Mirror of BoringSSL (grpc依赖)
https://boringssl.googlesource.com/boringssl
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
631 lines
26 KiB
631 lines
26 KiB
/* Copyright (c) 2017, Google Inc. |
|
* |
|
* Permission to use, copy, modify, and/or distribute this software for any |
|
* purpose with or without fee is hereby granted, provided that the above |
|
* copyright notice and this permission notice appear in all copies. |
|
* |
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES |
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF |
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY |
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES |
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION |
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN |
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ |
|
|
|
#ifndef HEADER_SSL_TEST_FUZZER |
|
#define HEADER_SSL_TEST_FUZZER |
|
|
|
#include <assert.h> |
|
#include <stdlib.h> |
|
#include <string.h> |
|
|
|
#include <algorithm> |
|
#include <vector> |
|
|
|
#include <openssl/bio.h> |
|
#include <openssl/bytestring.h> |
|
#include <openssl/err.h> |
|
#include <openssl/evp.h> |
|
#include <openssl/hpke.h> |
|
#include <openssl/rand.h> |
|
#include <openssl/rsa.h> |
|
#include <openssl/ssl.h> |
|
#include <openssl/x509.h> |
|
|
|
#include "../../crypto/internal.h" |
|
#include "./fuzzer_tags.h" |
|
|
|
namespace { |
|
|
|
const uint8_t kP256KeyPKCS8[] = { |
|
0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, |
|
0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, |
|
0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, |
|
0x43, 0x09, 0xc0, 0x67, 0x75, 0x21, 0x47, 0x9d, 0xa8, 0xfa, 0x16, 0xdf, |
|
0x15, 0x73, 0x61, 0x34, 0x68, 0x6f, 0xe3, 0x8e, 0x47, 0x91, 0x95, 0xab, |
|
0x79, 0x4a, 0x72, 0x14, 0xcb, 0xe2, 0x49, 0x4f, 0xa1, 0x44, 0x03, 0x42, |
|
0x00, 0x04, 0xde, 0x09, 0x08, 0x07, 0x03, 0x2e, 0x8f, 0x37, 0x9a, 0xd5, |
|
0xad, 0xe5, 0xc6, 0x9d, 0xd4, 0x63, 0xc7, 0x4a, 0xe7, 0x20, 0xcb, 0x90, |
|
0xa0, 0x1f, 0x18, 0x18, 0x72, 0xb5, 0x21, 0x88, 0x38, 0xc0, 0xdb, 0xba, |
|
0xf6, 0x99, 0xd8, 0xa5, 0x3b, 0x83, 0xe9, 0xe3, 0xd5, 0x61, 0x99, 0x73, |
|
0x42, 0xc6, 0x6c, 0xe8, 0x0a, 0x95, 0x40, 0x41, 0x3b, 0x0d, 0x10, 0xa7, |
|
0x4a, 0x93, 0xdb, 0x5a, 0xe7, 0xec, |
|
}; |
|
|
|
const uint8_t kOCSPResponse[] = {0x01, 0x02, 0x03, 0x04}; |
|
|
|
const uint8_t kSCT[] = {0x00, 0x06, 0x00, 0x04, 0x05, 0x06, 0x07, 0x08}; |
|
|
|
const uint8_t kCertificateDER[] = { |
|
0x30, 0x82, 0x02, 0xff, 0x30, 0x82, 0x01, 0xe7, 0xa0, 0x03, 0x02, 0x01, |
|
0x02, 0x02, 0x11, 0x00, 0xb1, 0x84, 0xee, 0x34, 0x99, 0x98, 0x76, 0xfb, |
|
0x6f, 0xb2, 0x15, 0xc8, 0x47, 0x79, 0x05, 0x9b, 0x30, 0x0d, 0x06, 0x09, |
|
0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, |
|
0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x07, |
|
0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, 0x1e, 0x17, 0x0d, 0x31, |
|
0x35, 0x31, 0x31, 0x30, 0x37, 0x30, 0x30, 0x32, 0x34, 0x35, 0x36, 0x5a, |
|
0x17, 0x0d, 0x31, 0x36, 0x31, 0x31, 0x30, 0x36, 0x30, 0x30, 0x32, 0x34, |
|
0x35, 0x36, 0x5a, 0x30, 0x12, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, |
|
0x04, 0x0a, 0x13, 0x07, 0x41, 0x63, 0x6d, 0x65, 0x20, 0x43, 0x6f, 0x30, |
|
0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, |
|
