1 /*
2  * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License").
5  * You may not use this file except in compliance with the License.
6  * A copy of the License is located at
7  *
8  *  http://aws.amazon.com/apache2.0
9  *
10  * or in the "license" file accompanying this file. This file is distributed
11  * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
12  * express or implied. See the License for the specific language governing
13  * permissions and limitations under the License.
14  */
15 
16 /* Target Functions: s2n_tls13_server_finished_recv */
17 
18 #include <stdint.h>
19 
20 #include <openssl/crypto.h>
21 #include <openssl/err.h>
22 
23 #include "api/s2n.h"
24 #include "crypto/s2n_hash.h"
25 #include "stuffer/s2n_stuffer.h"
26 #include "tls/s2n_connection.h"
27 #include "tls/s2n_cipher_suites.h"
28 #include "tls/s2n_tls.h"
29 #include "utils/s2n_safety.h"
30 #include "s2n_test.h"
31 
32 static const uint8_t TLS_VERSIONS[] = {S2N_TLS10, S2N_TLS11, S2N_TLS12, S2N_TLS13};
33 
34 #ifdef S2N_TEST_IN_FIPS_MODE
35 const struct s2n_cipher_preferences *cipher_prefs = &cipher_preferences_test_all_fips;
36 #else
37 const struct s2n_cipher_preferences *cipher_prefs = &cipher_preferences_test_all;
38 #endif
39 
40 
s2n_fuzz_test(const uint8_t * buf,size_t len)41 int s2n_fuzz_test(const uint8_t *buf, size_t len)
42 {
43 
44     /* We need at least one byte of input to set parameters */
45     S2N_FUZZ_ENSURE_MIN_LEN(len, 1);
46 
47     /* Setup */
48     struct s2n_connection *client_conn = s2n_connection_new(S2N_SERVER);
49     POSIX_ENSURE_REF(client_conn);
50     POSIX_GUARD(s2n_stuffer_write_bytes(&client_conn->handshake.io, buf, len));
51 
52     /* Pull a byte off the libfuzzer input and use it to set parameters */
53     uint8_t randval = 0;
54     s2n_hash_algorithm num_hash_bytes = 0;
55     POSIX_GUARD(s2n_stuffer_read_uint8(&client_conn->handshake.io, &randval));
56     client_conn->actual_protocol_version = TLS_VERSIONS[(randval & 0x03) % s2n_array_len(TLS_VERSIONS)];
57     client_conn->secure.cipher_suite = cipher_prefs->suites[(randval >> 2) % cipher_prefs->count];
58     POSIX_GUARD(s2n_hmac_hash_alg(client_conn->secure.cipher_suite->prf_alg, &num_hash_bytes));
59 
60     /* We do not use a GUARD macro here as there may not be enough bytes to write the necessary
61      * amount, and the result of a failed read_bytes call is an acceptable test input. */
62     s2n_stuffer_read_bytes(&client_conn->handshake.io, client_conn->handshake.server_finished, num_hash_bytes);
63 
64     /* Run Test
65      * Do not use GUARD macro here since the connection memory hasn't been freed.
66      */
67     s2n_tls13_server_finished_recv(client_conn);
68 
69     /* Cleanup */
70     POSIX_GUARD(s2n_connection_free(client_conn));
71 
72     return S2N_SUCCESS;
73 }
74 
75 S2N_FUZZ_TARGET(NULL, s2n_fuzz_test, NULL)
76