/src/openssl/fuzz/provider.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"); |
5 | | * you may not use this file except in compliance with the License. |
6 | | * You may obtain a copy of the License at |
7 | | * https://www.openssl.org/source/license.html |
8 | | * or in the file LICENSE in the source distribution. |
9 | | */ |
10 | | #include <string.h> |
11 | | #include <openssl/types.h> |
12 | | #include <openssl/crypto.h> |
13 | | #include <openssl/core_names.h> |
14 | | #include <openssl/kdf.h> |
15 | | #include <openssl/evp.h> |
16 | | #include <openssl/provider.h> |
17 | | #include "fuzzer.h" |
18 | | |
19 | | #define DEFINE_ALGORITHMS(name, evp) DEFINE_STACK_OF(evp) \ |
20 | | static int cmp_##evp(const evp *const *a, const evp *const *b); \ |
21 | | static void collect_##evp(evp *obj, void *stack); \ |
22 | | static void init_##name(OSSL_LIB_CTX *libctx); \ |
23 | | static void cleanup_##name(void); \ |
24 | | static STACK_OF(evp) *name##_collection; \ |
25 | | static int cmp_##evp(const evp *const *a, const evp *const *b) \ |
26 | 0 | { \ |
27 | 0 | return strcmp(OSSL_PROVIDER_get0_name(evp##_get0_provider(*a)), \ |
28 | 0 | OSSL_PROVIDER_get0_name(evp##_get0_provider(*b))); \ |
29 | 0 | } \ Unexecuted instantiation: provider.c:cmp_EVP_MD Unexecuted instantiation: provider.c:cmp_EVP_KDF Unexecuted instantiation: provider.c:cmp_EVP_CIPHER Unexecuted instantiation: provider.c:cmp_EVP_KEM Unexecuted instantiation: provider.c:cmp_EVP_KEYEXCH Unexecuted instantiation: provider.c:cmp_EVP_RAND Unexecuted instantiation: provider.c:cmp_EVP_MAC Unexecuted instantiation: provider.c:cmp_EVP_KEYMGMT Unexecuted instantiation: provider.c:cmp_EVP_SIGNATURE Unexecuted instantiation: provider.c:cmp_EVP_ASYM_CIPHER |
30 | | static void collect_##evp(evp *obj, void *stack) \ |
31 | 612 | { \ |
32 | 612 | STACK_OF(evp) *obj_stack = stack; \ |
33 | 612 | \ |
34 | 612 | if (sk_##evp##_push(obj_stack, obj) > 0) \ |
35 | 612 | evp##_up_ref(obj); \ |
36 | 612 | } \ provider.c:collect_EVP_MD Line | Count | Source | 31 | 54 | { \ | 32 | 54 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 54 | \ | 34 | 54 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 54 | evp##_up_ref(obj); \ | 36 | 54 | } \ |
provider.c:collect_EVP_KDF Line | Count | Source | 31 | 32 | { \ | 32 | 32 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 32 | \ | 34 | 32 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 32 | evp##_up_ref(obj); \ | 36 | 32 | } \ |
provider.c:collect_EVP_CIPHER Line | Count | Source | 31 | 260 | { \ | 32 | 260 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 260 | \ | 34 | 260 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 260 | evp##_up_ref(obj); \ | 36 | 260 | } \ |
provider.c:collect_EVP_KEM Line | Count | Source | 31 | 22 | { \ | 32 | 22 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 22 | \ | 34 | 22 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 22 | evp##_up_ref(obj); \ | 36 | 22 | } \ |
provider.c:collect_EVP_KEYEXCH Line | Count | Source | 31 | 14 | { \ | 32 | 14 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 14 | \ | 34 | 14 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 14 | evp##_up_ref(obj); \ | 36 | 14 | } \ |