0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, |
|
0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xce, 0x47, 0xcb, 0x11, |
|
0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, 0xaf, 0xc7, 0xea, 0xb6, |
|
0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, 0xfc, 0x59, 0x42, 0xb9, |
|
0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, 0xac, 0x03, 0x9e, 0x71, |
|
0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, 0x65, 0xf6, 0x03, 0xc8, |
|
0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, 0x92, 0x74, 0xa6, 0x57, |
|
0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, 0x63, 0x88, 0x22, 0xe3, |
|
0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, 0x4c, 0xf2, 0x3c, 0x20, |
|
0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, 0xc9, 0x48, 0xa0, 0xca, |
|
0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, 0xe3, 0x43, 0xc1, 0x2a, |
|
0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, 0x74, 0xa7, 0x37, 0xb0, |
|
0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, 0xf6, 0xdb, 0x86, 0x40, |
|
0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, 0x2a, 0x23, 0xca, 0xea, |
|
0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, 0x49, 0x49, 0x0e, 0xe7, |
|
0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, 0x0c, 0x26, 0x2b, 0x5d, |
|
0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, 0xf3, 0x3b, 0xf3, 0x09, |
|
0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, 0x8f, 0x76, 0x50, 0xbf, |
|
0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, 0x77, 0xd0, 0xfb, 0xa9, |
|
0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, 0x67, 0x01, 0xbe, 0x33, |
|
0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, 0x5d, 0xc1, 0xe8, 0xbb, |
|
0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, 0x18, 0xab, 0x0f, 0x94, |
|
0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, 0x05, 0x47, 0x10, 0x41, |
|
0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0e, 0x06, |
|
0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x05, |
|
0xa0, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, |
|
0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x30, 0x0c, |
|
0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, |
|
0x30, 0x19, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x12, 0x30, 0x10, 0x82, |
|
0x0e, 0x66, 0x75, 0x7a, 0x7a, 0x2e, 0x62, 0x6f, 0x72, 0x69, 0x6e, 0x67, |
|
0x73, 0x73, 0x6c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, |
|
0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92, |
|
0xde, 0xef, 0x96, 0x06, 0x7b, 0xff, 0x71, 0x7d, 0x4e, 0xa0, 0x7d, 0xae, |
|
0xb8, 0x22, 0xb4, 0x2c, 0xf7, 0x96, 0x9c, 0x37, 0x1d, 0x8f, 0xe7, 0xd9, |
|
0x47, 0xff, 0x3f, 0xe9, 0x35, 0x95, 0x0e, 0xdd, 0xdc, 0x7f, 0xc8, 0x8a, |
|
0x1e, 0x36, 0x1d, 0x38, 0x47, 0xfc, 0x76, 0xd2, 0x1f, 0x98, 0xa1, 0x36, |
|
0xac, 0xc8, 0x70, 0x38, 0x0a, 0x3d, 0x51, 0x8d, 0x0f, 0x03, 0x1b, 0xef, |
|
0x62, 0xa1, 0xcb, 0x2b, 0x4a, 0x8c, 0x12, 0x2b, 0x54, 0x50, 0x9a, 0x6b, |
|
0xfe, 0xaf, 0xd9, 0xf6, 0xbf, 0x58, 0x11, 0x58, 0x5e, 0xe5, 0x86, 0x1e, |
|
0x3b, 0x6b, 0x30, 0x7e, 0x72, 0x89, 0xe8, 0x6b, 0x7b, 0xb7, 0xaf, 0xef, |
|
0x8b, 0xa9, 0x3e, 0xb0, 0xcd, 0x0b, 0xef, 0xb0, 0x0c, 0x96, 0x2b, 0xc5, |
|
0x3b, 0xd5, 0xf1, 0xc2, 0xae, 0x3a, 0x60, 0xd9, 0x0f, 0x75, 0x37, 0x55, |
|
0x4d, 0x62, 0xd2, 0xed, 0x96, 0xac, 0x30, 0x6b, 0xda, 0xa1, 0x48, 0x17, |
