diff options
Diffstat (limited to 'lib/mbedtls-2.27.0/programs/fuzz')
29 files changed, 0 insertions, 1250 deletions
diff --git a/lib/mbedtls-2.27.0/programs/fuzz/.gitignore b/lib/mbedtls-2.27.0/programs/fuzz/.gitignore deleted file mode 100644 index 5dc0960..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/.gitignore +++ /dev/null @@ -1,9 +0,0 @@ -fuzz_client -fuzz_dtlsclient -fuzz_dtlsserver -fuzz_privkey -fuzz_pubkey -fuzz_server -fuzz_x509crl -fuzz_x509crt -fuzz_x509csr diff --git a/lib/mbedtls-2.27.0/programs/fuzz/CMakeLists.txt b/lib/mbedtls-2.27.0/programs/fuzz/CMakeLists.txt deleted file mode 100644 index fd55e31..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/CMakeLists.txt +++ /dev/null @@ -1,55 +0,0 @@ -set(libs - ${mbedtls_target} -) - -if(USE_PKCS11_HELPER_LIBRARY) - set(libs ${libs} pkcs11-helper) -endif(USE_PKCS11_HELPER_LIBRARY) - -if(ENABLE_ZLIB_SUPPORT) - set(libs ${libs} ${ZLIB_LIBRARIES}) -endif(ENABLE_ZLIB_SUPPORT) - -find_library(FUZZINGENGINE_LIB FuzzingEngine) -if(FUZZINGENGINE_LIB) - project(fuzz CXX) -endif() - -set(executables_no_common_c - fuzz_privkey - fuzz_pubkey - fuzz_x509crl - fuzz_x509crt - fuzz_x509csr -) - -set(executables_with_common_c - fuzz_client - fuzz_dtlsclient - fuzz_dtlsserver - fuzz_server -) - -foreach(exe IN LISTS executables_no_common_c executables_with_common_c) - - set(exe_sources ${exe}.c $<TARGET_OBJECTS:mbedtls_test>) - if(NOT FUZZINGENGINE_LIB) - list(APPEND exe_sources onefile.c) - endif() - - # This emulates "if ( ... IN_LIST ... )" which becomes available in CMake 3.3 - list(FIND executables_with_common_c ${exe} exe_index) - if(${exe_index} GREATER -1) - list(APPEND exe_sources common.c) - endif() - - add_executable(${exe} ${exe_sources}) - - if (NOT FUZZINGENGINE_LIB) - target_link_libraries(${exe} ${libs}) - else() - target_link_libraries(${exe} ${libs} FuzzingEngine) - SET_TARGET_PROPERTIES(${exe} PROPERTIES LINKER_LANGUAGE CXX) - endif() - -endforeach() diff --git a/lib/mbedtls-2.27.0/programs/fuzz/Makefile b/lib/mbedtls-2.27.0/programs/fuzz/Makefile deleted file mode 100644 index 084fc24..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/Makefile +++ /dev/null @@ -1,72 +0,0 @@ -MBEDTLS_TEST_PATH:=../../tests/src -MBEDTLS_TEST_OBJS:=$(patsubst %.c,%.o,$(wildcard ${MBEDTLS_TEST_PATH}/*.c ${MBEDTLS_TEST_PATH}/drivers/*.c)) - -LOCAL_CFLAGS = -I../../tests/include -I../../include -D_FILE_OFFSET_BITS=64 -LOCAL_LDFLAGS = ${MBEDTLS_TEST_OBJS} \ - -L../../library \ - -lmbedtls$(SHARED_SUFFIX) \ - -lmbedx509$(SHARED_SUFFIX) \ - -lmbedcrypto$(SHARED_SUFFIX) - -LOCAL_CFLAGS += $(patsubst -I../%,-I../../%,$(THIRDPARTY_INCLUDES)) - -ifndef SHARED -DEP=../../library/libmbedcrypto.a ../../library/libmbedx509.a ../../library/libmbedtls.a -else -DEP=../../library/libmbedcrypto.$(DLEXT) ../../library/libmbedx509.$(DLEXT) ../../library/libmbedtls.$(DLEXT) -endif - - -DLEXT ?= so -EXEXT= -SHARED_SUFFIX= - -# Zlib shared library extensions: -ifdef ZLIB -LOCAL_LDFLAGS += -lz -endif - -ifdef FUZZINGENGINE -LOCAL_LDFLAGS += -lFuzzingEngine -endif - -# A test application is built for each suites/test_suite_*.data file. -# Application name is same as .data file's base name and can be -# constructed by stripping path 'suites/' and extension .data. -APPS = $(basename $(wildcard fuzz_*.c)) - -# Construct executable name by adding OS specific suffix $(EXEXT). -BINARIES := $(addsuffix $(EXEXT),$(APPS)) - -.SILENT: - -.PHONY: all check test clean - -all: $(BINARIES) - -$(DEP): - $(MAKE) -C ../../library - -C_FILES := $(addsuffix .c,$(APPS)) - -%.o: %.c - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -c $< -o $@ - - -ifdef FUZZINGENGINE -$(BINARIES): %$(EXEXT): %.o common.o $(DEP) - echo " $(CC) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CXX) common.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -else -$(BINARIES): %$(EXEXT): %.o common.o onefile.o $(DEP) - echo " $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@" - $(CC) common.o onefile.o $< $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ -endif - -clean: -ifndef WINDOWS - rm -rf $(BINARIES) *.o -else - if exist *.o del /Q /F *.o - if exist *.exe del /Q /F *.exe -endif diff --git a/lib/mbedtls-2.27.0/programs/fuzz/README.md b/lib/mbedtls-2.27.0/programs/fuzz/README.md deleted file mode 100644 index b6a4333..