1 /* Copyright (c) 2016, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <functional>
16 #include <string>
17 #include <type_traits>
18 #include <vector>
19
20 #include <assert.h>
21
22 #include <openssl/bytestring.h>
23 #include <openssl/err.h>
24 #include <openssl/evp.h>
25 #include <openssl/hpke.h>
26 #include <openssl/rsa.h>
27 #include <openssl/ssl.h>
28 #include <openssl/stack.h>
29 #include <openssl/x509.h>
30
31 #include "../crypto/internal.h"
32
33 static const uint8_t kCertificateDER[] = {
34 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
35 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
36 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
37 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
38 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
39 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
40 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
41 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
42 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
43 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
44 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
45 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
46 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
47 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
48 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
49 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
50 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
51 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
52 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
53 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
54 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
55 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
56 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
57 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
58 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
59 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
60 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
61 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
62 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
63 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
64 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
65 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
66 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
67 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
68 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
69 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
70 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
71 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
72 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
73 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
74 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
75 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
76 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
77 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
78 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
79 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
80 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
81 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
82 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
83 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
84 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
85 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
86 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
87 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
88 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
89 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
90 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
91 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
92 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
93 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
94 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
95 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
96 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
97 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
98 0x76, 0x8a, 0xbb,
99 };
100
101 static const uint8_t kRSAPrivateKeyDER[] = {
102 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
103 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
104 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
105 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
106 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
107 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
108 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
109 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
110 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
111 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
112 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
113 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
114 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
115 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
116 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
117 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
118 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
119 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
120 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
121 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
122 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
123 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
124 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
125 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
126 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
127 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
128 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
129 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
130 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
131 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
132 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
133 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
134 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
135 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
136 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
137 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
138 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
139 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
140 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
141 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
142 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
143 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
144 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
145 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
146 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
147 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
148 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
149 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
150 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
151 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
152 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
153 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
154 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
155 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
156 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
157 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
158 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
159 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
160 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
161 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
162 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
163 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
164 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
165 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
166 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
167 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
168 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
169 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
170 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
171 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
172 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
173 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
174 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
175 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
176 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
177 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
178 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
179 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
180 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
181 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
182 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
183 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
184 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
185 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
186 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
187 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
188 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
189 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
190 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
191 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
192 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
193 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
194 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
195 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
196 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
197 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
198 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
199 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
200 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
201 0x98, 0x46, 0x89, 0x82, 0x40,
202 };
203
204 struct GlobalState {
GlobalStateGlobalState205 GlobalState() {
206 const uint8_t *bufp = kRSAPrivateKeyDER;
207 RSA *privkey = d2i_RSAPrivateKey(NULL, &bufp, sizeof(kRSAPrivateKeyDER));
208 assert(privkey != nullptr);
209
210 pkey_.reset(EVP_PKEY_new());
211 EVP_PKEY_assign_RSA(pkey_.get(), privkey);
212
213 bufp = kCertificateDER;
214 cert_.reset(d2i_X509(NULL, &bufp, sizeof(kCertificateDER)));
215 assert(cert_.get() != nullptr);
216
217 certs_.reset(sk_X509_new_null());
218 bssl::PushToStack(certs_.get(), bssl::UpRef(cert_));
219 }
220
221 bssl::UniquePtr<EVP_PKEY> pkey_;
222 bssl::UniquePtr<X509> cert_;
223 bssl::UniquePtr<STACK_OF(X509)> certs_;
224 };
225
226 static GlobalState g_state;
227
GetString(std::string * out,CBS * cbs)228 static bool GetString(std::string *out, CBS *cbs) {
229 CBS str;
230 if (!CBS_get_u8_length_prefixed(cbs, &str)) {
231 return false;
232 }
233
234 out->assign(reinterpret_cast<const char *>(CBS_data(&str)), CBS_len(&str));
235 return true;
236 }
237
238 template <typename T>
GetVector(std::vector<T> * out,CBS * cbs)239 static bool GetVector(std::vector<T> *out, CBS *cbs) {
240 static_assert(std::is_pod<T>::value,
241 "GetVector may only be called on POD types");
242
243 CBS child;
244 if (!CBS_get_u8_length_prefixed(cbs, &child)) {
245 return false;
246 }
247
248 size_t num = CBS_len(&child) / sizeof(T);
249 out->resize(num);
250 out->shrink_to_fit(); // Ensure ASan notices out-of-bounds reads.
