1
/*
2
 * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 * https://www.openssl.org/source/license.html
8
 * or in the file LICENSE in the source distribution.
9
 */
10
#include <string.h>
11
#include <openssl/types.h>
12
#include <openssl/crypto.h>
13
#include <openssl/core_names.h>
14
#include <openssl/kdf.h>
15
#include <openssl/evp.h>
16
#include <openssl/provider.h>
17
#include "fuzzer.h"
18

19
#define DEFINE_ALGORITHMS(name, evp)                                     \
20
    DEFINE_STACK_OF(evp)                                                 \
21
    static int cmp_##evp(const evp *const *a, const evp *const *b);      \
22
    static void collect_##evp(evp *obj, void *stack);                    \
23
    static void init_##name(OSSL_LIB_CTX *libctx);                       \
24
    static void cleanup_##name(void);                                    \
25
    static STACK_OF(evp) *name##_collection;                             \
26
    static int cmp_##evp(const evp *const *a, const evp *const *b)       \
27
    {                                                                    \
28
        return strcmp(OSSL_PROVIDER_get0_name(evp##_get0_provider(*a)),  \
29
            OSSL_PROVIDER_get0_name(evp##_get0_provider(*b)));           \
30
    }                                                                    \
31
    static void collect_##evp(evp *obj, void *stack)                     \
32
    {                                                                    \
33
        STACK_OF(evp) *obj_stack = stack;                                \
34
                                                                         \
35
        if (sk_##evp##_push(obj_stack, obj) > 0)                         \
36
            evp##_up_ref(obj);                                           \
37
    }                                                                    \
38
    static void init_##name(OSSL_LIB_CTX *libctx)                        \
39
    {                                                                    \
40
        name##_collection = sk_##evp##_new(cmp_##evp);                   \
41
        evp##_do_all_provided(libctx, collect_##evp, name##_collection); \
42
    }                                                                    \
43
    static void cleanup_##name(void)                                     \
44
    {                                                                    \
45
        sk_##evp##_pop_free(name##_collection, evp##_free);              \
46
    }
47

48
DEFINE_ALGORITHMS(digests, EVP_MD)
49

50
DEFINE_ALGORITHMS(kdf, EVP_KDF)
51

52
DEFINE_ALGORITHMS(cipher, EVP_CIPHER)
53

54
DEFINE_ALGORITHMS(kem, EVP_KEM)
55

56
DEFINE_ALGORITHMS(keyexch, EVP_KEYEXCH)
57

58
DEFINE_ALGORITHMS(rand, EVP_RAND)
59

60
DEFINE_ALGORITHMS(mac, EVP_MAC)
61

62
DEFINE_ALGORITHMS(keymgmt, EVP_KEYMGMT)
63

64
DEFINE_ALGORITHMS(signature, EVP_SIGNATURE)
65

66
DEFINE_ALGORITHMS(asym_ciphers, EVP_ASYM_CIPHER)
67

68
static OSSL_LIB_CTX *libctx = NULL;
69

70
int FuzzerInitialize(int *argc, char ***argv)
71
{
72
    libctx = OSSL_LIB_CTX_new();
73
    if (libctx == NULL)
74
        return 0;
75

76
    init_digests(libctx);
77
    init_kdf(libctx);
78
    init_cipher(libctx);
79
    init_kem(libctx);
80
    init_keyexch(libctx);
81
    init_rand(libctx);
82
    init_mac(libctx);
83
    init_keymgmt(libctx);
84
    init_signature(libctx);
85
    init_asym_ciphers(libctx);
86
    return 1;
87
}
88

89
void FuzzerCleanup(void)
90
{
91
    cleanup_digests();
92
    cleanup_kdf();
93
    cleanup_cipher();
94
    cleanup_kem();
95
    cleanup_keyexch();
96
    cleanup_rand();
97
    cleanup_mac();
98
    cleanup_keymgmt();
99
    cleanup_signature();
100
    cleanup_asym_ciphers();
101

102
    OSSL_LIB_CTX_free(libctx);
103
}
104

105
static int read_uint(const uint8_t **buf, size_t *len, uint64_t **res)
106
{
107
    int r = 1;
108

109
    if (*len < sizeof(uint64_t)) {
110
        r = 0;
111
        goto end;
112
    }
113

114
    *res = OPENSSL_malloc(sizeof(uint64_t));
115
    **res = (uint64_t)**buf;
116

117
    *buf += sizeof(uint64_t);
118
    *len -= sizeof(uint64_t);
119
end:
120
    return r;
121
}
122