provider.c:collect_EVP_RAND Line | Count | Source | 31 | 10 | { \ | 32 | 10 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 10 | \ | 34 | 10 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 10 | evp##_up_ref(obj); \ | 36 | 10 | } \ |
provider.c:collect_EVP_MAC Line | Count | Source | 31 | 18 | { \ | 32 | 18 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 18 | \ | 34 | 18 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 18 | evp##_up_ref(obj); \ | 36 | 18 | } \ |
provider.c:collect_EVP_KEYMGMT Line | Count | Source | 31 | 80 | { \ | 32 | 80 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 80 | \ | 34 | 80 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 80 | evp##_up_ref(obj); \ | 36 | 80 | } \ |
provider.c:collect_EVP_SIGNATURE Line | Count | Source | 31 | 118 | { \ | 32 | 118 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 118 | \ | 34 | 118 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 118 | evp##_up_ref(obj); \ | 36 | 118 | } \ |
provider.c:collect_EVP_ASYM_CIPHER Line | Count | Source | 31 | 4 | { \ | 32 | 4 | STACK_OF(evp) *obj_stack = stack; \ | 33 | 4 | \ | 34 | 4 | if (sk_##evp##_push(obj_stack, obj) > 0) \ | 35 | 4 | evp##_up_ref(obj); \ | 36 | 4 | } \ |
|
37 | | static void init_##name(OSSL_LIB_CTX *libctx) \ |
38 | 20 | { \ |
39 | 20 | name##_collection = sk_##evp##_new(cmp_##evp); \ |
40 | 20 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ |
41 | 20 | } \ Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
provider.c:init_signature Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
provider.c:init_asym_ciphers Line | Count | Source | 38 | 2 | { \ | 39 | 2 | name##_collection = sk_##evp##_new(cmp_##evp); \ | 40 | 2 | evp##_do_all_provided(libctx, collect_##evp, name##_collection); \ | 41 | 2 | } \ |
|
42 | | static void cleanup_##name(void) \ |
43 | 0 | { \ |
44 | 0 | sk_##evp##_pop_free(name##_collection, evp##_free); \ |
45 | 0 | } Unexecuted instantiation: provider.c:cleanup_digests Unexecuted instantiation: provider.c:cleanup_kdf Unexecuted instantiation: provider.c:cleanup_cipher Unexecuted instantiation: provider.c:cleanup_kem Unexecuted instantiation: provider.c:cleanup_keyexch Unexecuted instantiation: provider.c:cleanup_rand Unexecuted instantiation: provider.c:cleanup_mac Unexecuted instantiation: provider.c:cleanup_keymgmt Unexecuted instantiation: provider.c:cleanup_signature Unexecuted instantiation: provider.c:cleanup_asym_ciphers |
46 | | |
47 | | DEFINE_ALGORITHMS(digests, EVP_MD) |
48 | | |
49 | | DEFINE_ALGORITHMS(kdf, EVP_KDF) |
50 | | |
51 | | DEFINE_ALGORITHMS(cipher, EVP_CIPHER) |
52 | | |
53 | | DEFINE_ALGORITHMS(kem, EVP_KEM) |
54 | | |
55 | | DEFINE_ALGORITHMS(keyexch, EVP_KEYEXCH) |
56 | | |
57 | | DEFINE_ALGORITHMS(rand, EVP_RAND) |
58 | | |
59 | | DEFINE_ALGORITHMS(mac, EVP_MAC) |
60 | | |
61 | | DEFINE_ALGORITHMS(keymgmt, EVP_KEYMGMT) |
62 | | |
63 | | DEFINE_ALGORITHMS(signature, EVP_SIGNATURE) |
64 | | |
65 | | DEFINE_ALGORITHMS(asym_ciphers, EVP_ASYM_CIPHER) |
66 | | |
67 | | static OSSL_LIB_CTX *libctx = NULL; |
68 | | |
69 | | int FuzzerInitialize(int *argc, char ***argv) |