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/README.md +++ /dev/null @@ -1,68 +0,0 @@ -What is it? ------- - -This directory contains fuzz targets. -Fuzz targets are simple codes using the library. -They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance). - -These targets were meant to be used with oss-fuzz but can be used in other contexts. - -This code was contributed by Philippe Antoine ( Catena cyber ). - -How to run? ------- - -To run the fuzz targets like oss-fuzz: -``` -git clone https://github.com/google/oss-fuzz -cd oss-fuzz -python infra/helper.py build_image mbedtls -python infra/helper.py build_fuzzers --sanitizer address mbedtls -python infra/helper.py run_fuzzer mbedtls fuzz_client -``` -You can use `undefined` sanitizer as well as `address` sanitizer. -And you can run any of the fuzz targets like `fuzz_client`. - -To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance). -Then you need to compile the code with the compiler flags of the wished sanitizer. -``` -perl scripts/config.py set MBEDTLS_PLATFORM_TIME_ALT -mkdir build -cd build -cmake .. -make -``` -Finally, you can run the targets like `./test/fuzz/fuzz_client`. - - -Corpus generation for network trafic targets ------- - -These targets use network trafic as inputs : -* client : simulates a client against (fuzzed) server traffic -* server : simulates a server against (fuzzed) client traffic -* dtls_client -* dtls_server - -They also use the last bytes as configuration options. - -To generate corpus for these targets, you can do the following, not fully automated steps : -* Build mbedtls programs ssl_server2 and ssl_client2 -* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap -* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt` -* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor` -* Finally, you can add the options by appending the last bytes to the file test.cor - -Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command) -``` -import sys -import binascii - -f = open(sys.argv[1]) -for l in f.readlines(): - portAndPl=l.split() - if len(portAndPl) == 2: - # determine client or server based on port - if portAndPl[0] == "4433": - print(binascii.unhexlify(portAndPl[1].replace(":",""))) -``` diff --git a/lib/mbedtls-2.27.0/programs/fuzz/common.c b/lib/mbedtls-2.27.0/programs/fuzz/common.c deleted file mode 100644 index ac39ee2..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/common.c +++ /dev/null @@ -1,96 +0,0 @@ -#include "common.h" -#include <stdio.h> -#include <string.h> -#include <stdlib.h> -#include "mbedtls/ctr_drbg.h" - -mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ) -{ - (void) time; - return 0x5af2a056; -} - -void dummy_init() -{ -#if defined(MBEDTLS_PLATFORM_TIME_ALT) - mbedtls_platform_set_time( dummy_constant_time ); -#else - fprintf(stderr, "Warning: fuzzing without constant time\n"); -#endif -} - -int dummy_send( void *ctx, const unsigned char *buf, size_t len ) -{ - //silence warning about unused parameter - (void) ctx; - (void) buf; - - //pretends we wrote everything ok - if( len > INT_MAX ) { - return( -1 ); - } - return( (int) len ); -} - -int fuzz_recv( void *ctx, unsigned char *buf, size_t len ) -{ - //reads from the buffer from fuzzer - fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx; - - if(biomemfuzz->Offset == biomemfuzz->Size) { - //EOF - return( 0 ); - } - if( len > INT_MAX ) { - return( -1 ); - } - if( len + biomemfuzz->Offset > biomemfuzz->Size ) { - //do not overflow - len = biomemfuzz->Size - biomemfuzz->Offset; - } - memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len); - biomemfuzz->Offset += len; - return( (int) len ); -} - -int dummy_random( void *p_rng, unsigned char *output, size_t output_len ) -{ - int ret; - size_t i; - -#if defined(MBEDTLS_CTR_DRBG_C) - //use mbedtls_ctr_drbg_random to find bugs in it - ret = mbedtls_ctr_drbg_random(p_rng, output, output_len); -#else - (void) p_rng; - ret = 0; -#endif - for (i=0; i<output_len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return( ret ); -} - -int dummy_entropy( void *data, unsigned char *output, size_t len ) -{ - size_t i; - (void) data; - - //use mbedtls_entropy_func to find bugs in it - //test performance impact of entropy - //ret = mbedtls_entropy_func(data, output, len); - for (i=0; i<len; i++) { - //replace result with pseudo random - output[i] = (unsigned char) rand(); - } - return( 0 ); -} - -int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ) -{ - (void) timeout; - - return fuzz_recv(ctx, buf, len); -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/common.h b/lib/mbedtls-2.27.0/programs/fuzz/common.h deleted file mode 100644 index 5586c06..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/common.h +++ /dev/null @@ -1,19 +0,0 @@ -#include "mbedtls/platform_time.h" -#include <stdint.h> - -typedef struct fuzzBufferOffset -{ - const uint8_t *Data; - size_t Size; - size_t Offset; -} fuzzBufferOffset_t; - -mbedtls_time_t dummy_constant_time( mbedtls_time_t* time ); -void dummy_init(); - -int dummy_send( void *ctx, const unsigned char *buf, size_t len ); -int fuzz_recv( void *ctx, unsigned char *buf, size_t len ); -int dummy_random( void *p_rng, unsigned char *output, size_t output_len ); -int dummy_entropy( void *data, unsigned char *output, size_t len ); -int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len, - uint32_t timeout ); diff --git a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/client b/lib/mbedtls-2.27.0/programs/fuzz/corpuses/client Binary files differdeleted file mode 100644 index 48d0a67..