1 /* Copyright (c) 2017, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #ifndef HEADER_SSL_TEST_FUZZER
16 #define HEADER_SSL_TEST_FUZZER
17
18 #include <assert.h>
19 #include <stdlib.h>
20 #include <string.h>
21
22 #include <algorithm>
23
24 #include <openssl/bio.h>
25 #include <openssl/bytestring.h>
26 #include <openssl/err.h>
27 #include <openssl/evp.h>
28 #include <openssl/rand.h>
29 #include <openssl/rsa.h>
30 #include <openssl/ssl.h>
31 #include <openssl/x509.h>
32
33 #include "../internal.h"
34 #include "./fuzzer_tags.h"
35
36 namespace {
37
38 const uint8_t kP256KeyPKCS8[] = {
39 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
40 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
41 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
42 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
43 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
44 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
45 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
46 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
47 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
48 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
49 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
50 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
51 };
52
53 const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
54
55 const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
56
57 const uint8_t kCertificateDER[] = {
58 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
59 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
60 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
61 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
62 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
63 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
64 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
65 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
66 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
67 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
68 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
69 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
70 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
71 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
72 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
73 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
74 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
75 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
76 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
77 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
78 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
79 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
80 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
81 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
82 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
83 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
84 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
85 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
86 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
87 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
88 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
89 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
90 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
91 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
92 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
93 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
94 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
95 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
96 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
97 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
98 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
99 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
100 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
101 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
102 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
103 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
104 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
105 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
106 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
107 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
108 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
109 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
110 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
111 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
112 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
113 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
114 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
115 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
116 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
117 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
118 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
119 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
120 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
121 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
122 0x76, 0x8a, 0xbb,
123 };
124
125 const uint8_t kRSAPrivateKeyDER[] = {
126 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
127 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
128 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
129 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
130 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
131 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
132 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
133 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
134 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
135 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
136 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
137 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
138 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
139 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
140 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
141 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
142 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
143 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
144 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
145 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
146 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
147 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
148 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
149 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
150 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
151 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
152 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
153 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
154 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
155 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
156 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
157 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
158 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
159 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
160 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
161 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
162 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
163 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
164 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
165 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
166 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
167 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
168 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