70 | 2 | { |
71 | 2 | libctx = OSSL_LIB_CTX_new(); |
72 | 2 | if (libctx == NULL) |
73 | 0 | return 0; |
74 | | |
75 | 2 | init_digests(libctx); |
76 | 2 | init_kdf(libctx); |
77 | 2 | init_cipher(libctx); |
78 | 2 | init_kem(libctx); |
79 | 2 | init_keyexch(libctx); |
80 | 2 | init_rand(libctx); |
81 | 2 | init_mac(libctx); |
82 | 2 | init_keymgmt(libctx); |
83 | 2 | init_signature(libctx); |
84 | 2 | init_asym_ciphers(libctx); |
85 | 2 | return 1; |
86 | 2 | } |
87 | | |
88 | | void FuzzerCleanup(void) |
89 | 0 | { |
90 | 0 | cleanup_digests(); |
91 | 0 | cleanup_kdf(); |
92 | 0 | cleanup_cipher(); |
93 | 0 | cleanup_kem(); |
94 | 0 | cleanup_keyexch(); |
95 | 0 | cleanup_rand(); |
96 | 0 | cleanup_mac(); |
97 | 0 | cleanup_keymgmt(); |
98 | 0 | cleanup_signature(); |
99 | 0 | cleanup_asym_ciphers(); |
100 | |
|
101 | 0 | OSSL_LIB_CTX_free(libctx); |
102 | 0 | } |
103 | | |
104 | | static int read_uint(const uint8_t **buf, size_t *len, uint64_t **res) |
105 | 4.11k | { |
106 | 4.11k | int r = 1; |
107 | | |
108 | 4.11k | if (*len < sizeof(uint64_t)) { |
109 | 44 | r = 0; |
110 | 44 | goto end; |
111 | 44 | } |
112 | | |
113 | 4.07k | *res = OPENSSL_malloc(sizeof(uint64_t)); |
114 | 4.07k | **res = (uint64_t) **buf; |
115 | | |
116 | 4.07k | *buf += sizeof(uint64_t); |
117 | 4.07k | *len -= sizeof(uint64_t); |
118 | 4.11k | end: |
119 | 4.11k | return r; |
120 | 4.07k | } |
121 | | |
122 | | static int read_int(const uint8_t **buf, size_t *len, int64_t **res) |
123 | 18.2k | { |
124 | 18.2k | int r = 1; |
125 | | |
126 | 18.2k | if (*len < sizeof(int64_t)) { |
127 | 5.75k | r = 0; |
128 | 5.75k | goto end; |
129 | 5.75k | } |
130 | | |
131 | 12.5k | *res = OPENSSL_malloc(sizeof(int64_t)); |
132 | 12.5k | **res = (int64_t) **buf; |
133 | | |
134 | 12.5k | *buf += sizeof(int64_t); |
135 | 12.5k | *len -= sizeof(int64_t); |
136 | 18.2k | end: |
137 | 18.2k | return r; |
138 | 12.5k | } |
139 | | |
140 | | static int read_double(const uint8_t **buf, size_t *len, double **res) |
141 | 0 | { |
142 | 0 | int r = 1; |
143 | |
|
144 | 0 | if (*len < sizeof(double)) { |
145 | 0 | r = 0; |
146 | 0 | goto end; |
147 | 0 | } |
148 | | |
149 | 0 | *res = OPENSSL_malloc(sizeof(double)); |
150 | 0 | **res = (double) **buf; |
151 | |
|
152 | 0 | *buf += sizeof(double); |
153 | 0 | *len -= sizeof(double); |
154 | 0 | end: |
155 | 0 | return r; |
156 | 0 | } |
157 | | |
158 | | static int read_utf8_string(const uint8_t **buf, size_t *len, char **res) |
159 | 3.56k | { |
160 | 3.56k | size_t found_len; |
161 | 3.56k | int r; |
162 | | |
163 | 3.56k | found_len = OPENSSL_strnlen((const char *) *buf, *len); |
164 | | |
165 | 3.56k | if (found_len == *len) { |
166 | 172 | r = -1; |
167 | 172 | goto end; |
168 | 172 | } |
169 | | |
170 | 3.39k | found_len++; /* skip over the \0 byte */ |
171 | | |
172 | 3.39k | r = (int) found_len; |
173 | | |
174 | 3.39k | *res = (char *) *buf; |
175 | 3.39k | *len -= found_len; |
176 | 3.39k | *buf = *buf + found_len; /* continue after the \0 byte */ |
177 | 3.56k | end: |
178 | 3.56k | return r; |
179 | 3.39k | } |
180 | | |
181 | | static int read_utf8_ptr(const uint8_t **buf, size_t *len, char **res) |
