gazagnaire.org / ocaml-tls
upstream: github.com/mirleft/ocaml-tls
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

tls: Add fuzz tests for TLS protocol parsing

Add crash-safety fuzz tests for TLS record and handshake parsing:
- Record parsing (CVE-2014-0160 Heartbleed pattern)
- Handshake message parsing
- Alert and change cipher spec parsing
- Version negotiation
- Certificate parsing (TLS 1.0/1.2/1.3)
- DH/EC parameter parsing
- Digitally signed parsing
- Record overflow detection

Thomas Gazagnaire f46a27cb 17385986

+224
+22
fuzz/dune
··· 1 + (executable 2 + (name fuzz_tls) 3 + (modules fuzz_tls) 4 + (libraries tls crowbar)) 5 + 6 + ; Quick check with Crowbar (no AFL instrumentation) 7 + 8 + (rule 9 + (alias fuzz) 10 + (deps fuzz_tls.exe) 11 + (action 12 + (run %{exe:fuzz_tls.exe}))) 13 + 14 + ; AFL-instrumented build target (use with --profile=afl) 15 + 16 + (rule 17 + (alias fuzz-afl) 18 + (deps 19 + (source_tree input) 20 + fuzz_tls.exe) 21 + (action 22 + (echo "AFL fuzzer built: %{exe:fuzz_tls.exe}\n")))
+202
fuzz/fuzz_tls.ml
··· 1 + (*--------------------------------------------------------------------------- 2 + Copyright (c) 2025 Thomas Gazagnaire. All rights reserved. 3 + SPDX-License-Identifier: ISC 4 + ---------------------------------------------------------------------------*) 5 + 6 + (** Fuzz tests for TLS protocol parsing. 7 + 8 + Key properties tested: 1. TLS record parsing crash safety 2. Handshake 9 + message parsing 3. Alert message parsing 4. Version negotiation 5. Extension 10 + parsing 11 + 12 + CVE references: 13 + - CVE-2014-0160 (OpenSSL): Heartbleed - buffer overread 14 + - CVE-2016-2107 (OpenSSL): Padding oracle attack 15 + - CVE-2021-3449 (OpenSSL): Renegotiation crash 16 + - CVE-2015-0204 (FREAK): Weak export ciphers 17 + 18 + See: 19 + https://www.cvedetails.com/vulnerability-list/vendor_id-217/Openssl.html *) 20 + 21 + open Crowbar 22 + 23 + (** Truncate input to reasonable size. *) 24 + let truncate ?(max_len = 16384) buf = 25 + if String.length buf > max_len then String.sub buf 0 max_len else buf 26 + 27 + (** TLS record parsing - must not crash on arbitrary input. CVE-2014-0160: 28 + Heartbleed was a buffer overread in record parsing. *) 29 + let test_record_parse buf = 30 + let buf = truncate buf in 31 + (try ignore (Tls.Reader.parse_record buf) with _ -> ()); 32 + () 33 + 34 + (** Handshake message parsing - must handle malformed handshakes. Many TLS 35 + vulnerabilities involve malformed handshake messages. *) 36 + let test_handshake_parse buf = 37 + let buf = truncate buf in 38 + (try ignore (Tls.Reader.parse_handshake buf) with _ -> ()); 39 + () 40 + 41 + (** Handshake frame parsing - must not crash. *) 42 + let test_handshake_frame buf = 43 + let buf = truncate buf in 44 + (try ignore (Tls.Reader.parse_handshake_frame buf) with _ -> ()); 45 + () 46 + 47 + (** Alert parsing - must handle invalid alert codes. *) 48 + let test_alert_parse buf = 49 + let buf = truncate ~max_len:256 buf in 50 + (try ignore (Tls.Reader.parse_alert buf) with _ -> ()); 51 + () 52 + 53 + (** Change cipher spec parsing. *) 54 + let test_change_cipher_spec buf = 55 + let buf = truncate ~max_len:16 buf in 56 + (try ignore (Tls.Reader.parse_change_cipher_spec buf) with _ -> ()); 57 + () 58 + 59 + (** Version parsing - must handle invalid versions. *) 60 + let test_version_parse buf = 61 + let buf = truncate ~max_len:8 buf in 62 + (try 63 + ignore (Tls.Reader.parse_version buf); 64 + ignore (Tls.Reader.parse_any_version buf) 65 + with _ -> ()); 66 + () 67 + 68 + (** Certificate parsing - must handle malformed certificates. CVE-2015-0204 69 + (FREAK) involved certificate handling. *) 70 + let test_certificate_parse buf = 71 + let buf = truncate ~max_len:8192 buf in 72 + (try ignore (Tls.Reader.parse_certificates buf) with _ -> ()); 73 + () 74 + 75 + (** Certificate request parsing (TLS 1.0/1.1). *) 76 + let test_certificate_request_parse buf = 77 + let buf = truncate ~max_len:4096 buf in 78 + (try ignore (Tls.Reader.parse_certificate_request buf) with _ -> ()); 79 + () 80 + 81 + (** Certificate request parsing (TLS 1.2). *) 82 + let test_certificate_request_1_2_parse buf = 83 + let buf = truncate ~max_len:4096 buf in 84 + (try ignore (Tls.Reader.parse_certificate_request_1_2 buf) with _ -> ()); 85 + () 86 + 87 + (** Certificate request parsing (TLS 1.3). *) 88 + let test_certificate_request_1_3_parse buf = 89 + let buf = truncate ~max_len:4096 buf in 90 + (try ignore (Tls.Reader.parse_certificate_request_1_3 buf) with _ -> ()); 91 + () 92 + 93 + (** DH parameters parsing. *) 94 + let test_dh_parameters_parse buf = 95 + let buf = truncate ~max_len:2048 buf in 96 + (try ignore (Tls.Reader.parse_dh_parameters buf) with _ -> ()); 97 + () 98 + 99 + (** EC parameters parsing. *) 100 + let test_ec_parameters_parse buf = 101 + let buf = truncate ~max_len:1024 buf in 102 + (try ignore (Tls.Reader.parse_ec_parameters buf) with _ -> ()); 103 + () 104 + 105 + (** Client DH key exchange parsing. *) 106 + let test_client_dh_key_exchange buf = 107 + let buf = truncate ~max_len:1024 buf in 108 + (try ignore (Tls.Reader.parse_client_dh_key_exchange buf) with _ -> ()); 109 + () 110 + 111 + (** Client EC key exchange parsing. *) 112 + let test_client_ec_key_exchange buf = 113 + let buf = truncate ~max_len:256 buf in 114 + (try ignore (Tls.Reader.parse_client_ec_key_exchange buf) with _ -> ()); 115 + () 116 + 117 + (** Digitally signed parsing (TLS < 1.2). *) 118 + let test_digitally_signed buf = 119 + let buf = truncate ~max_len:1024 buf in 120 + (try ignore (Tls.Reader.parse_digitally_signed buf) with _ -> ()); 121 + () 122 + 123 + (** Digitally signed parsing (TLS 1.2). *) 124 + let test_digitally_signed_1_2 buf = 125 + let buf = truncate ~max_len:1024 buf in 126 + (try ignore (Tls.Reader.parse_digitally_signed_1_2 buf) with _ -> ()); 127 + () 128 + 129 + (** Certificates TLS 1.3 parsing. *) 130 + let test_certificates_1_3 buf = 131 + let buf = truncate ~max_len:8192 buf in 132 + (try ignore (Tls.Reader.parse_certificates_1_3 buf) with _ -> ()); 133 + () 134 + 135 + (** Test record with specific content types. CVE references often involve 136 + specific content type handling. *) 137 + let test_record_content_types n buf = 138 + let buf = truncate ~max_len:16384 buf in 139 + (* Build a TLS record with various content types *) 140 + let content_type = Char.chr (abs n mod 256) in 141 + (* TLS 1.2 version *) 142 + let version = "\x03\x03" in 143 + let len_hi = Char.chr (String.length buf / 256 mod 256) in 144 + let len_lo = Char.chr (String.length buf mod 256) in 145 + let record = 146 + String.make 1 content_type ^ version ^ String.make 1 len_hi 147 + ^ String.make 1 len_lo ^ buf 148 + in 149 + (try ignore (Tls.Reader.parse_record record) with _ -> ()); 150 + () 151 + 152 + (** Test record overflow detection. CVE-2014-0160 (Heartbleed) exploited missing 153 + length validation. *) 154 + let test_record_overflow claimed_len buf = 155 + let buf = truncate ~max_len:1024 buf in 156 + let actual_len = String.length buf in 157 + let claimed = abs claimed_len mod 20000 in 158 + (* TLS record: content_type + version (2) + length (2) + data *) 159 + let content_type = "\x17" in 160 + (* Application data *) 161 + let version = "\x03\x03" in 162 + (* TLS 1.2 *) 163 + let len_hi = Char.chr (claimed / 256 mod 256) in 164 + let len_lo = Char.chr (claimed mod 256) in 165 + let record = 166 + content_type ^ version ^ String.make 1 len_hi ^ String.make 1 len_lo ^ buf 167 + in 168 + (* If claimed > actual, this should not crash or read OOB *) 169 + if claimed > actual_len then begin 170 + match Tls.Reader.parse_record record with 171 + | Ok (`Fragment _) -> () 172 + | Ok (`Record _) -> () 173 + | Error _ -> () 174 + end; 175 + () 176 + 177 + let () = 178 + add_test ~name:"tls: record parse" [ bytes ] test_record_parse; 179 + add_test ~name:"tls: handshake parse" [ bytes ] test_handshake_parse; 180 + add_test ~name:"tls: handshake frame" [ bytes ] test_handshake_frame; 181 + add_test ~name:"tls: alert parse" [ bytes ] test_alert_parse; 182 + add_test ~name:"tls: change cipher spec" [ bytes ] test_change_cipher_spec; 183 + add_test ~name:"tls: version parse" [ bytes ] test_version_parse; 184 + add_test ~name:"tls: certificate parse" [ bytes ] test_certificate_parse; 185 + add_test ~name:"tls: certificate request" [ bytes ] 186 + test_certificate_request_parse; 187 + add_test ~name:"tls: certificate request 1.2" [ bytes ] 188 + test_certificate_request_1_2_parse; 189 + add_test ~name:"tls: certificate request 1.3" [ bytes ] 190 + test_certificate_request_1_3_parse; 191 + add_test ~name:"tls: DH parameters" [ bytes ] test_dh_parameters_parse; 192 + add_test ~name:"tls: EC parameters" [ bytes ] test_ec_parameters_parse; 193 + add_test ~name:"tls: client DH key exchange" [ bytes ] 194 + test_client_dh_key_exchange; 195 + add_test ~name:"tls: client EC key exchange" [ bytes ] 196 + test_client_ec_key_exchange; 197 + add_test ~name:"tls: digitally signed" [ bytes ] test_digitally_signed; 198 + add_test ~name:"tls: digitally signed 1.2" [ bytes ] test_digitally_signed_1_2; 199 + add_test ~name:"tls: certificates 1.3" [ bytes ] test_certificates_1_3; 200 + add_test ~name:"tls: record content types" [ int; bytes ] 201 + test_record_content_types; 202 + add_test ~name:"tls: record overflow" [ int; bytes ] test_record_overflow