251 OPENSSL_memcpy(out->data(), CBS_data(&child), num * sizeof(T));
252 return true;
253 }
254
LLVMFuzzerTestOneInput(const uint8_t * buf,size_t len)255 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
256 constexpr size_t kMaxExpensiveAPIs = 100;
257 constexpr size_t kMaxAPIs = 10000;
258 unsigned expensive_api_count = 0;
259
260 const std::function<void(SSL_CTX *, CBS *)> kAPIs[] = {
261 [](SSL_CTX *ctx, CBS *cbs) {
262 uint8_t b;
263 if (!CBS_get_u8(cbs, &b)) {
264 return;
265 }
266 SSL_CTX_set_quiet_shutdown(ctx, b);
267 },
268 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_get_quiet_shutdown(ctx); },
269 [](SSL_CTX *ctx, CBS *cbs) {
270 uint16_t version;
271 if (!CBS_get_u16(cbs, &version)) {
272 return;
273 }
274 SSL_CTX_set_min_proto_version(ctx, version);
275 },
276 [](SSL_CTX *ctx, CBS *cbs) {
277 uint16_t version;
278 if (!CBS_get_u16(cbs, &version)) {
279 return;
280 }
281 SSL_CTX_set_max_proto_version(ctx, version);
282 },
283 [](SSL_CTX *ctx, CBS *cbs) {
284 uint32_t options;
285 if (!CBS_get_u32(cbs, &options)) {
286 return;
287 }
288 SSL_CTX_set_options(ctx, options);
289 },
290 [](SSL_CTX *ctx, CBS *cbs) {
291 uint32_t options;
292 if (!CBS_get_u32(cbs, &options)) {
293 return;
294 }
295 SSL_CTX_clear_options(ctx, options);
296 },
297 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_get_options(ctx); },
298 [](SSL_CTX *ctx, CBS *cbs) {
299 uint32_t mode;
300 if (!CBS_get_u32(cbs, &mode)) {
301 return;
302 }
303 SSL_CTX_set_mode(ctx, mode);
304 },
305 [](SSL_CTX *ctx, CBS *cbs) {
306 uint32_t mode;
307 if (!CBS_get_u32(cbs, &mode)) {
308 return;
309 }
310 SSL_CTX_clear_mode(ctx, mode);
311 },
312 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_get_mode(ctx); },
313 [](SSL_CTX *ctx, CBS *cbs) {
314 SSL_CTX_use_certificate(ctx, g_state.cert_.get());
315 },
316 [](SSL_CTX *ctx, CBS *cbs) {
317 SSL_CTX_use_PrivateKey(ctx, g_state.pkey_.get());
318 },
319 [](SSL_CTX *ctx, CBS *cbs) {
320 SSL_CTX_set1_chain(ctx, g_state.certs_.get());
321 },
322 [&](SSL_CTX *ctx, CBS *cbs) {
323 // Avoid an unbounded certificate chain.
