &ticket_ctx,
dummy_random, &ctr_drbg,
MBEDTLS_CIPHER_AES_256_GCM,
86400 ) != 0 )
goto exit;
mbedtls_ssl_conf_session_tickets_cb( &conf,
mbedtls_ssl_ticket_write,
mbedtls_ssl_ticket_parse,
&ticket_ctx );
}
#endif
#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
#endif
#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
#endif
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
#endif
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
if (options & 0x40) {
mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
(const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
}
#endif
#if defined(MBEDTLS_SSL_RENEGOTIATION)
mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
#endif
if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
goto exit;
biomemfuzz.Data = Data;
biomemfuzz.Size = Size-1;
biomemfuzz.Offset = 0;
mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
mbedtls_ssl_session_reset( &ssl );
ret = mbedtls_ssl_handshake( &ssl );
if( ret == 0 )
{
//keep reading data from server until the end
do
{
len = sizeof( buf ) - 1;
ret = mbedtls_ssl_read( &ssl, buf, len );
if( ret == MBEDTLS_ERR_SSL_WANT_READ )
continue;
else if( ret <= 0 )
//EOF or error
break;
}
while( 1 );
}
exit:
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
mbedtls_ssl_ticket_free( &ticket_ctx );
#endif
mbedtls_entropy_free( &entropy );
mbedtls_ctr_drbg_free( &ctr_drbg );
mbedtls_ssl_config_free( &conf );
mbedtls_ssl_free( &ssl );
#else
(void) Data;
(void) Size;
#endif //MBEDTLS_SSL_SRV_C
return 0;
}

2
programs/fuzz/fuzz_server.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 1048575

22
programs/fuzz/fuzz_x509crl.c Normal file
View File

@ -0,0 +1,22 @@
#include <stdint.h>
#include "mbedtls/x509_crl.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_X509_CRL_PARSE_C
int ret;
mbedtls_x509_crl crl;
unsigned char buf[4096];
mbedtls_x509_crl_init( &crl );
ret = mbedtls_x509_crl_parse( &crl, Data, Size );
if (ret == 0) {
ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
}
mbedtls_x509_crl_free( &crl );
#else
(void) Data;
(void) Size;
#endif
return 0;
}

2
programs/fuzz/fuzz_x509crl.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 65535

22
programs/fuzz/fuzz_x509crt.c Normal file
View File

@ -0,0 +1,22 @@
#include <stdint.h>
#include "mbedtls/x509_crt.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_X509_CRT_PARSE_C
int ret;
mbedtls_x509_crt crt;
unsigned char buf[4096];
mbedtls_x509_crt_init( &crt );
ret = mbedtls_x509_crt_parse( &crt, Data, Size );
if (ret == 0) {
ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
}
mbedtls_x509_crt_free( &crt );
#else
(void) Data;
(void) Size;
#endif
return 0;
}

2
programs/fuzz/fuzz_x509crt.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 65535

22
programs/fuzz/fuzz_x509csr.c Normal file
View File

@ -0,0 +1,22 @@
#include <stdint.h>
#include "mbedtls/x509_csr.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
#ifdef MBEDTLS_X509_CSR_PARSE_C
int ret;
mbedtls_x509_csr csr;
unsigned char buf[4096];
mbedtls_x509_csr_init( &csr );
ret = mbedtls_x509_csr_parse( &csr, Data, Size );
if (ret == 0) {
ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
}
mbedtls_x509_csr_free( &csr );
#else
(void) Data;
(void) Size;
#endif
return 0;
}

2
programs/fuzz/fuzz_x509csr.options Normal file
View File

@ -0,0 +1,2 @@
[libfuzzer]
max_len = 65535

53
programs/fuzz/onefile.c Normal file
View File

@ -0,0 +1,53 @@
#include <stdint.h>
#include <stdlib.h>
#include <stdio.h>
// Get platform-specific definition
#include "mbedtls/config.h"
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
int main(int argc, char** argv)
{
FILE * fp;
uint8_t *Data;
size_t Size;
if (argc != 2) {
return 1;
}
//opens the file, get its size, and reads it into a buffer
fp = fopen(argv[1], "rb");
if (fp == NULL) {
return 2;
}
if (fseek(fp, 0L, SEEK_END) != 0) {
fclose(fp);
return 2;
}
Size = ftell(fp);
if (Size == (size_t) -1) {
fclose(fp);
return 2;
}
if (fseek(fp, 0L, SEEK_SET) != 0) {
fclose(fp);
return 2;
}
Data = malloc(Size);
if (Data == NULL) {
fclose(fp);
return 2;
}
if (fread(Data, Size, 1, fp) != 1) {
free(Data);
fclose(fp);
return 2;
}
//lauch fuzzer
LLVMFuzzerTestOneInput(Data, Size);
free(Data);
fclose(fp);
return 0;
}

