1 /* Copyright (c) 2017, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #ifndef HEADER_SSL_TEST_FUZZER
16 #define HEADER_SSL_TEST_FUZZER
17
18 #include <assert.h>
19 #include <stdlib.h>
20 #include <string.h>
21
22 #include <algorithm>
23 #include <vector>
24
25 #include <openssl/bio.h>
26 #include <openssl/bytestring.h>
27 #include <openssl/err.h>
28 #include <openssl/evp.h>
29 #include <openssl/hpke.h>
30 #include <openssl/rand.h>
31 #include <openssl/rsa.h>
32 #include <openssl/ssl.h>
33 #include <openssl/x509.h>
34
35 #include "../../crypto/internal.h"
36 #include "./fuzzer_tags.h"
37
38 namespace {
39
40 const uint8_t kP256KeyPKCS8[] = {
41 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86,
42 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
43 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20,
44 0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf,
45 0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab,
46 0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42,
47 0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5,
48 0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90,
49 0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba,
50 0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73,
51 0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7,
52 0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec,
53 };
54
55 const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04};
56
57 const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08};
58
59 const uint8_t kCertificateDER[] = {
60 0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01,
61 0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb,
62 0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09,
63 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30,
64 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07,
65 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31,
66 0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a,
67 0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34,
68 0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55,
69 0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30,
70 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
71 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30,
72 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11,
73 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6,
74 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9,
75 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71,
76 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8,
77 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57,
78 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3,
79 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20,
80 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca,
81 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a,
82 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0,
83 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40,
84 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea,
85 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7,
86 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d,
87 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09,
88 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf,
89 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9,
90 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33,
91 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb,
92 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94,
93 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41,
94 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06,
95 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05,
96 0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a,
97 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c,
98 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00,
99 0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82,
100 0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67,
101 0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
102 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92,
103 0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae,
104 0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9,
105 0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a,
106 0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36,
107 0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef,
108 0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b,
109 0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e,
110 0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef,
111 0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5,
112 0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55,
113 0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17,
114 0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba,
115 0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34,
116 0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1,
117 0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39,
118 0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70,
119 0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb,
120 0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22,
121 0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90,
122 0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4,
123 0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58,
124 0x76, 0x8a, 0xbb,
125 };
126
127 const uint8_t kRSAPrivateKeyDER[] = {
128 0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
129 0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14,
130 0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc,
131 0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe,
132 0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac,
133 0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41,
134 0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e,
135 0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0,
136 0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5,
137 0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1,
138 0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23,
139 0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8,
140 0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15,
141 0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a,
142 0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21,
143 0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c,
144 0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46,
145 0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1,
146 0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41,
147 0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde,
148 0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7,
149 0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7,
150 0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
151 0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef,
152 0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08,
153 0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72,
154 0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81,
155 0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28,
156 0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce,
157 0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d,
158 0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf,
159 0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4,
160 0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c,
161 0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d,
162 0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51,
163 0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05,
164 0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16,
165 0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35,
166 0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17,
167 0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2,
168 0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd,
