1 /*
2 * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 * https://www.openssl.org/source/license.html
8 * or in the file LICENSE in the source distribution.
9 */
10 #include <string.h>
11 #include <openssl/types.h>
12 #include <openssl/crypto.h>
13 #include <openssl/core_names.h>
14 #include <openssl/kdf.h>
15 #include <openssl/evp.h>
16 #include <openssl/provider.h>
17 #include "fuzzer.h"
18
19 #define DEFINE_ALGORITHMS(name, evp) \
20 DEFINE_STACK_OF(evp) \
21 static int cmp_##evp(const evp *const *a, const evp *const *b); \
22 static void collect_##evp(evp *obj, void *stack); \
23 static void init_##name(OSSL_LIB_CTX *libctx); \
24 static void cleanup_##name(void); \
25 static STACK_OF(evp) *name##_collection; \
26 static int cmp_##evp(const evp *const *a, const evp *const *b) \
27 { \
28 return strcmp(OSSL_PROVIDER_get0_name(evp##_get0_provider(*a)), \
29 OSSL_PROVIDER_get0_name(evp##_get0_provider(*b))); \
30 } \
31 static void collect_##evp(evp *obj, void *stack) \
32 { \
33 STACK_OF(evp) *obj_stack = stack; \
34 \
35 if (sk_##evp##_push(obj_stack, obj) > 0) \
36 evp##_up_ref(obj); \
37 } \
38 static void init_##name(OSSL_LIB_CTX *libctx) \
39 { \
40 name##_collection = sk_##evp##_new(cmp_##evp); \
41 evp##_do_all_provided(libctx, collect_##evp, name##_collection); \
42 } \
43 static void cleanup_##name(void) \
44 { \
45 sk_##evp##_pop_free(name##_collection, evp##_free); \
46 }
47
48 DEFINE_ALGORITHMS(digests, EVP_MD)
49
50 DEFINE_ALGORITHMS(kdf, EVP_KDF)
51
52 DEFINE_ALGORITHMS(cipher, EVP_CIPHER)
53
54 DEFINE_ALGORITHMS(kem, EVP_KEM)
55
56 DEFINE_ALGORITHMS(keyexch, EVP_KEYEXCH)
57
58 DEFINE_ALGORITHMS(rand, EVP_RAND)
59
60 DEFINE_ALGORITHMS(mac, EVP_MAC)
61
62 DEFINE_ALGORITHMS(keymgmt, EVP_KEYMGMT)
63
64 DEFINE_ALGORITHMS(signature, EVP_SIGNATURE)
65
66 DEFINE_ALGORITHMS(asym_ciphers, EVP_ASYM_CIPHER)
67
68 static OSSL_LIB_CTX *libctx = NULL;
69
FuzzerInitialize(int * argc,char *** argv)70 int FuzzerInitialize(int *argc, char ***argv)
71 {
72 libctx = OSSL_LIB_CTX_new();
73 if (libctx == NULL)
74 return 0;
75
76 init_digests(libctx);
77 init_kdf(libctx);
78 init_cipher(libctx);
79 init_kem(libctx);
80 init_keyexch(libctx);
81 init_rand(libctx);
82 init_mac(libctx);
83 init_keymgmt(libctx);
84 init_signature(libctx);
85 init_asym_ciphers(libctx);
86 return 1;
87 }
88
FuzzerCleanup(void)89 void FuzzerCleanup(void)
90 {
91 cleanup_digests();
92 cleanup_kdf();
93 cleanup_cipher();
94 cleanup_kem();
95 cleanup_keyexch();
96 cleanup_rand();
97 cleanup_mac();
98 cleanup_keymgmt();
99 cleanup_signature();
100 cleanup_asym_ciphers();
101
102 OSSL_LIB_CTX_free(libctx);
103 }
104
read_uint(const uint8_t ** buf,size_t * len,uint64_t ** res)105 static int read_uint(const uint8_t **buf, size_t *len, uint64_t **res)
106 {
107 int r = 1;
108
109 if (*len < sizeof(uint64_t)) {
110 r = 0;
111 goto end;
112 }
113
114 *res = OPENSSL_malloc(sizeof(uint64_t));
115 **res = (uint64_t)**buf;
116
117 *buf += sizeof(uint64_t);
118 *len -= sizeof(uint64_t);
119 end:
120 return r;
121 }
122
read_int(const uint8_t ** buf,size_t * len,int64_t ** res)123 static int read_int(const uint8_t **buf, size_t *len, int64_t **res)
124 {
125 int r = 1;
126
127 if (*len < sizeof(int64_t)) {
128 r = 0;
129 goto end;
130 }
131
132 *res = OPENSSL_malloc(sizeof(int64_t));
133 **res = (int64_t)**buf;
134
135 *buf += sizeof(int64_t);
136 *len -= sizeof(int64_t);
137 end:
138 return r;
139 }
140
read_double(const uint8_t ** buf,size_t * len,double ** res)141 static int read_double(const uint8_t **buf, size_t *len, double **res)
142 {
143 int r = 1;
144
145 if (*len < sizeof(double)) {
146 r = 0;
147 goto end;
148 }
149
150 *res = OPENSSL_malloc(sizeof(double));
151 **res = (double)**buf;
152
153 *buf += sizeof(double);