169 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
170 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
171 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
172 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
173 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
174 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
175 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
176 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
177 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
178 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
179 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
180 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
181 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
182 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
183 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
184 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
185 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
186 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
187 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
188 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
189 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
190 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
191 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
192 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
193 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
194 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
195 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
196 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
197 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
198 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
199 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
200 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
201 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
202 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
203 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
204 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
205 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
206 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
207 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
208 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
209 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
210 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
211 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
212 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
213 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
214 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
215 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
216 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
217 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
218 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
219 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
220 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
221 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
222 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
223 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
224 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
225 0x98, 0x46, 0x89, 0x82, 0x40,
226 };
227
228 const uint8_t kALPNProtocols[] = {
229 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
230 };
231
ALPNSelectCallback(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)232 int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
233 const uint8_t *in, unsigned in_len, void *arg) {
234 static const uint8_t kProtocol[] = {'a', 'a'};
235 *out = kProtocol;
236 *out_len = sizeof(kProtocol);
237 return SSL_TLSEXT_ERR_OK;
238 }
239
NPNSelectCallback(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)240 int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len,
241 const uint8_t *in, unsigned in_len, void *arg) {
242 static const uint8_t kProtocol[] = {'a', 'a'};
243 *out = const_cast<uint8_t *>(kProtocol);
244 *out_len = sizeof(kProtocol);
245 return SSL_TLSEXT_ERR_OK;
246 }
247
NPNAdvertiseCallback(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg)248 int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out, unsigned *out_len,
249 void *arg) {
250 static const uint8_t kProtocols[] = {
251 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
252 };
253 *out = kProtocols;
254 *out_len = sizeof(kProtocols);
255 return SSL_TLSEXT_ERR_OK;
256 }
257
258 class TLSFuzzer {
259 public:
260 enum Protocol {
261 kTLS,
262 kDTLS,
263 };
264
265 enum Role {
266 kClient,
267 kServer,
268 };
269
TLSFuzzer(Protocol protocol,Role role)270 TLSFuzzer(Protocol protocol, Role role)
271 : debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr),
272 protocol_(protocol),
273 role_(role) {
274 if (!Init()) {
275 abort();
276 }
277 }
278
MoveBIOs(SSL * dest,SSL * src)279 static void MoveBIOs(SSL *dest, SSL *src) {
280 BIO *rbio = SSL_get_rbio(src);
281 BIO_up_ref(rbio);
282 SSL_set0_rbio(dest, rbio);
283
284 BIO *wbio = SSL_get_wbio(src);
285 BIO_up_ref(wbio);
286 SSL_set0_wbio(dest, wbio);
287
288 SSL_set0_rbio(src, nullptr);
289 SSL_set0_wbio(src, nullptr);
290 }
291
TestOneInput(const uint8_t * buf,size_t len)292 int TestOneInput(const uint8_t *buf, size_t len) {
293 RAND_reset_for_fuzzing();
294
295 CBS cbs;
296 CBS_init(&cbs, buf, len);
297 bssl::UniquePtr<SSL> ssl = SetupTest(&cbs);
298 if (!ssl) {
299 if (debug_) {
300 fprintf(stderr, "Error parsing parameters.\n");
301 }
302 return 0;
303 }
304
305 if (role_ == kClient) {
306 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
307 SSL_set_tlsext_host_name(ssl.get(), "hostname");
308 }
309
310 // ssl_handoff may or may not be used.
311 bssl::UniquePtr<SSL> ssl_handoff(SSL_new(ctx_.get()));
312 bssl::UniquePtr<SSL> ssl_handback(SSL_new(ctx_.get()));
313 SSL_set_accept_state(ssl_handoff.get());
314
315 SSL_set0_rbio(ssl.get(), MakeBIO(CBS_data(&cbs), CBS_len(&cbs)).release());
316 SSL_set0_wbio(ssl.get(), BIO_new(BIO_s_mem()));
317
318 SSL *ssl_handshake = ssl.get();
319 bool handshake_successful = false;
320 bool handback_successful = false;
321 for (;;) {
322 int ret = SSL_do_handshake(ssl_handshake);
323 if (ret < 0 && SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDOFF) {
324 MoveBIOs(ssl_handoff.get(), ssl.get());
325 // Ordinarily we would call SSL_serialize_handoff(ssl.get(). But for
326 // fuzzing, use the serialized handoff that's getting fuzzed.
327 if (!SSL_apply_handoff(ssl_handoff.get(), handoff_)) {
328 if (debug_) {
329 fprintf(stderr, "Handoff failed.\n");
330 }
331 break;
332 }
333 ssl_handshake = ssl_handoff.get();
334 } else if (ret < 0 &&
335 SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDBACK) {
336 MoveBIOs(ssl_handback.get(), ssl_handoff.get());
337 if (!SSL_apply_handback(ssl_handback.get(), handback_)) {
338 if (debug_) {
339 fprintf(stderr, "Handback failed.\n");
340 }
341 break;
342 }
343 handback_successful = true;
344 ssl_handshake = ssl_handback.get();
345 } else {
346 handshake_successful = ret == 1;
347 break;
348 }
349 }
350
351 if (debug_) {
352 if (!handshake_successful) {
353 fprintf(stderr, "Handshake failed.\n");
354 } else if (handback_successful) {
355 fprintf(stderr, "Handback successful.\n");
356 }
357 }
358
359 if (handshake_successful) {
360 // Keep reading application data until error or EOF.
361 uint8_t tmp[1024];
362 for (;;) {
363 if (SSL_read(ssl_handshake, tmp, sizeof(tmp)) <= 0) {
364 break;
365 }
366 }
367 }
368
369 if (debug_) {
370 ERR_print_errors_fp(stderr);
371 }
372 ERR_clear_error();
373 return 0;
374 }
375
376 private:
377 // Init initializes |ctx_| with settings common to all inputs.
