/src/gnutls/fuzz/gnutls_handshake_client_fuzzer.c

Source
/*
# Copyright 2016 Google Inc.
# Copyright 2017 Red Hat, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
################################################################################
*/

#include <assert.h>
#include <fcntl.h>
#include <stdint.h>
#include <sys/types.h>
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <stdbool.h>

#include <gnutls/crypto.h>
#include <gnutls/gnutls.h>
#include "handshake.h"
#include "fuzzer.h"

int __attribute__((visibility("protected")))
gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
{
  memset(data, 0xff, len);

  /* Flip the first byte to avoid infinite loop in the RSA
   * blinding code of Nettle */
  if (len > 0)
    memset(data, 0x0, 1);
  return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
  int res;
  gnutls_session_t session;
  gnutls_certificate_credentials_t xcred;
  struct mem_st memdata;
  unsigned int retry;

  res = gnutls_init(&session, GNUTLS_CLIENT);
  assert(res >= 0);

  res = gnutls_certificate_allocate_credentials(&xcred);
  assert(res >= 0);
  res = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
  assert(res >= 0);

  /*res = gnutls_set_default_priority(session); */
  res = gnutls_priority_set_direct(
    session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL);
  assert(res >= 0);

  memdata.data = data;
  memdata.size = size;

  gnutls_transport_set_push_function(session, error_push);
  gnutls_transport_set_pull_function(session, error_pull);
  gnutls_handshake_set_read_function(session, handshake_discard);

  retry = 0;
  do {
    res = gnutls_handshake(session);
    if (res == GNUTLS_E_AGAIN) {
      if (handshake_pull(session, &memdata) < 0) {
        res = GNUTLS_E_INTERNAL_ERROR;
        break;
      }
      if (retry > HANDSHAKE_MAX_RETRY_COUNT) {
        break;
      }
      retry++;
    } else {
      retry = 0;
    }
  } while (res < 0 && gnutls_error_is_fatal(res) == 0);

  gnutls_deinit(session);
  gnutls_certificate_free_credentials(xcred);
  return 0;
}

Line	Count	Source
1		/*
2		# Copyright 2016 Google Inc.
3		# Copyright 2017 Red Hat, Inc.
4		#
5		# Licensed under the Apache License, Version 2.0 (the "License");
6		# you may not use this file except in compliance with the License.
7		# You may obtain a copy of the License at
8		#
9		# https://www.apache.org/licenses/LICENSE-2.0
10		#
11		# Unless required by applicable law or agreed to in writing, software
12		# distributed under the License is distributed on an "AS IS" BASIS,
13		# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		# See the License for the specific language governing permissions and
15		# limitations under the License.
16		#
17		################################################################################
18		*/
19
20		#include <assert.h>
21		#include <fcntl.h>
22		#include <stdint.h>
23		#include <sys/types.h>
24		#include <unistd.h>
25		#include <string.h>
26		#include <stdlib.h>
27		#include <stdbool.h>
28
29		#include <gnutls/crypto.h>
30		#include <gnutls/gnutls.h>
31		#include "handshake.h"
32		#include "fuzzer.h"
33
34		int __attribute__((visibility("protected")))
35		gnutls_rnd(gnutls_rnd_level_t level, void *data, size_t len)
36	43.0k	{
37	43.0k	memset(data, 0xff, len);
38
39		/* Flip the first byte to avoid infinite loop in the RSA
40		* blinding code of Nettle */
41	43.0k	if (len > 0)
42	43.0k	memset(data, 0x0, 1);
43	43.0k	return 0;
44	43.0k	}
45
46		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
47	6.30k	{
48	6.30k	int res;
49	6.30k	gnutls_session_t session;
50	6.30k	gnutls_certificate_credentials_t xcred;
51	6.30k	struct mem_st memdata;
52	6.30k	unsigned int retry;
53
54	6.30k	res = gnutls_init(&session, GNUTLS_CLIENT);
55	6.30k	assert(res >= 0);
56
57	6.30k	res = gnutls_certificate_allocate_credentials(&xcred);
58	6.30k	assert(res >= 0);
59	6.30k	res = gnutls_credentials_set(session, GNUTLS_CRD_CERTIFICATE, xcred);
60	6.30k	assert(res >= 0);
61
62		/res = gnutls_set_default_priority(session); /
63	6.30k	res = gnutls_priority_set_direct(
64	6.30k	session, "NORMAL:-VERS-TLS-ALL:+VERS-TLS1.3", NULL);
65	6.30k	assert(res >= 0);
66
67	6.30k	memdata.data = data;
68	6.30k	memdata.size = size;
69
70	6.30k	gnutls_transport_set_push_function(session, error_push);
71	6.30k	gnutls_transport_set_pull_function(session, error_pull);
72	6.30k	gnutls_handshake_set_read_function(session, handshake_discard);
73
74	6.30k	retry = 0;
75	26.7k	do {
76	26.7k	res = gnutls_handshake(session);
77	26.7k	if (res == GNUTLS_E_AGAIN) {
78	20.9k	if (handshake_pull(session, &memdata) < 0) {
79	480	res = GNUTLS_E_INTERNAL_ERROR;
80	480	break;
81	480	}
82	20.4k	if (retry > HANDSHAKE_MAX_RETRY_COUNT) {
83	6	break;
84	6	}
85	20.4k	retry++;
86	20.4k	} else {
87	5.82k	retry = 0;
88	5.82k	}
89	26.7k	} while (res < 0 && gnutls_error_is_fatal(res) == 0);
90
91	6.30k	gnutls_deinit(session);
92	6.30k	gnutls_certificate_free_credentials(xcred);
93	6.30k	return 0;
94	6.30k	}

Coverage Report

Created: 2025-12-31 06:37