1 /* Copyright (c) 2017, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #ifndef HEADER_SSL_TEST_FUZZER
16 #define HEADER_SSL_TEST_FUZZER
17
18 #include <assert.h>
19 #include <stdlib.h>
20 #include <string.h>
21
22 #include <algorithm>
23 #include <vector>
24
25 #include <openssl/bio.h>
26 #include <openssl/bytestring.h>
27 #include <openssl/err.h>
28 #include <openssl/evp.h>
29 #include <openssl/hpke.h>
30 #include <openssl/rand.h>
31 #include <openssl/rsa.h>
32 #include <openssl/ssl.h>
33 #include <openssl/x509.h>
34
35 #include "../../crypto/internal.h"
36 #include "./fuzzer_tags.h"
37
38 namespace {
39
40 const uint8_t kP256KeyPKCS8[] = {
41 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
42 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
43 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
44 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
45 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
46 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
47 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
48 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
49 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
50 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
51 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
52 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
53 };
54
55 const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
56
57 const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
58
59 const uint8_t kCertificateDER[] = {
60 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
61 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
62 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
63 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
64 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
65 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
66 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
67 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
68 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
69 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
70 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
71 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
72 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
73 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
74 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
75 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
76 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
77 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
78 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
79 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
80 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
81 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
82 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
83 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
84 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
85 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
86 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
87 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
88 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
89 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
90 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
91 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
92 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
93 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
94 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
95 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
96 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
97 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
98 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
99 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
100 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
101 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
102 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
103 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
104 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
105 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
106 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
107 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
108 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
109 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
110 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
111 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
112 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
113 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
114 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
115 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
116 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
117 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
118 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
119 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
120 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
121 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
122 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
123 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
124 0x76, 0x8a, 0xbb,
125 };
126
127 const uint8_t kRSAPrivateKeyDER[] = {
128 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
129 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
130 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
131 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
132 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
133 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
134 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
135 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
136 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
137 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
138 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
139 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
140 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
141 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
142 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
143 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
144 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
145 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
146 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
147 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
148 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
149 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
150 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
151 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
152 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
153 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
154 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
155 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
156 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
157 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
158 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
159 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
160 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
161 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
162 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
163 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
164 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
165 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
166 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
167 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
168 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
169 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
170 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
171 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
172 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
