2 * Testing tool for TLSv1 client routines
3 * Copyright (c) 2019, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "crypto/tls.h"
13 #include "../fuzzer-common.h"
16 #define CERTDIR "../../hwsim/auth_serv/"
26 static struct wpabuf
* read_msg(struct context
*ctx
)
31 if (ctx
->data_len
- ctx
->data_offset
< 2) {
32 wpa_printf(MSG_ERROR
, "TEST-ERROR: Could not read msg len");
35 msg_len
= WPA_GET_BE16(&ctx
->data
[ctx
->data_offset
]);
36 ctx
->data_offset
+= 2;
38 msg
= wpabuf_alloc(msg_len
);
41 if (msg_len
> 0 && ctx
->data_len
- ctx
->data_offset
< msg_len
) {
42 wpa_printf(MSG_ERROR
, "TEST-ERROR: Truncated msg (msg_len=%u)",
47 wpabuf_put_data(msg
, &ctx
->data
[ctx
->data_offset
], msg_len
);
48 ctx
->data_offset
+= msg_len
;
49 wpa_hexdump_buf(MSG_DEBUG
, "TEST: Read message from file", msg
);
55 int LLVMFuzzerTestOneInput(const uint8_t *data
, size_t size
)
58 struct tls_config conf
;
60 struct tls_connection_params params
;
61 struct tls_connection
*conn_client
= NULL
;
63 struct wpabuf
*in
= NULL
, *out
= NULL
, *appl
;
65 wpa_fuzzer_set_debug_level();
67 os_memset(&ctx
, 0, sizeof(ctx
));
71 os_memset(&conf
, 0, sizeof(conf
));
72 tls_client
= tls_init(&conf
);
76 os_memset(¶ms
, 0, sizeof(params
));
77 params
.ca_cert
= CERTDIR
"ca.pem";
78 params
.client_cert
= CERTDIR
"server.pem";
79 params
.private_key
= CERTDIR
"server.key";
80 params
.dh_file
= CERTDIR
"dh.conf";
82 conn_client
= tls_connection_init(tls_client
);
89 out
= tls_connection_handshake(tls_client
, conn_client
, in
,
95 if (tls_connection_get_failed(tls_client
, conn_client
)) {
96 wpa_printf(MSG_ERROR
, "TLS handshake failed");
99 if (tls_connection_established(tls_client
, conn_client
))
108 if (tls_connection_established(tls_client
, conn_client
))
113 in
= wpabuf_alloc(100);
116 wpabuf_put_str(in
, "PING");
118 out
= tls_connection_encrypt(tls_client
, conn_client
, in
);
125 in
= wpabuf_alloc(100);
128 wpabuf_put_str(in
, "PONG");
130 out
= read_msg(&ctx
);
136 in
= tls_connection_decrypt(tls_client
, conn_client
, out
);
141 wpa_hexdump_buf(MSG_DEBUG
, "Client decrypted ApplData", in
);
147 tls_connection_deinit(tls_client
, conn_client
);
148 tls_deinit(tls_client
);