182 | 0 | { |
183 | 0 | if (*len > 0 && **buf == 0xFF) { |
184 | | /* represent NULL somehow */ |
185 | 0 | *res = NULL; |
186 | 0 | *buf += 1; |
187 | 0 | *len -= 1; |
188 | 0 | return 0; |
189 | 0 | } |
190 | 0 | return read_utf8_string(buf, len, res); |
191 | 0 | } |
192 | | |
193 | | static int read_octet_string(const uint8_t **buf, size_t *len, char **res) |
194 | 3.18k | { |
195 | 3.18k | int r; |
196 | 3.18k | size_t i; |
197 | 3.18k | const uint8_t *ptr = *buf; |
198 | 3.18k | int found = 0; |
199 | | |
200 | 70.5M | for (i = 0; i < *len; ++i) { |
201 | 70.5M | if (*ptr == 0xFF && |
202 | 70.5M | (i + 1 < *len && *(ptr + 1) == 0xFF)) { |
203 | 2.25k | ptr++; |
204 | 2.25k | found = 1; |
205 | 2.25k | break; |
206 | 2.25k | } |
207 | 70.5M | ptr++; |
208 | 70.5M | } |
209 | | |
210 | 3.18k | if (!found) { |
211 | 925 | r = -1; |
212 | 925 | goto end; |
213 | 925 | } |
214 | | |
215 | 2.25k | *res = (char *) *buf; |
216 | | |
217 | 2.25k | r = ptr - *buf; |
218 | 2.25k | *len -= r; |
219 | 2.25k | *buf = ptr; |
220 | | |
221 | 3.18k | end: |
222 | 3.18k | return r; |
223 | 2.25k | } |
224 | | |
225 | | static int read_octet_ptr(const uint8_t **buf, size_t *len, char **res) |
226 | 0 | { |
227 | | /* TODO: This representation could need an improvement potentially. */ |
228 | 0 | if (*len > 1 && **buf == 0xFF && *(*buf + 1) == 0xFF) { |
229 | | /* represent NULL somehow */ |
230 | 0 | *res = NULL; |
231 | 0 | *buf += 2; |
232 | 0 | *len -= 2; |
233 | 0 | return 0; |
234 | 0 | } |
235 | 0 | return read_octet_string(buf, len, res); |
236 | 0 | } |
237 | | |
238 | | static char *DFLT_STR = ""; |
239 | | static char *DFLT_UTF8_PTR = NULL; |
240 | | static char *DFLT_OCTET_STRING = ""; |
241 | | static char *DFLT_OCTET_PTR = NULL; |
242 | | |
243 | | static int64_t ITERS = 1; |
244 | | static uint64_t UITERS = 1; |
245 | | static int64_t BLOCKSIZE = 8; |
246 | | static uint64_t UBLOCKSIZE = 8; |
247 | | |
248 | | |
249 | | static void free_params(OSSL_PARAM *param) |
250 | 2.81k | { |
251 | 18.0k | for (; param != NULL && param->key != NULL; param++) { |
252 | 15.2k | switch (param->data_type) { |
253 | 992 | case OSSL_PARAM_INTEGER: |
254 | 4.00k | case OSSL_PARAM_UNSIGNED_INTEGER: |
255 | 4.00k | case OSSL_PARAM_REAL: |
256 | 4.00k | if (param->data != NULL) { |
257 | 4.00k | OPENSSL_free(param->data); |
258 | 4.00k | } |
259 | 4.00k | break; |
260 | 15.2k | } |
261 | 15.2k | } |
262 | 2.81k | } |
263 | | |
264 | | static OSSL_PARAM *fuzz_params(OSSL_PARAM *param, const uint8_t **buf, size_t *len) |
265 | 2.81k | { |
266 | 2.81k | OSSL_PARAM *p; |
267 | 2.81k | OSSL_PARAM *fuzzed_parameters; |
268 | 2.81k | int p_num = 0; |
269 | | |
270 | 18.0k | for (p = param; p != NULL && p->key != NULL; p++) |
271 | 15.2k | p_num++; |
272 | | |
273 | 2.81k | fuzzed_parameters = OPENSSL_zalloc(sizeof(OSSL_PARAM) *(p_num + 1)); |
274 | 2.81k | p = fuzzed_parameters; |
275 | | |
276 | 18.0k | for (; param != NULL && param->key != NULL; param++) { |
277 | 15.2k | int64_t *use_param = NULL; |
278 | 15.2k | int64_t *p_value_int = NULL; |
279 | 15.2k | uint64_t *p_value_uint = NULL; |
280 | 15.2k | double *p_value_double = NULL; |