|
0x96, 0x23, 0x85, 0x9a, 0x57, 0x77, 0xe9, 0x22, 0xa2, 0x37, 0x03, 0xba, |
|
0x49, 0x77, 0x40, 0x3b, 0x76, 0x4b, 0xda, 0xc1, 0x04, 0x57, 0x55, 0x34, |
|
0x22, 0x83, 0x45, 0x29, 0xab, 0x2e, 0x11, 0xff, 0x0d, 0xab, 0x55, 0xb1, |
|
0xa7, 0x58, 0x59, 0x05, 0x25, 0xf9, 0x1e, 0x3d, 0xb7, 0xac, 0x04, 0x39, |
|
0x2c, 0xf9, 0xaf, 0xb8, 0x68, 0xfb, 0x8e, 0x35, 0x71, 0x32, 0xff, 0x70, |
|
0xe9, 0x46, 0x6d, 0x5c, 0x06, 0x90, 0x88, 0x23, 0x48, 0x0c, 0x50, 0xeb, |
|
0x0a, 0xa9, 0xae, 0xe8, 0xfc, 0xbe, 0xa5, 0x76, 0x94, 0xd7, 0x64, 0x22, |
|
0x38, 0x98, 0x17, 0xa4, 0x3a, 0xa7, 0x59, 0x9f, 0x1d, 0x3b, 0x75, 0x90, |
|
0x1a, 0x81, 0xef, 0x19, 0xfb, 0x2b, 0xb7, 0xa7, 0x64, 0x61, 0x22, 0xa4, |
|
0x6f, 0x7b, 0xfa, 0x58, 0xbb, 0x8c, 0x4e, 0x77, 0x67, 0xd0, 0x5d, 0x58, |
|
0x76, 0x8a, 0xbb, |
|
}; |
|
|
|
const uint8_t kRSAPrivateKeyDER[] = { |
|
0x30, 0x82, 0x04, 0xa5, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, |
|
0xce, 0x47, 0xcb, 0x11, 0xbb, 0xd2, 0x9d, 0x8e, 0x9e, 0xd2, 0x1e, 0x14, |
|
0xaf, 0xc7, 0xea, 0xb6, 0xc9, 0x38, 0x2a, 0x6f, 0xb3, 0x7e, 0xfb, 0xbc, |
|
0xfc, 0x59, 0x42, 0xb9, 0x56, 0xf0, 0x4c, 0x3f, 0xf7, 0x31, 0x84, 0xbe, |
|
0xac, 0x03, 0x9e, 0x71, 0x91, 0x85, 0xd8, 0x32, 0xbd, 0x00, 0xea, 0xac, |
|
0x65, 0xf6, 0x03, 0xc8, 0x0f, 0x8b, 0xfd, 0x6e, 0x58, 0x88, 0x04, 0x41, |
|
0x92, 0x74, 0xa6, 0x57, 0x2e, 0x8e, 0x88, 0xd5, 0x3d, 0xda, 0x14, 0x3e, |
|
0x63, 0x88, 0x22, 0xe3, 0x53, 0xe9, 0xba, 0x39, 0x09, 0xac, 0xfb, 0xd0, |
|
0x4c, 0xf2, 0x3c, 0x20, 0xd6, 0x97, 0xe6, 0xed, 0xf1, 0x62, 0x1e, 0xe5, |
|
0xc9, 0x48, 0xa0, 0xca, 0x2e, 0x3c, 0x14, 0x5a, 0x82, 0xd4, 0xed, 0xb1, |
|
0xe3, 0x43, 0xc1, 0x2a, 0x59, 0xa5, 0xb9, 0xc8, 0x48, 0xa7, 0x39, 0x23, |
|
0x74, 0xa7, 0x37, 0xb0, 0x6f, 0xc3, 0x64, 0x99, 0x6c, 0xa2, 0x82, 0xc8, |
|
0xf6, 0xdb, 0x86, 0x40, 0xce, 0xd1, 0x85, 0x9f, 0xce, 0x69, 0xf4, 0x15, |
|
0x2a, 0x23, 0xca, 0xea, 0xb7, 0x7b, 0xdf, 0xfb, 0x43, 0x5f, 0xff, 0x7a, |
|
0x49, 0x49, 0x0e, 0xe7, 0x02, 0x51, 0x45, 0x13, 0xe8, 0x90, 0x64, 0x21, |
|
0x0c, 0x26, 0x2b, 0x5d, 0xfc, 0xe4, 0xb5, 0x86, 0x89, 0x43, 0x22, 0x4c, |
|
0xf3, 0x3b, 0xf3, 0x09, 0xc4, 0xa4, 0x10, 0x80, 0xf2, 0x46, 0xe2, 0x46, |
|
0x8f, 0x76, 0x50, 0xbf, 0xaf, 0x2b, 0x90, 0x1b, 0x78, 0xc7, 0xcf, 0xc1, |
|
0x77, 0xd0, 0xfb, 0xa9, 0xfb, 0xc9, 0x66, 0x5a, 0xc5, 0x9b, 0x31, 0x41, |
|
0x67, 0x01, 0xbe, 0x33, 0x10, 0xba, 0x05, 0x58, 0xed, 0x76, 0x53, 0xde, |
|
0x5d, 0xc1, 0xe8, 0xbb, 0x9f, 0xf1, 0xcd, 0xfb, 0xdf, 0x64, 0x7f, 0xd7, |
|
0x18, 0xab, 0x0f, 0x94, 0x28, 0x95, 0x4a, 0xcc, 0x6a, 0xa9, 0x50, 0xc7, |
|
0x05, 0x47, 0x10, 0x41, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, |
|
0x01, 0x00, 0xa8, 0x47, 0xb9, 0x4a, 0x06, 0x47, 0x93, 0x71, 0x3d, 0xef, |
|
0x7b, 0xca, 0xb4, 0x7c, 0x0a, 0xe6, 0x82, 0xd0, 0xe7, 0x0d, 0xa9, 0x08, |
|
0xf6, 0xa4, 0xfd, 0xd8, 0x73, 0xae, 0x6f, 0x56, 0x29, 0x5e, 0x25, 0x72, |
|
0xa8, 0x30, 0x44, 0x73, 0xcf, 0x56, 0x26, 0xb9, 0x61, 0xde, 0x42, 0x81, |
|
0xf4, 0xf0, 0x1f, 0x5d, 0xcb, 0x47, 0xf2, 0x26, 0xe9, 0xe0, 0x93, 0x28, |
|
0xa3, 0x10, 0x3b, 0x42, 0x1e, 0x51, 0x11, 0x12, 0x06, 0x5e, 0xaf, 0xce, |
|
0xb0, 0xa5, 0x14, 0xdd, 0x82, 0x58, 0xa1, 0xa4, 0x12, 0xdf, 0x65, 0x1d, |
|
0x51, 0x70, 0x64, 0xd5, 0x58, 0x68, 0x11, 0xa8, 0x6a, 0x23, 0xc2, 0xbf, |
|
0xa1, 0x25, 0x24, 0x47, 0xb3, 0xa4, 0x3c, 0x83, 0x96, 0xb7, 0x1f, 0xf4, |
|
