Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/projects/mbedtls/fuzzmbedtls.diff

1540 lines
49 KiB
Diff
Raw Blame History

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index ac23cffe8..466963cfe 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -32,6 +32,7 @@
#include "x509.h"
#include "x509_crl.h"
+#include "bignum.h"
/**
* \addtogroup x509_module
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index ba59c4898..8f2e619d0 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -678,7 +678,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
{
int ret;
unsigned char *p = ssl->handshake->randbytes;
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
mbedtls_time_t t;
#endif
@@ -693,7 +693,7 @@ static int ssl_generate_random( mbedtls_ssl_context *ssl )
}
#endif
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 );
*p++ = (unsigned char)( t >> 16 );
diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c
index 56e9bdd2b..8ec34f3f1 100644
--- a/library/ssl_cookie.c
+++ b/library/ssl_cookie.c
@@ -167,7 +167,9 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
if( (size_t)( end - *p ) < COOKIE_LEN )
return( MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL );
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
+ t = 0x5af2a056;
+#elif defined(MBEDTLS_HAVE_TIME)
t = (unsigned long) mbedtls_time( NULL );
#else
t = ctx->serial++;
@@ -237,7 +239,9 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
if( mbedtls_ssl_safer_memcmp( cookie + 4, ref_hmac, sizeof( ref_hmac ) ) != 0 )
return( -1 );
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
+ cur_time = 0x5af2a056;
+#elif defined(MBEDTLS_HAVE_TIME)
cur_time = (unsigned long) mbedtls_time( NULL );
#else
cur_time = ctx->serial;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 52087ae6e..265017bfa 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -2398,7 +2398,7 @@ static int ssl_write_hello_verify_request( mbedtls_ssl_context *ssl )
static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
{
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
mbedtls_time_t t;
#endif
int ret;
@@ -2441,7 +2441,7 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, chosen version: [%d:%d]",
buf[4], buf[5] ) );
-#if defined(MBEDTLS_HAVE_TIME)
+#if defined(MBEDTLS_HAVE_TIME) && !defined(FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION)
t = mbedtls_time( NULL );
*p++ = (unsigned char)( t >> 24 );
*p++ = (unsigned char)( t >> 16 );
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index 52632f87c..2b732899e 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -127,3 +127,5 @@ if (NOT ${CMAKE_CURRENT_BINARY_DIR} STREQUAL ${CMAKE_CURRENT_SOURCE_DIR})
link_to_source(scripts)
link_to_source(ssl-opt.sh)
endif()
+
+add_subdirectory(fuzz)
diff --git a/tests/fuzz/CMakeLists.txt b/tests/fuzz/CMakeLists.txt
new file mode 100644
index 000000000..1392f63ca
--- /dev/null
+++ b/tests/fuzz/CMakeLists.txt
@@ -0,0 +1,38 @@
+set(libs
+ mbedtls
+)
+
+if(USE_PKCS11_HELPER_LIBRARY)
+ set(libs ${libs} pkcs11-helper)
+endif(USE_PKCS11_HELPER_LIBRARY)
+
+if(ENABLE_ZLIB_SUPPORT)
+ set(libs ${libs} ${ZLIB_LIBRARIES})
+endif(ENABLE_ZLIB_SUPPORT)
+
+add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c)
+target_link_libraries(fuzz_x509csr ${libs})
+
+add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c)
+target_link_libraries(fuzz_x509crl ${libs})
+
+add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c)
+target_link_libraries(fuzz_x509crt ${libs})
+
+add_executable(fuzz_privkey fuzz_privkey.c onefile.c)
+target_link_libraries(fuzz_privkey ${libs})
+
+add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c)
+target_link_libraries(fuzz_pubkey ${libs})
+
+add_executable(fuzz_client fuzz_client.c onefile.c)
+target_link_libraries(fuzz_client ${libs})
+
+add_executable(fuzz_server fuzz_server.c onefile.c)
+target_link_libraries(fuzz_server ${libs})
+
+add_executable(fuzz_dtlsclient fuzz_dtlsclient.c onefile.c)
+target_link_libraries(fuzz_dtlsclient ${libs})
+
+add_executable(fuzz_dtlsserver fuzz_dtlsserver.c onefile.c)
+target_link_libraries(fuzz_dtlsserver ${libs})
diff --git a/tests/fuzz/corpuses/client b/tests/fuzz/corpuses/client
new file mode 100644
index 0000000000000000000000000000000000000000..48d0a67c8f36ace60ccf4013a5b985207703ed80
GIT binary patch
literal 4037
zcmeH~c{o)2AIHy`8T&qD>`Tbb8T(Gxk|o8ErjclDkqky<Pbg_@EtHUbNxH&RawA*G
zGPcN)kjTi=O%Yl8jp{x>_x`$1_j$U1{?2p$IG^wNp3n1rKA-RFyx(75I2>?<0l<DZ
z-1D&)(e|_DtSqJa=ECYLv#<vHWkKpx!U>#`t7=xuH8BqrwtHx79!|=M4uzdQ)O)jn
z@;IGr&&3`UxKmtzIJOP~0FKWf00ICC000&M1_HcrIBPWvz<L*8tpwn@P!wDfih_w|
z!(kwdc0+9ROmb(<&wgYBK{`4B(nYgCO!V-52zqYVp516Jh+{Kg=4P}Z_#6(fv)hg4
zhfteCaBj{&hQ#dMiGgCqJ0TGi8yXF%pjFUnYHE-M4#lRjHH6fDm>daleofBgLvTIp
zbA&()grdOhTUQCv0q`i01E7sF!=gYCsJG60F+~yXM)X?*RHc=&2TkbcS$67h^LF7T
zD0#rSqIr>{sYMua@>|7#5Ch3;Yj@R3B^OVQ?Qo0FxGfW&GxR3@b&F8ygN=Fwrc$Ff
z@6*fj69dWhhshoojock}B{u^PF@*C+J(n90%^qYEQnc{+=qN=rqq3ae>&1EpNPamK
z#px0LtGztQJ@`V-_~Ay1kp<)Y5!QF4vpr@HyQ)gK;3B6SiUmYW_&7MukcLPmhsOCH
z<CU8|5<WQ%guj=LlLa3ovl~jkgPvHjzkN2++$?>xnNB~X38r^V*noqocGa<sXoX1~
z;L25qJm;m2d&+Tp<bX0)^T#(x5V`_`(>k7K4Ox9@oG>>61_6*Tt&GC#2wntF0Ugz?