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/client +++ /dev/null diff --git a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/dtlsclient b/lib/mbedtls-2.27.0/programs/fuzz/corpuses/dtlsclient Binary files differdeleted file mode 100644 index 87c3ca3..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/dtlsclient +++ /dev/null diff --git a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/dtlsserver b/lib/mbedtls-2.27.0/programs/fuzz/corpuses/dtlsserver Binary files differdeleted file mode 100644 index 7a7a117..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/dtlsserver +++ /dev/null diff --git a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/server b/lib/mbedtls-2.27.0/programs/fuzz/corpuses/server Binary files differdeleted file mode 100644 index fbeb019..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/corpuses/server +++ /dev/null diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_client.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_client.c deleted file mode 100644 index 270ae8a..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_client.c +++ /dev/null @@ -1,177 +0,0 @@ -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/certs.h" -#include "common.h" -#include <string.h> -#include <stdlib.h> -#include <stdint.h> - - -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt cacert; -#endif -const char *alpn_list[3]; - - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif - -const char *pers = "fuzz_client"; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - uint16_t options; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init( &cacert ); - if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len ) != 0) - return 1; -#endif - - alpn_list[0] = "HTTP"; - alpn_list[1] = "fuzzalpn"; - alpn_list[2] = NULL; - - dummy_init(); - - initialized = 1; - } - - //we take 1 byte as options input - if (Size < 2) { - return 0; - } - options = (Data[Size - 2] << 8) | Data[Size - 1]; - //Avoid warnings if compile options imply no options - (void) options; - - mbedtls_ssl_init( &ssl ); - mbedtls_ssl_config_init( &conf ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - goto exit; - - if( mbedtls_ssl_config_defaults( &conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) - goto exit; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options & 2) { - mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ), - (const unsigned char *) psk_id, sizeof( psk_id ) - 1 ); - } -#endif - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if (options & 4) { - mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); - mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED ); - } else -#endif - { - mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); - } -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED); -#endif -#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) - mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED ); -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED ); -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED ); -#endif -#if defined(MBEDTLS_SSL_ALPN) - if (options & 0x200) { - mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ); - } -#endif - //There may be other options to add : - // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes - - srand(1); - mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); - - if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) - goto exit; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if ((options & 1) == 0) { - if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 ) - goto exit; - } -#endif - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size-2; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL ); - - ret = mbedtls_ssl_handshake( &ssl ); - if( ret == 0 ) - { - //keep reading data from server until the end - do - { - len = sizeof( buf ) - 1; - ret = mbedtls_ssl_read( &ssl, buf, len ); - - if( ret == MBEDTLS_ERR_SSL_WANT_READ ) - continue; - else if( ret <= 0 ) - //EOF or error - break; - } - while( 1 ); - } - -exit: - mbedtls_entropy_free( &entropy ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_ssl_config_free( &conf ); - mbedtls_ssl_free( &ssl ); - -#else - (void) Data; - (void) Size; -#endif /* MBEDTLS_SSL_CLI_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_client.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_client.options deleted file mode 100644 index 4d7340f..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_client.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsclient.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsclient.c deleted file mode 100644 index ff258bc..