21848380424

Committed 10 Feb 2026 01:47AM UTC coverage: 91.634% (+1.6%) from 90.069%

Build # 21848380424

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #5296 from randombit/jack/tls-header-patrol

Various changes to reduce header dependencies in TLS

Run Details

104002 of 113497 relevant lines covered (91.63%)

11230277.53 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

78.43

/src/fuzzer/tls_client.cpp

/*
* (C) 2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "fuzzers.h"

#include <botan/hex.h>
#include <botan/tls_callbacks.h>
#include <botan/tls_ciphersuite.h>
#include <botan/tls_client.h>
#include <botan/tls_external_psk.h>
#include <botan/tls_policy.h>
#include <botan/tls_session_manager_noop.h>

class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager {
   public:
      std::string psk_identity_hint(const std::string& /*type*/, const std::string& /*context*/) override {
         return "psk_hint";
      }

      std::string psk_identity(const std::string& /*type*/,
                               const std::string& /*context*/,
                               const std::string& /*hint*/) override {
         return "psk_id";
      }

      Botan::secure_vector<uint8_t> session_ticket_key() override {
         return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");
      }

      Botan::secure_vector<uint8_t> dtls_cookie_secret() override {
         return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");
      }

      std::vector<Botan::TLS::ExternalPSK> find_preshared_keys(
         std::string_view host,
         Botan::TLS::Connection_Side whoami,
         const std::vector<std::string>& identities = {},
         const std::optional<std::string>& prf = std::nullopt) override {
         if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) {
            return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf);
         }

         std::vector<Botan::TLS::ExternalPSK> psks;
         psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"));
         return psks;
      }
};

class Fuzzer_TLS_Policy : public Botan::TLS::Policy {
   public:
      std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version) const override {
         std::vector<uint16_t> ciphersuites;

         for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) {
            if(suite.valid() && suite.usable_in_version(version)) {
               ciphersuites.push_back(suite.ciphersuite_code());
            }
         }

         return ciphersuites;
      }
};

class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks {
   public:
      void tls_emit_data(std::span<const uint8_t> /*data*/) override {
         // discard
      }

      void tls_record_received(uint64_t /*rec*/, std::span<const uint8_t> /*data*/) override {
         // ignore peer data
      }

      void tls_alert(Botan::TLS::Alert /*alert*/) override {
         // ignore alert
      }

      void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,
                                 const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
                                 const std::vector<Botan::Certificate_Store*>& trusted_roots,
                                 Botan::Usage_Type usage,
                                 std::string_view hostname,
                                 const Botan::TLS::Policy& policy) override {
         try {
            // try to validate to exercise those code paths
            Botan::TLS::Callbacks::tls_verify_cert_chain(
               cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
         } catch(...) {
            // ignore validation result
         }
      }
};

void fuzz(std::span<const uint8_t> in) {
   if(in.empty()) {
      return;
   }

   auto session_manager = std::make_shared<Botan::TLS::Session_Manager_Noop>();
   auto policy = std::make_shared<Fuzzer_TLS_Policy>();
   const Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;
   const Botan::TLS::Server_Information info("server.name", 443);
   auto callbacks = std::make_shared<Fuzzer_TLS_Client_Callbacks>();
   auto creds = std::make_shared<Fuzzer_TLS_Client_Creds>();

   Botan::TLS::Client client(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), info, client_offer);