zYIxLz!v<;XQtVb{O)|a&iEh4@K=47lkvwGFL_y_94`%6pUttQzjKPEE_0L-iPTLl=
zf`dSY=RsL)cCcVkjZm?`EPud)5BoAvqhk_fg#>-(%loW`Hi(3isS^)n2l0y1{Kc#T
z`(^!XKR7(dlfiKf$Ys9ZjH!C0J~6XFbmk*03h9}9>Xk&4iK8d_6g~83=0eN`$`i41
zZc3^_L5C06iuyNm*1`L<>q1feLVk~oJZtG*;K2ur8};j=EkTyUsA;P5?py8kfquz1
zl;aCySUHTW@A~)P^%RbxEyqeiht^NZyuRBXG@I$wCs@$wN225(v?pCO<q<t%C>_*!
zuupkhda2MF7uUpQsr~fg)I&8K_oz8@-6wWAm|I@Re$AqI-a_679fDUI)P0?EcM0wS
z;3OJ7u{3%J-{=AUQl@{C9_Y{XK)9bv{v(L$Mm5(^zm2748lD|VRS7pK;LWCpzf0?#
zebW}khh@B6Fq{5}G%6sHrj-^e5?Ys_J*ws87sT-N`rsw%{Q%oX9eEJu#=?}5A5WV}
zZU9Teq|u7OWFdRy%B-bpU6m{ln6Y2CxB!vt|E?x_(C}HoxSm|nTWOcZ$60OFvo7KH
zUdO1^?p?+1*baB>CHJi^zDiZ{tD8`&SyP%H-?^_&O(|S5z^iRnIge3vxaWtnOX!>L
zg7YixC?Qv3P`~2|(gxhva(g!MYedZ)sFQGUcxigA^tqBucLdBzB756{mb)9%8&=;$
zK~%Q?lgjj#o70U8ow2D&kua6(X;?yT-&crEr$DDKLadu`a3km-I0$~;Leh6Zas5it
zK?wJKl5!05^?#~$QQ%*<*%unC*6jxX`(%>TZRr;&l-!Ro48pN-mQ6ui0}OZix7#F|
z&)`E;;%Z%Y*?qoS`%Wp|zAnu$`@W_`fHRxffuw<5lq<Wl7+8^bCLPHMjlpS!A+0Xr
z@x%S~K08S1V|~M(bMZ%2`vbS@?S6hIL9RoAjqv~-6J4QpR;8!lc=Y7UB)cWgOU)~U
z6DC+BRj2pL)O4LeaY%rEtexnjLQKrmwd<!m21U~sxy^4|^K_3?NDc;tFRHg=`MZ14
z-dYovMdNyLU6>B0#d0%SZy-^(o!|-rX>*x{j4l)vzAoYz)_-ua$F4u2t99B*j+xDA
z->kR|iuX0WCFRh_$FXVqAJEA1_gcpKzgouneJ#_3)M=Wfp{@y`H)-4q)xU***V2EM
z{Qorma~l7vWdAyU|EO7;{Qdclu*EXbw%HdNh02;m$b%}ueJWQDJ(Dx2jZ`c-^lH56
zuu@gye8N+aVJ;tyyC=lT3U48A9-~C#+wo^+bp=?~d6-8eLTyU-4L2kqYak~?ZF0U`
zoPK)wr&pP-+l15YwOT!>cHaKoh3kR}BMX^Fy$;GbOJYJEw(eJ7p|2Or*12QV6;PAb
z;@KBH9X}Z?zNa$r(2RywRX*X&ZDfy~6t_wD=L)^C9y@)*8iP>Sg%8YrVcmC`DtH<6
z{1>jyxCa4YvO5$@d{?5E*mA0-;zcsjPfs`!(@Zf^(@T6=$Jk75)E#tn_z-)_qP-pC
z4411#U5CjEx0^m?%831PWqX5i%%_h_?PzlV=0MX$49%1Ef7M1Npx$^q0&m<-g_!9X
zX%4eP9|4C!20wIwLXZIMk4m$b++XY^k?8Z)UYZ*J;V@MpZ51`Nx|+6{)+Uvkp~|=L
zr}Lkn`A>!~tA&B|bn>SWz;-wuKr{}?tL@apD#to(ti@H!8e8od^KE3`Z>Oq_?ZuEU
zq-e89j5?zv@#bp+DY6|3im?snFp*`?yl;xXsCp{oi>+#<R(K`8-+4>6k?efDXcwW6
zUv{6@H9K7~vInn=sz~1HZ0L067OBZRCMIbC8p^i?-Qj-_A=&bLRU-`Y{VFw{kb5N0
z_a@~0l5h006^Po>xIgduEp3E*0gwj_4K$MRL<gA^AUp`UqsKp#fBF1XgNqxg*C&E|
zHbU;j2I|RI^?O}r$@4r}Rax7up+fs)-818|glC;YwUz2N;PI<=G^0WWY3Rmr3FRu8
zsf7$49V75y8EZvn;3+7J(fF1a?f3#-U<JSgIKY1f0nAO!w3fDE_zk6Mi*`QusOPBm
z-IgAKohwYAu0A^d+j^tV`}I|4`6Pmy_)MUfzQL;pSrwn3ceZ+~+NS9Ha8B+3_s(lh
zmD)WL{=ne6M!`F3?(2Tvu+z>E)>L1XYVbjFH9X0!^6LFayjhEnsTQMv&*TjYV%2V&
zEG};=>6`@LWKnvW6^>YUcd$0@nv-`yA31ow#REz*ezN8$al{1d4T}Qrg%x$?3PnXZ
zTd|fddp%b@CwQRx!=jVu1vhe^K!X1M8vVdvBzfZs=S!CB{Fe=Uw576{vRpE$yyi#&
