← All libraries
Crypto · C
How to fuzz BoringSSL
Chrome and Android's TLS stack — security regressions here are patched globally within hours.
BoringSSL is the TLS implementation in Chrome, Android, and Google's server infrastructure. Despite aggressive internal fuzzing, its ASN.1 machinery, QUIC record layer, and custom bignum implementation are sufficiently complex that continuous external fuzzing remains valuable for catching regressions and integration bugs.
Common bug classes
- •Heap buffer overflow in ASN.1 ANY field length decode
- •Out-of-bounds read in PKCS#8 key unwrap padding validation
- •Integer overflow in QUIC CRYPTO frame length arithmetic
- •Use-after-free in TLS 1.3 post-handshake message handling
- •Null dereference on absent subjectPublicKeyInfo algorithm
Recommended setup
Fuzzers
- → AFL++
- → libFuzzer
- → Centipede
Sanitizers
- → ASan
- → UBSan
- → MSan
Harness scaffold
#include <stdint.h>
#include <stddef.h>
#include <openssl/x509.h>
#include <openssl/ssl.h>
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
CBS cbs;
CBS_init(&cbs, data, size);
/* Parse a DER certificate */
const uint8_t *p = data;
X509 *cert = d2i_X509(NULL, &p, (long)size);
if (cert) X509_free(cert);
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Push the harness above + a Dockerfile. First month 50% off.