Chiebot-Mirror
/
boringssl
8
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix the TLS fuzzers for ECH draft-13.

Browse Source 
Replace the hardcoded ECH config, which wasn't updated for draft-13,
with a call to SSL_marshal_ech_config.

Bug: 275, oss-fuzz:38054
Change-Id: I10c12b22015c9c0cb90dd6185eb375153a2531f4
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/49445
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
grpc-202302
David Benjamin 4 years ago committed by Adam Langley
parent 62c4f15478
commit 27a3328a37
1 changed files with 11 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      ssl/test/fuzzer.h

23
ssl/test/fuzzer.h
Unescape View File

@ -231,16 +231,6 @@ const uint8_t kALPNProtocols[] = {
0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a', 0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a',
}; };
const uint8_t kECHConfig[] = {
0xfe, 0x0a, 0x00, 0x47, 0x2a, 0x00, 0x20, 0x00, 0x20, 0x6c, 0x55,
0x96, 0x41, 0x3d, 0x12, 0x4e, 0x63, 0x3d, 0x39, 0x7a, 0xe9, 0xbc,
0xec, 0xb2, 0x55, 0xd0, 0xe6, 0xaa, 0xbd, 0xa9, 0x79, 0xb8, 0x86,
0x9a, 0x13, 0x61, 0xc6, 0x69, 0xac, 0xb4, 0x21, 0x00, 0x0c, 0x00,
0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x03,
0x00, 0x10, 0x00, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2e,
0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x00, 0x00,
};
const uint8_t kECHKey[] = { const uint8_t kECHKey[] = {
0x35, 0x6d, 0x45, 0x06, 0xb3, 0x88, 0x89, 0x2e, 0xd6, 0x87, 0x84, 0x35, 0x6d, 0x45, 0x06, 0xb3, 0x88, 0x89, 0x2e, 0xd6, 0x87, 0x84,
0xd2, 0x2d, 0x6f, 0x83, 0x48, 0xad, 0xf2, 0xfd, 0x08, 0x51, 0x73, 0xd2, 0x2d, 0x6f, 0x83, 0x48, 0xad, 0xf2, 0xfd, 0x08, 0x51, 0x73,
@ -458,11 +448,20 @@ class TLSFuzzer {
if (role_ == kServer) { if (role_ == kServer) {
bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new()); bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new());
bssl::ScopedEVP_HPKE_KEY key; bssl::ScopedEVP_HPKE_KEY key;
uint8_t *ech_config;
size_t ech_config_len;
if (!keys || if (!keys ||
!EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(), kECHKey, !EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(), kECHKey,
sizeof(kECHKey)) || sizeof(kECHKey)) ||
!SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/true, kECHConfig, // Match |echConfig| in |addEncryptedClientHelloTests| from runner.go.
sizeof(kECHConfig), key.get()) || !SSL_marshal_ech_config(&ech_config, &ech_config_len,
/*config_id=*/42, key.get(), "public.example",
/*max_name_len=*/64)) {
return false;
}
bssl::UniquePtr<uint8_t> free_ech_config(ech_config);
if (!SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/true, ech_config,
ech_config_len, key.get()) ||
!SSL_CTX_set1_ech_keys(ctx_.get(), keys.get())) { !SSL_CTX_set1_ech_keys(ctx_.get(), keys.get())) {
return false; return false;
} }

Write Preview
Loading…
Cancel
Save