1 /* Copyright (c) 2017, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #ifndef HEADER_SSL_TEST_FUZZER
16 #define HEADER_SSL_TEST_FUZZER
17
18 #include <assert.h>
19 #include <stdlib.h>
20 #include <string.h>
21
22 #include <algorithm>
23 #include <vector>
24
25 #include <openssl/bio.h>
26 #include <openssl/bytestring.h>
27 #include <openssl/err.h>
28 #include <openssl/evp.h>
29 #include <openssl/hpke.h>
30 #include <openssl/rand.h>
31 #include <openssl/rsa.h>
32 #include <openssl/ssl.h>
33 #include <openssl/x509.h>
34
35 #include "../../crypto/internal.h"
36 #include "./fuzzer_tags.h"
37
38 namespace {
39
40 const uint8_t kP256KeyPKCS8[] = {
41 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
42 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
43 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
44 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
45 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
46 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
47 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
48 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
49 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
50 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
51 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
52 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
53 };
54
55 const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
56
57 const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
58
59 const uint8_t kCertificateDER[] = {
60 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
61 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
62 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
63 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
64 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
65 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
66 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
67 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
68 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
69 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
70 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
71 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
72 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
73 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
74 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
75 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
76 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
77 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
78 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
79 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
80 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
81 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
82 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
83 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
84 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
85 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
86 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
87 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
88 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
89 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
90 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
91 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
92 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
93 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
94 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
95 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
96 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
97 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
98 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
99 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
100 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
101 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
102 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
103 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
104 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
105 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
106 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
107 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
108 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
109 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
110 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
111 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
112 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
113 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
114 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
115 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
116 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
117 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
118 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
119 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
120 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
121 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
122 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
123 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
124 0x76, 0x8a, 0xbb,
125 };
126
127 const uint8_t kRSAPrivateKeyDER[] = {
128 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
129 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
130 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
131 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
132 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
133 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
134 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
135 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
136 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
137 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
138 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
139 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
140 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
141 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
142 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
143 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
144 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
145 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
146 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
147 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
148 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
149 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
150 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
151 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
152 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
153 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
154 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
155 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
156 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
157 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
158 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
159 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
160 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
161 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
162 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
163 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
164 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
165 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
166 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
167 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
168 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
169 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
170 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
171 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
172 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
173 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
174 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
