From 27d4163998f1db0c6f2c5b9408dd864c4c1c3b1d Mon Sep 17 00:00:00 2001
From: Catena cyber <35799796+catenacyber@users.noreply.github.com>
Date: Wed, 16 May 2018 17:26:12 +0200
Subject: [PATCH] MbedTLS integration (#1400)

* MbedTLS integration

* Using loop to compile fuzz targets

* More fuzz targets for mbedtls : DTLS

* Corpuses for client and server mbedtls

* Use corpuses from boringssl and openssl
---
 projects/mbedtls/Dockerfile   | 26 +++++++++++++++++++
 projects/mbedtls/build.sh     | 49 +++++++++++++++++++++++++++++++++++
 projects/mbedtls/project.yaml |  3 +++
 3 files changed, 78 insertions(+)
 create mode 100644 projects/mbedtls/Dockerfile
 create mode 100755 projects/mbedtls/build.sh
 create mode 100644 projects/mbedtls/project.yaml

diff --git a/projects/mbedtls/Dockerfile b/projects/mbedtls/Dockerfile
new file mode 100644
index 000000000..681c5e549
--- /dev/null
+++ b/projects/mbedtls/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+#TODO change
+MAINTAINER support-mbedtls@arm.com
+RUN apt-get update && apt-get install -y make cmake
+#TODO change when merged into master branch of official repo
+RUN git clone --depth 1 --branch fuzz https://github.com/catenacyber/mbedtls.git mbedtls
+RUN git clone --depth 1 https://github.com/google/boringssl.git boringssl
+RUN git clone --depth 1 https://github.com/openssl/openssl.git openssl
+WORKDIR mbedtls
+COPY build.sh $SRC/
diff --git a/projects/mbedtls/build.sh b/projects/mbedtls/build.sh
new file mode 100755
index 000000000..685d858a5
--- /dev/null
+++ b/projects/mbedtls/build.sh
@@ -0,0 +1,49 @@
+#!/bin/bash -eu
+# Copyright 2018 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+# build project
+cmake .
+make -j$(nproc) all
+
+# build corpuses
+cd tests
+cp -r ../../openssl/fuzz/corpora/crl fuzz/corpuses/
+cp -r ../../openssl/fuzz/corpora/x509 fuzz/corpuses/
+cp -r ../../boringssl/fuzz/privkey_corpus fuzz/corpuses/
+cp ../../boringssl/fuzz/cert_corpus/* fuzz/corpuses/x509/
+zip -r fuzz/fuzz_x509crl_seed_corpus.zip data_files/crl* fuzz/corpuses/crl
+zip -r fuzz/fuzz_x509crt_seed_corpus.zip data_files/*.crt data_files/dir*/*.crt  fuzz/corpuses/x509/
+zip -r fuzz/fuzz_x509csr_seed_corpus.zip data_files/*.csr data_files/*.req.*
+zip -r fuzz/fuzz_privkey_seed_corpus.zip data_files/*.key data_files/*.pem fuzz/corpuses/privkey_corpus
+zip -r fuzz/fuzz_pubkey_seed_corpus.zip data_files/*.pub data_files/*.pubkey data_files/*pub.pem
+zip -r fuzz/fuzz_dtlsclient_seed_corpus.zip fuzz/corpuses/dtlsclient
+zip -r fuzz/fuzz_dtlsserver_seed_corpus.zip fuzz/corpuses/dtlsserver
+zip -r fuzz/fuzz_client_seed_corpus.zip fuzz/corpuses/client
+zip -r fuzz/fuzz_server_seed_corpus.zip fuzz/corpuses/server
+
+cd fuzz
+# export other associated stuff
+cp *.options $OUT/
+cp fuzz_*_seed_corpus.zip $OUT/
+
+# build fuzzers
+for target in x509crl x509crt x509csr privkey pubkey client server dtlsclient dtlsserver
+do
+    $CC $CFLAGS -I. -I ../../include -c fuzz_$target.c -o fuzz_$target.o
+
+    $CXX $CXXFLAGS -std=c++11 fuzz_$target.o -o $OUT/fuzz_$target ../../library/libmbedx509.a ../../library/libmbedtls.a ../../library/libmbedcrypto.a -lFuzzingEngine
+done
diff --git a/projects/mbedtls/project.yaml b/projects/mbedtls/project.yaml
new file mode 100644
index 000000000..ac93b7e2f
--- /dev/null
+++ b/projects/mbedtls/project.yaml
@@ -0,0 +1,3 @@
+homepage: "https://tls.mbed.org"
+primary_contact: "support-mbedtls@arm.com"
+auto_ccs : "p.antoine@catenacyber.fr"