123
static int read_int(const uint8_t **buf, size_t *len, int64_t **res)
124
{
125
    int r = 1;
126

127
    if (*len < sizeof(int64_t)) {
128
        r = 0;
129
        goto end;
130
    }
131

132
    *res = OPENSSL_malloc(sizeof(int64_t));
133
    **res = (int64_t)**buf;
134

135
    *buf += sizeof(int64_t);
136
    *len -= sizeof(int64_t);
137
end:
138
    return r;
139
}
140

141
static int read_double(const uint8_t **buf, size_t *len, double **res)
142
{
143
    int r = 1;
144

145
    if (*len < sizeof(double)) {
146
        r = 0;
147
        goto end;
148
    }
149

150
    *res = OPENSSL_malloc(sizeof(double));
151
    **res = (double)**buf;
152

153
    *buf += sizeof(double);
154
    *len -= sizeof(double);
155
end:
156
    return r;
157
}
158

159
static int read_utf8_string(const uint8_t **buf, size_t *len, char **res)
160
{
161
    size_t found_len;
162
    int r;
163

164
    found_len = OPENSSL_strnlen((const char *)*buf, *len);
165

166
    if (found_len == *len) {
167
        r = -1;
168
        goto end;
169
    }
170

171
    found_len++; /* skip over the \0 byte */
172

173
    r = (int)found_len;
174

175
    *res = (char *)*buf;
176
    *len -= found_len;
177
    *buf = *buf + found_len; /* continue after the \0 byte */
178
end:
179
    return r;
180
}
181

182
static int read_utf8_ptr(const uint8_t **buf, size_t *len, char **res)
183
{
184
    if (*len > 0 && **buf == 0xFF) {
185
        /* represent NULL somehow */
186
        *res = NULL;
187
        *buf += 1;
188
        *len -= 1;
189
        return 0;
190
    }
191
    return read_utf8_string(buf, len, res);
192
}
193

194
static int read_octet_string(const uint8_t **buf, size_t *len, char **res)
195
{
196
    int r;
197
    size_t i;
198
    const uint8_t *ptr = *buf;
199
    int found = 0;
200

201
    for (i = 0; i < *len; ++i) {
202
        if (*ptr == 0xFF && (i + 1 < *len && *(ptr + 1) == 0xFF)) {
203
            ptr++;
204
            found = 1;
205
            break;
206
        }
207
        ptr++;
208
    }
209

210
    if (!found) {
211
        r = -1;
212
        goto end;
213
    }
214

215
    *res = (char *)*buf;
216

217
    r = ptr - *buf;
218
    *len -= r;
219
    *buf = ptr;
220

221
end:
222
    return r;
223
}
224

225
static int read_octet_ptr(const uint8_t **buf, size_t *len, char **res)
226
{
227
    /* TODO: This representation could need an improvement potentially. */
228
    if (*len > 1 && **buf == 0xFF && *(*buf + 1) == 0xFF) {
229
        /* represent NULL somehow */
230
        *res = NULL;
231
        *buf += 2;
232
        *len -= 2;
233
        return 0;
234
    }
235
    return read_octet_string(buf, len, res);
236
}
237

238
static char *DFLT_STR = "";
239
static char *DFLT_UTF8_PTR = NULL;
240
static char *DFLT_OCTET_STRING = "";
241
static char *DFLT_OCTET_PTR = NULL;
242

243
static int64_t ITERS = 1;
244
static uint64_t UITERS = 1;
245
static int64_t BLOCKSIZE = 8;
246
static uint64_t UBLOCKSIZE = 8;
247

248
static void free_params(OSSL_PARAM *param)
249
{
250
    for (; param != NULL && param->key != NULL; param++) {
251
        switch (param->data_type) {
252
        case OSSL_PARAM_INTEGER:
253
        case OSSL_PARAM_UNSIGNED_INTEGER:
254
        case OSSL_PARAM_REAL:
255
            if (param->data != NULL) {
256
                OPENSSL_free(param->data);
257
            }
258
            break;
259
        }
260
    }
261
}
262

263
static OSSL_PARAM *fuzz_params(OSSL_PARAM *param, const uint8_t **buf, size_t *len)
264
{
265
    OSSL_PARAM *p;
266
    OSSL_PARAM *fuzzed_parameters;
267
    int p_num = 0;
268

269
    for (p = param; p != NULL && p->key != NULL; p++)
270
        p_num++;
271