175 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
176 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
177 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
178 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
179 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
180 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
181 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
182 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
183 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
184 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
185 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
186 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
187 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
188 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
189 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
190 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
191 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
192 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
193 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
194 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
195 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
196 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
197 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
198 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
199 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
200 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
201 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
202 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
203 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
204 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
205 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
206 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
207 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
208 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
209 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
210 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
211 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
212 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
213 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
214 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
215 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
216 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
217 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
218 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
219 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
220 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
221 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
222 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
223 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
224 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
225 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
226 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
227 0x98, 0x46, 0x89, 0x82, 0x40,
228 };
229
230 const uint8_t kALPNProtocols[] = {
231 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
232 };
233
234 const uint8_t kECHConfig[] = {
235 0xfe, 0x0a, 0x00, 0x47, 0x2a, 0x00, 0x20, 0x00, 0x20, 0x6c, 0x55,
236 0x96, 0x41, 0x3d, 0x12, 0x4e, 0x63, 0x3d, 0x39, 0x7a, 0xe9, 0xbc,
237 0xec, 0xb2, 0x55, 0xd0, 0xe6, 0xaa, 0xbd, 0xa9, 0x79, 0xb8, 0x86,
238 0x9a, 0x13, 0x61, 0xc6, 0x69, 0xac, 0xb4, 0x21, 0x00, 0x0c, 0x00,
239 0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x03,
240 0x00, 0x10, 0x00, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2e,
241 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x00, 0x00,
242 };
243
244 const uint8_t kECHKey[] = {
245 0x35, 0x6d, 0x45, 0x06, 0xb3, 0x88, 0x89, 0x2e, 0xd6, 0x87, 0x84,
246 0xd2, 0x2d, 0x6f, 0x83, 0x48, 0xad, 0xf2, 0xfd, 0x08, 0x51, 0x73,
247 0x10, 0xa0, 0xb8, 0xdd, 0xe9, 0x96, 0x6a, 0xde, 0xbc, 0x82,
248 };
249
ALPNSelectCallback(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)250 int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
251 const uint8_t *in, unsigned in_len, void *arg) {
252 static const uint8_t kProtocol[] = {'a', 'a'};
253 *out = kProtocol;
254 *out_len = sizeof(kProtocol);
255 return SSL_TLSEXT_ERR_OK;
256 }
257
NPNSelectCallback(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)258 int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len,
259 const uint8_t *in, unsigned in_len, void *arg) {
260 static const uint8_t kProtocol[] = {'a', 'a'};
261 *out = const_cast<uint8_t *>(kProtocol);
262 *out_len = sizeof(kProtocol);
263 return SSL_TLSEXT_ERR_OK;
264 }
265
NPNAdvertiseCallback(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg)266 int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out, unsigned *out_len,
267 void *arg) {
268 static const uint8_t kProtocols[] = {
269 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
270 };
271 *out = kProtocols;
272 *out_len = sizeof(kProtocols);
273 return SSL_TLSEXT_ERR_OK;
274 }
275
276 class TLSFuzzer {
277 public:
278 enum Protocol {
279 kTLS,
280 kDTLS,
281 };
282
283 enum Role {
284 kClient,
285 kServer,
286 };
287
TLSFuzzer(Protocol protocol,Role role)288 TLSFuzzer(Protocol protocol, Role role)
289 : debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr),
290 protocol_(protocol),
291 role_(role) {
292 if (!Init()) {
293 abort();
294 }
295 }
296
MoveBIOs(SSL * dest,SSL * src)297 static void MoveBIOs(SSL *dest, SSL *src) {
298 BIO *rbio = SSL_get_rbio(src);
299 BIO_up_ref(rbio);
300 SSL_set0_rbio(dest, rbio);
301
302 BIO *wbio = SSL_get_wbio(src);
303 BIO_up_ref(wbio);
304 SSL_set0_wbio(dest, wbio);
305
306 SSL_set0_rbio(src, nullptr);
307 SSL_set0_wbio(src, nullptr);
308 }
309
TestOneInput(const uint8_t * buf,size_t len)310 int TestOneInput(const uint8_t *buf, size_t len) {
311 RAND_reset_for_fuzzing();
312
313 CBS cbs;
314 CBS_init(&cbs, buf, len);
315 bssl::UniquePtr<SSL> ssl = SetupTest(&cbs);
316 if (!ssl) {
317 if (debug_) {
318 fprintf(stderr, "Error parsing parameters.\n");
319 }
320 return 0;
321 }
322
323 if (role_ == kClient) {
324 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
325 SSL_set_tlsext_host_name(ssl.get(), "hostname");
326 }
327
328 // ssl_handoff may or may not be used.
329 bssl::UniquePtr<SSL> ssl_handoff(SSL_new(ctx_.get()));
330 bssl::UniquePtr<SSL> ssl_handback(SSL_new(ctx_.get()));
331 SSL_set_accept_state(ssl_handoff.get());
332
333 SSL_set0_rbio(ssl.get(), MakeBIO(CBS_data(&cbs), CBS_len(&cbs)).release());
334 SSL_set0_wbio(ssl.get(), BIO_new(BIO_s_mem()));
335
336 SSL *ssl_handshake = ssl.get();
337 bool handshake_successful = false;
338 bool handback_successful = false;
339 for (;;) {
340 int ret = SSL_do_handshake(ssl_handshake);
341 if (ret < 0 && SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDOFF) {
342 MoveBIOs(ssl_handoff.get(), ssl.get());
343 // Ordinarily we would call SSL_serialize_handoff(ssl.get(). But for
344 // fuzzing, use the serialized handoff that's getting fuzzed.
345 if (!bssl::SSL_apply_handoff(ssl_handoff.get(), handoff_)) {
346 if (debug_) {
347 fprintf(stderr, "Handoff failed.\n");
348 }
349 break;
350 }
351 ssl_handshake = ssl_handoff.get();
352 } else if (ret < 0 &&
353 SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDBACK) {
354 MoveBIOs(ssl_handback.get(), ssl_handoff.get());
355 if (!bssl::SSL_apply_handback(ssl_handback.get(), handback_)) {
356 if (debug_) {
357 fprintf(stderr, "Handback failed.\n");
358 }
359 break;
360 }
361 handback_successful = true;
362 ssl_handshake = ssl_handback.get();
363 } else {
364 handshake_successful = ret == 1;
365 break;
366 }
367 }
368
369 if (debug_) {
370 if (!handshake_successful) {
371 fprintf(stderr, "Handshake failed.\n");
372 } else if (handback_successful) {
373 fprintf(stderr, "Handback successful.\n");
374 }
375 }
376
377 if (handshake_successful) {
378 // Keep reading application data until error or EOF.