zS@)=0BPRy%ZaUXH*U!J!n!{eme@|)FJEKXMTHSU2jkDIatfwJ~ULOQvoMmGp-?yHc
z%Z|vG%Zc|k%aB(*&Gqs%S<ZhhIJzmKE2V?-So&B}XRBP3K4X9kMVkwWLMo`+wl6Th
zCfBkL1yx#a8@I-RRvnk~OSl&}MoFsv;jv3oF_ngIO>U(;GeaZeTXL6~{1j}g2uDI+
z3P&+E2wKG86mk`4T>%j6v?C@D?EwTgLm681<$}%|>5hE--TDBjbferpg=$#0GKxyL
zC(}}4l=wutqZ~z>{Oh;5;F+vFDNs6U#sRkHEC>H1XDK-^3uTUb-dwys)zv=G8#Zdq
zo}=u}MY@;Y>aL}nNl26FDMnK~D%u5M1!~N&Pz$^%+9Sla(rIsc(~aK*aeWuF->DbY
zxZqY}yMA@QBdOtf^};Jsv2F}CT4~{U*k$Sb21;9!>8RhnF1{6#h%P1obEzSvF~vK<
z)MDW+u7WM+@iKYdq!W=3af-@0Fw02F*iUF|qb*tB+mc~|&77<CT&)Q@&&txM(%Lz{
ImjJ+j04YTqLI3~&
literal 0
HcmV?d00001
diff --git a/tests/fuzz/corpuses/dtlsclient b/tests/fuzz/corpuses/dtlsclient
new file mode 100644
index 0000000000000000000000000000000000000000..87c3ca333a37338f74a136fb4af241f0bbe2f6da
GIT binary patch
literal 4058
zcmeH~cT^ME7sqFk&=Zg%p?8HKWfFSFMWic+77;;0i3k!Pr~w3NiY(Ovh=9^Xlm%%<
zS1}06A{{|GB7%S*F1TQ$Y_PKXbB}wD`{yrbPG;_#ckj%3_kQMnAOFfS@cE|<2LS0$
zhV;s^gyVd+z0b}3R(Z@-yYnW_!yT-27-CC9du>3RYt+2AHUAf15O9M5fCB)2@OD^P
z_QavCV+nbVoAxrH2~*BpSIS%NXH?p9b4CVkmDC%Ik?@<+&)NE9iKGvPr9B_?PEFEu
zlAkHld5<gAwVe?daH2y1z_kjlMMN`#asV(8`1(8;@-7E}tOghl1=h~U3IMJHMZz_p
zNSJsw90tM|2ZUl~lRsg4;x!5cnV0}b2g?DmF~jW;%)GE2mRN3xYt3NiWwj>zxCYqR
zSYibs^x6=dcf;o)30n_JpoGy@NDPg_Vj&zBhgDToh14C<DBOAzQvGgl9%#eI;A}o*
zH&>tiWJ(|u2}-ShOOOeGM}k}cW1Jlp34%baRo>7<i)aU;$1H%BewC9trmbt<rp?RW
z?l{(x2b{b#E9RYg316A~QZXP{U*`N$wdz%wg(D-I-QzRM<U(`$pT|FI6iL0cQj5S>
zsCVVPdvfh?Z*r|`r6*oJce73Ll|W~fP{GIn`CjqtK9q=}ndj?0n<(2SIey;hg{%US
zpY%s=@C^OMc1xT`(5akJ*SZ!%GuGMt$ho)^o!jrU(~7y_V#n-@gv7Q9aB&@v>yO*!
zJSuRXsNCS0@NRE!=quS+40tb@(?E6(`pum4<)h(-23hY0CcWT#nC^K|eXdE>b9<U7
z7WmX&?p%fNlU`bm54p;QcPn!@ynfCDLTNBKqXP1*Ad3%)6Xiv~AOI3&ETbqVf*-+G
zz%=Pj8+^Qv%bLe(Uy*yMRh-coNPO+KG(rI459h0N94n|8?!+(N=q^m*n%2M7u)Ml{
z!5L-2Sa1-?BspOS*+IgWZi^HN%?Jj}`*6OYsJD)zEqFkm*=yYv{VNpmk<_s}m_DMS
ztY8tc*8$_V>ks=|d2){2z4BQ@8=`6V)W)V)C@uoz1rc3Sl5TNWsU&u+ThUW*`bDs*
z(6vNDth<s5mFl{Cm$-k!20FZ3iyngR5%IfcNUC8PB7(OTR%(~U8>!}l=&4C%%aZ2W
zK)>Y6%JGHKNG?OGYX456u7Wq#e55#}fBA^qv+5q|OqN%-a6y}2TuZ)_ZQN;NKJonq
zveY)GZsk$g#X>8`*m{(?*2B{icT^pDADgn%-*L*r-1CARG%m&S7xLd~6+U-Y&DSN@
zMA!s?$1&)MVbDYVL=W({W%@7af&NMl<oIL3zXuWhvBnbm*OAmLgA>E4xX^6{{Mjv%
zbLm|(&zp`45LnL^%w*h)dn_cDu9+Sq7D7+ZdaSwEkIM4!Lf@Im8v(oSwdO(i%kvY4
zetb>aasxQ-jvKz!A1~yrcspb6MyFwbz)T07q5?#+|J?1UK7&UEqq_1*FJ<@D-M`p$
zb7o)Y^=Hwznw{?no2B4;x+=ThFFZ|E@}rL_-Ck0f9o=e2S5*p?3Giw%xyEN06-xT!
z#3J^}Tu^>_l@ia}X!P$yvaCKY;hHT<@;pT&2Wlgq9$cJSx;mgF*AWJ@kj~yXuj%2=
z_8jS(D2&eb|E(gU@yb-)d|OOvQaB8EA)P?Z?fwW+L<$sf8bYqY!HZym;2^lVj-+pb
z;`WgwC&=;JB;^?7>-|vbBEi3x*#{bF%eK9MZF1bEGTEV&mfY9TETS>7=JizWUY4pJ
zDeFYjX<{%gw#LoGX0^IzPAT4&o^FtRLqj^i1+{&5Qm;u%n&m|nBoC2ITV_nXZ%UzG
zvz>CtwWro+b6mzq_aNy-ythhEpp>rVKvjZ#s{)F3HxnCEq1MF;lJIEM_>&}?Mbepu
zx8%dy2t1S8U1<|jbp4{>0KFI+@o|Od=!x?ej(PTpXDslVmRa$2442FFQ9~EhnhAm(
zo#`*FC~w4LyByo`t!xX|w(mLsB<eJi-9RAyMOGo}z80K7J7t96-#6ZA)05EtU}~>C
zJ8G}pjHET1{~5D+i}Ud7kty5n(8%%6y$t!ky$t#7UZw%5F?yD|ng)bjqjAkt`(*x8
zO8;H(|I_&IY5dyB{&W8RRkGIj`|B5Bon&H^*#{a$N*lx~`*1<sxHRWS^7=L5ip9=P
zN9$dcXmzs*55)$#eblQDOOzIt@LW0A5=Cq#9-q+>;#lTmAC?ZWzG^pkH;Lyqv=>p6
zoG%}%mvQag(=4}*q8YZD4?HJr4)}KzE(<FR&u4jiImx@o;Dhfxa8P^8Tq~TdU1iZ8
za67$`)EzYyKOQ8xqax9HT3wTtPd;A8(`mDbcU#A5x$a1(jh?}6{SerxKiK__c2u*K
z^Rwvs&!3z2paMrRn-z<F-$pH>a%dCrVwo8cV|ys+#`sNBivkx9qKvK8>~*vS5Iahv
z4(y3Fcym+SZLm_Ito~h=oWxIQQg@Z3-@RUJ#+m{!dq!WxGc;Mx$KJ>W)EbS35sjKB
zA$Dd~hQe&sL%?B>{&y9i2qeV#qB7(q?+1BFq4<21m&Qh)6{ZTLg;T|<scNZeu2H#W
z;y#%_9RDywf3kddTNud9v?T%oNWqB!qOO07>Q)Vca*X}TQtVBPk;RS?-#ShQ8x<`=
z7rydTiWZ0TV;8gx(R4{D1=Fga7<2a|KD_kNfh&?jw1*<T1lohia<9Z!TT3u?l`e-a
znUK2$F?L?(ZFD3mJ^A;kh~-6OLlIf)T20nL2^llcU`rFVO7K>gOyj_N^`nsQ$5umv
zJi__DH6iDxe8V4Ifyi}<`)k#&OC#J1fIMMXpstcgv6o8$La98PJN-ih-~4<||MZH=
zg|VQ{mEh|!fx260Jzi%y@<>N$6*V2|IEKqIDf6r}iEe+>LS-Xx|7kOpRUtF3|MDSe
zWt!Z?d?uf^A?Q?!EN=@u23=$|Dv|iQoq>btNB~R#82c}PafSne#}QyIzvg&*gpZ<b
zN6S@XOc{>Y?z2OC<VKGrCZ(h)z7s5uSDA}bIin=uUQ)mpg6u#^HO6{mF5U1mv^NN-
zF%d8alU{Xfb-6yR?k&;7%1N%+nZEH7Uql*g-ng=I>}lrfz~-I%7h;?HH9Qr(Ce0p%
z3B>1^CB4`g6lf-gcar>7?YCFV3~3xw<nudA;!(+;#=&~S%a6x9Pu@6)(#Bf{O}%q2
zo0}~(t)GpqZY^6e_=PC#Wwk2I+y3a3GtYqm_5BGLREbcyGV=@L%hZj08*Vx8+#TK@
zl<%3zg(cio;%^oSBegEj$b&4Ufz@_TJv>k@cLp32i*v}n@bfjlI#|nl_X_j>GIZjs
zL8y3#t=^&JqLtxeHZwpeM*GeI*70XMOyN%1bgjL<EjrMllq7}BRm)tD`4A=cO-qY=
zA`9)BYJ!V&4GuUQ7p<Wk3L7xLX{rCpUT-LfYRFk|hTF_Sq~ZdTlb>&J59Q9r;pzKr
z+tFE@3vcUOL_|cLtxR}caLOCda^CedO9%kTxt1Wr+8+S$ecAmo0U)?G?c?qj0HDuT
z&id`LQeE9i24*F2(or_*bb*l=?CqOIPo8kfl`;WYrX043LSQ8p{lyssBtJQWzgvJC
zhKOEO_gDrr)8x+554UKhgz`QyZrJ!`HVhE@G#l1lH6pcBTeNsq{uxgX9PgCc`zK~=
B`4|8I
literal 0
HcmV?d00001
diff --git a/tests/fuzz/corpuses/dtlsserver b/tests/fuzz/corpuses/dtlsserver
new file mode 100644
index 0000000000000000000000000000000000000000..7a7a117900781be46a5b985b275d625ef98b8c96
GIT binary patch
literal 1189
zcmeHGYfQ~y9Dd&OKed!oraGZql5k2FMY=IQC>?!Zlr0-G3@h3y2VpKLUDct`kxFiL
zI@MfO(=3nsd|;W|T-LITvM_BKnvOSJKKta8=gaT;-S+<8-}AoOek+C`jthv~K}Y2F
z|JrnKOX_l~zFYUOxwfaTBWlmBmEYYvKNJ`e{MQFpJTL*mma`a$3f8fL(>N1}w5JQg
z*ub+q%slR8DtF)xvgykJl+(g;dT|CeaTJ{q%z9Qai@Dsx6dKTi#kAvCXi>|H48;|O
zz(^xc@dRsO<^|5fWzIzri+G$SnmGrBIL*_TkGTw@51r`G>9pY)?gnv)1>D6PZbuo*
z5QzZJrjCyEqc_#8WICF$i22;fY^K4U8Y-wm6H0iDrLdq8#XQQBIEEUYM*|92$P(6|
zn&(iDd>&yjtC0t*021Wh95EUgm6W`GUDD>{)HG=1O<ZghTVbQv2(_XXilPXWq7tyj
zIGGy{4{6=uCiw)o!UfJ43kS#o8G(!gUXqSTBt)Z>$PAg6%QydpL{k!aD&v!y&pq<d
zS>jC5YuX;$QKk01-+D78Z(T-D;xh4H!ha&+uK~#<R5&^Y$dYydS($1PAMNDV`6ax`
z(fjq?Z!C`W?)rFpyjM_LerEp<-wl^yHCJ2o-9~Hh;};RRH!frw?2OM%k*!g2i4N(V
zm!~|hdI;@K$Db(&3v>s{3VYWqz0{Yv%U$#2?KR;OS5)KIu)%fV2}8-ZCHmf{)6Q&l
z`Wj@ezdduJ@=~YnePn8R7weHT)un%UJOx5%rT6EB$pHh0nOm69Ps&R#Ee{{vl#uQa
z6*IZLyl+*;oW>RLapA2+_O`~3lWiL}zj7OC7VsQu7N0X?t_LSahlF-py54Bl1}u2i
nv9Hu>xftj=Qmv9dVDL~?`zO!puqtOwgrV+z*#6Zm+cJIwp9Z@o
literal 0
HcmV?d00001
diff --git a/tests/fuzz/corpuses/server b/tests/fuzz/corpuses/server
new file mode 100644
index 0000000000000000000000000000000000000000..fbeb019f200a63d8f40815551f07375c0265c4e6
GIT binary patch
literal 675
zcmXYsSxD4z6ot>v|0wF@SUPGhQKaUUySADrl!Z=#p*;u%p=F^VsJTZNxsH>2mbq6h
z<AxeaKG-2EC{T+^v!IlM)C4h7Dk1w9-j{ng_j~xRwIqa2Kom(*{IiQGk?Y}$Zezop
z-`75e<vfo1X+QT>mlop{>)-gi7Q%?T>4Qdgvyo18MFLH!#(wtlE(@sT6{av9Pf$n?