272
    fuzzed_parameters = OPENSSL_zalloc(sizeof(OSSL_PARAM) * (p_num + 1));
273
    p = fuzzed_parameters;
274

275
    for (; param != NULL && param->key != NULL; param++) {
276
        int64_t *use_param = NULL;
277
        int64_t *p_value_int = NULL;
278
        uint64_t *p_value_uint = NULL;
279
        double *p_value_double = NULL;
280
        char *p_value_utf8_str = DFLT_STR;
281
        char *p_value_octet_str = DFLT_OCTET_STRING;
282
        char *p_value_utf8_ptr = DFLT_UTF8_PTR;
283
        char *p_value_octet_ptr = DFLT_OCTET_PTR;
284

285
        int data_len = 0;
286

287
        if (!read_int(buf, len, &use_param)) {
288
            use_param = OPENSSL_malloc(sizeof(uint64_t));
289
            *use_param = 0;
290
        }
291

292
        switch (param->data_type) {
293
        case OSSL_PARAM_INTEGER:
294
            if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) {
295
                p_value_int = OPENSSL_malloc(sizeof(ITERS));
296
                *p_value_int = ITERS;
297
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) {
298
                p_value_int = OPENSSL_malloc(sizeof(ITERS));
299
                *p_value_int = ITERS;
300
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) {
301
                p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE));
302
                *p_value_int = BLOCKSIZE;
303
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) {
304
                p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE));
305
                *p_value_int = BLOCKSIZE;
306
            } else if (!*use_param || !read_int(buf, len, &p_value_int)) {
307
                p_value_int = OPENSSL_malloc(sizeof(int64_t));
308
                *p_value_int = 0;
309
            }
310

311
            *p = *param;
312
            p->data = p_value_int;
313
            p++;
314
            break;
315
        case OSSL_PARAM_UNSIGNED_INTEGER:
316
            if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) {
317
                p_value_uint = OPENSSL_malloc(sizeof(UITERS));
318
                *p_value_uint = UITERS;
319
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) {
320
                p_value_uint = OPENSSL_malloc(sizeof(UITERS));
321
                *p_value_uint = UITERS;
322
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) {
323
                p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE));
324
                *p_value_uint = UBLOCKSIZE;
325
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) {
326
                p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE));
327
                *p_value_uint = UBLOCKSIZE;
328
            } else if (!*use_param || !read_uint(buf, len, &p_value_uint)) {
329
                p_value_uint = OPENSSL_malloc(sizeof(uint64_t));
330
                *p_value_uint = 0;
331
            }
332

333
            *p = *param;
334
            p->data = p_value_uint;
335
            p++;
336
            break;
337
        case OSSL_PARAM_REAL:
338
            if (!*use_param || !read_double(buf, len, &p_value_double)) {
339
                p_value_double = OPENSSL_malloc(sizeof(double));
340
                *p_value_double = 0;
341
            }
342

343
            *p = *param;
344
            p->data = p_value_double;
345
            p++;
346
            break;
347
        case OSSL_PARAM_UTF8_STRING:
348
            if (*use_param && (data_len = read_utf8_string(buf, len, &p_value_utf8_str)) < 0)
349
                data_len = 0;
350
            *p = *param;
351
            p->data = p_value_utf8_str;
352
            p->data_size = data_len;
353
            p++;
354
            break;
355
        case OSSL_PARAM_OCTET_STRING:
356
            if (*use_param && (data_len = read_octet_string(buf, len, &p_value_octet_str)) < 0)
357
                data_len = 0;
358
            *p = *param;
359
            p->data = p_value_octet_str;
360
            p->data_size = data_len;
361
            p++;
362
            break;
363
        case OSSL_PARAM_UTF8_PTR:
364
            if (*use_param && (data_len = read_utf8_ptr(buf, len, &p_value_utf8_ptr)) < 0)
365
                data_len = 0;
366
            *p = *param;
367
            p->data = p_value_utf8_ptr;
368
            p->data_size = data_len;
369
            p++;
370
            break;
371
        case OSSL_PARAM_OCTET_PTR:
372
            if (*use_param && (data_len = read_octet_ptr(buf, len, &p_value_octet_ptr)) < 0)
373
                data_len = 0;
374
            *p = *param;
375
            p->data = p_value_octet_ptr;
376
            p->data_size = data_len;
377
            p++;
378
            break;
379
        default:
380
            break;
381
        }
382