379 uint8_t tmp[1024];
380 for (;;) {
381 if (SSL_read(ssl_handshake, tmp, sizeof(tmp)) <= 0) {
382 break;
383 }
384 }
385 }
386
387 if (debug_) {
388 ERR_print_errors_fp(stderr);
389 }
390 ERR_clear_error();
391 return 0;
392 }
393
394 private:
395 // Init initializes |ctx_| with settings common to all inputs.
Init()396 bool Init() {
397 ctx_.reset(SSL_CTX_new(protocol_ == kDTLS ? DTLS_method() : TLS_method()));
398 bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
399 bssl::UniquePtr<RSA> privkey(RSA_private_key_from_bytes(
400 kRSAPrivateKeyDER, sizeof(kRSAPrivateKeyDER)));
401 if (!ctx_ || !privkey || !pkey ||
402 !EVP_PKEY_set1_RSA(pkey.get(), privkey.get()) ||
403 !SSL_CTX_use_PrivateKey(ctx_.get(), pkey.get())) {
404 return false;
405 }
406
407 const uint8_t *bufp = kCertificateDER;
408 bssl::UniquePtr<X509> cert(d2i_X509(NULL, &bufp, sizeof(kCertificateDER)));
409 if (!cert ||
410 !SSL_CTX_use_certificate(ctx_.get(), cert.get()) ||
411 !SSL_CTX_set_ocsp_response(ctx_.get(), kOCSPResponse,
412 sizeof(kOCSPResponse)) ||
413 !SSL_CTX_set_signed_cert_timestamp_list(ctx_.get(), kSCT,
414 sizeof(kSCT))) {
415 return false;
416 }
417
418 // When accepting peer certificates, allow any certificate.
419 SSL_CTX_set_cert_verify_callback(
420 ctx_.get(),
421 [](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; }, nullptr);
422
423 SSL_CTX_enable_signed_cert_timestamps(ctx_.get());
424 SSL_CTX_enable_ocsp_stapling(ctx_.get());
425
426 // Enable versions and ciphers that are off by default.
427 if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:NULL-SHA")) {
428 return false;
429 }
430
431 static const int kCurves[] = {NID_CECPQ2, NID_X25519, NID_X9_62_prime256v1,
432 NID_secp384r1, NID_secp521r1};
433 if (!SSL_CTX_set1_curves(ctx_.get(), kCurves,
434 OPENSSL_ARRAY_SIZE(kCurves))) {
435 return false;
436 }
437
438 SSL_CTX_set_early_data_enabled(ctx_.get(), 1);
439
440 SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr);
441 SSL_CTX_set_next_protos_advertised_cb(ctx_.get(), NPNAdvertiseCallback,
442 nullptr);
443
444 SSL_CTX_set_alpn_select_cb(ctx_.get(), ALPNSelectCallback, nullptr);
445 if (SSL_CTX_set_alpn_protos(ctx_.get(), kALPNProtocols,
446 sizeof(kALPNProtocols)) != 0) {
447 return false;
448 }
449
450 CBS cbs;
451 CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8));
452 pkey.reset(EVP_parse_private_key(&cbs));
453 if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx_.get(), pkey.get())) {
454 return false;
455 }
456 SSL_CTX_set_tls_channel_id_enabled(ctx_.get(), 1);
457
458 if (role_ == kServer) {
459 bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new());
460 bssl::ScopedEVP_HPKE_KEY key;
461 if (!keys ||
462 !EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(), kECHKey,
463 sizeof(kECHKey)) ||
464 !SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/true, kECHConfig,
465 sizeof(kECHConfig), key.get()) ||
466 !SSL_CTX_set1_ech_keys(ctx_.get(), keys.get())) {
467 return false;
468 }
469 }
470
471 return true;
472 }
473
474 // SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
475 // object or nullptr on error. On success, the caller should feed the
476 // remaining input in |cbs| to the SSL stack.
SetupTest(CBS * cbs)477 bssl::UniquePtr<SSL> SetupTest(CBS *cbs) {
478 // |ctx| is shared between runs, so we must clear any modifications to it
479 // made later on in this function.