zdZU3|Y@j1u5Kj|Y!k;~CVLpqQ!(^sm1V?C03s|F*ZQO?e?m;=rd51OZgr2S3i+%>8
zjAgvZTIv~qQq;2^hY(0Vy3?Fq+(kn+GaJNp>X^wQUPc}35Cm`f(v2#5(wPc2F$=>8
zWeGD_$W)lpj1syrglbmuHo7o~Dpv3oD$&9F=!K4@tY!z=c@I4(;SE-?9a^jlAO?U6
zn*fu<q}a2G7m`v^VJ3f~Hj<2lp=2l&l0rz5Bn%`20aI+1Z?<rdw>@m+YzHf-VF?Q;
zAp>#)xd$BOC`l;Z4CLo2#Hpj^o^wkFhE&cUp02V=<2=7GYU}9tu_W)$FORrBjoE{d
z@Wt|V|5sB7iyyTXrWuz{)&{){i%w8x&Gqk?Y#D=fhU$0nHJw{-UFpi1h`zPFOnbA}
zvk!%PbXkXIZ=6*~O<MKpvGA2QPR*Chm;LlTqpsVeX*b2nc<sm+jYH8+wX7q=KPgw)
z@BgqX<HSU$SJ8Xr&Gg=7pWy&br#cAjaMZ+Azu-^Dl{PZ$zQKw%U#}^{fuV}rrMKS(
zw=8JGevC&3t7_iO&qg@t(_b{XY`2neyA9mHryzUgu(RfL^U3ow^&#g>#{2OX(K-Ys
literal 0
HcmV?d00001
diff --git a/tests/fuzz/fuzz_client.c b/tests/fuzz/fuzz_client.c
new file mode 100644
index 000000000..7860177a1
--- /dev/null
+++ b/tests/fuzz/fuzz_client.c
@@ -0,0 +1,227 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+const char *alpn_list[3];
+
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+const char *pers = "fuzz_client";
+
+
+typedef struct fuzzBufferOffset
+{
+ const uint8_t *Data;
+ size_t Size;
+ size_t Offset;
+} fuzzBufferOffset_t;
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ //silence warning about unused parameter
+ (void) ctx;
+ (void) buf;
+
+ //pretends we wrote everything ok
+ return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ //reads from the buffer from fuzzer
+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+ if (biomemfuzz->Offset == biomemfuzz->Size) {
+ //EOF
+ return (0);
+ }
+ if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+ //do not overflow
+ len = biomemfuzz->Size - biomemfuzz->Offset;
+ }
+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+ biomemfuzz->Offset += len;
+ return( len );
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+ int ret;
+ size_t i;
+
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ for (i=0; i<output_len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+
+ //use mbedtls_entropy_func to find bugs in it
+ //test performance impact of entropy
+ //ret = mbedtls_entropy_func(data, output, len);
+ for (i=0; i<len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( 0 );
+}
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+ uint16_t options;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &cacert );
+ if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+#endif
+
+ alpn_list[0] = "HTTP";
+ alpn_list[1] = "fuzzalpn";
+ alpn_list[2] = NULL;
+
+ initialized = 1;
+ }
+
+ //we take 1 byte as options input
+ if (Size < 2) {
+ return 0;
+ }
+ options = (Data[Size - 2] << 8) | Data[Size - 1];
+ //Avoid warnings if compile options imply no options
+ (void) options;
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if (options & 2) {
+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ }
+#endif
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if (options & 4) {
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_REQUIRED );
+ } else
+#endif
+ {
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+ }
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ mbedtls_ssl_conf_truncated_hmac( &conf, (options & 8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_DISABLED : MBEDTLS_SSL_ETM_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
+ mbedtls_ssl_conf_cbc_record_splitting( &conf, (options & 0x40) ? MBEDTLS_SSL_CBC_RECORD_SPLITTING_ENABLED : MBEDTLS_SSL_CBC_RECORD_SPLITTING_DISABLED );
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_conf_session_tickets( &conf, (options & 0x100) ? MBEDTLS_SSL_SESSION_TICKETS_DISABLED : MBEDTLS_SSL_SESSION_TICKETS_ENABLED );
+#endif
+#if defined(MBEDTLS_SSL_ALPN)
+ if (options & 0x200) {
+ mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+ }
+#endif
+ //There may be other options to add :
+ // mbedtls_ssl_conf_cert_profile, mbedtls_ssl_conf_sig_hashes
+
+ srandom(1);
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if ((options & 1) == 0) {
+ if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+ goto exit;
+ }
+#endif
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size-2;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+
+ ret = mbedtls_ssl_handshake( &ssl );
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+
+exit:
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_client.options b/tests/fuzz/fuzz_client.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_client.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_dtlsclient.c b/tests/fuzz/fuzz_dtlsclient.c
new file mode 100644
index 000000000..c88b33b73
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsclient.c
@@ -0,0 +1,185 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+
+
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt cacert;
+#endif
+
+
+const char *pers = "fuzz_dtlsclient";
+
+
+typedef struct fuzzBufferOffset
+{
+ const uint8_t *Data;
+ size_t Size;
+ size_t Offset;
+} fuzzBufferOffset_t;
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ //silence warning about unused parameter
+ (void) ctx;
+ (void) buf;
+
+ //pretends we wrote everything ok
+ return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ //reads from the buffer from fuzzer
+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+ if (biomemfuzz->Offset == biomemfuzz->Size) {
+ //EOF
+ return (0);
+ }
+ if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+ //do not overflow
+ len = biomemfuzz->Size - biomemfuzz->Offset;
+ }
+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+ biomemfuzz->Offset += len;
+ return( len );
+}
+
+static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout )
+{
+ (void) timeout;
+
+ return fuzz_recv(ctx, buf, len);
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+ int ret;
+ size_t i;
+
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ for (i=0; i<output_len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+
+ //use mbedtls_entropy_func to find bugs in it
+ //test performance impact of entropy
+ //ret = mbedtls_entropy_func(data, output, len);
+ for (i=0; i<len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( 0 );
