Crypto · C

How to fuzz Nettle

GnuTLS's crypto backend — a bug here silently undermines every GnuTLS session.

Nettle is the cryptographic backend for GnuTLS and is used in GNOME and many embedded Linux systems. Its hand-coded multi-precision arithmetic and assembly-optimised hash functions have tight buffer contracts that fuzzing with MSan and UBSan can efficiently validate.

Common bug classes

•Heap buffer overflow in mpz_import with crafted limb count
•Integer overflow in RSA key size validation
•Out-of-bounds read in base16/base64 decode on truncated input
•Timing side-channel in conditional secret-comparison (UBSan catches UB enabling it)
•Null dereference in GCM authentication tag length mismatch

Recommended setup

Fuzzers

→ AFL++
→ libFuzzer

Sanitizers

→ ASan
→ UBSan
→ MSan

Harness scaffold

#include <stdint.h>
#include <stddef.h>
#include <nettle/rsa.h>
#include <nettle/base64.h>

int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  /* Fuzz base64 decoder as a representative simple entry point */
  struct base64_decode_ctx ctx;
  base64_decode_init(&ctx);
  uint8_t out[4096];
  size_t out_len = sizeof(out);
  base64_decode_update(&ctx, &out_len, out, size, (const char *)data);
  base64_decode_final(&ctx);
  return 0;
}

Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.

Start fuzzing Nettle on Fuzze.rs →

Push the harness above + a Dockerfile. First month 50% off.