480 SSL_CTX_flush_sessions(ctx_.get(), 0);
481 handoff_ = {};
482 handback_ = {};
483
484 bssl::UniquePtr<SSL> ssl(SSL_new(ctx_.get()));
485 if (role_ == kServer) {
486 SSL_set_accept_state(ssl.get());
487 } else {
488 SSL_set_connect_state(ssl.get());
489 }
490
491 for (;;) {
492 uint16_t tag;
493 if (!CBS_get_u16(cbs, &tag)) {
494 return nullptr;
495 }
496 switch (tag) {
497 case kDataTag:
498 return ssl;
499
500 case kSessionTag: {
501 CBS data;
502 if (!CBS_get_u24_length_prefixed(cbs, &data)) {
503 return nullptr;
504 }
505 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
506 CBS_data(&data), CBS_len(&data), ctx_.get()));
507 if (!session) {
508 return nullptr;
509 }
510
511 if (role_ == kServer) {
512 SSL_CTX_add_session(ctx_.get(), session.get());
513 } else {
514 SSL_set_session(ssl.get(), session.get());
515 }
516 break;
517 }
518
519 case kRequestClientCert:
520 if (role_ == kClient) {
521 return nullptr;
522 }
523 SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
524 break;
525
526 case kHandoffTag: {
527 CBS handoff;
528 if (!CBS_get_u24_length_prefixed(cbs, &handoff)) {
529 return nullptr;
530 }
531 handoff_.assign(CBS_data(&handoff),
532 CBS_data(&handoff) + CBS_len(&handoff));
533 bssl::SSL_set_handoff_mode(ssl.get(), 1);
534 break;
535 }
536
537 case kHandbackTag: {
538 CBS handback;
539 if (!CBS_get_u24_length_prefixed(cbs, &handback)) {
540 return nullptr;
541 }
542 handback_.assign(CBS_data(&handback),
543 CBS_data(&handback) + CBS_len(&handback));
544 bssl::SSL_set_handoff_mode(ssl.get(), 1);
545 break;
546 }
547
548 case kHintsTag: {
549 CBS hints;
550 if (!CBS_get_u24_length_prefixed(cbs, &hints)) {
551 return nullptr;
552 }
553 SSL_set_handshake_hints(ssl.get(), CBS_data(&hints), CBS_len(&hints));
554 break;
555 }
556
557 default:
558 return nullptr;
559 }
560 }
561 }
562
563 struct BIOData {
564 Protocol protocol;
565 CBS cbs;
566 };
567
MakeBIO(const uint8_t * in,size_t len)568 bssl::UniquePtr<BIO> MakeBIO(const uint8_t *in, size_t len) {
569 BIOData *b = new BIOData;
570 b->protocol = protocol_;
571 CBS_init(&b->cbs, in, len);
572
573 bssl::UniquePtr<BIO> bio(BIO_new(&kBIOMethod));
574 bio->init = 1;
575 bio->ptr = b;
576 return bio;
577 }
578
BIORead(BIO * bio,char * out,int len)579 static int BIORead(BIO *bio, char *out, int len) {
580 assert(bio->method == &kBIOMethod);
581 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
582 if (b->protocol == kTLS) {
583 len = std::min(static_cast<size_t>(len), CBS_len(&b->cbs));
584 memcpy(out, CBS_data(&b->cbs), len);
585 CBS_skip(&b->cbs, len);
586 return len;
587 }
588
589 // Preserve packet boundaries for DTLS.
590 CBS packet;
591 if (!CBS_get_u24_length_prefixed(&b->cbs, &packet)) {
592 return -1;
593 }
594 len = std::min(static_cast<size_t>(len), CBS_len(&packet));
595 memcpy(out, CBS_data(&packet), len);
596 return len;
597 }
598
BIODestroy(BIO * bio)599 static int BIODestroy(BIO *bio) {
600 assert(bio->method == &kBIOMethod);
601 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
602 delete b;
603 return 1;
604 }
605
606 static const BIO_METHOD kBIOMethod;
607
608 bool debug_;
609 Protocol protocol_;
610 Role role_;
611 bssl::UniquePtr<SSL_CTX> ctx_;
612 std::vector<uint8_t> handoff_, handback_;
613 };
614
615 const BIO_METHOD TLSFuzzer::kBIOMethod = {
616 0, // type
617 nullptr, // name
618 nullptr, // bwrite
619 TLSFuzzer::BIORead,
620 nullptr, // bputs
621 nullptr, // bgets
622 nullptr, // ctrl
623 nullptr, // create
624 TLSFuzzer::BIODestroy,
625 nullptr, // callback_ctrl
626 };
627
628 } // namespace
629
630
631 #endif // HEADER_SSL_TEST_FUZZER
632