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsclient.c +++ /dev/null @@ -1,123 +0,0 @@ -#include <string.h> -#include <stdlib.h> -#include <stdint.h> -#include "common.h" -#include "mbedtls/ssl.h" -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/certs.h" -#include "mbedtls/timing.h" - - -#if defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt cacert; -#endif - -const char *pers = "fuzz_dtlsclient"; -#endif -#endif // MBEDTLS_SSL_PROTO_DTLS - - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - defined(MBEDTLS_SSL_CLI_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_timing_delay_context timer; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init( &cacert ); - if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len ) != 0) - return 1; -#endif - dummy_init(); - - initialized = 1; - } - - mbedtls_ssl_init( &ssl ); - mbedtls_ssl_config_init( &conf ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - - srand(1); - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - goto exit; - - if( mbedtls_ssl_config_defaults( &conf, - MBEDTLS_SSL_IS_CLIENT, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) - goto exit; - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); -#endif - mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE ); - mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); - - if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) - goto exit; - - mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 ) - goto exit; -#endif - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout ); - - ret = mbedtls_ssl_handshake( &ssl ); - if( ret == 0 ) - { - //keep reading data from server until the end - do - { - len = sizeof( buf ) - 1; - ret = mbedtls_ssl_read( &ssl, buf, len ); - - if( ret == MBEDTLS_ERR_SSL_WANT_READ ) - continue; - else if( ret <= 0 ) - //EOF or error - break; - } - while( 1 ); - } - -exit: - mbedtls_entropy_free( &entropy ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_ssl_config_free( &conf ); - mbedtls_ssl_free( &ssl ); - -#else - (void) Data; - (void) Size; -#endif - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsclient.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsclient.options deleted file mode 100644 index 4d7340f..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsclient.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsserver.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsserver.c deleted file mode 100644 index 4cde1fe..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsserver.c +++ /dev/null @@ -1,148 +0,0 @@ -#include <string.h> -#include <stdlib.h> -#include <stdint.h> -#include "common.h" -#include "mbedtls/ssl.h" -#if defined(MBEDTLS_SSL_PROTO_DTLS) -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/certs.h" -#include "mbedtls/timing.h" -#include "mbedtls/ssl_cookie.h" - - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) -const char *pers = "fuzz_dtlsserver"; -const unsigned char client_ip[4] = {0x7F, 0, 0, 1}; -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt srvcert; -static mbedtls_pk_context pkey; -#endif -#endif -#endif // MBEDTLS_SSL_PROTO_DTLS - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_PROTO_DTLS) && \ - defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) && \ - defined(MBEDTLS_TIMING_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; - mbedtls_timing_delay_context timer; - mbedtls_ssl_cookie_ctx cookie_ctx; - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init( &srvcert ); - mbedtls_pk_init( &pkey ); - if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len ) != 0) - return 1; - if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len ) != 0) - return 1; - if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ) != 0) - return 1; -#endif - dummy_init(); - - initialized = 1; - } - mbedtls_ssl_init( &ssl ); - mbedtls_ssl_config_init( &conf ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - mbedtls_ssl_cookie_init( &cookie_ctx ); - - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - goto exit; - - - if( mbedtls_ssl_config_defaults( &conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_DATAGRAM, - MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) - goto exit; - - - srand(1); - mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); - if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 ) - goto exit; -#endif - - if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 ) - goto exit; - - mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx ); - - if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) - goto exit; - - mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay, - mbedtls_timing_get_delay ); - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout ); - if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 ) - goto exit; - - ret = mbedtls_ssl_handshake( &ssl ); - - if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) { - biomemfuzz.Offset = ssl.next_record_offset; - mbedtls_ssl_session_reset( &ssl ); - mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout ); - if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 ) - goto exit; - - ret = mbedtls_ssl_handshake( &ssl ); - - if( ret == 0 ) - { - //keep reading data from server until the end - do - { - len = sizeof( buf ) - 1; - ret = mbedtls_ssl_read( &ssl, buf, len ); - if( ret == MBEDTLS_ERR_SSL_WANT_READ ) - continue; - else if( ret <= 0 ) - //EOF or error - break; - } - while( 1 ); - } - } - -exit: - mbedtls_ssl_cookie_free( &cookie_ctx ); - mbedtls_entropy_free( &entropy ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_ssl_config_free( &conf ); - mbedtls_ssl_free( &ssl ); - -#else - (void) Data; - (void) Size; -#endif - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsserver.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsserver.options deleted file mode 100644 index 4d7340f..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_dtlsserver.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_privkey.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_privkey.c deleted file mode 100644 index 6c968fd..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_privkey.c +++ /dev/null @@ -1,75 +0,0 @@ -#include <stdint.h> -#include <stdlib.h> -#include "mbedtls/pk.h" - -//4 Kb should be enough for every bug ;-) -#define MAX_LEN 0x1000 - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_PK_PARSE_C - int ret; - mbedtls_pk_context pk; - - if (Size > MAX_LEN) { - //only work on small inputs - Size = MAX_LEN; - } - - mbedtls_pk_init( &pk ); - ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 ); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) - { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); - mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); - mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); - - rsa = mbedtls_pk_rsa( pk ); - if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != 0 ) { - abort(); - } - if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != 0 ) { - abort(); - } - - mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); - mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); - mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); - } - else -#endif -#if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY_DH ) - { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); - mbedtls_ecp_group_id grp_id = ecp->grp.id; - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( grp_id ); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if( curve_info == NULL ) - abort( ); - } - else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort( ); - } - } - mbedtls_pk_free( &pk ); -#else - (void) Data; - (void) Size; -#endif //MBEDTLS_PK_PARSE_C - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_privkey.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_privkey.options deleted file mode 100644 index 0824b19..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_privkey.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_pubkey.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_pubkey.c deleted file mode 100644 index 9e80350..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_pubkey.c +++ /dev/null @@ -1,75 +0,0 @@ -#include <stdint.h> -#include <stdlib.h> -#include "mbedtls/pk.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_PK_PARSE_C - int ret; - mbedtls_pk_context pk; - - mbedtls_pk_init( &pk ); - ret = mbedtls_pk_parse_public_key( &pk, Data, Size ); - if (ret == 0) { -#if defined(MBEDTLS_RSA_C) - if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) - { - mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; - mbedtls_rsa_context *rsa; - - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); - mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); - mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); - - rsa = mbedtls_pk_rsa( pk ); - if ( mbedtls_rsa_export( rsa, &N, NULL, NULL, NULL, &E ) != 0 ) { - abort(); - } - if ( mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) { - abort(); - } - if ( mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) { - abort(); - } - - mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); - mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); - mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); - - } - else -#endif -#if defined(MBEDTLS_ECP_C) - if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY || - mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY_DH ) - { - mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( pk ); - mbedtls_ecp_group_id grp_id = ecp->grp.id; - const mbedtls_ecp_curve_info *curve_info = - mbedtls_ecp_curve_info_from_grp_id( grp_id ); - - /* If the curve is not supported, the key should not have been - * accepted. */ - if( curve_info == NULL ) - abort( ); - - /* It's a public key, so the private value should not have - * been changed from its initialization to 0. */ - if( mbedtls_mpi_cmp_int( &ecp->d, 0 ) != 0 ) - abort( ); - } - else -#endif - { - /* The key is valid but is not of a supported type. - * This should not happen. */ - abort( ); - } - } - mbedtls_pk_free( &pk ); -#else - (void) Data; - (void) Size; -#endif //MBEDTLS_PK_PARSE_C - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_pubkey.