4
tests/compat.sh
View File

@ -15,6 +15,10 @@
set -u set -u
# Limit the size of each log to 10 GiB, in case of failures with this script
# where it may output seemingly unlimited length error logs.
ulimit -f 20971520
# initialise counters # initialise counters
TESTS=0 TESTS=0
FAILED=0 FAILED=0

17
tests/scripts/all.sh
View File

@ -24,7 +24,8 @@
# configurations, and can and will arbitrarily change the current CMake # configurations, and can and will arbitrarily change the current CMake
# configuration. The following files must be committed into git: # configuration. The following files must be committed into git:
# * include/mbedtls/config.h # * include/mbedtls/config.h
# * Makefile, library/Makefile, programs/Makefile, tests/Makefile # * Makefile, library/Makefile, programs/Makefile, tests/Makefile,
# programs/fuzz/Makefile
# After running this script, the CMake cache will be lost and CMake # After running this script, the CMake cache will be lost and CMake
# will no longer be initialised. # will no longer be initialised.
# #
@ -75,9 +76,9 @@
# * Run `make clean`. # * Run `make clean`.
# * Restore `include/mbedtks/config.h` from a backup made before running # * Restore `include/mbedtks/config.h` from a backup made before running
# the component. # the component.
# * Check out `Makefile`, `library/Makefile`, `programs/Makefile` and # * Check out `Makefile`, `library/Makefile`, `programs/Makefile`,
# `tests/Makefile` from git. This cleans up after an in-tree use of # `tests/Makefile` and `programs/fuzz/Makefile` from git.
# CMake. # This cleans up after an in-tree use of CMake.
# #
# Any command that is expected to fail must be protected so that the # Any command that is expected to fail must be protected so that the
# script keeps running in --keep-going mode despite `set -e`. In keep-going # script keeps running in --keep-going mode despite `set -e`. In keep-going
@ -234,8 +235,8 @@ cleanup()
-iname CMakeCache.txt \) -exec rm {} \+ -iname CMakeCache.txt \) -exec rm {} \+
# Recover files overwritten by in-tree CMake builds # Recover files overwritten by in-tree CMake builds
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile git checkout -- Makefile library/Makefile programs/Makefile tests/Makefile programs/fuzz/Makefile
cd crypto cd crypto
rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile
git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile git update-index --no-skip-worktree Makefile library/Makefile programs/Makefile tests/Makefile
@ -1052,7 +1053,7 @@ component_test_m32_o0 () {
# Build once with -O0, to compile out the i386 specific inline assembly # Build once with -O0, to compile out the i386 specific inline assembly
msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s
scripts/config.pl full scripts/config.pl full
make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32' make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O0 (ASan build)" msg "test: i386, make, gcc -O0 (ASan build)"
make test make test
@ -1071,7 +1072,7 @@ component_test_m32_o1 () {
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE
scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C
scripts/config.pl unset MBEDTLS_MEMORY_DEBUG scripts/config.pl unset MBEDTLS_MEMORY_DEBUG
make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32' make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' LDFLAGS='-m32 -fsanitize=address'
msg "test: i386, make, gcc -O1 (ASan build)" msg "test: i386, make, gcc -O1 (ASan build)"
make test make test

1
tests/scripts/basic-build-test.sh
View File

@ -64,6 +64,7 @@ echo
# Step 1 - Make and instrumented build for code coverage # Step 1 - Make and instrumented build for code coverage
export CFLAGS=' --coverage -g3 -O0 ' export CFLAGS=' --coverage -g3 -O0 '
export LDFLAGS=' --coverage'
make clean make clean
cp "$CONFIG_H" "$CONFIG_BAK" cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full scripts/config.pl full

