/src/ndpi/fuzz/fuzz_gcrypt_aes.cpp

Source
#include <stdlib.h>
#include <stdint.h>
#include "fuzzer/FuzzedDataProvider.h"

#define MBEDTLS_CHECK_RETURN_TYPICAL
#include "gcrypt/aes.h"

extern int force_no_aesni;

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  FuzzedDataProvider fuzzed_data(data, size);
  mbedtls_aes_context *ctx;
  int key_lens[] = { 128, 192, 256, 512 /* invalid */ };
  unsigned char *input, *output, *key;
  int i, key_len, mode, rc;

  /* No real memory allocations involved */

  if(fuzzed_data.remaining_bytes() < 1 + 1 + 4 + 512 / 8 + 16)
    return -1;

  posix_memalign((void **)&input, 8, 16);
  posix_memalign((void **)&output, 8, 16);
  posix_memalign((void **)&key, 8, 512 / 8);
  ctx = (mbedtls_aes_context *)malloc(sizeof(mbedtls_aes_context));

  force_no_aesni = 0;
  if(fuzzed_data.ConsumeBool())
    force_no_aesni = 1;

  mode = MBEDTLS_AES_ENCRYPT;
  if(fuzzed_data.ConsumeBool())
    mode = MBEDTLS_AES_DECRYPT;

  mbedtls_aes_init(ctx);

  key_len = fuzzed_data.PickValueInArray(key_lens);
  std::vector<unsigned char>k = fuzzed_data.ConsumeBytes<u_int8_t>(key_len / 8);
  std::vector<u_int8_t>in = fuzzed_data.ConsumeBytes<uint8_t>(16);

  for(i = 0; i < 16; i++)
    input[i] = in[i];
  for(i = 0; i < key_len / 8; i++)
    key[i] = k[i];

  if(mode == MBEDTLS_AES_ENCRYPT)
    rc = mbedtls_aes_setkey_enc(ctx, key, key_len);
  else
    rc = mbedtls_aes_setkey_dec(ctx, key, key_len);

  if(rc == 0)
    mbedtls_aes_crypt_ecb(ctx, mode, input, output);

  mbedtls_aes_free(ctx);

  free(ctx);
  free(key);
  free(input);
  free(output);

  return 0;
}

Line	Count	Source
1		#include <stdlib.h>
2		#include <stdint.h>
3		#include "fuzzer/FuzzedDataProvider.h"
4
5		#define MBEDTLS_CHECK_RETURN_TYPICAL
6		#include "gcrypt/aes.h"
7
8		extern int force_no_aesni;
9
10	146	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
11	146	FuzzedDataProvider fuzzed_data(data, size);
12	146	mbedtls_aes_context *ctx;
13	146	int key_lens[] = { 128, 192, 256, 512 /* invalid */ };
14	146	unsigned char input, output, *key;
15	146	int i, key_len, mode, rc;
16
17		/* No real memory allocations involved */
18
19	146	if(fuzzed_data.remaining_bytes() < 1 + 1 + 4 + 512 / 8 + 16)
20	13	return -1;
21
22	133	posix_memalign((void **)&input, 8, 16);
23	133	posix_memalign((void **)&output, 8, 16);
24	133	posix_memalign((void **)&key, 8, 512 / 8);
25	133	ctx = (mbedtls_aes_context *)malloc(sizeof(mbedtls_aes_context));
26
27	133	force_no_aesni = 0;
28	133	if(fuzzed_data.ConsumeBool())
29	66	force_no_aesni = 1;
30
31	133	mode = MBEDTLS_AES_ENCRYPT;
32	133	if(fuzzed_data.ConsumeBool())
33	60	mode = MBEDTLS_AES_DECRYPT;
34
35	133	mbedtls_aes_init(ctx);
36
37	133	key_len = fuzzed_data.PickValueInArray(key_lens);
38	133	std::vector<unsigned char>k = fuzzed_data.ConsumeBytes<u_int8_t>(key_len / 8);
39	133	std::vector<u_int8_t>in = fuzzed_data.ConsumeBytes<uint8_t>(16);
40
41	2.26k	for(i = 0; i < 16; i++)
42	2.12k	input[i] = in[i];
43	4.20k	for(i = 0; i < key_len / 8; i++)
44	4.07k	key[i] = k[i];
45
46	133	if(mode == MBEDTLS_AES_ENCRYPT)
47	73	rc = mbedtls_aes_setkey_enc(ctx, key, key_len);
48	60	else
49	60	rc = mbedtls_aes_setkey_dec(ctx, key, key_len);
50
51	133	if(rc == 0)
52	100	mbedtls_aes_crypt_ecb(ctx, mode, input, output);
53
54	133	mbedtls_aes_free(ctx);
55
56	133	free(ctx);
57	133	free(key);
58	133	free(input);
59	133	free(output);
60
61	133	return 0;
62	146	}

Coverage Report

Created: 2026-02-21 07:19