+}
+#endif
+
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_timing_delay_context timer;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &cacert );
+ if (mbedtls_x509_crt_parse( &cacert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+#endif
+ initialized = 1;
+ }
+
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+
+ srandom(1);
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
+#endif
+ mbedtls_ssl_conf_authmode( &conf, MBEDTLS_SSL_VERIFY_NONE );
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ if( mbedtls_ssl_set_hostname( &ssl, "localhost" ) != 0 )
+ goto exit;
+#endif
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+
+ ret = mbedtls_ssl_handshake( &ssl );
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+
+exit:
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+#else
+ (void) Data;
+ (void) Size;
+#endif
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_dtlsclient.options b/tests/fuzz/fuzz_dtlsclient.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsclient.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_dtlsserver.c b/tests/fuzz/fuzz_dtlsserver.c
new file mode 100644
index 000000000..6e59a85a7
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsserver.c
@@ -0,0 +1,209 @@
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include "mbedtls/ssl.h"
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/timing.h"
+#include "mbedtls/ssl_cookie.h"
+
+
+const char *pers = "fuzz_dtlsserver";
+const unsigned char client_ip[4] = {0x7F, 0, 0, 1};
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+
+typedef struct fuzzBufferOffset
+{
+ const uint8_t *Data;
+ size_t Size;
+ size_t Offset;
+} fuzzBufferOffset_t;
+
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ //silence warning about unused parameter
+ (void) ctx;
+ (void) buf;
+
+ //pretends we wrote everything ok
+ return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ //reads from the buffer from fuzzer
+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+ if (biomemfuzz->Offset == biomemfuzz->Size) {
+ //EOF
+ return (0);
+ }
+ if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+ //do not overflow
+ len = biomemfuzz->Size - biomemfuzz->Offset;
+ }
+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+ biomemfuzz->Offset += len;
+ return( len );
+}
+
+static int fuzz_recv_timeout( void *ctx, unsigned char *buf, size_t len,
+ uint32_t timeout )
+{
+ (void) timeout;
+
+ return fuzz_recv(ctx, buf, len);
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+ int ret;
+ size_t i;
+
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ for (i=0; i<output_len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+
+ //use mbedtls_entropy_func to find bugs in it
+ //test performance impact of entropy
+ //ret = mbedtls_entropy_func(data, output, len);
+ for (i=0; i<len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( 0 );
+}
+#endif
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#if defined(MBEDTLS_SSL_PROTO_DTLS)
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_timing_delay_context timer;
+ mbedtls_ssl_cookie_ctx cookie_ctx;
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len ) != 0)
+ return 1;
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+ if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ return 1;
+#endif
+ initialized = 1;
+ }
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+ mbedtls_ssl_cookie_init( &cookie_ctx );
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+
+ srandom(1);
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+ goto exit;
+#endif
+
+ if( mbedtls_ssl_cookie_setup( &cookie_ctx, dummy_random, &ctr_drbg ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_conf_dtls_cookies( &conf, mbedtls_ssl_cookie_write, mbedtls_ssl_cookie_check, &cookie_ctx );
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_set_timer_cb( &ssl, &timer, mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay );
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+ if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+ goto exit;
+
+ ret = mbedtls_ssl_handshake( &ssl );
+
+ if (ret == MBEDTLS_ERR_SSL_HELLO_VERIFY_REQUIRED) {
+ biomemfuzz.Offset = ssl.next_record_offset;
+ mbedtls_ssl_session_reset( &ssl );
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, fuzz_recv_timeout );
+ if( mbedtls_ssl_set_client_transport_id( &ssl, client_ip, sizeof(client_ip) ) != 0 )
+ goto exit;
+
+ ret = mbedtls_ssl_handshake( &ssl );
+
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+ }
+
+exit:
+ mbedtls_ssl_cookie_free( &cookie_ctx );
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+#else
+ (void) Data;
+ (void) Size;
+#endif
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_dtlsserver.options b/tests/fuzz/fuzz_dtlsserver.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_dtlsserver.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_privkey.c b/tests/fuzz/fuzz_privkey.c
new file mode 100644
index 000000000..533a647dc
--- /dev/null
+++ b/tests/fuzz/fuzz_privkey.c
@@ -0,0 +1,64 @@
+#include <stdint.h>
+#include "mbedtls/pk.h"
+
+//4 Kb should be enough for every bug ;-)
+#define MAX_LEN 0x1000
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_PK_PARSE_C
+ int ret;
+ mbedtls_pk_context pk;
+
+ if (Size > MAX_LEN) {
+ //only work on small inputs
+ Size = MAX_LEN;
+ }
+
+ mbedtls_pk_init( &pk );
+ ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0 );
+ if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_rsa_context *rsa;
+
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+ mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
+ mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+
+ rsa = mbedtls_pk_rsa( pk );
+ mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
+ mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
+
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+ mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
+ mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp;