Init()378 bool Init() {
379 ctx_.reset(SSL_CTX_new(protocol_ == kDTLS ? DTLS_method() : TLS_method()));
380 bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
381 bssl::UniquePtr<RSA> privkey(RSA_private_key_from_bytes(
382 kRSAPrivateKeyDER, sizeof(kRSAPrivateKeyDER)));
383 if (!ctx_ || !privkey || !pkey ||
384 !EVP_PKEY_set1_RSA(pkey.get(), privkey.get()) ||
385 !SSL_CTX_use_PrivateKey(ctx_.get(), pkey.get())) {
386 return false;
387 }
388
389 const uint8_t *bufp = kCertificateDER;
390 bssl::UniquePtr<X509> cert(d2i_X509(NULL, &bufp, sizeof(kCertificateDER)));
391 if (!cert ||
392 !SSL_CTX_use_certificate(ctx_.get(), cert.get()) ||
393 !SSL_CTX_set_ocsp_response(ctx_.get(), kOCSPResponse,
394 sizeof(kOCSPResponse)) ||
395 !SSL_CTX_set_signed_cert_timestamp_list(ctx_.get(), kSCT,
396 sizeof(kSCT))) {
397 return false;
398 }
399
400 // When accepting peer certificates, allow any certificate.
401 SSL_CTX_set_cert_verify_callback(
402 ctx_.get(),
403 [](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; }, nullptr);
404
405 SSL_CTX_enable_signed_cert_timestamps(ctx_.get());
406 SSL_CTX_enable_ocsp_stapling(ctx_.get());
407
408 // Enable versions and ciphers that are off by default.
409 if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:NULL-SHA")) {
410 return false;
411 }
412 if (protocol_ == kTLS &&
413 !SSL_CTX_set_max_proto_version(ctx_.get(), TLS1_3_VERSION)) {
414 return false;
415 }
416
417 static const int kCurves[] = {NID_CECPQ2, NID_X25519, NID_X9_62_prime256v1,
418 NID_secp384r1, NID_secp521r1};
419 if (!SSL_CTX_set1_curves(ctx_.get(), kCurves,
420 OPENSSL_ARRAY_SIZE(kCurves))) {
421 return false;
422 }
423
424 SSL_CTX_set_early_data_enabled(ctx_.get(), 1);
425
426 SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr);
427 SSL_CTX_set_next_protos_advertised_cb(ctx_.get(), NPNAdvertiseCallback,
428 nullptr);
429
430 SSL_CTX_set_alpn_select_cb(ctx_.get(), ALPNSelectCallback, nullptr);
431 if (SSL_CTX_set_alpn_protos(ctx_.get(), kALPNProtocols,
432 sizeof(kALPNProtocols)) != 0) {
433 return false;
434 }
435
436 CBS cbs;
437 CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8));
438 pkey.reset(EVP_parse_private_key(&cbs));
439 if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx_.get(), pkey.get())) {
440 return false;
441 }
442 SSL_CTX_set_tls_channel_id_enabled(ctx_.get(), 1);
443
444 return true;
445 }
446
447 // SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
448 // object or nullptr on error. On success, the caller should feed the
449 // remaining input in |cbs| to the SSL stack.
SetupTest(CBS * cbs)450 bssl::UniquePtr<SSL> SetupTest(CBS *cbs) {
451 // |ctx| is shared between runs, so we must clear any modifications to it
452 // made later on in this function.
