1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
#include "common.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include "mbedtls/ctr_drbg.h"
mbedtls_time_t dummy_constant_time( mbedtls_time_t* time )
{
(void) time;
return 0x5af2a056;
}
void dummy_init()
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time( dummy_constant_time );
#else
fprintf(stderr, "Warning: fuzzing without constant time\n");
#endif
}
int dummy_send( void *ctx, const unsigned char *buf, size_t len )
{
//silence warning about unused parameter
(void) ctx;
(void) buf;
//pretends we wrote everything ok
if( len > INT_MAX ) {
return( -1 );
}
return( (int) len );
}
int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
{
//reads from the buffer from fuzzer
fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
if(biomemfuzz->Offset == biomemfuzz->Size) {
//EOF
return( 0 );
}
if( len > INT_MAX ) {
return( -1 );
}
if( len + biomemfuzz->Offset > biomemfuzz->Size ) {
//do not overflow
len = biomemfuzz->Size - biomemfuzz->Offset;
}
memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
biomemfuzz->Offset += len;
return( (int) len );
}
int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
{
int ret;
size_t i;
#if defined(MBEDTLS_CTR_DRBG_C)
//use mbedtls_ctr_drbg_random to find bugs in it
ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
#else
(void) p_rng;
ret = 0;
#endif
for (i=0; i<output_len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( ret );
}
int dummy_entropy( void *data, unsigned char *output, size_t len )
{
size_t i;
(void) data;
//use mbedtls_entropy_func to find bugs in it
//test performance impact of entropy
//ret = mbedtls_entropy_func(data, output, len);
for (i=0; i<len; i++) {
//replace result with pseudo random
output[i] = (unsigned char) rand();
}
return( 0 );
}
int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
uint32_t timeout )
{
(void) timeout;
return fuzz_recv(ctx, buf, len);
}
|