Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Mirror of BoringSSL (grpc依赖) https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
816 Commits
61 Branches
23 Tags
511 MiB
Tag: Branch: Tree: 227ff6e642
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '227ff6e642'
${ noResults }
boringssl/fuzz/decode_client_hello_inner.cc

53 lines
1.9 KiB
Raw Normal View History Unescape

Add ECH server (draft-ietf-tls-esni-09). This CL adds an initial implementation of the ECH server, with pieces of the client in BoGo as necessary for testing. In particular, the server supports ClientHelloInner compression with ech_outer_extensions. When ECH decryption fails, it can send retry_configs back to the client. This server passes the "ech-accept" and "ech-reject" test cases in tls-interop-runner[0] when tested against both the cloudflare-go and nss clients. For reproducibility, I started with the main branch at commit 707604c262d8bcf3e944ed1d5a675077304732ce and updated the endpoint's script to pass the server's ECHConfig and private key to the boringssl tool. Follow-up CLs will update HPKE to the latest draft and catch us up to draft-10. [0]: https://github.com/xvzcf/tls-interop-runner Bug: 275 Change-Id: I49be35af46d1fd5dd9c62252f07d0bae179381ab Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45285 Reviewed-by: David Benjamin <davidben@google.com> Commit-Queue: David Benjamin <davidben@google.com>
4 years ago
/* Copyright (c) 2021, Google Inc.
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
#include <openssl/bytestring.h>
#include <openssl/ssl.h>
#include <openssl/span.h>
#include "../ssl/internal.h"
extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
static bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
static bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
CBS reader(bssl::MakeConstSpan(buf, len));
CBS encoded_client_hello_inner_cbs;
if (!CBS_get_u24_length_prefixed(&reader, &encoded_client_hello_inner_cbs)) {
return 0;
}
bssl::Array<uint8_t> encoded_client_hello_inner;
if (!encoded_client_hello_inner.CopyFrom(encoded_client_hello_inner_cbs)) {
return 0;
}
// Use the remaining bytes in |reader| as the ClientHelloOuter.
SSL_CLIENT_HELLO client_hello_outer;
if (!bssl::ssl_client_hello_init(ssl.get(), &client_hello_outer, reader)) {
return 0;
}
// Recover the ClientHelloInner from the EncodedClientHelloInner and
// ClientHelloOuter.
uint8_t alert_unused;
bssl::Array<uint8_t> client_hello_inner;
bssl::ssl_decode_client_hello_inner(
ssl.get(), &alert_unused, &client_hello_inner, encoded_client_hello_inner,
&client_hello_outer);
return 0;
}