173 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
174 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
175 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
176 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
177 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
178 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
179 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
180 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
181 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
182 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
183 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
184 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
185 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
186 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
187 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
188 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
189 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
190 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
191 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
192 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
193 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
194 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
195 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
196 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
197 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
198 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
199 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
200 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
201 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
202 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
203 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
204 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
205 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
206 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
207 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
208 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
209 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
210 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
211 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
212 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
213 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
214 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
215 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
216 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
217 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
218 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
219 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
220 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
221 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
222 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
223 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
224 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
225 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
226 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
227 0x98, 0x46, 0x89, 0x82, 0x40,
228 };
229
230 const uint8_t kALPNProtocols[] = {
231 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
232 };
233
234 const uint8_t kECHKey[] = {
235 0x35, 0x6d, 0x45, 0x06, 0xb3, 0x88, 0x89, 0x2e, 0xd6, 0x87, 0x84,
236 0xd2, 0x2d, 0x6f, 0x83, 0x48, 0xad, 0xf2, 0xfd, 0x08, 0x51, 0x73,
237 0x10, 0xa0, 0xb8, 0xdd, 0xe9, 0x96, 0x6a, 0xde, 0xbc, 0x82,
238 };
239
ALPNSelectCallback(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)240 int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
241 const uint8_t *in, unsigned in_len, void *arg) {
242 static const uint8_t kProtocol[] = {'a', 'a'};
243 *out = kProtocol;
244 *out_len = sizeof(kProtocol);
245 return SSL_TLSEXT_ERR_OK;
246 }
247
NPNSelectCallback(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)248 int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len,
249 const uint8_t *in, unsigned in_len, void *arg) {
250 static const uint8_t kProtocol[] = {'a', 'a'};
251 *out = const_cast<uint8_t *>(kProtocol);
252 *out_len = sizeof(kProtocol);
253 return SSL_TLSEXT_ERR_OK;
254 }
255
NPNAdvertiseCallback(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg)256 int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out, unsigned *out_len,
257 void *arg) {
258 static const uint8_t kProtocols[] = {
259 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
260 };
261 *out = kProtocols;
262 *out_len = sizeof(kProtocols);
263 return SSL_TLSEXT_ERR_OK;
264 }
265
266 class TLSFuzzer {
267 public:
268 enum Protocol {
269 kTLS,
270 kDTLS,
271 };
272
273 enum Role {
274 kClient,
275 kServer,
276 };
277
TLSFuzzer(Protocol protocol,Role role)278 TLSFuzzer(Protocol protocol, Role role)
279 : debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr),
280 protocol_(protocol),
281 role_(role) {
282 if (!Init()) {
283 abort();
284 }
285 }
286
MoveBIOs(SSL * dest,SSL * src)287 static void MoveBIOs(SSL *dest, SSL *src) {
288 BIO *rbio = SSL_get_rbio(src);
289 BIO_up_ref(rbio);
290 SSL_set0_rbio(dest, rbio);
291
292 BIO *wbio = SSL_get_wbio(src);
293 BIO_up_ref(wbio);
294 SSL_set0_wbio(dest, wbio);
295
296 SSL_set0_rbio(src, nullptr);
297 SSL_set0_wbio(src, nullptr);
298 }
299
TestOneInput(const uint8_t * buf,size_t len)300 int TestOneInput(const uint8_t *buf, size_t len) {
301 RAND_reset_for_fuzzing();
302
303 CBS cbs;
304 CBS_init(&cbs, buf, len);
305 bssl::UniquePtr<SSL> ssl = SetupTest(&cbs);
306 if (!ssl) {
307 if (debug_) {
308 fprintf(stderr, "Error parsing parameters.\n");
309 }
310 return 0;
311 }
312
313 if (role_ == kClient) {
314 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
315 SSL_set_tlsext_host_name(ssl.get(), "hostname");
316 }
317
318 // ssl_handoff may or may not be used.
319 bssl::UniquePtr<SSL> ssl_handoff(SSL_new(ctx_.get()));
320 bssl::UniquePtr<SSL> ssl_handback(SSL_new(ctx_.get()));
321 SSL_set_accept_state(ssl_handoff.get());
322
323 SSL_set0_rbio(ssl.get(), MakeBIO(CBS_data(&cbs), CBS_len(&cbs)).release());
324 SSL_set0_wbio(ssl.get(), BIO_new(BIO_s_mem()));
325
326 SSL *ssl_handshake = ssl.get();
327 bool handshake_successful = false;
328 bool handback_successful = false;
329 for (;;) {
330 int ret = SSL_do_handshake(ssl_handshake);
331 if (ret < 0 && SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDOFF) {
332 MoveBIOs(ssl_handoff.get(), ssl.get());
333 // Ordinarily we would call SSL_serialize_handoff(ssl.get(). But for
334 // fuzzing, use the serialized handoff that's getting fuzzed.
335 if (!bssl::SSL_apply_handoff(ssl_handoff.get(), handoff_)) {
336 if (debug_) {
337 fprintf(stderr, "Handoff failed.\n");
338 }
339 break;
340 }
341 ssl_handshake = ssl_handoff.get();
342 } else if (ret < 0 &&
343 SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDBACK) {
344 MoveBIOs(ssl_handback.get(), ssl_handoff.get());
345 if (!bssl::SSL_apply_handback(ssl_handback.get(), handback_)) {
346 if (debug_) {
347 fprintf(stderr, "Handback failed.\n");
348 }
349 break;
350 }
351 handback_successful = true;
352 ssl_handshake = ssl_handback.get();
353 } else {
354 handshake_successful = ret == 1;
355 break;
356 }
357 }
358
359 if (debug_) {
360 if (!handshake_successful) {
361 fprintf(stderr, "Handshake failed.\n");
362 } else if (handback_successful) {
363 fprintf(stderr, "Handback successful.\n");
364 }
365 }
366
367 if (handshake_successful) {
368 // Keep reading application data until error or EOF.
369 uint8_t tmp[1024];
370 for (;;) {
371 if (SSL_read(ssl_handshake, tmp, sizeof(tmp)) <= 0) {
372 break;
373 }
374 }
375 }
376
377 if (debug_) {
378 ERR_print_errors_fp(stderr);
379 }
380 ERR_clear_error();
381 return 0;
382 }
383
384 private:
385 // Init initializes |ctx_| with settings common to all inputs.