324 if (++expensive_api_count >= kMaxExpensiveAPIs) {
325 return;
326 }
327
328 SSL_CTX_add1_chain_cert(ctx, g_state.cert_.get());
329 },
330 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_clear_chain_certs(ctx); },
331 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_clear_extra_chain_certs(ctx); },
332 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_check_private_key(ctx); },
333 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_get0_certificate(ctx); },
334 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_get0_privatekey(ctx); },
335 [](SSL_CTX *ctx, CBS *cbs) {
336 STACK_OF(X509) * chains;
337 SSL_CTX_get0_chain_certs(ctx, &chains);
338 },
339 [](SSL_CTX *ctx, CBS *cbs) {
340 std::vector<uint8_t> sct_data;
341 if (!GetVector(&sct_data, cbs)) {
342 return;
343 }
344 SSL_CTX_set_signed_cert_timestamp_list(ctx, sct_data.data(),
345 sct_data.size());
346 },
347 [](SSL_CTX *ctx, CBS *cbs) {
348 std::vector<uint8_t> ocsp_data;
349 if (!GetVector(&ocsp_data, cbs)) {
350 return;
351 }
352 SSL_CTX_set_ocsp_response(ctx, ocsp_data.data(), ocsp_data.size());
353 },
354 [](SSL_CTX *ctx, CBS *cbs) {
355 std::vector<uint16_t> algs;
356 if (!GetVector(&algs, cbs)) {
357 return;
358 }
359 SSL_CTX_set_signing_algorithm_prefs(ctx, algs.data(), algs.size());
360 },
361 [](SSL_CTX *ctx, CBS *cbs) {
362 std::string ciphers;
363 if (!GetString(&ciphers, cbs)) {
364 return;
365 }
366 SSL_CTX_set_strict_cipher_list(ctx, ciphers.c_str());
367 },
368 [](SSL_CTX *ctx, CBS *cbs) {
369 std::string ciphers;
370 if (!GetString(&ciphers, cbs)) {
371 return;
372 }
373 SSL_CTX_set_cipher_list(ctx, ciphers.c_str());
374 },
375 [](SSL_CTX *ctx, CBS *cbs) {
376 std::vector<uint16_t> algs;
377 if (!GetVector(&algs, cbs)) {
378 return;
379 }
380 SSL_CTX_set_verify_algorithm_prefs(ctx, algs.data(), algs.size());
381 },
382 [](SSL_CTX *ctx, CBS *cbs) {
383 std::vector<uint8_t> id_ctx;
384 if (!GetVector(&id_ctx, cbs)) {
385 return;
386 }
387 SSL_CTX_set_session_id_context(ctx, id_ctx.data(), id_ctx.size());
388 },
389 [](SSL_CTX *ctx, CBS *cbs) {
390 uint32_t size;
391 if (!CBS_get_u32(cbs, &size)) {
392 return;
393 }
394 SSL_CTX_sess_set_cache_size(ctx, size);
395 },
396 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_sess_get_cache_size(ctx); },
397 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_sess_number(ctx); },
398 [](SSL_CTX *ctx, CBS *cbs) {
399 uint32_t time;
400 if (!CBS_get_u32(cbs, &time)) {
401 return;
402 }
403 SSL_CTX_flush_sessions(ctx, time);
404 },
405 [](SSL_CTX *ctx, CBS *cbs) {
406 std::vector<uint8_t> keys;
407 if (!GetVector(&keys, cbs)) {
408 return;
409 }
410 SSL_CTX_set_tlsext_ticket_keys(ctx, keys.data(), keys.size());
411 },
412 [](SSL_CTX *ctx, CBS *cbs) {
413 std::vector<int> curves;
414 if (!GetVector(&curves, cbs)) {
415 return;
416 }
417 SSL_CTX_set1_curves(ctx, curves.data(), curves.size());
418 },
419 [](SSL_CTX *ctx, CBS *cbs) {
420 std::string curves;
421 if (!GetString(&curves, cbs)) {
422 return;
423 }
424 SSL_CTX_set1_curves_list(ctx, curves.c_str());
425 },
426 [](SSL_CTX *ctx, CBS *cbs) {
427 SSL_CTX_enable_signed_cert_timestamps(ctx);
428 },
429 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_enable_ocsp_stapling(ctx); },
430 [&](SSL_CTX *ctx, CBS *cbs) {
431 // Avoid an unbounded client CA list.