154 *len -= sizeof(double);
155 end:
156 return r;
157 }
158
read_utf8_string(const uint8_t ** buf,size_t * len,char ** res)159 static int read_utf8_string(const uint8_t **buf, size_t *len, char **res)
160 {
161 size_t found_len;
162 int r;
163
164 found_len = OPENSSL_strnlen((const char *)*buf, *len);
165
166 if (found_len == *len) {
167 r = -1;
168 goto end;
169 }
170
171 found_len++; /* skip over the \0 byte */
172
173 r = (int)found_len;
174
175 *res = (char *)*buf;
176 *len -= found_len;
177 *buf = *buf + found_len; /* continue after the \0 byte */
178 end:
179 return r;
180 }
181
read_utf8_ptr(const uint8_t ** buf,size_t * len,char ** res)182 static int read_utf8_ptr(const uint8_t **buf, size_t *len, char **res)
183 {
184 if (*len > 0 && **buf == 0xFF) {
185 /* represent NULL somehow */
186 *res = NULL;
187 *buf += 1;
188 *len -= 1;
189 return 0;
190 }
191 return read_utf8_string(buf, len, res);
192 }
193
read_octet_string(const uint8_t ** buf,size_t * len,char ** res)194 static int read_octet_string(const uint8_t **buf, size_t *len, char **res)
195 {
196 int r;
197 size_t i;
198 const uint8_t *ptr = *buf;
199 int found = 0;
200
201 for (i = 0; i < *len; ++i) {
202 if (*ptr == 0xFF && (i + 1 < *len && *(ptr + 1) == 0xFF)) {
203 ptr++;
204 found = 1;
205 break;
206 }
207 ptr++;
208 }
209
210 if (!found) {
211 r = -1;
212 goto end;
213 }
214
215 *res = (char *)*buf;
216
217 r = ptr - *buf;
218 *len -= r;
219 *buf = ptr;
220
221 end:
222 return r;
223 }
224
read_octet_ptr(const uint8_t ** buf,size_t * len,char ** res)225 static int read_octet_ptr(const uint8_t **buf, size_t *len, char **res)
226 {
227 /* TODO: This representation could need an improvement potentially. */
228 if (*len > 1 && **buf == 0xFF && *(*buf + 1) == 0xFF) {
229 /* represent NULL somehow */
230 *res = NULL;
231 *buf += 2;
232 *len -= 2;
233 return 0;
234 }
235 return read_octet_string(buf, len, res);
236 }
237
238 static char *DFLT_STR = "";
239 static char *DFLT_UTF8_PTR = NULL;
240 static char *DFLT_OCTET_STRING = "";
241 static char *DFLT_OCTET_PTR = NULL;
242
243 static int64_t ITERS = 1;
244 static uint64_t UITERS = 1;
245 static int64_t BLOCKSIZE = 8;
246 static uint64_t UBLOCKSIZE = 8;
247
free_params(OSSL_PARAM * param)248 static void free_params(OSSL_PARAM *param)
249 {
250 for (; param != NULL && param->key != NULL; param++) {
251 switch (param->data_type) {
252 case OSSL_PARAM_INTEGER:
253 case OSSL_PARAM_UNSIGNED_INTEGER:
254 case OSSL_PARAM_REAL:
255 if (param->data != NULL) {
256 OPENSSL_free(param->data);
257 }
258 break;
259 }
260 }
261 }
262
fuzz_params(OSSL_PARAM * param,const uint8_t ** buf,size_t * len)263 static OSSL_PARAM *fuzz_params(OSSL_PARAM *param, const uint8_t **buf, size_t *len)
264 {
265 OSSL_PARAM *p;
266 OSSL_PARAM *fuzzed_parameters;
267 int p_num = 0;
268
269 for (p = param; p != NULL && p->key != NULL; p++)
270 p_num++;
271
272 fuzzed_parameters = OPENSSL_zalloc(sizeof(OSSL_PARAM) * (p_num + 1));
273 p = fuzzed_parameters;
274
275 for (; param != NULL && param->key != NULL; param++) {
276 int64_t *use_param = NULL;
277 int64_t *p_value_int = NULL;
278 uint64_t *p_value_uint = NULL;
279 double *p_value_double = NULL;
280 char *p_value_utf8_str = DFLT_STR;
281 char *p_value_octet_str = DFLT_OCTET_STRING;
282 char *p_value_utf8_ptr = DFLT_UTF8_PTR;
283 char *p_value_octet_ptr = DFLT_OCTET_PTR;
284
285 int data_len = 0;
286
287 if (!read_int(buf, len, &use_param)) {
288 use_param = OPENSSL_malloc(sizeof(uint64_t));
289 *use_param = 0;
290 }
291
292 switch (param->data_type) {
293 case OSSL_PARAM_INTEGER:
294 if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) {
295 p_value_int = OPENSSL_malloc(sizeof(ITERS));
296 *p_value_int = ITERS;
297 } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) {
298 p_value_int = OPENSSL_malloc(sizeof(ITERS));
299 *p_value_int = ITERS;
300 } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) {
301 p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE));
302 *p_value_int = BLOCKSIZE;
303 } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) {
304 p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE));
305 *p_value_int = BLOCKSIZE;
306 } else if (!*use_param || !read_int(buf, len, &p_value_int)) {
307 p_value_int = OPENSSL_malloc(sizeof(int64_t));
308 *p_value_int = 0;
309 }
310
311 *p = *param;
312 p->data = p_value_int;
313 p++;
314 break;
315 case OSSL_PARAM_UNSIGNED_INTEGER:
316 if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) {
317 p_value_uint = OPENSSL_malloc(sizeof(UITERS));
318 *p_value_uint = UITERS;
319 } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) {
320 p_value_uint = OPENSSL_malloc(sizeof(UITERS));
321 *p_value_uint = UITERS;
322 } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) {
323 p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE));
324 *p_value_uint = UBLOCKSIZE;
325 } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) {
326 p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE));
327 *p_value_uint = UBLOCKSIZE;
328 } else if (!*use_param || !read_uint(buf, len, &p_value_uint)) {
329 p_value_uint = OPENSSL_malloc(sizeof(uint64_t));
330 *p_value_uint = 0;
331 }
332
333 *p = *param;
334 p->data = p_value_uint;
335 p++;
336 break;
337 case OSSL_PARAM_REAL:
338 if (!*use_param || !read_double(buf, len, &p_value_double)) {
339 p_value_double = OPENSSL_malloc(sizeof(double));
340 *p_value_double = 0;
341 }
342
343 *p = *param;
344 p->data = p_value_double;
345 p++;
346 break;
347 case OSSL_PARAM_UTF8_STRING:
348 if (*use_param && (data_len = read_utf8_string(buf, len, &p_value_utf8_str)) < 0)
349 data_len = 0;
350 *p = *param;
351 p->data = p_value_utf8_str;
352 p->data_size = data_len;
353 p++;
354 break;
355 case OSSL_PARAM_OCTET_STRING:
356 if (*use_param && (data_len = read_octet_string(buf, len, &p_value_octet_str)) < 0)
357 data_len = 0;
358 *p = *param;
359 p->data = p_value_octet_str;
360 p->data_size = data_len;
361 p++;
362 break;
363 case OSSL_PARAM_UTF8_PTR:
364 if (*use_param && (data_len = read_utf8_ptr(buf, len, &p_value_utf8_ptr)) < 0)
365 data_len = 0;
366 *p = *param;
367 p->data = p_value_utf8_ptr;
368 p->data_size = data_len;
369 p++;
370 break;
371 case OSSL_PARAM_OCTET_PTR:
372 if (*use_param && (data_len = read_octet_ptr(buf, len, &p_value_octet_ptr)) < 0)
373 data_len = 0;
374 *p = *param;
375 p->data = p_value_octet_ptr;
376 p->data_size = data_len;
377 p++;
378 break;
379 default:
380 break;
381 }
382
383 OPENSSL_free(use_param);
384 }
385
386 return fuzzed_parameters;
387 }
388
do_evp_cipher(const EVP_CIPHER * evp_cipher,const OSSL_PARAM param[])389 static int do_evp_cipher(const EVP_CIPHER *evp_cipher, const OSSL_PARAM param[])
390 {
391 unsigned char outbuf[1024];
392 int outlen, tmplen;
393 unsigned char key[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
394 unsigned char iv[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
395 const char intext[] = "text";
396 EVP_CIPHER_CTX *ctx;
397
398 ctx = EVP_CIPHER_CTX_new();
399
400 if (!EVP_CIPHER_CTX_set_params(ctx, param)) {
401 EVP_CIPHER_CTX_free(ctx);
402 return 0;
403 }
404
405 if (!EVP_EncryptInit_ex2(ctx, evp_cipher, key, iv, NULL)) {
406 /* Error */
407 EVP_CIPHER_CTX_free(ctx);
408 return 0;
409 }
410
411 if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, (const unsigned char *)intext, strlen(intext))) {
412 /* Error */
413 EVP_CIPHER_CTX_free(ctx);
414 return 0;
415 }
416 /*
417 * Buffer passed to EVP_EncryptFinal() must be after data just
418 * encrypted to avoid overwriting it.
