← All libraries
Crypto · C
How to fuzz wolfSSL
A FIPS-certified TLS library for RTOS and automotive — correctness claims demand verification.
wolfSSL's design prioritises a small footprint for RTOS and automotive targets, meaning its TLS handshake and certificate parsing take many manual shortcuts that can introduce length-check omissions. Its FIPS boundary and claimed correctness make fuzzing especially valuable as an independent verification layer.
Common bug classes
- •Heap buffer overflow in TLS ClientHello extension parsing
- •Integer underflow in Certificate message length check
- •Out-of-bounds read in DTLS fragment reassembly buffer
- •Null dereference in session ticket key rotation
- •Use-after-free in TLS 1.3 key schedule error path
Recommended setup
Fuzzers
- → AFL++
- → libFuzzer
- → Honggfuzz
Sanitizers
- → ASan
- → UBSan
Harness scaffold
#include <stdint.h>
#include <stddef.h>
#include <wolfssl/ssl.h>
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method());
if (!ctx) return 0;
WOLFSSL *ssl = wolfSSL_new(ctx);
if (!ssl) { wolfSSL_CTX_free(ctx); return 0; }
/* Inject fuzz data as the incoming record stream */
wolfSSL_SetIORecv(ssl, NULL);
wolfSSL_MemoryFeed(ssl, data, (int)size);
wolfSSL_connect(ssl);
wolfSSL_free(ssl);
wolfSSL_CTX_free(ctx);
return 0;
}Save this as fuzz_target.cc, build with your compiler + sanitizer flags, and you have a working starting point.
Notable CVEs found by fuzzing
- → CVE-2022-38153
Push the harness above + a Dockerfile. First month 50% off.