281 | 15.2k | char *p_value_utf8_str = DFLT_STR; |
282 | 15.2k | char *p_value_octet_str = DFLT_OCTET_STRING; |
283 | 15.2k | char *p_value_utf8_ptr = DFLT_UTF8_PTR; |
284 | 15.2k | char *p_value_octet_ptr = DFLT_OCTET_PTR; |
285 | | |
286 | 15.2k | int data_len = 0; |
287 | | |
288 | 15.2k | if (!read_int(buf, len, &use_param)) { |
289 | 5.72k | use_param = OPENSSL_malloc(sizeof(uint64_t)); |
290 | 5.72k | *use_param = 0; |
291 | 5.72k | } |
292 | | |
293 | 15.2k | switch (param->data_type) { |
294 | 992 | case OSSL_PARAM_INTEGER: |
295 | 992 | if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) { |
296 | 0 | p_value_int = OPENSSL_malloc(sizeof(ITERS)); |
297 | 0 | *p_value_int = ITERS; |
298 | 992 | } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) { |
299 | 0 | p_value_int = OPENSSL_malloc(sizeof(ITERS)); |
300 | 0 | *p_value_int = ITERS; |
301 | 992 | } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) { |
302 | 90 | p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE)); |
303 | 90 | *p_value_int = BLOCKSIZE; |
304 | 902 | } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) { |
305 | 0 | p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE)); |
306 | 0 | *p_value_int = BLOCKSIZE; |
307 | 902 | } else if (!*use_param || !read_int(buf, len, &p_value_int)) { |
308 | 698 | p_value_int = OPENSSL_malloc(sizeof(int64_t)); |
309 | 698 | *p_value_int = 0; |
310 | 698 | } |
311 | | |
312 | 992 | *p = *param; |
313 | 992 | p->data = p_value_int; |
314 | 992 | p++; |
315 | 992 | break; |
316 | 3.01k | case OSSL_PARAM_UNSIGNED_INTEGER: |
317 | 3.01k | if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) { |
318 | 439 | p_value_uint = OPENSSL_malloc(sizeof(UITERS)); |
319 | 439 | *p_value_uint = UITERS; |
320 | 2.57k | } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) { |
321 | 34 | p_value_uint = OPENSSL_malloc(sizeof(UITERS)); |
322 | 34 | *p_value_uint = UITERS; |
323 | 2.54k | } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) { |
324 | 34 | p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE)); |
325 | 34 | *p_value_uint = UBLOCKSIZE; |
326 | 2.50k | } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) { |
327 | 34 | p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE)); |
328 | 34 | *p_value_uint = UBLOCKSIZE; |
329 | 2.47k | } else if (!*use_param || !read_uint(buf, len, &p_value_uint)) { |
330 | 1.22k | p_value_uint = OPENSSL_malloc(sizeof(uint64_t)); |
331 | 1.22k | *p_value_uint = 0; |
332 | 1.22k | } |
333 | | |
334 | 3.01k | *p = *param; |
335 | 3.01k | p->data = p_value_uint; |
336 | 3.01k | p++; |
337 | 3.01k | break; |
338 | 0 | case OSSL_PARAM_REAL: |
339 | 0 | if (!*use_param || !read_double(buf, len, &p_value_double)) { |
340 | 0 | p_value_double = OPENSSL_malloc(sizeof(double)); |
341 | 0 | *p_value_double = 0; |
342 | 0 | } |
343 | |
|
344 | 0 | *p = *param; |
345 | 0 | p->data = p_value_double; |
346 | 0 | p++; |
347 | 0 | break; |
348 | 5.15k | case OSSL_PARAM_UTF8_STRING: |
349 | 5.15k | if (*use_param && (data_len = read_utf8_string(buf, len, &p_value_utf8_str)) < 0) |
350 | 172 | data_len = 0; |
351 | 5.15k | *p = *param; |