22
tests/scripts/mbedtls_test.py
View File

@ -79,7 +79,7 @@ class TestDataParser(object):
split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x) split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x)
if len(split_char) > 1: if len(split_char) > 1:
raise ValueError('Expected split character. Found string!') raise ValueError('Expected split character. Found string!')
out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)) out = list(map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)))
out = [x for x in out if x] out = [x for x in out if x]
return out return out
@ -99,11 +99,11 @@ class TestDataParser(object):
# Check dependencies # Check dependencies
dependencies = [] dependencies = []
line = data_f.next().strip() line = next(data_f).strip()
match = re.search('depends_on:(.*)', line) match = re.search('depends_on:(.*)', line)
if match: if match:
dependencies = [int(x) for x in match.group(1).split(':')] dependencies = [int(x) for x in match.group(1).split(':')]
line = data_f.next().strip() line = next(data_f).strip()
# Read test vectors # Read test vectors
line = line.replace('\\n', '\n') line = line.replace('\\n', '\n')
@ -115,7 +115,7 @@ class TestDataParser(object):
err_str_fmt = "Number of test arguments({}) should be even: {}" err_str_fmt = "Number of test arguments({}) should be even: {}"
raise TestDataParserError(err_str_fmt.format(args_count, line)) raise TestDataParserError(err_str_fmt.format(args_count, line))
grouped_args = [(args[i * 2], args[(i * 2) + 1]) grouped_args = [(args[i * 2], args[(i * 2) + 1])
for i in range(len(args)/2)] for i in range(int(len(args)/2))]
self.tests.append((name, function_name, dependencies, self.tests.append((name, function_name, dependencies,
grouped_args)) grouped_args))
@ -261,21 +261,21 @@ class MbedTlsTest(BaseHostTest):
data_bytes += bytearray([function_id, len(parameters)]) data_bytes += bytearray([function_id, len(parameters)])
for typ, param in parameters: for typ, param in parameters:
if typ == 'int' or typ == 'exp': if typ == 'int' or typ == 'exp':
i = int(param) i = int(param, 0)
data_bytes += 'I' if typ == 'int' else 'E' data_bytes += b'I' if typ == 'int' else b'E'
self.align_32bit(data_bytes) self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i) data_bytes += self.int32_to_big_endian_bytes(i)
elif typ == 'char*': elif typ == 'char*':
param = param.strip('"') param = param.strip('"')
i = len(param) + 1 # + 1 for null termination i = len(param) + 1 # + 1 for null termination
data_bytes += 'S' data_bytes += b'S'
self.align_32bit(data_bytes) self.align_32bit(data_bytes)
data_bytes += self.int32_to_big_endian_bytes(i) data_bytes += self.int32_to_big_endian_bytes(i)
data_bytes += bytearray(list(param)) data_bytes += bytearray(param, encoding='ascii')
data_bytes += '\0' # Null terminate data_bytes += b'\0' # Null terminate
elif typ == 'hex': elif typ == 'hex':
binary_data = self.hex_str_bytes(param) binary_data = self.hex_str_bytes(param)
data_bytes += 'H' data_bytes += b'H'
self.align_32bit(data_bytes) self.align_32bit(data_bytes)
i = len(binary_data) i = len(binary_data)
data_bytes += self.int32_to_big_endian_bytes(i) data_bytes += self.int32_to_big_endian_bytes(i)
@ -310,7 +310,7 @@ class MbedTlsTest(BaseHostTest):
param_bytes, length = self.test_vector_to_bytes(function_id, param_bytes, length = self.test_vector_to_bytes(function_id,
dependencies, args) dependencies, args)
self.send_kv(length, param_bytes) self.send_kv(''.join('{:02x}'.format(x) for x in length), ''.join('{:02x}'.format(x) for x in param_bytes))
@staticmethod @staticmethod
def get_result(value): def get_result(value):

4
tests/ssl-opt.sh
View File

@ -21,6 +21,10 @@
set -u set -u
# Limit the size of each log to 10 GiB, in case of failures with this script
# where it may output seemingly unlimited length error logs.
ulimit -f 20971520
if cd $( dirname $0 ); then :; else if cd $( dirname $0 ); then :; else
echo "cd $( dirname $0 ) failed" >&2 echo "cd $( dirname $0 ) failed" >&2
exit 1 exit 1

38
tests/suites/target_test.function
View File

@ -59,10 +59,29 @@ int verify_dependencies( uint8_t count, uint8_t * dep_p )
return( DEPENDENCY_SUPPORTED ); return( DEPENDENCY_SUPPORTED );
} }
/**
* \brief Receives hex string on serial interface, and converts to a byte.
*
* \param none
*
* \return unsigned int8
*/
uint8_t receive_byte()
{
uint8_t byte;
uint8_t c[3];
char *endptr;
c[0] = greentea_getc();
c[1] = greentea_getc();
c[2] = '\0';
assert( unhexify( &byte, c ) != 2 );
return( byte );
}
/** /**
* \brief Receives unsigned integer on serial interface. * \brief Receives unsigned integer on serial interface.
* Integers are encoded in network order. * Integers are encoded in network order, and sent as hex ascii string.
* *
* \param none * \param none
* *
@ -71,10 +90,17 @@ int verify_dependencies( uint8_t count, uint8_t * dep_p )
uint32_t receive_uint32() uint32_t receive_uint32()
{ {
uint32_t value; uint32_t value;
value = (uint8_t)greentea_getc() << 24; const uint8_t c[9] = { greentea_getc(),
value |= (uint8_t)greentea_getc() << 16; greentea_getc(),
value |= (uint8_t)greentea_getc() << 8; greentea_getc(),
value |= (uint8_t)greentea_getc(); greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
greentea_getc(),
'\0'
};
assert( unhexify( &value, c ) != 8 );
return( (uint32_t)value ); return( (uint32_t)value );
} }
@ -132,7 +158,7 @@ uint8_t * receive_data( uint32_t * data_len )
greentea_getc(); // read ';' received after key i.e. *data_len greentea_getc(); // read ';' received after key i.e. *data_len
for( i = 0; i < *data_len; i++ ) for( i = 0; i < *data_len; i++ )
data[i] = greentea_getc(); data[i] = receive_byte();
/* Read closing braces */ /* Read closing braces */
for( i = 0; i < 2; i++ ) for( i = 0; i < 2; i++ )