419 */
420 if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
421 /* Error */
422 EVP_CIPHER_CTX_free(ctx);
423 return 0;
424 }
425 outlen += tmplen;
426 EVP_CIPHER_CTX_free(ctx);
427 return 1;
428 }
429
do_evp_kdf(EVP_KDF * evp_kdf,const OSSL_PARAM params[])430 static int do_evp_kdf(EVP_KDF *evp_kdf, const OSSL_PARAM params[])
431 {
432 int r = 1;
433 EVP_KDF_CTX *kctx = NULL;
434 unsigned char derived[32];
435
436 kctx = EVP_KDF_CTX_new(evp_kdf);
437
438 if (kctx == NULL) {
439 r = 0;
440 goto end;
441 }
442
443 if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
444 r = 0;
445 goto end;
446 }
447
448 if (EVP_KDF_derive(kctx, derived, sizeof(derived), NULL) <= 0) {
449 r = 0;
450 goto end;
451 }
452
453 end:
454 EVP_KDF_CTX_free(kctx);
455 return r;
456 }
457
do_evp_mac(EVP_MAC * evp_mac,const OSSL_PARAM params[])458 static int do_evp_mac(EVP_MAC *evp_mac, const OSSL_PARAM params[])
459 {
460 int r = 1;
461 const char *key = "mac_key";
462 char text[] = "Some Crypto Text";
463 EVP_MAC_CTX *ctx = NULL;
464 unsigned char buf[4096];
465 size_t final_l;
466
467 if ((ctx = EVP_MAC_CTX_new(evp_mac)) == NULL
468 || !EVP_MAC_init(ctx, (const unsigned char *)key, strlen(key),
469 params)) {
470 r = 0;
471 goto end;
472 }
473
474 if (EVP_MAC_CTX_set_params(ctx, params) <= 0) {
475 r = 0;
476 goto end;
477 }
478
479 if (!EVP_MAC_update(ctx, (unsigned char *)text, sizeof(text))) {
480 r = 0;
481 goto end;
482 }
483
484 if (!EVP_MAC_final(ctx, buf, &final_l, sizeof(buf))) {
485 r = 0;
486 goto end;
487 }
488
489 end:
490 EVP_MAC_CTX_free(ctx);
491 return r;
492 }
493
do_evp_rand(EVP_RAND * evp_rand,const OSSL_PARAM params[])494 static int do_evp_rand(EVP_RAND *evp_rand, const OSSL_PARAM params[])
495 {
496 int r = 1;
497 EVP_RAND_CTX *ctx = NULL;
498 unsigned char buf[4096];
499
500 if (!(ctx = EVP_RAND_CTX_new(evp_rand, NULL))) {
501 r = 0;
502 goto end;
503 }
504
505 if (EVP_RAND_CTX_set_params(ctx, params) <= 0) {
506 r = 0;
507 goto end;
508 }
509
510 if (!EVP_RAND_generate(ctx, buf, sizeof(buf), 0, 0, NULL, 0)) {
511 r = 0;
512 goto end;
513 }
514
515 if (!EVP_RAND_reseed(ctx, 0, 0, 0, NULL, 0)) {
516 r = 0;
517 goto end;
518 }
519
520 end:
521 EVP_RAND_CTX_free(ctx);
522 return r;
523 }
524
do_evp_sig(EVP_SIGNATURE * evp_sig,const OSSL_PARAM params[])525 static int do_evp_sig(EVP_SIGNATURE *evp_sig, const OSSL_PARAM params[])
526 {
527 return 0;
528 }
529
do_evp_asym_cipher(EVP_ASYM_CIPHER * evp_asym_cipher,const OSSL_PARAM params[])530 static int do_evp_asym_cipher(EVP_ASYM_CIPHER *evp_asym_cipher, const OSSL_PARAM params[])
531 {
532 return 0;
533 }
534
do_evp_kem(EVP_KEM * evp_kem,const OSSL_PARAM params[])535 static int do_evp_kem(EVP_KEM *evp_kem, const OSSL_PARAM params[])
536 {
537 return 0;
538 }
539