383
        OPENSSL_free(use_param);
384
    }
385

386
    return fuzzed_parameters;
387
}
388

389
static int do_evp_cipher(const EVP_CIPHER *evp_cipher, const OSSL_PARAM param[])
390
{
391
    unsigned char outbuf[1024];
392
    int outlen, tmplen;
393
    unsigned char key[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 };
394
    unsigned char iv[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
395
    const char intext[] = "text";
396
    EVP_CIPHER_CTX *ctx;
397

398
    ctx = EVP_CIPHER_CTX_new();
399

400
    if (!EVP_CIPHER_CTX_set_params(ctx, param)) {
401
        EVP_CIPHER_CTX_free(ctx);
402
        return 0;
403
    }
404

405
    if (!EVP_EncryptInit_ex2(ctx, evp_cipher, key, iv, NULL)) {
406
        /* Error */
407
        EVP_CIPHER_CTX_free(ctx);
408
        return 0;
409
    }
410

411
    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, (const unsigned char *)intext, strlen(intext))) {
412
        /* Error */
413
        EVP_CIPHER_CTX_free(ctx);
414
        return 0;
415
    }
416
    /*
417
     * Buffer passed to EVP_EncryptFinal() must be after data just
418
     * encrypted to avoid overwriting it.
419
     */
420
    if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
421
        /* Error */
422
        EVP_CIPHER_CTX_free(ctx);
423
        return 0;
424
    }
425
    outlen += tmplen;
426
    EVP_CIPHER_CTX_free(ctx);
427
    return 1;
428
}
429

430
static int do_evp_kdf(EVP_KDF *evp_kdf, const OSSL_PARAM params[])
431
{
432
    int r = 1;
433
    EVP_KDF_CTX *kctx = NULL;
434
    unsigned char derived[32];
435

436
    kctx = EVP_KDF_CTX_new(evp_kdf);
437

438
    if (kctx == NULL) {
439
        r = 0;
440
        goto end;
441
    }
442

443
    if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
444
        r = 0;
445
        goto end;
446
    }
447

448
    if (EVP_KDF_derive(kctx, derived, sizeof(derived), NULL) <= 0) {
449
        r = 0;
450
        goto end;
451
    }
452

453
end:
454
    EVP_KDF_CTX_free(kctx);
455
    return r;
456
}
457

458
static int do_evp_mac(EVP_MAC *evp_mac, const OSSL_PARAM params[])
459
{
460
    int r = 1;
461
    const char *key = "mac_key";
462
    char text[] = "Some Crypto Text";
463
    EVP_MAC_CTX *ctx = NULL;
464
    unsigned char buf[4096];
465
    size_t final_l;
466

467
    if ((ctx = EVP_MAC_CTX_new(evp_mac)) == NULL
468
        || !EVP_MAC_init(ctx, (const unsigned char *)key, strlen(key),
469
            params)) {
470
        r = 0;
471
        goto end;
472
    }
473

474
    if (EVP_MAC_CTX_set_params(ctx, params) <= 0) {
475
        r = 0;
476
        goto end;
477
    }
478

479
    if (!EVP_MAC_update(ctx, (unsigned char *)text, sizeof(text))) {
480
        r = 0;
481
        goto end;
482
    }
483

484
    if (!EVP_MAC_final(ctx, buf, &final_l, sizeof(buf))) {
485
        r = 0;
486
        goto end;
487
    }
488

489
end:
490
    EVP_MAC_CTX_free(ctx);
491
    return r;
492
}
493

494
static int do_evp_rand(EVP_RAND *evp_rand, const OSSL_PARAM params[])
495
{
496
    int r = 1;
497
    EVP_RAND_CTX *ctx = NULL;
498
    unsigned char buf[4096];
499

500
    if (!(ctx = EVP_RAND_CTX_new(evp_rand, NULL))) {
501
        r = 0;
502
        goto end;
503
    }
504

505
    if (EVP_RAND_CTX_set_params(ctx, params) <= 0) {
506
        r = 0;
507
        goto end;
508
    }
509

510
    if (!EVP_RAND_generate(ctx, buf, sizeof(buf), 0, 0, NULL, 0)) {
511
        r = 0;
512
        goto end;
513
    }
514

515
    if (!EVP_RAND_reseed(ctx, 0, 0, 0, NULL, 0)) {
516
        r = 0;
517
        goto end;
518
    }
519

520
end:
521
    EVP_RAND_CTX_free(ctx);
522
    return r;
523
}
524

525
static int do_evp_sig(EVP_SIGNATURE *evp_sig, const OSSL_PARAM params[])
526
{
527
    return 0;
528
}
529