+
+ ecp = mbedtls_pk_ec( pk );
+ if (ecp) {
+ ret = 0;
+ }
+ }
+ else
+#endif
+ {
+ ret = 0;
+ }
+ }
+ mbedtls_pk_free( &pk );
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_privkey.options b/tests/fuzz/fuzz_privkey.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_privkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_pubkey.c b/tests/fuzz/fuzz_pubkey.c
new file mode 100644
index 000000000..df42f7d53
--- /dev/null
+++ b/tests/fuzz/fuzz_pubkey.c
@@ -0,0 +1,57 @@
+#include <stdint.h>
+#include "mbedtls/pk.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_PK_PARSE_C
+ int ret;
+ mbedtls_pk_context pk;
+
+ mbedtls_pk_init( &pk );
+ ret = mbedtls_pk_parse_public_key( &pk, Data, Size );
+ if (ret == 0) {
+#if defined(MBEDTLS_RSA_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
+ {
+ mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
+ mbedtls_rsa_context *rsa;
+
+ mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q );
+ mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP );
+ mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP );
+
+ rsa = mbedtls_pk_rsa( pk );
+ ret = mbedtls_rsa_export( rsa, &N, &P, &Q, &D, &E );
+ ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP );
+
+ mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q );
+ mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP );
+ mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP );
+
+ }
+ else
+#endif
+#if defined(MBEDTLS_ECP_C)
+ if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_ECKEY )
+ {
+ mbedtls_ecp_keypair *ecp;
+
+ ecp = mbedtls_pk_ec( pk );
+ //dummy use of value
+ if (ecp) {
+ ret = 0;
+ }
+ }
+ else
+#endif
+ {
+ ret = 0;
+ }
+ }
+ mbedtls_pk_free( &pk );
+#else
+ (void) Data;
+ (void) Size;
+#endif //MBEDTLS_PK_PARSE_C
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_pubkey.options b/tests/fuzz/fuzz_pubkey.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_pubkey.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_server.c b/tests/fuzz/fuzz_server.c
new file mode 100644
index 000000000..770a38633
--- /dev/null
+++ b/tests/fuzz/fuzz_server.c
@@ -0,0 +1,240 @@
+#include "mbedtls/ssl.h"
+#include "mbedtls/entropy.h"
+#include "mbedtls/ctr_drbg.h"
+#include "mbedtls/certs.h"
+#include "mbedtls/ssl_ticket.h"
+#include <string.h>
+#include <stdlib.h>
+#include <stdbool.h>
+#include <stdint.h>
+
+
+const char *pers = "fuzz_server";
+static bool initialized = 0;
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static mbedtls_x509_crt srvcert;
+static mbedtls_pk_context pkey;
+#endif
+const char *alpn_list[3];
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+const unsigned char psk[] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
+};
+const char psk_id[] = "Client_identity";
+#endif
+
+
+typedef struct fuzzBufferOffset
+{
+ const uint8_t *Data;
+ size_t Size;
+ size_t Offset;
+} fuzzBufferOffset_t;
+
+
+static int dummy_send( void *ctx, const unsigned char *buf, size_t len )
+{
+ //silence warning about unused parameter
+ (void) ctx;
+ (void) buf;
+
+ //pretends we wrote everything ok
+ return( len );
+}
+
+static int fuzz_recv( void *ctx, unsigned char *buf, size_t len )
+{
+ //reads from the buffer from fuzzer
+ fuzzBufferOffset_t * biomemfuzz = (fuzzBufferOffset_t *) ctx;
+
+ if (biomemfuzz->Offset == biomemfuzz->Size) {
+ //EOF
+ return (0);
+ }
+ if (len + biomemfuzz->Offset > biomemfuzz->Size) {
+ //do not overflow
+ len = biomemfuzz->Size - biomemfuzz->Offset;
+ }
+ memcpy(buf, biomemfuzz->Data + biomemfuzz->Offset, len);
+ biomemfuzz->Offset += len;
+ return( len );
+}
+
+static int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
+{
+ int ret;
+ size_t i;
+
+ //use mbedtls_ctr_drbg_random to find bugs in it
+ ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
+ for (i=0; i<output_len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( ret );
+}
+
+static int dummy_entropy( void *data, unsigned char *output, size_t len )
+{
+ size_t i;
+
+ //use mbedtls_entropy_func to find bugs in it
+ //test performance impact of entropy
+ //ret = mbedtls_entropy_func(data, output, len);
+ for (i=0; i<len; i++) {
+ //replace result with pseudo random
+ output[i] = (unsigned char) random();
+ }
+ return( 0 );
+}
+
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+ int ret;
+ size_t len;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_context ticket_ctx;
+#endif
+ unsigned char buf[4096];
+ fuzzBufferOffset_t biomemfuzz;
+ uint8_t options;
+
+ //we take 1 byte as options input
+ if (Size < 1) {
+ return 0;
+ }
+ options = Data[Size - 1];
+
+ if (initialized == 0) {
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_init( &srvcert );
+ mbedtls_pk_init( &pkey );
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_srv_crt,
+ mbedtls_test_srv_crt_len ) != 0)
+ return 1;
+ if (mbedtls_x509_crt_parse( &srvcert, (const unsigned char *) mbedtls_test_cas_pem,
+ mbedtls_test_cas_pem_len ) != 0)
+ return 1;
+ if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
+ mbedtls_test_srv_key_len, NULL, 0 ) != 0)
+ return 1;
+#endif
+
+ alpn_list[0] = "HTTP";
+ alpn_list[1] = "fuzzalpn";
+ alpn_list[2] = NULL;
+
+ initialized = 1;
+ }
+ mbedtls_ssl_init( &ssl );
+ mbedtls_ssl_config_init( &conf );
+ mbedtls_ctr_drbg_init( &ctr_drbg );
+ mbedtls_entropy_init( &entropy );
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_init( &ticket_ctx );
+#endif
+
+ if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
+ (const unsigned char *) pers, strlen( pers ) ) != 0 )
+ goto exit;
+
+
+ if( mbedtls_ssl_config_defaults( &conf,
+ MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT ) != 0 )
+ goto exit;
+
+ srandom(1);
+ mbedtls_ssl_conf_rng( &conf, dummy_random, &ctr_drbg );
+
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_ssl_conf_ca_chain( &conf, srvcert.next, NULL );
+ if( mbedtls_ssl_conf_own_cert( &conf, &srvcert, &pkey ) != 0 )
+ goto exit;
+#endif
+