   try {
      client.received_data(in);
   } catch(const std::exception& e) {}
}

1	/*
2	* (C) 2015,2016 Jack Lloyd
3	*
4	* Botan is released under the Simplified BSD License (see license.txt)
5	*/
6
7	#include "fuzzers.h"
8
9	#include <botan/hex.h>
10	#include <botan/tls_callbacks.h>
11	#include <botan/tls_ciphersuite.h>
12	#include <botan/tls_client.h>
13	#include <botan/tls_external_psk.h>
14	#include <botan/tls_policy.h>
15	#include <botan/tls_session_manager_noop.h>
16
17	class Fuzzer_TLS_Client_Creds : public Botan::Credentials_Manager {	1,962✔
18	public:
19	std::string psk_identity_hint(const std::string& /type/, const std::string& /context/) override {	×
20	return "psk_hint";	×
21	}
22
23	std::string psk_identity(const std::string& /type/,	1✔
24	const std::string& /context/,
25	const std::string& /hint/) override {
26	return "psk_id";	1✔
27	}
28
29	Botan::secure_vector<uint8_t> session_ticket_key() override {	×
30	return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");	×
31	}
32
33	Botan::secure_vector<uint8_t> dtls_cookie_secret() override {	×
34	return Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899");	×
35	}
36
37	std::vector<Botan::TLS::ExternalPSK> find_preshared_keys(	1✔
38	std::string_view host,
39	Botan::TLS::Connection_Side whoami,
40	const std::vector<std::string>& identities = {},
41	const std::optional<std::string>& prf = std::nullopt) override {
42	if(!identities.empty() && std::find(identities.begin(), identities.end(), "psk_id") == identities.end()) {	1✔
43	return Botan::Credentials_Manager::find_preshared_keys(host, whoami, identities, prf);	×
44	}
45
46	std::vector<Botan::TLS::ExternalPSK> psks;	1✔
47	psks.emplace_back("psk_id", "SHA-256", Botan::hex_decode_locked("AABBCCDDEEFF00112233445566778899"));	1✔
48	return psks;	1✔
49	}	1✔
50	};
51
52	class Fuzzer_TLS_Policy : public Botan::TLS::Policy {	1,962✔
53	public:
54	std::vector<uint16_t> ciphersuite_list(Botan::TLS::Protocol_Version version) const override {	1,962✔
55	std::vector<uint16_t> ciphersuites;	1,962✔
56
57	for(auto&& suite : Botan::TLS::Ciphersuite::all_known_ciphersuites()) {	202,086✔
58	if(suite.valid() && suite.usable_in_version(version)) {	200,124✔
59	ciphersuites.push_back(suite.ciphersuite_code());	190,314✔
60	}
61	}
62
63	return ciphersuites;	1,962✔
64	}	×
65	};
66
67	class Fuzzer_TLS_Client_Callbacks : public Botan::TLS::Callbacks {	1,962✔
68	public:
69	void tls_emit_data(std::span<const uint8_t> /data/) override {	3,981✔
70	// discard
71	}	3,981✔
72
73	void tls_record_received(uint64_t /rec/, std::span<const uint8_t> /data/) override {	×
74	// ignore peer data
75	}	×
76
77	void tls_alert(Botan::TLS::Alert /alert/) override {	4✔
78	// ignore alert
79	}	4✔
80
81	void tls_verify_cert_chain(const std::vector<Botan::X509_Certificate>& cert_chain,	258✔
82	const std::vector<std::optional<Botan::OCSP::Response>>& ocsp_responses,
83	const std::vector<Botan::Certificate_Store*>& trusted_roots,
84	Botan::Usage_Type usage,
85	std::string_view hostname,
86	const Botan::TLS::Policy& policy) override {
87	try {	258✔
88	// try to validate to exercise those code paths
89	Botan::TLS::Callbacks::tls_verify_cert_chain(	258✔
90	cert_chain, ocsp_responses, trusted_roots, usage, hostname, policy);
91	} catch(...) {	258✔
92	// ignore validation result
93	}	258✔
94	}	258✔
95	};
96
97	void fuzz(std::span<const uint8_t> in) {	1,962✔
98	if(in.empty()) {	1,962✔
99	return;	×
100	}
101
102	auto session_manager = std::make_shared<Botan::TLS::Session_Manager_Noop>();	1,962✔
103	auto policy = std::make_shared<Fuzzer_TLS_Policy>();	1,962✔
104	const Botan::TLS::Protocol_Version client_offer = Botan::TLS::Protocol_Version::TLS_V12;	1,962✔
105	const Botan::TLS::Server_Information info("server.name", 443);	1,962✔
106	auto callbacks = std::make_shared<Fuzzer_TLS_Client_Callbacks>();	1,962✔
107	auto creds = std::make_shared<Fuzzer_TLS_Client_Creds>();	1,962✔
108
109	Botan::TLS::Client client(callbacks, session_manager, creds, policy, fuzzer_rng_as_shared(), info, client_offer);	15,696✔
110
111	try {	1,962✔
112	client.received_data(in);	1,962✔
113	} catch(const std::exception& e) {}	1,938✔
114	}	11,772✔

randombit / botan / 21848380424

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous