Crypto · C

How to fuzz Mbed TLS

The embedded TLS stack — resource constraints mean less overflow headroom.

Mbed TLS targets microcontrollers and IoT devices where heap sizes are small and allocations tight. Its ASN.1 parser, X.509 verifier, and TLS record layer all manipulate length fields in constrained arenas — a one-byte overflow that would harmlessly clobber heap metadata on a server can fully corrupt a microcontroller's memory map.

Common bug classes

•Heap buffer overflow in ASN.1 BitString/OctetString length
•Integer overflow in TLS record fragment reassembly
•Out-of-bounds read in X.509 GeneralName SAN parsing
•Null dereference on optional extension missing in cert chain
•Stack overflow in recursive ASN.1 SEQUENCE parsing

Recommended setup

Fuzzers

→ AFL++
→ libFuzzer

Sanitizers

→ ASan
→ UBSan

Harness scaffold

#include <stdint.h>
#include <stddef.h>
#include <mbedtls/x509_crt.h>
#include <mbedtls/error.h>

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  mbedtls_x509_crt crt;
  mbedtls_x509_crt_init(&crt);
  mbedtls_x509_crt_parse_der(&crt, data, size);
  mbedtls_x509_crt_free(&crt);
  return 0;
}

Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.

Notable CVEs found by fuzzing

→ CVE-2021-43666
→ CVE-2022-35409

Start fuzzing Mbed TLS on Fuzze.rs →

Push the harness above + a Dockerfile. First month 50% off.