+ mbedtls_ssl_conf_cert_req_ca_list( &conf, (options & 0x1) ? MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED : MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED );
+#if defined(MBEDTLS_SSL_ALPN)
+ if (options & 0x2) {
+ mbedtls_ssl_conf_alpn_protocols( &conf, alpn_list );
+ }
+#endif
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if( options & 0x4 )
+ {
+ if( mbedtls_ssl_ticket_setup( &ticket_ctx,
+ dummy_random, &ctr_drbg,
+ MBEDTLS_CIPHER_AES_256_GCM,
+ 86400 ) != 0 )
+ goto exit;
+
+ mbedtls_ssl_conf_session_tickets_cb( &conf,
+ mbedtls_ssl_ticket_write,
+ mbedtls_ssl_ticket_parse,
+ &ticket_ctx );
+ }
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ mbedtls_ssl_conf_truncated_hmac( &conf, (options & 0x8) ? MBEDTLS_SSL_TRUNC_HMAC_ENABLED : MBEDTLS_SSL_TRUNC_HMAC_DISABLED);
+#endif
+#if defined(MBEDTLS_SSL_EXTENDED_MASTER_SECRET)
+ mbedtls_ssl_conf_extended_master_secret( &conf, (options & 0x10) ? MBEDTLS_SSL_EXTENDED_MS_DISABLED : MBEDTLS_SSL_EXTENDED_MS_ENABLED);
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ mbedtls_ssl_conf_encrypt_then_mac( &conf, (options & 0x20) ? MBEDTLS_SSL_ETM_ENABLED : MBEDTLS_SSL_ETM_DISABLED);
+#endif
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+ if (options & 0x40) {
+ mbedtls_ssl_conf_psk( &conf, psk, sizeof( psk ),
+ (const unsigned char *) psk_id, sizeof( psk_id ) - 1 );
+ }
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ mbedtls_ssl_conf_renegotiation( &conf, (options & 0x80) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED : MBEDTLS_SSL_RENEGOTIATION_DISABLED );
+#endif
+
+ if( mbedtls_ssl_setup( &ssl, &conf ) != 0 )
+ goto exit;
+
+ biomemfuzz.Data = Data;
+ biomemfuzz.Size = Size-1;
+ biomemfuzz.Offset = 0;
+ mbedtls_ssl_set_bio( &ssl, &biomemfuzz, dummy_send, fuzz_recv, NULL );
+
+ mbedtls_ssl_session_reset( &ssl );
+ ret = mbedtls_ssl_handshake( &ssl );
+ if( ret == 0 )
+ {
+ //keep reading data from server until the end
+ do
+ {
+ len = sizeof( buf ) - 1;
+ ret = mbedtls_ssl_read( &ssl, buf, len );
+
+ if( ret == MBEDTLS_ERR_SSL_WANT_READ )
+ continue;
+ else if( ret <= 0 )
+ //EOF or error
+ break;
+ }
+ while( 1 );
+ }
+
+exit:
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ mbedtls_ssl_ticket_free( &ticket_ctx );
+#endif
+ mbedtls_entropy_free( &entropy );
+ mbedtls_ctr_drbg_free( &ctr_drbg );
+ mbedtls_ssl_config_free( &conf );
+ mbedtls_ssl_free( &ssl );
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_server.options b/tests/fuzz/fuzz_server.options
new file mode 100644
index 000000000..4d7340f49
--- /dev/null
+++ b/tests/fuzz/fuzz_server.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 1048575
diff --git a/tests/fuzz/fuzz_x509crl.c b/tests/fuzz/fuzz_x509crl.c
new file mode 100644
index 000000000..02f521cc8
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crl.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_crl.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CRL_PARSE_C
+ int ret;
+ mbedtls_x509_crl crl;
+ unsigned char buf[4096];
+
+ mbedtls_x509_crl_init( &crl );
+ ret = mbedtls_x509_crl_parse( &crl, Data, Size );
+ if (ret == 0) {
+ ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl );
+ }
+ mbedtls_x509_crl_free( &crl );
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_x509crl.options b/tests/fuzz/fuzz_x509crl.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crl.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_x509crt.c b/tests/fuzz/fuzz_x509crt.c
new file mode 100644
index 000000000..8f593a141
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crt.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_crt.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CRT_PARSE_C
+ int ret;
+ mbedtls_x509_crt crt;
+ unsigned char buf[4096];
+
+ mbedtls_x509_crt_init( &crt );
+ ret = mbedtls_x509_crt_parse( &crt, Data, Size );
+ if (ret == 0) {
+ ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt );
+ }
+ mbedtls_x509_crt_free( &crt );
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_x509crt.options b/tests/fuzz/fuzz_x509crt.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509crt.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/fuzz_x509csr.c b/tests/fuzz/fuzz_x509csr.c
new file mode 100644
index 000000000..3cf28a6fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509csr.c
@@ -0,0 +1,22 @@
+#include <stdint.h>
+#include "mbedtls/x509_csr.h"
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+#ifdef MBEDTLS_X509_CSR_PARSE_C
+ int ret;
+ mbedtls_x509_csr csr;
+ unsigned char buf[4096];
+
+ mbedtls_x509_csr_init( &csr );
+ ret = mbedtls_x509_csr_parse( &csr, Data, Size );
+ if (ret == 0) {
+ ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr );
+ }
+ mbedtls_x509_csr_free( &csr );
+#else
+ (void) Data;
+ (void) Size;
+#endif
+
+ return 0;
+}
diff --git a/tests/fuzz/fuzz_x509csr.options b/tests/fuzz/fuzz_x509csr.options
new file mode 100644
index 000000000..0824b19fa
--- /dev/null
+++ b/tests/fuzz/fuzz_x509csr.options
@@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 65535
diff --git a/tests/fuzz/onefile.c b/tests/fuzz/onefile.c
new file mode 100644
index 000000000..caf3ca565
--- /dev/null
+++ b/tests/fuzz/onefile.c
@@ -0,0 +1,50 @@
+#include <stdint.h>
+#include <unistd.h>
+#include <stdlib.h>
+#include <stdio.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size);
+
+int main(int argc, char** argv)
+{
+ FILE * fp;
+ uint8_t *Data;
+ size_t Size;
+
+ if (argc != 2) {
+ return 1;
+ }
+ //opens the file, get its size, and reads it into a buffer
+ fp = fopen(argv[1], "rb");
+ if (fp == NULL) {
+ return 2;
+ }
+ if (fseek(fp, 0L, SEEK_END) != 0) {
+ fclose(fp);
+ return 2;
+ }
+ Size = ftell(fp);
+ if (Size == (size_t) -1) {
+ fclose(fp);
+ return 2;
+ }
+ if (fseek(fp, 0L, SEEK_SET) != 0) {
+ fclose(fp);
+ return 2;
+ }
+ Data = malloc(Size);
+ if (Data == NULL) {
+ fclose(fp);
+ return 2;
+ }
+ if (fread(Data, Size, 1, fp) != 1) {
+ fclose(fp);
+ return 2;
+ }
+
+ //lauch fuzzer
+ LLVMFuzzerTestOneInput(Data, Size);
+ fclose(fp);
+ return 0;
+}
+
Reference in New Issue View Git Blame Copy Permalink