Init()386 bool Init() {
387 ctx_.reset(SSL_CTX_new(protocol_ == kDTLS ? DTLS_method() : TLS_method()));
388 bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
389 bssl::UniquePtr<RSA> privkey(RSA_private_key_from_bytes(
390 kRSAPrivateKeyDER, sizeof(kRSAPrivateKeyDER)));
391 if (!ctx_ || !privkey || !pkey ||
392 !EVP_PKEY_set1_RSA(pkey.get(), privkey.get()) ||
393 !SSL_CTX_use_PrivateKey(ctx_.get(), pkey.get())) {
394 return false;
395 }
396
397 const uint8_t *bufp = kCertificateDER;
398 bssl::UniquePtr<X509> cert(d2i_X509(NULL, &bufp, sizeof(kCertificateDER)));
399 if (!cert ||
400 !SSL_CTX_use_certificate(ctx_.get(), cert.get()) ||
401 !SSL_CTX_set_ocsp_response(ctx_.get(), kOCSPResponse,
402 sizeof(kOCSPResponse)) ||
403 !SSL_CTX_set_signed_cert_timestamp_list(ctx_.get(), kSCT,
404 sizeof(kSCT))) {
405 return false;
406 }
407
408 // When accepting peer certificates, allow any certificate.
409 SSL_CTX_set_cert_verify_callback(
410 ctx_.get(),
411 [](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; }, nullptr);
412
413 SSL_CTX_enable_signed_cert_timestamps(ctx_.get());
414 SSL_CTX_enable_ocsp_stapling(ctx_.get());
415
416 // Enable versions and ciphers that are off by default.
417 if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:3DES")) {
418 return false;
419 }
420
421 static const uint16_t kGroups[] = {
422 SSL_GROUP_X25519_MLKEM768, SSL_GROUP_X25519_KYBER768_DRAFT00,
423 SSL_GROUP_X25519, SSL_GROUP_SECP256R1,
424 SSL_GROUP_SECP384R1, SSL_GROUP_SECP521R1};
425 if (!SSL_CTX_set1_group_ids(ctx_.get(), kGroups,
426 OPENSSL_ARRAY_SIZE(kGroups))) {
427 return false;
428 }
429
430 SSL_CTX_set_early_data_enabled(ctx_.get(), 1);
431
432 SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr);
433 SSL_CTX_set_next_protos_advertised_cb(ctx_.get(), NPNAdvertiseCallback,
434 nullptr);
435
436 SSL_CTX_set_alpn_select_cb(ctx_.get(), ALPNSelectCallback, nullptr);
437 if (SSL_CTX_set_alpn_protos(ctx_.get(), kALPNProtocols,
438 sizeof(kALPNProtocols)) != 0) {
439 return false;
440 }
441
442 CBS cbs;
443 CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8));
444 pkey.reset(EVP_parse_private_key(&cbs));
445 if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx_.get(), pkey.get())) {
446 return false;
447 }
448 SSL_CTX_set_tls_channel_id_enabled(ctx_.get(), 1);
449
450 if (role_ == kServer) {
451 bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new());
452 bssl::ScopedEVP_HPKE_KEY key;
453 uint8_t *ech_config;
454 size_t ech_config_len;
455 if (!keys ||
456 !EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(), kECHKey,
457 sizeof(kECHKey)) ||
458 // Match |echConfig| in |addEncryptedClientHelloTests| from runner.go.
459 !SSL_marshal_ech_config(&ech_config, &ech_config_len,
460 /*config_id=*/42, key.get(), "public.example",
461 /*max_name_len=*/64)) {
462 return false;
463 }
464 bssl::UniquePtr<uint8_t> free_ech_config(ech_config);
465 if (!SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/true, ech_config,
466 ech_config_len, key.get()) ||
467 !SSL_CTX_set1_ech_keys(ctx_.get(), keys.get())) {
468 return false;
469 }
470 }
471
472 return true;
473 }
474
475 // SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
476 // object or nullptr on error. On success, the caller should feed the
477 // remaining input in |cbs| to the SSL stack.
SetupTest(CBS * cbs)478 bssl::UniquePtr<SSL> SetupTest(CBS *cbs) {
479 // |ctx| is shared between runs, so we must clear any modifications to it
480 // made later on in this function.