169 0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02,
170 0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6,
171 0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75,
172 0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46,
173 0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00,
174 0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b,
175 0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20,
176 0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c,
177 0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c,
178 0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72,
179 0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb,
180 0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26,
181 0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31,
182 0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78,
183 0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f,
184 0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d,
185 0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2,
186 0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3,
187 0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7,
188 0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80,
189 0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed,
190 0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4,
191 0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6,
192 0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b,
193 0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d,
194 0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c,
195 0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d,
196 0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05,
197 0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6,
198 0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0,
199 0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc,
200 0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b,
201 0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3,
202 0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9,
203 0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53,
204 0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e,
205 0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88,
206 0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85,
207 0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6,
208 0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b,
209 0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98,
210 0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f,
211 0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16,
212 0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a,
213 0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9,
214 0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7,
215 0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc,
216 0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7,
217 0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c,
218 0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05,
219 0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94,
220 0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81,
221 0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55,
222 0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a,
223 0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42,
224 0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c,
225 0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90,
226 0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50,
227 0x98, 0x46, 0x89, 0x82, 0x40,
228 };
229
230 const uint8_t kALPNProtocols[] = {
231 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
232 };
233
234 const uint8_t kECHKey[] = {
235 0x35, 0x6d, 0x45, 0x06, 0xb3, 0x88, 0x89, 0x2e, 0xd6, 0x87, 0x84,
236 0xd2, 0x2d, 0x6f, 0x83, 0x48, 0xad, 0xf2, 0xfd, 0x08, 0x51, 0x73,
237 0x10, 0xa0, 0xb8, 0xdd, 0xe9, 0x96, 0x6a, 0xde, 0xbc, 0x82,
238 };
239
ALPNSelectCallback(SSL * ssl,const uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)240 int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len,
241 const uint8_t *in, unsigned in_len, void *arg) {
242 static const uint8_t kProtocol[] = {'a', 'a'};
243 *out = kProtocol;
244 *out_len = sizeof(kProtocol);
245 return SSL_TLSEXT_ERR_OK;
246 }
247
NPNSelectCallback(SSL * ssl,uint8_t ** out,uint8_t * out_len,const uint8_t * in,unsigned in_len,void * arg)248 int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len,
249 const uint8_t *in, unsigned in_len, void *arg) {
250 static const uint8_t kProtocol[] = {'a', 'a'};
251 *out = const_cast<uint8_t *>(kProtocol);
252 *out_len = sizeof(kProtocol);
253 return SSL_TLSEXT_ERR_OK;
254 }
255
NPNAdvertiseCallback(SSL * ssl,const uint8_t ** out,unsigned * out_len,void * arg)256 int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out, unsigned *out_len,
257 void *arg) {
258 static const uint8_t kProtocols[] = {
259 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
260 };
261 *out = kProtocols;
262 *out_len = sizeof(kProtocols);
263 return SSL_TLSEXT_ERR_OK;
264 }
265
266 class TLSFuzzer {
267 public:
268 enum Protocol {
269 kTLS,
270 kDTLS,
271 };
272
273 enum Role {
274 kClient,
275 kServer,
276 };
277
TLSFuzzer(Protocol protocol,Role role)278 TLSFuzzer(Protocol protocol, Role role)
279 : debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr),
280 protocol_(protocol),
281 role_(role) {
282 if (!Init()) {
283 abort();
284 }
285 }
286
MoveBIOs(SSL * dest,SSL * src)287 static void MoveBIOs(SSL *dest, SSL *src) {
288 BIO *rbio = SSL_get_rbio(src);
289 BIO_up_ref(rbio);
290 SSL_set0_rbio(dest, rbio);
291
292 BIO *wbio = SSL_get_wbio(src);
293 BIO_up_ref(wbio);
294 SSL_set0_wbio(dest, wbio);
295
296 SSL_set0_rbio(src, nullptr);
297 SSL_set0_wbio(src, nullptr);
298 }
299
TestOneInput(const uint8_t * buf,size_t len)300 int TestOneInput(const uint8_t *buf, size_t len) {
301 RAND_reset_for_fuzzing();
302
303 CBS cbs;
304 CBS_init(&cbs, buf, len);
305 bssl::UniquePtr<SSL> ssl = SetupTest(&cbs);
306 if (!ssl) {
307 if (debug_) {
308 fprintf(stderr, "Error parsing parameters.\n");
309 }
310 return 0;
311 }
312
313 if (role_ == kClient) {
314 SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely);
315 SSL_set_tlsext_host_name(ssl.get(), "hostname");
316 }
317
318 // ssl_handoff may or may not be used.
319 bssl::UniquePtr<SSL> ssl_handoff(SSL_new(ctx_.get()));
320 bssl::UniquePtr<SSL> ssl_handback(SSL_new(ctx_.get()));
321 SSL_set_accept_state(ssl_handoff.get());
322
323 SSL_set0_rbio(ssl.get(), MakeBIO(CBS_data(&cbs), CBS_len(&cbs)).release());
324 SSL_set0_wbio(ssl.get(), BIO_new(BIO_s_mem()));
325
326 SSL *ssl_handshake = ssl.get();
327 bool handshake_successful = false;
328 bool handback_successful = false;
329 for (;;) {
330 int ret = SSL_do_handshake(ssl_handshake);
331 if (ret < 0 && SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDOFF) {
332 MoveBIOs(ssl_handoff.get(), ssl.get());
333 // Ordinarily we would call SSL_serialize_handoff(ssl.get(). But for
334 // fuzzing, use the serialized handoff that's getting fuzzed.
335 if (!bssl::SSL_apply_handoff(ssl_handoff.get(), handoff_)) {
336 if (debug_) {
337 fprintf(stderr, "Handoff failed.\n");
338 }
339 break;
340 }
341 ssl_handshake = ssl_handoff.get();
342 } else if (ret < 0 &&
343 SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDBACK) {
344 MoveBIOs(ssl_handback.get(), ssl_handoff.get());
345 if (!bssl::SSL_apply_handback(ssl_handback.get(), handback_)) {
346 if (debug_) {
347 fprintf(stderr, "Handback failed.\n");
348 }
349 break;
350 }
351 handback_successful = true;
352 ssl_handshake = ssl_handback.get();
353 } else {
354 handshake_successful = ret == 1;
355 break;
356 }
357 }
358
359 if (debug_) {
360 if (!handshake_successful) {
361 fprintf(stderr, "Handshake failed.\n");
362 } else if (handback_successful) {
363 fprintf(stderr, "Handback successful.\n");
364 }
365 }
366
367 if (handshake_successful) {
368 // Keep reading application data until error or EOF.