352 | 5.15k | p->data = p_value_utf8_str; |
353 | 5.15k | p->data_size = data_len; |
354 | 5.15k | p++; |
355 | 5.15k | break; |
356 | 6.06k | case OSSL_PARAM_OCTET_STRING: |
357 | 6.06k | if (*use_param && (data_len = read_octet_string(buf, len, &p_value_octet_str)) < 0) |
358 | 925 | data_len = 0; |
359 | 6.06k | *p = *param; |
360 | 6.06k | p->data = p_value_octet_str; |
361 | 6.06k | p->data_size = data_len; |
362 | 6.06k | p++; |
363 | 6.06k | break; |
364 | 0 | case OSSL_PARAM_UTF8_PTR: |
365 | 0 | if (*use_param && (data_len = read_utf8_ptr(buf, len, &p_value_utf8_ptr)) < 0) |
366 | 0 | data_len = 0; |
367 | 0 | *p = *param; |
368 | 0 | p->data = p_value_utf8_ptr; |
369 | 0 | p->data_size = data_len; |
370 | 0 | p++; |
371 | 0 | break; |
372 | 0 | case OSSL_PARAM_OCTET_PTR: |
373 | 0 | if (*use_param && (data_len = read_octet_ptr(buf, len, &p_value_octet_ptr)) < 0) |
374 | 0 | data_len = 0; |
375 | 0 | *p = *param; |
376 | 0 | p->data = p_value_octet_ptr; |
377 | 0 | p->data_size = data_len; |
378 | 0 | p++; |
379 | 0 | break; |
380 | 0 | default: |
381 | 0 | break; |
382 | 15.2k | } |
383 | | |
384 | 15.2k | OPENSSL_free(use_param); |
385 | 15.2k | } |
386 | | |
387 | 2.81k | return fuzzed_parameters; |
388 | 2.81k | } |
389 | | |
390 | | static int do_evp_cipher(const EVP_CIPHER *evp_cipher, const OSSL_PARAM param[]) |
391 | 33 | { |
392 | 33 | unsigned char outbuf[1024]; |
393 | 33 | int outlen, tmplen; |
394 | 33 | unsigned char key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}; |
395 | 33 | unsigned char iv[] = {1, 2, 3, 4, 5, 6, 7, 8}; |
396 | 33 | const char intext[] = "text"; |
397 | 33 | EVP_CIPHER_CTX *ctx; |
398 | | |
399 | 33 | ctx = EVP_CIPHER_CTX_new(); |
400 | | |
401 | 33 | if (!EVP_CIPHER_CTX_set_params(ctx, param)) { |
402 | 33 | EVP_CIPHER_CTX_free(ctx); |
403 | 33 | return 0; |
404 | 33 | } |
405 | | |
406 | 0 | if (!EVP_EncryptInit_ex2(ctx, evp_cipher, key, iv, NULL)) { |
407 | | /* Error */ |
408 | 0 | EVP_CIPHER_CTX_free(ctx); |
409 | 0 | return 0; |
410 | 0 | } |
411 | | |
412 | 0 | if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, (const unsigned char *) intext, strlen(intext))) { |
413 | | /* Error */ |
414 | 0 | EVP_CIPHER_CTX_free(ctx); |
415 | 0 | return 0; |
416 | 0 | } |
417 | | /* |
418 | | * Buffer passed to EVP_EncryptFinal() must be after data just |
419 | | * encrypted to avoid overwriting it. |
420 | | */ |
421 | 0 | if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) { |
422 | | /* Error */ |
423 | 0 | EVP_CIPHER_CTX_free(ctx); |
424 | 0 | return 0; |
425 | 0 | } |
426 | 0 | outlen += tmplen; |
427 | 0 | EVP_CIPHER_CTX_free(ctx); |
428 | 0 | return 1; |
429 | 0 | } |
430 | | |
431 | | static int do_evp_kdf(EVP_KDF *evp_kdf, const OSSL_PARAM params[]) |
432 | 2.05k | { |
433 | 2.05k | int r = 1; |
434 | 2.05k | EVP_KDF_CTX *kctx = NULL; |
435 | 2.05k | unsigned char derived[32]; |
436 | | |
437 | 2.05k | kctx = EVP_KDF_CTX_new(evp_kdf); |
438 | | |
439 | 2.05k | if (kctx == NULL) { |
440 | 0 | r = 0; |
441 | 0 | goto end; |
442 | 0 | } |
443 | | |
444 | 2.05k | if (EVP_KDF_CTX_set_params(kctx, params) <= 0) { |
445 | 984 | r = 0; |
446 | 984 | goto end; |
447 | 984 | } |