0x44, 0xd4, 0xd1, 0xe9, 0xfc, 0x33, 0x68, 0x5e, 0xe2, 0x68, 0x99, 0x9c, |
|
0x91, 0xe8, 0x72, 0xc9, 0xd7, 0x8c, 0x80, 0x20, 0x8e, 0x77, 0x83, 0x4d, |
|
0xe4, 0xab, 0xf9, 0x74, 0xa1, 0xdf, 0xd3, 0xc0, 0x0d, 0x5b, 0x05, 0x51, |
|
0xc2, 0x6f, 0xb2, 0x91, 0x02, 0xec, 0xc0, 0x02, 0x1a, 0x5c, 0x91, 0x05, |
|
0xf1, 0xe3, 0xfa, 0x65, 0xc2, 0xad, 0x24, 0xe6, 0xe5, 0x3c, 0xb6, 0x16, |
|
0xf1, 0xa1, 0x67, 0x1a, 0x9d, 0x37, 0x56, 0xbf, 0x01, 0xd7, 0x3b, 0x35, |
|
0x30, 0x57, 0x73, 0xf4, 0xf0, 0x5e, 0xa7, 0xe8, 0x0a, 0xc1, 0x94, 0x17, |
|
0xcf, 0x0a, 0xbd, 0xf5, 0x31, 0xa7, 0x2d, 0xf7, 0xf5, 0xd9, 0x8c, 0xc2, |
|
0x01, 0xbd, 0xda, 0x16, 0x8e, 0xb9, 0x30, 0x40, 0xa6, 0x6e, 0xbd, 0xcd, |
|
0x4d, 0x84, 0x67, 0x4e, 0x0b, 0xce, 0xd5, 0xef, 0xf8, 0x08, 0x63, 0x02, |
|
0xc6, 0xc7, 0xf7, 0x67, 0x92, 0xe2, 0x23, 0x9d, 0x27, 0x22, 0x1d, 0xc6, |
|
0x67, 0x5e, 0x66, 0xbf, 0x03, 0xb8, 0xa9, 0x67, 0xd4, 0x39, 0xd8, 0x75, |
|
0xfa, 0xe8, 0xed, 0x56, 0xb8, 0x81, 0x02, 0x81, 0x81, 0x00, 0xf7, 0x46, |
|
0x68, 0xc6, 0x13, 0xf8, 0xba, 0x0f, 0x83, 0xdb, 0x05, 0xa8, 0x25, 0x00, |
|
0x70, 0x9c, 0x9e, 0x8b, 0x12, 0x34, 0x0d, 0x96, 0xcf, 0x0d, 0x98, 0x9b, |
|
0x8d, 0x9c, 0x96, 0x78, 0xd1, 0x3c, 0x01, 0x8c, 0xb9, 0x35, 0x5c, 0x20, |
|
0x42, 0xb4, 0x38, 0xe3, 0xd6, 0x54, 0xe7, 0x55, 0xd6, 0x26, 0x8a, 0x0c, |
|
0xf6, 0x1f, 0xe0, 0x04, 0xc1, 0x22, 0x42, 0x19, 0x61, 0xc4, 0x94, 0x7c, |
|
0x07, 0x2e, 0x80, 0x52, 0xfe, 0x8d, 0xe6, 0x92, 0x3a, 0x91, 0xfe, 0x72, |
|
0x99, 0xe1, 0x2a, 0x73, 0x76, 0xb1, 0x24, 0x20, 0x67, 0xde, 0x28, 0xcb, |
|
0x0e, 0xe6, 0x52, 0xb5, 0xfa, 0xfb, 0x8b, 0x1e, 0x6a, 0x1d, 0x09, 0x26, |
|
0xb9, 0xa7, 0x61, 0xba, 0xf8, 0x79, 0xd2, 0x66, 0x57, 0x28, 0xd7, 0x31, |
|
0xb5, 0x0b, 0x27, 0x19, 0x1e, 0x6f, 0x46, 0xfc, 0x54, 0x95, 0xeb, 0x78, |
|
0x01, 0xb6, 0xd9, 0x79, 0x5a, 0x4d, 0x02, 0x81, 0x81, 0x00, 0xd5, 0x8f, |
|
0x16, 0x53, 0x2f, 0x57, 0x93, 0xbf, 0x09, 0x75, 0xbf, 0x63, 0x40, 0x3d, |
|
0x27, 0xfd, 0x23, 0x21, 0xde, 0x9b, 0xe9, 0x73, 0x3f, 0x49, 0x02, 0xd2, |
|
0x38, 0x96, 0xcf, 0xc3, 0xba, 0x92, 0x07, 0x87, 0x52, 0xa9, 0x35, 0xe3, |
|
0x0c, 0xe4, 0x2f, 0x05, 0x7b, 0x37, 0xa5, 0x40, 0x9c, 0x3b, 0x94, 0xf7, |
|
0xad, 0xa0, 0xee, 0x3a, 0xa8, 0xfb, 0x1f, 0x11, 0x1f, 0xd8, 0x9a, 0x80, |
|
0x42, 0x3d, 0x7f, 0xa4, 0xb8, 0x9a, 0xaa, 0xea, 0x72, 0xc1, 0xe3, 0xed, |
|
0x06, 0x60, 0x92, 0x37, 0xf9, 0xba, 0xfb, 0x9e, 0xed, 0x05, 0xa6, 0xd4, |
|
0x72, 0x68, 0x4f, 0x63, 0xfe, 0xd6, 0x10, 0x0d, 0x4f, 0x0a, 0x93, 0xc6, |
|
0xb9, 0xd7, 0xaf, 0xfd, 0xd9, 0x57, 0x7d, 0xcb, 0x75, 0xe8, 0x93, 0x2b, |
|
0xae, 0x4f, 0xea, 0xd7, 0x30, 0x0b, 0x58, 0x44, 0x82, 0x0f, 0x84, 0x5d, |
|
0x62, 0x11, 0x78, 0xea, 0x5f, 0xc5, 0x02, 0x81, 0x81, 0x00, 0x82, 0x0c, |
|
0xc1, 0xe6, 0x0b, 0x72, 0xf1, 0x48, 0x5f, 0xac, 0xbd, 0x98, 0xe5, 0x7d, |
|
0x09, 0xbd, 0x15, 0x95, 0x47, 0x09, 0xa1, 0x6c, 0x03, 0x91, 0xbf, 0x05, |
|
0x70, 0xc1, 0x3e, 0x52, 0x64, 0x99, 0x0e, 0xa7, 0x98, 0x70, 0xfb, 0xf6, |
|
0xeb, 0x9e, 0x25, 0x9d, 0x8e, 0x88, 0x30, 0xf2, 0xf0, 0x22, 0x6c, 0xd0, |
|
0xcc, 0x51, 0x8f, 0x5c, 0x70, 0xc7, 0x37, 0xc4, 0x69, 0xab, 0x1d, 0xfc, |
|
0xed, 0x3a, 0x03, 0xbb, 0xa2, 0xad, 0xb6, 0xea, 0x89, 0x6b, 0x67, 0x4b, |
|
0x96, 0xaa, 0xd9, 0xcc, 0xc8, 0x4b, 0xfa, 0x18, 0x21, 0x08, 0xb2, 0xa3, |
|
0xb9, 0x3e, 0x61, 0x99, 0xdc, 0x5a, 0x97, 0x9c, 0x73, 0x6a, 0xb9, 0xf9, |
|
0x68, 0x03, 0x24, 0x5f, 0x55, 0x77, 0x9c, 0xb4, 0xbe, 0x7a, 0x78, 0x53, |