432 if (++expensive_api_count >= kMaxExpensiveAPIs) {
433 return;
434 }
435
436 SSL_CTX_add_client_CA(ctx, g_state.cert_.get());
437 },
438 [](SSL_CTX *ctx, CBS *cbs) {
439 std::vector<uint8_t> protos;
440 if (!GetVector(&protos, cbs)) {
441 return;
442 }
443 SSL_CTX_set_alpn_protos(ctx, protos.data(), protos.size());
444 },
445 [](SSL_CTX *ctx, CBS *cbs) {
446 std::string profiles;
447 if (!GetString(&profiles, cbs)) {
448 return;
449 }
450 SSL_CTX_set_srtp_profiles(ctx, profiles.c_str());
451 },
452 [](SSL_CTX *ctx, CBS *cbs) { SSL_CTX_get_max_cert_list(ctx); },
453 [](SSL_CTX *ctx, CBS *cbs) {
454 uint32_t size;
455 if (!CBS_get_u32(cbs, &size)) {
456 return;
457 }
458 SSL_CTX_set_max_cert_list(ctx, size);
459 },
460 [](SSL_CTX *ctx, CBS *cbs) {
461 uint32_t size;
462 if (!CBS_get_u32(cbs, &size)) {
463 return;
464 }
465 SSL_CTX_set_max_send_fragment(ctx, size);
466 },
467 [](SSL_CTX *ctx, CBS *cbs) {
468 uint8_t b;
469 if (!CBS_get_u8(cbs, &b)) {
470 return;
471 }
472 SSL_CTX_set_retain_only_sha256_of_client_certs(ctx, b);
473 },
474 [](SSL_CTX *ctx, CBS *cbs) {
475 uint8_t b;
476 if (!CBS_get_u8(cbs, &b)) {
477 return;
478 }
479 SSL_CTX_set_grease_enabled(ctx, b);
480 },
481 [](SSL_CTX *ctx, CBS *cbs) {
482 std::vector<int> sigalgs;
483 if (!GetVector(&sigalgs, cbs)) {
484 return;
485 }
486 SSL_CTX_set1_sigalgs(ctx, sigalgs.data(), sigalgs.size());
487 },
488 [](SSL_CTX *ctx, CBS *cbs) {
489 std::string sigalgs;
490 if (!GetString(&sigalgs, cbs)) {
491 return;
492 }
493 SSL_CTX_set1_sigalgs_list(ctx, sigalgs.c_str());
494 },
495 [](SSL_CTX *ctx, CBS *cbs) {
496 bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new());
497 if (keys == nullptr) {
498 return;
499 }
500 uint8_t is_retry_config;
501 CBS ech_config, private_key;
502 if (!CBS_get_u8(cbs, &is_retry_config) ||
503 !CBS_get_u16_length_prefixed(cbs, &ech_config) ||
504 !CBS_get_u16_length_prefixed(cbs, &private_key)) {
505 return;
506 }
507 bssl::ScopedEVP_HPKE_KEY key;
508 if (!EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(),
509 CBS_data(&private_key), CBS_len(&private_key)) ||
510 !SSL_ECH_KEYS_add(keys.get(), is_retry_config,
511 CBS_data(&ech_config), CBS_len(&ech_config),
512 key.get()) ||
513 !SSL_CTX_set1_ech_keys(ctx, keys.get())) {
514 return;
515 }
516 },
517 };
518
519 bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
520
521 // If the number of functions exceeds this limit then the code needs to do
522 // more than sample a single uint8_t to pick the function.
523 static_assert(OPENSSL_ARRAY_SIZE(kAPIs) < 256, "kAPIs too large");
524
525 CBS cbs;
526 CBS_init(&cbs, buf, len);
527
528 for (unsigned i = 0; i < kMaxAPIs; i++) {
529 uint8_t index;
530 if (!CBS_get_u8(&cbs, &index)) {
531 break;
532 }
533
534 kAPIs[index % OPENSSL_ARRAY_SIZE(kAPIs)](ctx.get(), &cbs);
535 }
536
537 bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
538 ERR_clear_error();
539
540 return 0;
541 }
542