do_evp_key_exch(EVP_KEYEXCH * evp_kdf,const OSSL_PARAM params[])540 static int do_evp_key_exch(EVP_KEYEXCH *evp_kdf, const OSSL_PARAM params[])
541 {
542 return 0;
543 }
544
do_evp_md(EVP_MD * evp_md,const OSSL_PARAM params[])545 static int do_evp_md(EVP_MD *evp_md, const OSSL_PARAM params[])
546 {
547 int r = 1;
548 unsigned char md_value[EVP_MAX_MD_SIZE];
549 unsigned int md_len;
550 EVP_MD_CTX *mdctx = NULL;
551
552 if (!(mdctx = EVP_MD_CTX_new())) {
553 r = 0;
554 goto end;
555 }
556
557 if (!EVP_MD_CTX_set_params(mdctx, params)) {
558 r = 0;
559 goto end;
560 }
561
562 if (!EVP_DigestInit_ex2(mdctx, evp_md, NULL)) {
563 r = 0;
564 goto end;
565 }
566 if (!EVP_DigestUpdate(mdctx, "Test", strlen("Test"))) {
567 r = 0;
568 goto end;
569 }
570 if (!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) {
571 r = 0;
572 goto end;
573 }
574
575 end:
576 EVP_MD_CTX_free(mdctx);
577 return r;
578 }
579
580 #define EVP_FUZZ(source, evp, f) \
581 do { \
582 evp *alg = sk_##evp##_value(source, *algorithm % sk_##evp##_num(source)); \
583 OSSL_PARAM *fuzzed_params; \
584 \
585 if (alg == NULL) \
586 break; \
587 fuzzed_params = fuzz_params((OSSL_PARAM *)evp##_settable_ctx_params(alg), &buf, &len); \
588 if (fuzzed_params != NULL) \
589 f(alg, fuzzed_params); \
590 free_params(fuzzed_params); \
591 OSSL_PARAM_free(fuzzed_params); \
592 } while (0);
593
FuzzerTestOneInput(const uint8_t * buf,size_t len)594 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
595 {
596 int r = 1;
597 uint64_t *operation = NULL;
598 int64_t *algorithm = NULL;
599
600 if (!read_uint(&buf, &len, &operation)) {
601 r = 0;
602 goto end;
603 }
604
605 if (!read_int(&buf, &len, &algorithm)) {
606 r = 0;
607 goto end;
608 }
609
610 switch (*operation % 10) {
611 case 0:
612 EVP_FUZZ(digests_collection, EVP_MD, do_evp_md);
613 break;
614 case 1:
615 EVP_FUZZ(cipher_collection, EVP_CIPHER, do_evp_cipher);
616 break;
617 case 2:
618 EVP_FUZZ(kdf_collection, EVP_KDF, do_evp_kdf);
619 break;
620 case 3:
621 EVP_FUZZ(mac_collection, EVP_MAC, do_evp_mac);
622 break;
623 case 4:
624 EVP_FUZZ(kem_collection, EVP_KEM, do_evp_kem);
625 break;
626 case 5:
627 EVP_FUZZ(rand_collection, EVP_RAND, do_evp_rand);
628 break;
629 case 6:
630 EVP_FUZZ(asym_ciphers_collection, EVP_ASYM_CIPHER, do_evp_asym_cipher);
631 break;
632 case 7:
633 EVP_FUZZ(signature_collection, EVP_SIGNATURE, do_evp_sig);
634 break;
635 case 8:
636 EVP_FUZZ(keyexch_collection, EVP_KEYEXCH, do_evp_key_exch);
637 break;
638 case 9:
639 /*
640 Implement and call:
641 static int do_evp_keymgmt(EVP_KEYMGMT *evp_kdf, const OSSL_PARAM params[])
642 {
643 return 0;
644 }
645 */
646 /* not yet implemented */
647 break;
648 default:
649 r = 0;
650 goto end;
651 }
652
653 end:
654 OPENSSL_free(operation);
655 OPENSSL_free(algorithm);
656 return r;
657 }
658