|
0x68, 0x48, 0x69, 0x53, 0xc8, 0xb1, 0xf5, 0xbf, 0x98, 0x2d, 0x11, 0x1e, |
|
0x98, 0xa8, 0x36, 0x50, 0xa0, 0xb1, 0x02, 0x81, 0x81, 0x00, 0x90, 0x88, |
|
0x30, 0x71, 0xc7, 0xfe, 0x9b, 0x6d, 0x95, 0x37, 0x6d, 0x79, 0xfc, 0x85, |
|
0xe7, 0x44, 0x78, 0xbc, 0x79, 0x6e, 0x47, 0x86, 0xc9, 0xf3, 0xdd, 0xc6, |
|
0xec, 0xa9, 0x94, 0x9f, 0x40, 0xeb, 0x87, 0xd0, 0xdb, 0xee, 0xcd, 0x1b, |
|
0x87, 0x23, 0xff, 0x76, 0xd4, 0x37, 0x8a, 0xcd, 0xb9, 0x6e, 0xd1, 0x98, |
|
0xf6, 0x97, 0x8d, 0xe3, 0x81, 0x6d, 0xc3, 0x4e, 0xd1, 0xa0, 0xc4, 0x9f, |
|
0xbd, 0x34, 0xe5, 0xe8, 0x53, 0x4f, 0xca, 0x10, 0xb5, 0xed, 0xe7, 0x16, |
|
0x09, 0x54, 0xde, 0x60, 0xa7, 0xd1, 0x16, 0x6e, 0x2e, 0xb7, 0xbe, 0x7a, |
|
0xd5, 0x9b, 0x26, 0xef, 0xe4, 0x0e, 0x77, 0xfa, 0xa9, 0xdd, 0xdc, 0xb9, |
|
0x88, 0x19, 0x23, 0x70, 0xc7, 0xe1, 0x60, 0xaf, 0x8c, 0x73, 0x04, 0xf7, |
|
0x71, 0x17, 0x81, 0x36, 0x75, 0xbb, 0x97, 0xd7, 0x75, 0xb6, 0x8e, 0xbc, |
|
0xac, 0x9c, 0x6a, 0x9b, 0x24, 0x89, 0x02, 0x81, 0x80, 0x5a, 0x2b, 0xc7, |
|
0x6b, 0x8c, 0x65, 0xdb, 0x04, 0x73, 0xab, 0x25, 0xe1, 0x5b, 0xbc, 0x3c, |
|
0xcf, 0x5a, 0x3c, 0x04, 0xae, 0x97, 0x2e, 0xfd, 0xa4, 0x97, 0x1f, 0x05, |
|
0x17, 0x27, 0xac, 0x7c, 0x30, 0x85, 0xb4, 0x82, 0x3f, 0x5b, 0xb7, 0x94, |
|
0x3b, 0x7f, 0x6c, 0x0c, 0xc7, 0x16, 0xc6, 0xa0, 0xbd, 0x80, 0xb0, 0x81, |
|
0xde, 0xa0, 0x23, 0xa6, 0xf6, 0x75, 0x33, 0x51, 0x35, 0xa2, 0x75, 0x55, |
|
0x70, 0x4d, 0x42, 0xbb, 0xcf, 0x54, 0xe4, 0xdb, 0x2d, 0x88, 0xa0, 0x7a, |
|
0xf2, 0x17, 0xa7, 0xdd, 0x13, 0x44, 0x9f, 0x5f, 0x6b, 0x2c, 0x42, 0x42, |
|
0x8b, 0x13, 0x4d, 0xf9, 0x5b, 0xf8, 0x33, 0x42, 0xd9, 0x9e, 0x50, 0x1c, |
|
0x7c, 0xbc, 0xfa, 0x62, 0x85, 0x0b, 0xcf, 0x99, 0xda, 0x9e, 0x04, 0x90, |
|
0xb2, 0xc6, 0xb2, 0x0a, 0x2a, 0x7c, 0x6d, 0x6a, 0x40, 0xfc, 0xf5, 0x50, |
|
0x98, 0x46, 0x89, 0x82, 0x40, |
|
}; |
|
|
|
const uint8_t kALPNProtocols[] = { |
|
0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a', |
|
}; |
|
|
|
const uint8_t kECHConfig[] = { |
|
0xfe, 0x0a, 0x00, 0x47, 0x2a, 0x00, 0x20, 0x00, 0x20, 0x6c, 0x55, |
|
0x96, 0x41, 0x3d, 0x12, 0x4e, 0x63, 0x3d, 0x39, 0x7a, 0xe9, 0xbc, |
|
0xec, 0xb2, 0x55, 0xd0, 0xe6, 0xaa, 0xbd, 0xa9, 0x79, 0xb8, 0x86, |
|
0x9a, 0x13, 0x61, 0xc6, 0x69, 0xac, 0xb4, 0x21, 0x00, 0x0c, 0x00, |
|
0x01, 0x00, 0x01, 0x00, 0x01, 0x00, 0x02, 0x00, 0x01, 0x00, 0x03, |
|
0x00, 0x10, 0x00, 0x0e, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2e, |
|
0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x00, 0x00, |
|
}; |
|
|
|
const uint8_t kECHKey[] = { |
|
0x35, 0x6d, 0x45, 0x06, 0xb3, 0x88, 0x89, 0x2e, 0xd6, 0x87, 0x84, |
|
0xd2, 0x2d, 0x6f, 0x83, 0x48, 0xad, 0xf2, 0xfd, 0x08, 0x51, 0x73, |
|
0x10, 0xa0, 0xb8, 0xdd, 0xe9, 0x96, 0x6a, 0xde, 0xbc, 0x82, |
|
}; |
|
|
|
int ALPNSelectCallback(SSL *ssl, const uint8_t **out, uint8_t *out_len, |
|
const uint8_t *in, unsigned in_len, void *arg) { |
|
static const uint8_t kProtocol[] = {'a', 'a'}; |
|
*out = kProtocol; |
|
*out_len = sizeof(kProtocol); |
|
return SSL_TLSEXT_ERR_OK; |
|
} |
|
|
|
int NPNSelectCallback(SSL *ssl, uint8_t **out, uint8_t *out_len, |
|
const uint8_t *in, unsigned in_len, void *arg) { |
|
static const uint8_t kProtocol[] = {'a', 'a'}; |
|
*out = const_cast<uint8_t *>(kProtocol); |
|
*out_len = sizeof(kProtocol); |
|
return SSL_TLSEXT_ERR_OK; |
|
} |
|
|
|