481 SSL_CTX_flush_sessions(ctx_.get(), 0);
482 handoff_ = {};
483 handback_ = {};
484
485 bssl::UniquePtr<SSL> ssl(SSL_new(ctx_.get()));
486 if (role_ == kServer) {
487 SSL_set_accept_state(ssl.get());
488 } else {
489 SSL_set_connect_state(ssl.get());
490 }
491
492 for (;;) {
493 uint16_t tag;
494 if (!CBS_get_u16(cbs, &tag)) {
495 return nullptr;
496 }
497 switch (tag) {
498 case kDataTag:
499 return ssl;
500
501 case kSessionTag: {
502 CBS data;
503 if (!CBS_get_u24_length_prefixed(cbs, &data)) {
504 return nullptr;
505 }
506 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
507 CBS_data(&data), CBS_len(&data), ctx_.get()));
508 if (!session) {
509 return nullptr;
510 }
511
512 if (role_ == kServer) {
513 SSL_CTX_add_session(ctx_.get(), session.get());
514 } else {
515 SSL_set_session(ssl.get(), session.get());
516 }
517 break;
518 }
519
520 case kRequestClientCert:
521 if (role_ == kClient) {
522 return nullptr;
523 }
524 SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
525 break;
526
527 case kHandoffTag: {
528 CBS handoff;
529 if (!CBS_get_u24_length_prefixed(cbs, &handoff)) {
530 return nullptr;
531 }
532 handoff_.assign(CBS_data(&handoff),
533 CBS_data(&handoff) + CBS_len(&handoff));
534 bssl::SSL_set_handoff_mode(ssl.get(), 1);
535 break;
536 }
537
538 case kHandbackTag: {
539 CBS handback;
540 if (!CBS_get_u24_length_prefixed(cbs, &handback)) {
541 return nullptr;
542 }
543 handback_.assign(CBS_data(&handback),
544 CBS_data(&handback) + CBS_len(&handback));
545 bssl::SSL_set_handoff_mode(ssl.get(), 1);
546 break;
547 }
548
549 case kHintsTag: {
550 CBS hints;
551 if (!CBS_get_u24_length_prefixed(cbs, &hints)) {
552 return nullptr;
553 }
554 SSL_set_handshake_hints(ssl.get(), CBS_data(&hints), CBS_len(&hints));
555 break;
556 }
557
558 default:
559 return nullptr;
560 }
561 }
562 }
563
564 struct BIOData {
565 Protocol protocol;
566 CBS cbs;
567 };
568
MakeBIO(const uint8_t * in,size_t len)569 bssl::UniquePtr<BIO> MakeBIO(const uint8_t *in, size_t len) {
570 BIOData *b = new BIOData;
571 b->protocol = protocol_;
572 CBS_init(&b->cbs, in, len);
573
574 bssl::UniquePtr<BIO> bio(BIO_new(&kBIOMethod));
575 bio->init = 1;
576 bio->ptr = b;
577 return bio;
578 }
579
BIORead(BIO * bio,char * out,int len)580 static int BIORead(BIO *bio, char *out, int len) {
581 assert(bio->method == &kBIOMethod);
582 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
583 if (b->protocol == kTLS) {
584 len = std::min(static_cast<size_t>(len), CBS_len(&b->cbs));
585 memcpy(out, CBS_data(&b->cbs), len);
586 CBS_skip(&b->cbs, len);
587 return len;
588 }
589
590 // Preserve packet boundaries for DTLS.
591 CBS packet;
592 if (!CBS_get_u24_length_prefixed(&b->cbs, &packet)) {
593 return -1;
594 }
595 len = std::min(static_cast<size_t>(len), CBS_len(&packet));
596 memcpy(out, CBS_data(&packet), len);
597 return len;
598 }
599
BIODestroy(BIO * bio)600 static int BIODestroy(BIO *bio) {
601 assert(bio->method == &kBIOMethod);
602 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
603 delete b;
604 return 1;
605 }
606
607 static const BIO_METHOD kBIOMethod;
608
609 bool debug_;
610 Protocol protocol_;
611 Role role_;
612 bssl::UniquePtr<SSL_CTX> ctx_;
613 std::vector<uint8_t> handoff_, handback_;
614 };
615
616 const BIO_METHOD TLSFuzzer::kBIOMethod = {
617 0, // type
618 nullptr, // name
619 nullptr, // bwrite
620 TLSFuzzer::BIORead,
621 nullptr, // bputs
622 nullptr, // bgets
623 nullptr, // ctrl
624 nullptr, // create
625 TLSFuzzer::BIODestroy,
626 nullptr, // callback_ctrl
627 };
628
629 } // namespace
630
631
632 #endif // HEADER_SSL_TEST_FUZZER
633