448 | | |
449 | 1.07k | if (EVP_KDF_derive(kctx, derived, sizeof(derived), NULL) <= 0) { |
450 | 381 | r = 0; |
451 | 381 | goto end; |
452 | 381 | } |
453 | | |
454 | 2.05k | end: |
455 | 2.05k | EVP_KDF_CTX_free(kctx); |
456 | 2.05k | return r; |
457 | 1.07k | } |
458 | | |
459 | | static int do_evp_mac(EVP_MAC *evp_mac, const OSSL_PARAM params[]) |
460 | 445 | { |
461 | 445 | int r = 1; |
462 | 445 | const char *key = "mac_key"; |
463 | 445 | char text[] = "Some Crypto Text"; |
464 | 445 | EVP_MAC_CTX *ctx = NULL; |
465 | 445 | unsigned char buf[4096]; |
466 | 445 | size_t final_l; |
467 | | |
468 | 445 | if ((ctx = EVP_MAC_CTX_new(evp_mac)) == NULL |
469 | 445 | || !EVP_MAC_init(ctx, (const unsigned char *) key, strlen(key), |
470 | 445 | params)) { |
471 | 260 | r = 0; |
472 | 260 | goto end; |
473 | 260 | } |
474 | | |
475 | 185 | if (EVP_MAC_CTX_set_params(ctx, params) <= 0) { |
476 | 0 | r = 0; |
477 | 0 | goto end; |
478 | 0 | } |
479 | | |
480 | 185 | if (!EVP_MAC_update(ctx, (unsigned char *) text, sizeof(text))) { |
481 | 10 | r = 0; |
482 | 10 | goto end; |
483 | 10 | } |
484 | | |
485 | 175 | if (!EVP_MAC_final(ctx, buf, &final_l, sizeof(buf))) { |
486 | 0 | r = 0; |
487 | 0 | goto end; |
488 | 0 | } |
489 | | |
490 | 445 | end: |
491 | 445 | EVP_MAC_CTX_free(ctx); |
492 | 445 | return r; |
493 | 175 | } |
494 | | |
495 | | static int do_evp_rand(EVP_RAND *evp_rand, const OSSL_PARAM params[]) |
496 | 214 | { |
497 | 214 | int r = 1; |
498 | 214 | EVP_RAND_CTX *ctx = NULL; |
499 | 214 | unsigned char buf[4096]; |
500 | | |
501 | 214 | if (!(ctx = EVP_RAND_CTX_new(evp_rand, NULL))) { |
502 | 0 | r = 0; |
503 | 0 | goto end; |
504 | 0 | } |
505 | | |
506 | 214 | if (EVP_RAND_CTX_set_params(ctx, params) <= 0) { |
507 | 53 | r = 0; |
508 | 53 | goto end; |
509 | 53 | } |
510 | | |
511 | 161 | if (!EVP_RAND_generate(ctx, buf, sizeof(buf), 0, 0, NULL, 0)) { |
512 | 43 | r = 0; |
513 | 43 | goto end; |
514 | 43 | } |
515 | | |
516 | 118 | if (!EVP_RAND_reseed(ctx, 0, 0, 0, NULL, 0)) { |
517 | 0 | r = 0; |
518 | 0 | goto end; |
519 | 0 | } |
520 | | |
521 | 214 | end: |
522 | 214 | EVP_RAND_CTX_free(ctx); |
523 | 214 | return r; |
524 | 118 | } |
525 | | |
526 | | static int do_evp_sig(EVP_SIGNATURE *evp_sig, const OSSL_PARAM params[]) |
527 | 20 | { |
528 | 20 | return 0; |
529 | 20 | } |
530 | | |
531 | | static int do_evp_asym_cipher(EVP_ASYM_CIPHER *evp_asym_cipher, const OSSL_PARAM params[]) |
532 | 8 | { |
533 | 8 | return 0; |
534 | 8 | } |
535 | | |
536 | | static int do_evp_kem(EVP_KEM *evp_kem, const OSSL_PARAM params[]) |
537 | 11 | { |
538 | 11 | return 0; |
539 | 11 | } |
540 | | |
541 | | static int do_evp_key_exch(EVP_KEYEXCH *evp_kdf, const OSSL_PARAM params[]) |
542 | 19 | { |
543 | 19 | return 0; |
544 | 19 | } |
545 | | |
546 | | static int do_evp_md(EVP_MD *evp_md, const OSSL_PARAM params[]) |
547 | 14 | { |
548 | 14 | int r = 1; |
549 | 14 | unsigned char md_value[EVP_MAX_MD_SIZE]; |
550 | 14 | unsigned int md_len; |
551 | 14 | EVP_MD_CTX *mdctx = NULL; |
552 | | |
553 | 14 | if (!(mdctx = EVP_MD_CTX_new())) { |
554 | 0 | r = 0; |
555 | 0 | goto end; |
556 | 0 | } |
557 | | |