int NPNAdvertiseCallback(SSL *ssl, const uint8_t **out, unsigned *out_len, |
|
void *arg) { |
|
static const uint8_t kProtocols[] = { |
|
0x01, 'a', 0x02, 'a', 'a', 0x03, 'a', 'a', 'a', |
|
}; |
|
*out = kProtocols; |
|
*out_len = sizeof(kProtocols); |
|
return SSL_TLSEXT_ERR_OK; |
|
} |
|
|
|
class TLSFuzzer { |
|
public: |
|
enum Protocol { |
|
kTLS, |
|
kDTLS, |
|
}; |
|
|
|
enum Role { |
|
kClient, |
|
kServer, |
|
}; |
|
|
|
TLSFuzzer(Protocol protocol, Role role) |
|
: debug_(getenv("BORINGSSL_FUZZER_DEBUG") != nullptr), |
|
protocol_(protocol), |
|
role_(role) { |
|
if (!Init()) { |
|
abort(); |
|
} |
|
} |
|
|
|
static void MoveBIOs(SSL *dest, SSL *src) { |
|
BIO *rbio = SSL_get_rbio(src); |
|
BIO_up_ref(rbio); |
|
SSL_set0_rbio(dest, rbio); |
|
|
|
BIO *wbio = SSL_get_wbio(src); |
|
BIO_up_ref(wbio); |
|
SSL_set0_wbio(dest, wbio); |
|
|
|
SSL_set0_rbio(src, nullptr); |
|
SSL_set0_wbio(src, nullptr); |
|
} |
|
|
|
int TestOneInput(const uint8_t *buf, size_t len) { |
|
RAND_reset_for_fuzzing(); |
|
|
|
CBS cbs; |
|
CBS_init(&cbs, buf, len); |
|
bssl::UniquePtr<SSL> ssl = SetupTest(&cbs); |
|
if (!ssl) { |
|
if (debug_) { |
|
fprintf(stderr, "Error parsing parameters.\n"); |
|
} |
|
return 0; |
|
} |
|
|
|
if (role_ == kClient) { |
|
SSL_set_renegotiate_mode(ssl.get(), ssl_renegotiate_freely); |
|
SSL_set_tlsext_host_name(ssl.get(), "hostname"); |
|
} |
|
|
|
// ssl_handoff may or may not be used. |
|
bssl::UniquePtr<SSL> ssl_handoff(SSL_new(ctx_.get())); |
|
bssl::UniquePtr<SSL> ssl_handback(SSL_new(ctx_.get())); |
|
SSL_set_accept_state(ssl_handoff.get()); |
|
|
|
SSL_set0_rbio(ssl.get(), MakeBIO(CBS_data(&cbs), CBS_len(&cbs)).release()); |
|
SSL_set0_wbio(ssl.get(), BIO_new(BIO_s_mem())); |
|
|
|
SSL *ssl_handshake = ssl.get(); |
|
bool handshake_successful = false; |
|
bool handback_successful = false; |
|
for (;;) { |
|
int ret = SSL_do_handshake(ssl_handshake); |
|
if (ret < 0 && SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDOFF) { |
|
MoveBIOs(ssl_handoff.get(), ssl.get()); |
|
// Ordinarily we would call SSL_serialize_handoff(ssl.get(). But for |
|
// fuzzing, use the serialized handoff that's getting fuzzed. |
|
if (!bssl::SSL_apply_handoff(ssl_handoff.get(), handoff_)) { |
|
if (debug_) { |
|
fprintf(stderr, "Handoff failed.\n"); |
|
} |
|
break; |
|
} |
|
ssl_handshake = ssl_handoff.get(); |
|
} else if (ret < 0 && |
|
SSL_get_error(ssl_handshake, ret) == SSL_ERROR_HANDBACK) { |
|
MoveBIOs(ssl_handback.get(), ssl_handoff.get()); |
|
if (!bssl::SSL_apply_handback(ssl_handback.get(), handback_)) { |
|
if (debug_) { |
|
fprintf(stderr, "Handback failed.\n"); |
|
} |
|
break; |
|
} |
|
handback_successful = true; |
|
ssl_handshake = ssl_handback.get(); |
|
} else { |
|
handshake_successful = ret == 1; |
|
break; |
|
} |
|
} |
|
|
|
if (debug_) { |
|
if (!handshake_successful) { |
|
fprintf(stderr, "Handshake failed.\n"); |
|
} else if (handback_successful) { |
|
fprintf(stderr, "Handback successful.\n"); |
|
} |
|
} |
|
|
|
if (handshake_successful) { |
|
// Keep reading application data until error or EOF. |
|
uint8_t tmp[1024]; |
|
for (;;) { |
|
if (SSL_read(ssl_handshake, tmp, sizeof(tmp)) <= 0) { |
|
break; |
|
} |
|
} |
|
} |
|
|
|
if (debug_) { |
|
ERR_print_errors_fp(stderr); |
|
} |
|
ERR_clear_error(); |
|
return 0; |
|
} |
|
|
|
private: |
|