453 SSL_CTX_flush_sessions(ctx_.get(), 0);
454 handoff_ = {};
455 handback_ = {};
456
457 bssl::UniquePtr<SSL> ssl(SSL_new(ctx_.get()));
458 if (role_ == kServer) {
459 SSL_set_accept_state(ssl.get());
460 } else {
461 SSL_set_connect_state(ssl.get());
462 }
463
464 for (;;) {
465 uint16_t tag;
466 if (!CBS_get_u16(cbs, &tag)) {
467 return nullptr;
468 }
469 switch (tag) {
470 case kDataTag:
471 return ssl;
472
473 case kSessionTag: {
474 CBS data;
475 if (!CBS_get_u24_length_prefixed(cbs, &data)) {
476 return nullptr;
477 }
478 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
479 CBS_data(&data), CBS_len(&data), ctx_.get()));
480 if (!session) {
481 return nullptr;
482 }
483
484 if (role_ == kServer) {
485 SSL_CTX_add_session(ctx_.get(), session.get());
486 } else {
487 SSL_set_session(ssl.get(), session.get());
488 }
489 break;
490 }
491
492 case kRequestClientCert:
493 if (role_ == kClient) {
494 return nullptr;
495 }
496 SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
497 break;
498
499 case kHandoffTag: {
500 CBS handoff;
501 if (!CBS_get_u24_length_prefixed(cbs, &handoff)) {
502 return nullptr;
503 }
504 handoff_.CopyFrom(handoff);
505 bssl::SSL_set_handoff_mode(ssl.get(), 1);
506 break;
507 }
508
509 case kHandbackTag: {
510 CBS handback;
511 if (!CBS_get_u24_length_prefixed(cbs, &handback)) {
512 return nullptr;
513 }
514 handback_.CopyFrom(handback);
515 bssl::SSL_set_handoff_mode(ssl.get(), 1);
516 break;
517 }
518
519 default:
520 return nullptr;
521 }
522 }
523 }
524
525 struct BIOData {
526 Protocol protocol;
527 CBS cbs;
528 };
529
MakeBIO(const uint8_t * in,size_t len)530 bssl::UniquePtr<BIO> MakeBIO(const uint8_t *in, size_t len) {
531 BIOData *b = new BIOData;
532 b->protocol = protocol_;
533 CBS_init(&b->cbs, in, len);
534
535 bssl::UniquePtr<BIO> bio(BIO_new(&kBIOMethod));
536 bio->init = 1;
537 bio->ptr = b;
538 return bio;
539 }
540
BIORead(BIO * bio,char * out,int len)541 static int BIORead(BIO *bio, char *out, int len) {
542 assert(bio->method == &kBIOMethod);
543 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
544 if (b->protocol == kTLS) {
545 len = std::min(static_cast<size_t>(len), CBS_len(&b->cbs));
546 memcpy(out, CBS_data(&b->cbs), len);
547 CBS_skip(&b->cbs, len);
548 return len;
549 }
550
551 // Preserve packet boundaries for DTLS.
552 CBS packet;
553 if (!CBS_get_u24_length_prefixed(&b->cbs, &packet)) {
554 return -1;
555 }
556 len = std::min(static_cast<size_t>(len), CBS_len(&packet));
557 memcpy(out, CBS_data(&packet), len);
558 return len;
559 }
560
BIODestroy(BIO * bio)561 static int BIODestroy(BIO *bio) {
562 assert(bio->method == &kBIOMethod);
563 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
564 delete b;
565 return 1;
566 }
567
568 static const BIO_METHOD kBIOMethod;
569
570 bool debug_;
571 Protocol protocol_;
572 Role role_;
573 bssl::UniquePtr<SSL_CTX> ctx_;
574 bssl::Array<uint8_t> handoff_, handback_;
575 };
576
577 const BIO_METHOD TLSFuzzer::kBIOMethod = {
578 0, // type
579 nullptr, // name
580 nullptr, // bwrite
581 TLSFuzzer::BIORead,
582 nullptr, // bputs
583 nullptr, // bgets
584 nullptr, // ctrl
585 nullptr, // create
586 TLSFuzzer::BIODestroy,
587 nullptr, // callback_ctrl
588 };
589
590 } // namespace
591
592
593 #endif // HEADER_SSL_TEST_FUZZER
594