530
static int do_evp_asym_cipher(EVP_ASYM_CIPHER *evp_asym_cipher, const OSSL_PARAM params[])
531
{
532
    return 0;
533
}
534

535
static int do_evp_kem(EVP_KEM *evp_kem, const OSSL_PARAM params[])
536
{
537
    return 0;
538
}
539

540
static int do_evp_key_exch(EVP_KEYEXCH *evp_kdf, const OSSL_PARAM params[])
541
{
542
    return 0;
543
}
544

545
static int do_evp_md(EVP_MD *evp_md, const OSSL_PARAM params[])
546
{
547
    int r = 1;
548
    unsigned char md_value[EVP_MAX_MD_SIZE];
549
    unsigned int md_len;
550
    EVP_MD_CTX *mdctx = NULL;
551

552
    if (!(mdctx = EVP_MD_CTX_new())) {
553
        r = 0;
554
        goto end;
555
    }
556

557
    if (!EVP_MD_CTX_set_params(mdctx, params)) {
558
        r = 0;
559
        goto end;
560
    }
561

562
    if (!EVP_DigestInit_ex2(mdctx, evp_md, NULL)) {
563
        r = 0;
564
        goto end;
565
    }
566
    if (!EVP_DigestUpdate(mdctx, "Test", strlen("Test"))) {
567
        r = 0;
568
        goto end;
569
    }
570
    if (!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) {
571
        r = 0;
572
        goto end;
573
    }
574

575
end:
576
    EVP_MD_CTX_free(mdctx);
577
    return r;
578
}
579

580
#define EVP_FUZZ(source, evp, f)                                                               \
581
    do {                                                                                       \
582
        evp *alg = sk_##evp##_value(source, *algorithm % sk_##evp##_num(source));              \
583
        OSSL_PARAM *fuzzed_params;                                                             \
584
                                                                                               \
585
        if (alg == NULL)                                                                       \
586
            break;                                                                             \
587
        fuzzed_params = fuzz_params((OSSL_PARAM *)evp##_settable_ctx_params(alg), &buf, &len); \
588
        if (fuzzed_params != NULL)                                                             \
589
            f(alg, fuzzed_params);                                                             \
590
        free_params(fuzzed_params);                                                            \
591
        OSSL_PARAM_free(fuzzed_params);                                                        \
592
    } while (0);
593

594
int FuzzerTestOneInput(const uint8_t *buf, size_t len)
595
{
596
    int r = 1;
597
    uint64_t *operation = NULL;
598
    int64_t *algorithm = NULL;
599

600
    if (!read_uint(&buf, &len, &operation)) {
601
        r = 0;
602
        goto end;
603
    }
604

605
    if (!read_int(&buf, &len, &algorithm)) {
606
        r = 0;
607
        goto end;
608
    }
609

610
    switch (*operation % 10) {
611
    case 0:
612
        EVP_FUZZ(digests_collection, EVP_MD, do_evp_md);
613
        break;
614
    case 1:
615
        EVP_FUZZ(cipher_collection, EVP_CIPHER, do_evp_cipher);
616
        break;
617
    case 2:
618
        EVP_FUZZ(kdf_collection, EVP_KDF, do_evp_kdf);
619
        break;
620
    case 3:
621
        EVP_FUZZ(mac_collection, EVP_MAC, do_evp_mac);
622
        break;
623
    case 4:
624
        EVP_FUZZ(kem_collection, EVP_KEM, do_evp_kem);
625
        break;
626
    case 5:
627
        EVP_FUZZ(rand_collection, EVP_RAND, do_evp_rand);
628
        break;
629
    case 6:
630
        EVP_FUZZ(asym_ciphers_collection, EVP_ASYM_CIPHER, do_evp_asym_cipher);
631
        break;
632
    case 7:
633
        EVP_FUZZ(signature_collection, EVP_SIGNATURE, do_evp_sig);
634
        break;
635
    case 8:
636
        EVP_FUZZ(keyexch_collection, EVP_KEYEXCH, do_evp_key_exch);
637
        break;
638
    case 9:
639
        /*
640
        Implement and call:
641
        static int do_evp_keymgmt(EVP_KEYMGMT *evp_kdf, const OSSL_PARAM params[])
642
        {
643
            return 0;
644
        }
645
        */
646
        /* not yet implemented */
647
        break;
648
    default:
649
        r = 0;
650
        goto end;
651
    }
652

653
end:
654
    OPENSSL_free(operation);
655
    OPENSSL_free(algorithm);
656
    return r;
657
}
658

659