// Init initializes |ctx_| with settings common to all inputs. |
|
bool Init() { |
|
ctx_.reset(SSL_CTX_new(protocol_ == kDTLS ? DTLS_method() : TLS_method())); |
|
bssl::UniquePtr<EVP_PKEY> pkey(EVP_PKEY_new()); |
|
bssl::UniquePtr<RSA> privkey(RSA_private_key_from_bytes( |
|
kRSAPrivateKeyDER, sizeof(kRSAPrivateKeyDER))); |
|
if (!ctx_ || !privkey || !pkey || |
|
!EVP_PKEY_set1_RSA(pkey.get(), privkey.get()) || |
|
!SSL_CTX_use_PrivateKey(ctx_.get(), pkey.get())) { |
|
return false; |
|
} |
|
|
|
const uint8_t *bufp = kCertificateDER; |
|
bssl::UniquePtr<X509> cert(d2i_X509(NULL, &bufp, sizeof(kCertificateDER))); |
|
if (!cert || |
|
!SSL_CTX_use_certificate(ctx_.get(), cert.get()) || |
|
!SSL_CTX_set_ocsp_response(ctx_.get(), kOCSPResponse, |
|
sizeof(kOCSPResponse)) || |
|
!SSL_CTX_set_signed_cert_timestamp_list(ctx_.get(), kSCT, |
|
sizeof(kSCT))) { |
|
return false; |
|
} |
|
|
|
// When accepting peer certificates, allow any certificate. |
|
SSL_CTX_set_cert_verify_callback( |
|
ctx_.get(), |
|
[](X509_STORE_CTX *store_ctx, void *arg) -> int { return 1; }, nullptr); |
|
|
|
SSL_CTX_enable_signed_cert_timestamps(ctx_.get()); |
|
SSL_CTX_enable_ocsp_stapling(ctx_.get()); |
|
|
|
// Enable versions and ciphers that are off by default. |
|
if (!SSL_CTX_set_strict_cipher_list(ctx_.get(), "ALL:NULL-SHA")) { |
|
return false; |
|
} |
|
|
|
static const int kCurves[] = {NID_CECPQ2, NID_X25519, NID_X9_62_prime256v1, |
|
NID_secp384r1, NID_secp521r1}; |
|
if (!SSL_CTX_set1_curves(ctx_.get(), kCurves, |
|
OPENSSL_ARRAY_SIZE(kCurves))) { |
|
return false; |
|
} |
|
|
|
SSL_CTX_set_early_data_enabled(ctx_.get(), 1); |
|
|
|
SSL_CTX_set_next_proto_select_cb(ctx_.get(), NPNSelectCallback, nullptr); |
|
SSL_CTX_set_next_protos_advertised_cb(ctx_.get(), NPNAdvertiseCallback, |
|
nullptr); |
|
|
|
SSL_CTX_set_alpn_select_cb(ctx_.get(), ALPNSelectCallback, nullptr); |
|
if (SSL_CTX_set_alpn_protos(ctx_.get(), kALPNProtocols, |
|
sizeof(kALPNProtocols)) != 0) { |
|
return false; |
|
} |
|
|
|
CBS cbs; |
|
CBS_init(&cbs, kP256KeyPKCS8, sizeof(kP256KeyPKCS8)); |
|
pkey.reset(EVP_parse_private_key(&cbs)); |
|
if (!pkey || !SSL_CTX_set1_tls_channel_id(ctx_.get(), pkey.get())) { |
|
return false; |
|
} |
|
SSL_CTX_set_tls_channel_id_enabled(ctx_.get(), 1); |
|
|
|
if (role_ == kServer) { |
|
bssl::UniquePtr<SSL_ECH_KEYS> keys(SSL_ECH_KEYS_new()); |
|
bssl::ScopedEVP_HPKE_KEY key; |
|
if (!keys || |
|
!EVP_HPKE_KEY_init(key.get(), EVP_hpke_x25519_hkdf_sha256(), kECHKey, |
|
sizeof(kECHKey)) || |
|
!SSL_ECH_KEYS_add(keys.get(), /*is_retry_config=*/true, kECHConfig, |
|
sizeof(kECHConfig), key.get()) || |
|
!SSL_CTX_set1_ech_keys(ctx_.get(), keys.get())) { |
|
return false; |
|
} |
|
} |
|
|
|
return true; |
|
} |
|
|
|
// SetupTest parses parameters from |cbs| and returns a newly-configured |SSL| |
|
// object or nullptr on error. On success, the caller should feed the |
|
// remaining input in |cbs| to the SSL stack. |
|
bssl::UniquePtr<SSL> SetupTest(CBS *cbs) { |
|
// |ctx| is shared between runs, so we must clear any modifications to it |
|
// made later on in this function. |
|
SSL_CTX_flush_sessions(ctx_.get(), 0); |
|
handoff_ = {}; |
|
handback_ = {}; |
|
|
|
bssl::UniquePtr<SSL> ssl(SSL_new(ctx_.get())); |
|
if (role_ == kServer) { |
|
SSL_set_accept_state(ssl.get()); |