558 | 14 | if (!EVP_MD_CTX_set_params(mdctx, params)) { |
559 | 14 | r = 0; |
560 | 14 | goto end; |
561 | 14 | } |
562 | | |
563 | 0 | if (!EVP_DigestInit_ex2(mdctx, evp_md, NULL)) { |
564 | 0 | r = 0; |
565 | 0 | goto end; |
566 | 0 | } |
567 | 0 | if (!EVP_DigestUpdate(mdctx, "Test", strlen("Test"))) { |
568 | 0 | r = 0; |
569 | 0 | goto end; |
570 | 0 | } |
571 | 0 | if (!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) { |
572 | 0 | r = 0; |
573 | 0 | goto end; |
574 | 0 | } |
575 | | |
576 | 14 | end: |
577 | 14 | EVP_MD_CTX_free(mdctx); |
578 | 14 | return r; |
579 | 0 | } |
580 | | |
581 | | #define EVP_FUZZ(source, evp, f) \ |
582 | 2.81k | do { \ |
583 | 2.81k | evp *alg = sk_##evp##_value(source, *algorithm % sk_##evp##_num(source)); \ |
584 | 2.81k | OSSL_PARAM *fuzzed_params; \ |
585 | 2.81k | \ |
586 | 2.81k | if (alg == NULL) \ |
587 | 2.81k | break; \ |
588 | 2.81k | fuzzed_params = fuzz_params((OSSL_PARAM*) evp##_settable_ctx_params(alg), &buf, &len); \ |
589 | 2.81k | if (fuzzed_params != NULL) \ |
590 | 2.81k | f(alg, fuzzed_params); \ |
591 | 2.81k | free_params(fuzzed_params); \ |
592 | 2.81k | OSSL_PARAM_free(fuzzed_params); \ |
593 | 2.81k | } while (0); |
594 | | |
595 | | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
596 | 2.82k | { |
597 | 2.82k | int r = 1; |
598 | 2.82k | uint64_t *operation = NULL; |
599 | 2.82k | int64_t *algorithm = NULL; |
600 | | |
601 | 2.82k | if (!read_uint(&buf, &len, &operation)) { |
602 | 4 | r = 0; |
603 | 4 | goto end; |
604 | 4 | } |
605 | | |
606 | 2.82k | if (!read_int(&buf, &len, &algorithm)) { |
607 | 5 | r = 0; |
608 | 5 | goto end; |
609 | 5 | } |
610 | | |
611 | 2.82k | switch (*operation % 10) { |
612 | 14 | case 0: |
613 | 14 | EVP_FUZZ(digests_collection, EVP_MD, do_evp_md); |
614 | 14 | break; |
615 | 33 | case 1: |
616 | 33 | EVP_FUZZ(cipher_collection, EVP_CIPHER, do_evp_cipher); |
617 | 33 | break; |
618 | 2.05k | case 2: |
619 | 2.05k | EVP_FUZZ(kdf_collection, EVP_KDF, do_evp_kdf); |
620 | 2.05k | break; |
621 | 445 | case 3: |
622 | 445 | EVP_FUZZ(mac_collection, EVP_MAC, do_evp_mac); |
623 | 445 | break; |
624 | 11 | case 4: |
625 | 11 | EVP_FUZZ(kem_collection, EVP_KEM, do_evp_kem); |
626 | 11 | break; |
627 | 214 | case 5: |
628 | 214 | EVP_FUZZ(rand_collection, EVP_RAND, do_evp_rand); |
629 | 214 | break; |
630 | 8 | case 6: |
631 | 8 | EVP_FUZZ(asym_ciphers_collection, EVP_ASYM_CIPHER, do_evp_asym_cipher); |
632 | 8 | break; |
633 | 20 | case 7: |
634 | 20 | EVP_FUZZ(signature_collection, EVP_SIGNATURE, do_evp_sig); |
635 | 20 | break; |
636 | 19 | case 8: |
637 | 19 | EVP_FUZZ(keyexch_collection, EVP_KEYEXCH, do_evp_key_exch); |
638 | 19 | break; |
639 | 1 | case 9: |
640 | | /* |
641 | | Implement and call: |
642 | | static int do_evp_keymgmt(EVP_KEYMGMT *evp_kdf, const OSSL_PARAM params[]) |
643 | | { |
644 | | return 0; |
645 | | } |
646 | | */ |
647 | | /* not yet implemented */ |
648 | 1 | break; |
649 | 0 | default: |
650 | 0 | r = 0; |
651 | 0 | goto end; |
652 | 2.82k | } |
653 | | |
654 | 2.82k | end: |
655 | 2.82k | OPENSSL_free(operation); |
656 | 2.82k | OPENSSL_free(algorithm); |
657 | 2.82k | return r; |
658 | 2.82k | } |