1 /*
2 * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License").
5 * You may not use this file except in compliance with the License.
6 * A copy of the License is located at
7 *
8 * http://aws.amazon.com/apache2.0
9 *
10 * or in the "license" file accompanying this file. This file is distributed
11 * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12 * express or implied. See the License for the specific language governing
13 * permissions and limitations under the License.
14 */
15
16 /* Target Functions: s2n_tls13_server_finished_recv */
17
18 #include <stdint.h>
19
20 #include <openssl/crypto.h>
21 #include <openssl/err.h>
22
23 #include "api/s2n.h"
24 #include "crypto/s2n_hash.h"
25 #include "stuffer/s2n_stuffer.h"
26 #include "tls/s2n_connection.h"
27 #include "tls/s2n_cipher_suites.h"
28 #include "tls/s2n_tls.h"
29 #include "utils/s2n_safety.h"
30 #include "s2n_test.h"
31
32 static const uint8_t TLS_VERSIONS[] = {S2N_TLS10, S2N_TLS11, S2N_TLS12, S2N_TLS13};
33
34 #ifdef S2N_TEST_IN_FIPS_MODE
35 const struct s2n_cipher_preferences *cipher_prefs = &cipher_preferences_test_all_fips;
36 #else
37 const struct s2n_cipher_preferences *cipher_prefs = &cipher_preferences_test_all;
38 #endif
39
40
s2n_fuzz_test(const uint8_t * buf,size_t len)41 int s2n_fuzz_test(const uint8_t *buf, size_t len)
42 {
43
44 /* We need at least one byte of input to set parameters */
45 S2N_FUZZ_ENSURE_MIN_LEN(len, 1);
46
47 /* Setup */
48 struct s2n_connection *client_conn = s2n_connection_new(S2N_SERVER);
49 POSIX_ENSURE_REF(client_conn);
50 POSIX_GUARD(s2n_stuffer_write_bytes(&client_conn->handshake.io, buf, len));
51
52 /* Pull a byte off the libfuzzer input and use it to set parameters */
53 uint8_t randval = 0;
54 s2n_hash_algorithm num_hash_bytes = 0;
55 POSIX_GUARD(s2n_stuffer_read_uint8(&client_conn->handshake.io, &randval));
56 client_conn->actual_protocol_version = TLS_VERSIONS[(randval & 0x03) % s2n_array_len(TLS_VERSIONS)];
57 client_conn->secure.cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
58 POSIX_GUARD(s2n_hmac_hash_alg(client_conn->secure.cipher_suite->prf_alg, &num_hash_bytes));
59
60 /* We do not use a GUARD macro here as there may not be enough bytes to write the necessary
61 * amount, and the result of a failed read_bytes call is an acceptable test input. */
62 s2n_stuffer_read_bytes(&client_conn->handshake.io, client_conn->handshake.server_finished, num_hash_bytes);
63
64 /* Run Test
65 * Do not use GUARD macro here since the connection memory hasn't been freed.
66 */
67 s2n_tls13_server_finished_recv(client_conn);
68
69 /* Cleanup */
70 POSIX_GUARD(s2n_connection_free(client_conn));
71
72 return S2N_SUCCESS;
73 }
74
75 S2N_FUZZ_TARGET(NULL, s2n_fuzz_test, NULL)
76