|
} else { |
|
SSL_set_connect_state(ssl.get()); |
|
} |
|
|
|
for (;;) { |
|
uint16_t tag; |
|
if (!CBS_get_u16(cbs, &tag)) { |
|
return nullptr; |
|
} |
|
switch (tag) { |
|
case kDataTag: |
|
return ssl; |
|
|
|
case kSessionTag: { |
|
CBS data; |
|
if (!CBS_get_u24_length_prefixed(cbs, &data)) { |
|
return nullptr; |
|
} |
|
bssl::UniquePtr<SSL_SESSION> session(SSL_SESSION_from_bytes( |
|
CBS_data(&data), CBS_len(&data), ctx_.get())); |
|
if (!session) { |
|
return nullptr; |
|
} |
|
|
|
if (role_ == kServer) { |
|
SSL_CTX_add_session(ctx_.get(), session.get()); |
|
} else { |
|
SSL_set_session(ssl.get(), session.get()); |
|
} |
|
break; |
|
} |
|
|
|
case kRequestClientCert: |
|
if (role_ == kClient) { |
|
return nullptr; |
|
} |
|
SSL_set_verify(ssl.get(), SSL_VERIFY_PEER, nullptr); |
|
break; |
|
|
|
case kHandoffTag: { |
|
CBS handoff; |
|
if (!CBS_get_u24_length_prefixed(cbs, &handoff)) { |
|
return nullptr; |
|
} |
|
handoff_.assign(CBS_data(&handoff), |
|
CBS_data(&handoff) + CBS_len(&handoff)); |
|
bssl::SSL_set_handoff_mode(ssl.get(), 1); |
|
break; |
|
} |
|
|
|
case kHandbackTag: { |
|
CBS handback; |
|
if (!CBS_get_u24_length_prefixed(cbs, &handback)) { |
|
return nullptr; |
|
} |
|
handback_.assign(CBS_data(&handback), |
|
CBS_data(&handback) + CBS_len(&handback)); |
|
bssl::SSL_set_handoff_mode(ssl.get(), 1); |
|
break; |
|
} |
|
|
|
case kHintsTag: { |
|
CBS hints; |
|
if (!CBS_get_u24_length_prefixed(cbs, &hints)) { |
|
return nullptr; |
|
} |
|
SSL_set_handshake_hints(ssl.get(), CBS_data(&hints), CBS_len(&hints)); |
|
break; |
|
} |
|
|
|
default: |
|
return nullptr; |
|
} |
|
} |
|
} |
|
|
|
struct BIOData { |
|
Protocol protocol; |
|
CBS cbs; |
|
}; |
|
|
|
bssl::UniquePtr<BIO> MakeBIO(const uint8_t *in, size_t len) { |
|
BIOData *b = new BIOData; |
|
b->protocol = protocol_; |
|
CBS_init(&b->cbs, in, len); |
|
|
|
bssl::UniquePtr<BIO> bio(BIO_new(&kBIOMethod)); |
|
bio->init = 1; |
|
bio->ptr = b; |
|
return bio; |
|
} |
|
|
|
static int BIORead(BIO *bio, char *out, int len) { |
|
assert(bio->method == &kBIOMethod); |
|
BIOData *b = reinterpret_cast<BIOData *>(bio->ptr); |
|
if (b->protocol == kTLS) { |
|
len = std::min(static_cast<size_t>(len), CBS_len(&b->cbs)); |
|
memcpy(out, CBS_data(&b->cbs), len); |
|
CBS_skip(&b->cbs, len); |
|
return len; |
|
} |
|
|
|
// Preserve packet boundaries for DTLS. |
|
CBS packet; |
|
if (!CBS_get_u24_length_prefixed(&b->cbs, &packet)) { |
|
return -1; |
|
} |
|
len = std::min(static_cast<size_t>(len), CBS_len(&packet)); |
|
memcpy(out, CBS_data(&packet), len); |
|
return len; |
|
} |
|
|
|
static int BIODestroy(BIO *bio) { |
|
assert(bio->method == &kBIOMethod); |
|
BIOData *b = reinterpret_cast<BIOData *>(bio->ptr); |
|
delete b; |
|
return 1; |
|
} |
|
|
|
static const BIO_METHOD kBIOMethod; |
|
|
|
bool debug_; |
|
Protocol protocol_; |
|
Role role_; |
|
bssl::UniquePtr<SSL_CTX> ctx_; |
|
std::vector<uint8_t> handoff_, handback_; |
|
}; |
|
|
|
const BIO_METHOD TLSFuzzer::kBIOMethod = { |
|
0, // type |
|
nullptr, // name |
|
nullptr, // bwrite |
|
TLSFuzzer::BIORead, |
|
nullptr, // bputs |
|
nullptr, // bgets |
|
nullptr, // ctrl |
|
nullptr, // create |
|
TLSFuzzer::BIODestroy, |
|
nullptr, // callback_ctrl |
|
}; |
|
|
|
} // namespace |
|
|
|
|
|
#endif // HEADER_SSL_TEST_FUZZER
|
|
|