Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
This commit is contained in:
commit
6d2479516c
3 changed files with 34 additions and 13 deletions
|
@ -60,8 +60,14 @@ int dummy_random( void *p_rng, unsigned char *output, size_t output_len )
|
||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
#if defined(MBEDTLS_CTR_DRBG_C)
|
#if defined(MBEDTLS_CTR_DRBG_C)
|
||||||
//use mbedtls_ctr_drbg_random to find bugs in it
|
//mbedtls_ctr_drbg_random requires a valid mbedtls_ctr_drbg_context in p_rng
|
||||||
ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
|
if( p_rng != NULL ) {
|
||||||
|
//use mbedtls_ctr_drbg_random to find bugs in it
|
||||||
|
ret = mbedtls_ctr_drbg_random(p_rng, output, output_len);
|
||||||
|
} else {
|
||||||
|
//fall through to pseudo-random
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
(void) p_rng;
|
(void) p_rng;
|
||||||
ret = 0;
|
ret = 0;
|
||||||
|
|
|
@ -44,6 +44,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
unsigned char buf[4096];
|
unsigned char buf[4096];
|
||||||
fuzzBufferOffset_t biomemfuzz;
|
fuzzBufferOffset_t biomemfuzz;
|
||||||
|
|
||||||
|
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||||
|
mbedtls_entropy_init( &entropy );
|
||||||
|
|
||||||
|
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
|
||||||
|
( const unsigned char * ) pers, strlen( pers ) ) != 0 )
|
||||||
|
goto exit;
|
||||||
|
|
||||||
if (initialized == 0) {
|
if (initialized == 0) {
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
|
||||||
mbedtls_x509_crt_init( &srvcert );
|
mbedtls_x509_crt_init( &srvcert );
|
||||||
|
@ -56,7 +63,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
return 1;
|
return 1;
|
||||||
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
|
if (mbedtls_pk_parse_key( &pkey, (const unsigned char *) mbedtls_test_srv_key,
|
||||||
mbedtls_test_srv_key_len, NULL, 0,
|
mbedtls_test_srv_key_len, NULL, 0,
|
||||||
dummy_random, NULL ) != 0)
|
dummy_random, &ctr_drbg ) != 0)
|
||||||
return 1;
|
return 1;
|
||||||
#endif
|
#endif
|
||||||
dummy_init();
|
dummy_init();
|
||||||
|
@ -65,15 +72,8 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
}
|
}
|
||||||
mbedtls_ssl_init( &ssl );
|
mbedtls_ssl_init( &ssl );
|
||||||
mbedtls_ssl_config_init( &conf );
|
mbedtls_ssl_config_init( &conf );
|
||||||
mbedtls_ctr_drbg_init( &ctr_drbg );
|
|
||||||
mbedtls_entropy_init( &entropy );
|
|
||||||
mbedtls_ssl_cookie_init( &cookie_ctx );
|
mbedtls_ssl_cookie_init( &cookie_ctx );
|
||||||
|
|
||||||
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
|
|
||||||
(const unsigned char *) pers, strlen( pers ) ) != 0 )
|
|
||||||
goto exit;
|
|
||||||
|
|
||||||
|
|
||||||
if( mbedtls_ssl_config_defaults( &conf,
|
if( mbedtls_ssl_config_defaults( &conf,
|
||||||
MBEDTLS_SSL_IS_SERVER,
|
MBEDTLS_SSL_IS_SERVER,
|
||||||
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
|
||||||
|
|
|
@ -2,26 +2,41 @@
|
||||||
|
|
||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
|
#include <string.h>
|
||||||
#include "mbedtls/pk.h"
|
#include "mbedtls/pk.h"
|
||||||
|
#include "mbedtls/entropy.h"
|
||||||
|
#include "mbedtls/ctr_drbg.h"
|
||||||
#include "common.h"
|
#include "common.h"
|
||||||
|
|
||||||
//4 Kb should be enough for every bug ;-)
|
//4 Kb should be enough for every bug ;-)
|
||||||
#define MAX_LEN 0x1000
|
#define MAX_LEN 0x1000
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C)
|
||||||
|
const char *pers = "fuzz_privkey";
|
||||||
|
#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C
|
||||||
|
|
||||||
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
#ifdef MBEDTLS_PK_PARSE_C
|
#if defined(MBEDTLS_PK_PARSE_C) && defined(MBEDTLS_CTR_DRBG_C)
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_pk_context pk;
|
mbedtls_pk_context pk;
|
||||||
|
mbedtls_ctr_drbg_context ctr_drbg;
|
||||||
|
mbedtls_entropy_context entropy;
|
||||||
|
|
||||||
if (Size > MAX_LEN) {
|
if (Size > MAX_LEN) {
|
||||||
//only work on small inputs
|
//only work on small inputs
|
||||||
Size = MAX_LEN;
|
Size = MAX_LEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
mbedtls_ctr_drbg_init( &ctr_drbg );
|
||||||
|
mbedtls_entropy_init( &entropy );
|
||||||
|
|
||||||
|
if( mbedtls_ctr_drbg_seed( &ctr_drbg, dummy_entropy, &entropy,
|
||||||
|
( const unsigned char * ) pers, strlen( pers ) ) != 0 )
|
||||||
|
return 1;
|
||||||
|
|
||||||
mbedtls_pk_init( &pk );
|
mbedtls_pk_init( &pk );
|
||||||
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
|
ret = mbedtls_pk_parse_key( &pk, Data, Size, NULL, 0,
|
||||||
dummy_random, NULL );
|
dummy_random, &ctr_drbg );
|
||||||
if (ret == 0) {
|
if (ret == 0) {
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
|
if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA )
|
||||||
|
@ -73,7 +88,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
|
||||||
#else
|
#else
|
||||||
(void) Data;
|
(void) Data;
|
||||||
(void) Size;
|
(void) Size;
|
||||||
#endif //MBEDTLS_PK_PARSE_C
|
#endif // MBEDTLS_PK_PARSE_C && MBEDTLS_CTR_DRBG_C
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue