/src/picotls/fuzz/fuzz-server-hello.c

Source
#include <assert.h>
#include <getopt.h>
#include <inttypes.h>
#include <stdio.h>
#include <string.h>
#include <strings.h>
#include <sys/select.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <unistd.h>

#include <openssl/err.h>
#include <openssl/evp.h>
#include <openssl/engine.h>
#include <openssl/pem.h>

#include "picotls.h"
#include "picotls/openssl.h"
#include "util.h"

void deterministic_random_bytes(void *buf, size_t len)
{
    for (int i = 0; i < len; i++) {
        ((uint8_t *)buf)[i] = 0;
    }
}

static int fake_ticket_cb(ptls_save_ticket_t *_self, ptls_t *tls, ptls_iovec_t src)
{
    return 0;
}

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
    // key exchanges
    ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
    key_exchanges[0] = &ptls_openssl_secp256r1;
    ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL};

    // create ptls_context_t
    ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites};
    ctx_client.verify_certificate = NULL;

    // create pls_t
    ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client

    // fake ticket saving
    static struct st_util_save_ticket_t st;
    st.super.cb = fake_ticket_cb;
    ctx_client.save_ticket = &st.super;

    // empty hsprop
    ptls_handshake_properties_t hsprop = {{{{NULL}}}};

    // buffers
    ptls_buffer_t client_encbuf;
    ptls_buffer_init(&client_encbuf, "", 0);

    // generate client_hello
    ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop);

    // reset buffer
    ptls_buffer_dispose(&client_encbuf);
    ptls_buffer_init(&client_encbuf, "", 0);

    // accept server
    size_t consumed = size;
    int ret = ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop);

    // more messages to parse?
    if (ret == 0 && size - consumed > 0) {
        size = size - consumed;
        // reset buffer
        ptls_buffer_dispose(&client_encbuf);
        ptls_buffer_init(&client_encbuf, "", 0);
        // receive messages
        ptls_receive(tls_client, &client_encbuf, data + consumed, &size);
    }

    // cleaning
    ptls_buffer_dispose(&client_encbuf);
    ptls_free(tls_client);

    return 0;
}

Line	Count	Source
1		#include <assert.h>
2		#include <getopt.h>
3		#include <inttypes.h>
4		#include <stdio.h>
5		#include <string.h>
6		#include <strings.h>
7		#include <sys/select.h>
8		#include <sys/socket.h>
9		#include <sys/stat.h>
10		#include <sys/time.h>
11		#include <sys/types.h>
12		#include <unistd.h>
13
14		#include <openssl/err.h>
15		#include <openssl/evp.h>
16		#include <openssl/engine.h>
17		#include <openssl/pem.h>
18
19		#include "picotls.h"
20		#include "picotls/openssl.h"
21		#include "util.h"
22
23		void deterministic_random_bytes(void *buf, size_t len)
24	4.19k	{
25	79.7k	for (int i = 0; i < len; i++) {
26	75.5k	((uint8_t *)buf)[i] = 0;
27	75.5k	}
28	4.19k	}
29
30		static int fake_ticket_cb(ptls_save_ticket_t _self, ptls_t tls, ptls_iovec_t src)
31	0	{
32	0	return 0;
33	0	}
34
35		int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
36	2.09k	{
37		// key exchanges
38	2.09k	ptls_key_exchange_algorithm_t *key_exchanges[128] = {NULL};
39	2.09k	key_exchanges[0] = &ptls_openssl_secp256r1;
40	2.09k	ptls_cipher_suite_t *cipher_suites[] = {&ptls_openssl_aes128gcmsha256, NULL};
41
42		// create ptls_context_t
43	2.09k	ptls_context_t ctx_client = {deterministic_random_bytes, &ptls_get_time, key_exchanges, cipher_suites};
44	2.09k	ctx_client.verify_certificate = NULL;
45
46		// create pls_t
47	2.09k	ptls_t *tls_client = ptls_new(&ctx_client, 0); // 0: client
48
49		// fake ticket saving
50	2.09k	static struct st_util_save_ticket_t st;
51	2.09k	st.super.cb = fake_ticket_cb;
52	2.09k	ctx_client.save_ticket = &st.super;
53
54		// empty hsprop
55	2.09k	ptls_handshake_properties_t hsprop = {{{{NULL}}}};
56
57		// buffers
58	2.09k	ptls_buffer_t client_encbuf;
59	2.09k	ptls_buffer_init(&client_encbuf, "", 0);
60
61		// generate client_hello
62	2.09k	ptls_handshake(tls_client, &client_encbuf, NULL, 0, &hsprop);
63
64		// reset buffer
65	2.09k	ptls_buffer_dispose(&client_encbuf);
66	2.09k	ptls_buffer_init(&client_encbuf, "", 0);
67
68		// accept server
69	2.09k	size_t consumed = size;
70	2.09k	int ret = ptls_handshake(tls_client, &client_encbuf, data, &consumed, &hsprop);
71
72		// more messages to parse?
73	2.09k	if (ret == 0 && size - consumed > 0) {
74	0	size = size - consumed;
75		// reset buffer
76	0	ptls_buffer_dispose(&client_encbuf);
77	0	ptls_buffer_init(&client_encbuf, "", 0);
78		// receive messages
79	0	ptls_receive(tls_client, &client_encbuf, data + consumed, &size);
80	0	}
81
82		// cleaning
83	2.09k	ptls_buffer_dispose(&client_encbuf);
84	2.09k	ptls_free(tls_client);
85
86	2.09k	return 0;
87	2.09k	}

Coverage Report

Created: 2025-10-13 06:19