From 51a7679a8e1ec7e82cb7ff82faad43de70e830c3 Mon Sep 17 00:00:00 2001 From: Paul Elliott Date: Fri, 11 Feb 2022 19:10:14 +0000 Subject: [PATCH] Ensure context is passed in to dummy_rand In fuzz_privkey, we switched over to using dummy_rand(), which uses ctr_drbg internally, and thus requires an initialised ctr_drbg_context to be passed in via p_rng when calling mbedtls_pk_parse_key(). Signed-off-by: Paul Elliott --- programs/fuzz/fuzz_privkey.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c index b9a160e1e..e8e1d442e 100644 --- a/programs/fuzz/fuzz_privkey.c +++ b/programs/fuzz/fuzz_privkey.c @@ -2,26 +2,41 @@ #include #include +#include #include "mbedtls/pk.h" +#include "mbedtls/entropy.h" +#include "mbedtls/ctr_drbg.h" #include "common.h" //4 Kb should be enough for every bug ;-) #define MAX_LEN 0x1000 +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) +const char *pers = "fuzz_privkey"; +#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -#ifdef MBEDTLS_PK_PARSE_C +#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C) int ret; mbedtls_pk_context pk; + mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_entropy_context entropy; if (Size > MAX_LEN) { //only work on small inputs Size = MAX_LEN; } + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + + if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy, + ( const unsigned char * ) pers, strlen( pers ) ) != 0 ) + return 1; + mbedtls_pk_init( &pk ); ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0, - dummy_random, NULL ); + dummy_random, &ctr_drbg ); if (ret == 0) { #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) @@ -73,7 +88,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { #else (void) Data; (void) Size; -#endif //MBEDTLS_PK_PARSE_C +#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C return 0; }