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_pubkey.options deleted file mode 100644 index 0824b19..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_pubkey.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_server.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_server.c deleted file mode 100644 index 014f386..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_server.c +++ /dev/null @@ -1,189 +0,0 @@ -#include "mbedtls/ssl.h" -#include "mbedtls/entropy.h" -#include "mbedtls/ctr_drbg.h" -#include "mbedtls/certs.h" -#include "mbedtls/ssl_ticket.h" -#include "common.h" -#include <string.h> -#include <stdlib.h> -#include <stdint.h> - - -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) -const char *pers = "fuzz_server"; -static int initialized = 0; -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) -static mbedtls_x509_crt srvcert; -static mbedtls_pk_context pkey; -#endif -const char *alpn_list[3]; - -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) -const unsigned char psk[] = { - 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, - 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f -}; -const char psk_id[] = "Client_identity"; -#endif -#endif // MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C - - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#if defined(MBEDTLS_SSL_SRV_C) && \ - defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_CTR_DRBG_C) - int ret; - size_t len; - mbedtls_ssl_context ssl; - mbedtls_ssl_config conf; - mbedtls_ctr_drbg_context ctr_drbg; - mbedtls_entropy_context entropy; -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_ticket_context ticket_ctx; -#endif - unsigned char buf[4096]; - fuzzBufferOffset_t biomemfuzz; - uint8_t options; - - //we take 1 byte as options input - if (Size < 1) { - return 0; - } - options = Data[Size - 1]; - - if (initialized == 0) { -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_x509_crt_init( &srvcert ); - mbedtls_pk_init( &pkey ); - if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt, - mbedtls_test_srv_crt_len ) != 0) - return 1; - if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem, - mbedtls_test_cas_pem_len ) != 0) - return 1; - if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key, - mbedtls_test_srv_key_len, NULL, 0 ) != 0) - return 1; -#endif - - alpn_list[0] = "HTTP"; - alpn_list[1] = "fuzzalpn"; - alpn_list[2] = NULL; - - dummy_init(); - - initialized = 1; - } - mbedtls_ssl_init( &ssl ); - mbedtls_ssl_config_init( &conf ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_ticket_init( &ticket_ctx ); -#endif - - if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, - (const unsigned char *) pers, strlen( pers ) ) != 0 ) - goto exit; - - - if( mbedtls_ssl_config_defaults( &conf, - MBEDTLS_SSL_IS_SERVER, - MBEDTLS_SSL_TRANSPORT_STREAM, - MBEDTLS_SSL_PRESET_DEFAULT ) != 0 ) - goto exit; - - srand(1); - mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg ); - -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C) - mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL ); - if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 ) - goto exit; -#endif - - mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED ); -#if defined(MBEDTLS_SSL_ALPN) - if (options & 0x2) { - mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list ); - } -#endif -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - if( options & 0x4 ) - { - if( mbedtls_ssl_ticket_setup( &ticket_ctx, - dummy_random, &ctr_drbg, - MBEDTLS_CIPHER_AES_256_GCM, - 86400 ) != 0 ) - goto exit; - - mbedtls_ssl_conf_session_tickets_cb( &conf, - mbedtls_ssl_ticket_write, - mbedtls_ssl_ticket_parse, - &ticket_ctx ); - } -#endif -#if defined(MBEDTLS_SSL_TRUNCATED_HMAC) - mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED); -#endif -#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET) - mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED); -#endif -#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) - mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED); -#endif -#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED) - if (options & 0x40) { - mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ), - (const unsigned char *) psk_id, sizeof( psk_id ) - 1 ); - } -#endif -#if defined(MBEDTLS_SSL_RENEGOTIATION) - mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED ); -#endif - - if( mbedtls_ssl_setup( &ssl, &conf ) != 0 ) - goto exit; - - biomemfuzz.Data = Data; - biomemfuzz.Size = Size-1; - biomemfuzz.Offset = 0; - mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL ); - - mbedtls_ssl_session_reset( &ssl ); - ret = mbedtls_ssl_handshake( &ssl ); - if( ret == 0 ) - { - //keep reading data from server until the end - do - { - len = sizeof( buf ) - 1; - ret = mbedtls_ssl_read( &ssl, buf, len ); - - if( ret == MBEDTLS_ERR_SSL_WANT_READ ) - continue; - else if( ret <= 0 ) - //EOF or error - break; - } - while( 1 ); - } - -exit: -#if defined(MBEDTLS_SSL_SESSION_TICKETS) - mbedtls_ssl_ticket_free( &ticket_ctx ); -#endif - mbedtls_entropy_free( &entropy ); - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_ssl_config_free( &conf ); - mbedtls_ssl_free( &ssl ); - -#else - (void) Data; - (void) Size; -#endif /* MBEDTLS_SSL_SRV_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_server.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_server.options deleted file mode 100644 index 4d7340f..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_server.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 1048575 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crl.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crl.c deleted file mode 100644 index 02f521c..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crl.c +++ /dev/null @@ -1,22 +0,0 @@ -#include <stdint.h> -#include "mbedtls/x509_crl.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_X509_CRL_PARSE_C - int ret; - mbedtls_x509_crl crl; - unsigned char buf[4096]; - - mbedtls_x509_crl_init( &crl ); - ret = mbedtls_x509_crl_parse( &crl, Data, Size ); - if (ret == 0) { - ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl ); - } - mbedtls_x509_crl_free( &crl ); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crl.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crl.options deleted file mode 100644 index 0824b19..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crl.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crt.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crt.c deleted file mode 100644 index 8f593a1..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crt.c +++ /dev/null @@ -1,22 +0,0 @@ -#include <stdint.h> -#include "mbedtls/x509_crt.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_X509_CRT_PARSE_C - int ret; - mbedtls_x509_crt crt; - unsigned char buf[4096]; - - mbedtls_x509_crt_init( &crt ); - ret = mbedtls_x509_crt_parse( &crt, Data, Size ); - if (ret == 0) { - ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt ); - } - mbedtls_x509_crt_free( &crt ); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crt.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crt.options deleted file mode 100644 index 0824b19..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509crt.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509csr.c b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509csr.c deleted file mode 100644 index 3cf28a6..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509csr.c +++ /dev/null @@ -1,22 +0,0 @@ -#include <stdint.h> -#include "mbedtls/x509_csr.h" - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_X509_CSR_PARSE_C - int ret; - mbedtls_x509_csr csr; - unsigned char buf[4096]; - - mbedtls_x509_csr_init( &csr ); - ret = mbedtls_x509_csr_parse( &csr, Data, Size ); - if (ret == 0) { - ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr ); - } - mbedtls_x509_csr_free( &csr ); -#else - (void) Data; - (void) Size; -#endif - - return 0; -} diff --git a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509csr.options b/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509csr.options deleted file mode 100644 index 0824b19..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/fuzz_x509csr.options +++ /dev/null @@ -1,2 +0,0 @@ -[libfuzzer] -max_len = 65535 diff --git a/lib/mbedtls-2.27.0/programs/fuzz/onefile.c b/lib/mbedtls-2.27.0/programs/fuzz/onefile.c deleted file mode 100644 index c845149..0000000 --- a/lib/mbedtls-2.27.0/programs/fuzz/onefile.c +++ /dev/null @@ -1,60 +0,0 @@ -#include <stdint.h> -#include <stdlib.h> -#include <stdio.h> - -/* This file doesn't use any Mbed TLS function, but grab config.h anyway - * in case it contains platform-specific #defines related to malloc or - * stdio functions. */ -#if !defined(MBEDTLS_CONFIG_FILE) -#include "mbedtls/config.h" -#else -#include MBEDTLS_CONFIG_FILE -#endif - -int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size); - -int main(int argc, char** argv) -{ - FILE * fp; - uint8_t *Data; - size_t Size; - - if (argc != 2) { - return 1; - } - //opens the file, get its size, and reads it into a buffer - fp = fopen(argv[1], "rb"); - if (fp == NULL) { - return 2; - } - if (fseek(fp, 0L, SEEK_END) != 0) { - fclose(fp); - return 2; - } - Size = ftell(fp); - if (Size == (size_t) -1) { - fclose(fp); - return 2; - } - if (fseek(fp, 0L, SEEK_SET) != 0) { - fclose(fp); - return 2; - } - Data = malloc(Size); - if (Data == NULL) { - fclose(fp); - return 2; - } - if (fread(Data, Size, 1, fp) != 1) { - free(Data); - fclose(fp); - return 2; - } - - //lauch fuzzer - LLVMFuzzerTestOneInput(Data, Size); - free(Data); - fclose(fp); - return 0; -} - |