369 uint8_t tmp[1024];
370 for (;;) {
371 if (SSL_read(ssl_handshake, tmp, sizeof(tmp)) <= 0) {
372 break;
373 }
374 }
375 }
376
377 if (debug_) {
378 ERR_print_errors_fp(stderr);
379 }
380 ERR_clear_error();
381 return 0;
382 }
383
384 private:
385 // Init initializes |ctx_| with settings common to all inputs.
Init()386 bool Init() {
387 ctx_.reset(SSL_CTX_new(protocol_ == kDTLS ? DTLS_method() : TLS_method()));
388 bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new());
389 bssl::UniquePtr<RSA> privkey(RSA_private_key_from_bytes(
390 kRSAPrivateKeyDER, sizeof(kRSAPrivateKeyDER)));
391 if (!ctx_ || !privkey || !pkey ||
392 !EVP_PKEY_set1_RSA(pkey.get(), privkey.get()) ||
393 !SSL_CTX_use_PrivateKey(ctx_.get(), pkey.get())) {
394 return false;
395 }
396
397 const uint8_t *bufp = kCertificateDER;
398 bssl::UniquePtr<X509> cert(d2i_X509(NULL, &bufp, sizeof(kCertificateDER)));
399 if (!cert ||
400 !SSL_CTX_use_certificate(ctx_.get(), cert.get()) ||
401 !SSL_CTX_set_ocsp_response(ctx_.get(), kOCSPResponse,
402 sizeof(kOCSPResponse)) ||
403 !SSL_CTX_set_signed_cert_timestamp_list(ctx_.get(), kSCT,
404 sizeof(kSCT))) {
405 return false;
406 }
407
408 // When accepting peer certificates, allow any certificate.
409 SSL_CTX_set_cert_verify_callback(
410 ctx_.get(),
411 [](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; }, nullptr);
412
413 SSL_CTX_enable_signed_cert_timestamps(ctx_.get());
414 SSL_CTX_enable_ocsp_stapling(ctx_.get());
415
416 // Enable versions and ciphers that are off by default.
417 if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:3DES")) {
418 return false;
419 }
420
421 static const uint16_t kGroups[] = {
422 SSL_GROUP_X25519_KYBER768_DRAFT00, SSL_GROUP_X25519,
423 SSL_GROUP_SECP256R1, SSL_GROUP_SECP384R1, SSL_GROUP_SECP521R1};
424 if (!SSL_CTX_set1_group_ids(ctx_.get(), kGroups,
425 OPENSSL_ARRAY_SIZE(kGroups))) {
426 return false;
427 }
428
429 SSL_CTX_set_early_data_enabled(ctx_.get(), 1);
430
431 SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr);
432 SSL_CTX_set_next_protos_advertised_cb(ctx_.get(), NPNAdvertiseCallback,
433 nullptr);
434
435 SSL_CTX_set_alpn_select_cb(ctx_.get(), ALPNSelectCallback, nullptr);
436 if (SSL_CTX_set_alpn_protos(ctx_.get(), kALPNProtocols,
437 sizeof(kALPNProtocols)) != 0) {
438 return false;
439 }
440
441 CBS cbs;
442 CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8));
443 pkey.reset(EVP_parse_private_key(&cbs));
444 if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx_.get(), pkey.get())) {
445 return false;
446 }
447 SSL_CTX_set_tls_channel_id_enabled(ctx_.get(), 1);
448
449 if (role_ == kServer) {
450 bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new());
451 bssl::ScopedEVP_HPKE_KEY key;
452 uint8_t *ech_config;
453 size_t ech_config_len;
454 if (!keys ||
455 !EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(), kECHKey,
456 sizeof(kECHKey)) ||
457 // Match |echConfig| in |addEncryptedClientHelloTests| from runner.go.
458 !SSL_marshal_ech_config(&ech_config, &ech_config_len,
459 /*config_id=*/42, key.get(), "public.example",
460 /*max_name_len=*/64)) {
461 return false;
462 }
463 bssl::UniquePtr<uint8_t> free_ech_config(ech_config);
464 if (!SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/true, ech_config,
465 ech_config_len, key.get()) ||
466 !SSL_CTX_set1_ech_keys(ctx_.get(), keys.get())) {
467 return false;
468 }
469 }
470
471 return true;
472 }
473
474 // SetupTest parses parameters from |cbs| and returns a newly-configured |SSL|
475 // object or nullptr on error. On success, the caller should feed the
476 // remaining input in |cbs| to the SSL stack.
SetupTest(CBS * cbs)477 bssl::UniquePtr<SSL> SetupTest(CBS *cbs) {
478 // |ctx| is shared between runs, so we must clear any modifications to it
479 // made later on in this function.
480 SSL_CTX_flush_sessions(ctx_.get(), 0);
481 handoff_ = {};
482 handback_ = {};
483
484 bssl::UniquePtr<SSL> ssl(SSL_new(ctx_.get()));
485 if (role_ == kServer) {
486 SSL_set_accept_state(ssl.get());
487 } else {
488 SSL_set_connect_state(ssl.get());
489 }
490
491 for (;;) {
492 uint16_t tag;
493 if (!CBS_get_u16(cbs, &tag)) {
494 return nullptr;
495 }
496 switch (tag) {
497 case kDataTag:
498 return ssl;
499
500 case kSessionTag: {
501 CBS data;
502 if (!CBS_get_u24_length_prefixed(cbs, &data)) {
503 return nullptr;
504 }
505 bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes(
506 CBS_data(&data), CBS_len(&data), ctx_.get()));
507 if (!session) {
508 return nullptr;
509 }
510
511 if (role_ == kServer) {
512 SSL_CTX_add_session(ctx_.get(), session.get());
513 } else {
514 SSL_set_session(ssl.get(), session.get());
515 }
516 break;
517 }
518
519 case kRequestClientCert:
520 if (role_ == kClient) {
521 return nullptr;
522 }
523 SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr);
524 break;
525
526 case kHandoffTag: {
527 CBS handoff;
528 if (!CBS_get_u24_length_prefixed(cbs, &handoff)) {
529 return nullptr;
530 }
531 handoff_.assign(CBS_data(&handoff),
532 CBS_data(&handoff) + CBS_len(&handoff));
533 bssl::SSL_set_handoff_mode(ssl.get(), 1);
534 break;
535 }
536
537 case kHandbackTag: {
538 CBS handback;
539 if (!CBS_get_u24_length_prefixed(cbs, &handback)) {
540 return nullptr;
541 }
542 handback_.assign(CBS_data(&handback),
543 CBS_data(&handback) + CBS_len(&handback));
544 bssl::SSL_set_handoff_mode(ssl.get(), 1);
545 break;
546 }
547
548 case kHintsTag: {
549 CBS hints;
550 if (!CBS_get_u24_length_prefixed(cbs, &hints)) {
551 return nullptr;
552 }
553 SSL_set_handshake_hints(ssl.get(), CBS_data(&hints), CBS_len(&hints));
554 break;
555 }
556
557 default:
558 return nullptr;
559 }
560 }
561 }
562
563 struct BIOData {
564 Protocol protocol;
565 CBS cbs;
566 };
567
MakeBIO(const uint8_t * in,size_t len)568 bssl::UniquePtr<BIO> MakeBIO(const uint8_t *in, size_t len) {
569 BIOData *b = new BIOData;
570 b->protocol = protocol_;
571 CBS_init(&b->cbs, in, len);
572
573 bssl::UniquePtr<BIO> bio(BIO_new(&kBIOMethod));
574 bio->init = 1;
575 bio->ptr = b;
576 return bio;
577 }
578
BIORead(BIO * bio,char * out,int len)579 static int BIORead(BIO *bio, char *out, int len) {
580 assert(bio->method == &kBIOMethod);
581 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
582 if (b->protocol == kTLS) {
583 len = std::min(static_cast<size_t>(len), CBS_len(&b->cbs));
584 memcpy(out, CBS_data(&b->cbs), len);
585 CBS_skip(&b->cbs, len);
586 return len;
587 }
588
589 // Preserve packet boundaries for DTLS.
590 CBS packet;
591 if (!CBS_get_u24_length_prefixed(&b->cbs, &packet)) {
592 return -1;
593 }
594 len = std::min(static_cast<size_t>(len), CBS_len(&packet));
595 memcpy(out, CBS_data(&packet), len);
596 return len;
597 }
598
BIODestroy(BIO * bio)599 static int BIODestroy(BIO *bio) {
600 assert(bio->method == &kBIOMethod);
601 BIOData *b = reinterpret_cast<BIOData *>(bio->ptr);
602 delete b;
603 return 1;
604 }
605
606 static const BIO_METHOD kBIOMethod;
607
608 bool debug_;
609 Protocol protocol_;
610 Role role_;
611 bssl::UniquePtr<SSL_CTX> ctx_;
612 std::vector<uint8_t> handoff_, handback_;
613 };
614
615 const BIO_METHOD TLSFuzzer::kBIOMethod = {
616 0, // type
617 nullptr, // name
618 nullptr, // bwrite
619 TLSFuzzer::BIORead,
620 nullptr, // bputs
621 nullptr, // bgets
622 nullptr, // ctrl
623 nullptr, // create
624 TLSFuzzer::BIODestroy,
625 nullptr, // callback_ctrl
626 };
627
628 } // namespace
629
630
631 #endif // HEADER_SSL_TEST_FUZZER
632