1
/*
2
 * Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
3
 *
4
 * Licensed under the Apache License 2.0 (the "License");
5
 * you may not use this file except in compliance with the License.
6
 * You may obtain a copy of the License at
7
 * https://www.openssl.org/source/license.html
8
 * or in the file LICENSE in the source distribution.
9
 */
10
#include <string.h>
11
#include <openssl/types.h>
12
#include <openssl/crypto.h>
13
#include <openssl/core_names.h>
14
#include <openssl/kdf.h>
15
#include <openssl/evp.h>
16
#include <openssl/provider.h>
17
#include "fuzzer.h"
18

19
#define DEFINE_ALGORITHMS(name, evp) DEFINE_STACK_OF(evp) \
20
    static int cmp_##evp(const evp *const *a, const evp *const *b); \
21
    static void collect_##evp(evp *obj, void *stack); \
22
    static void init_##name(OSSL_LIB_CTX *libctx); \
23
    static void cleanup_##name(void); \
24
    static STACK_OF(evp) *name##_collection; \
25
    static int cmp_##evp(const evp *const *a, const evp *const *b) \
26
    { \
27
        return strcmp(OSSL_PROVIDER_get0_name(evp##_get0_provider(*a)), \
28
                      OSSL_PROVIDER_get0_name(evp##_get0_provider(*b))); \
29
    } \
30
    static void collect_##evp(evp *obj, void *stack) \
31
    { \
32
        STACK_OF(evp) *obj_stack = stack;  \
33
        \
34
        if (sk_##evp##_push(obj_stack, obj) > 0) \
35
            evp##_up_ref(obj); \
36
    } \
37
    static void init_##name(OSSL_LIB_CTX *libctx) \
38
    { \
39
        name##_collection = sk_##evp##_new(cmp_##evp); \
40
        evp##_do_all_provided(libctx, collect_##evp, name##_collection); \
41
    } \
42
    static void cleanup_##name(void) \
43
    { \
44
        sk_##evp##_pop_free(name##_collection, evp##_free); \
45
    }
46

47
DEFINE_ALGORITHMS(digests, EVP_MD)
48

49
DEFINE_ALGORITHMS(kdf, EVP_KDF)
50

51
DEFINE_ALGORITHMS(cipher, EVP_CIPHER)
52

53
DEFINE_ALGORITHMS(kem, EVP_KEM)
54

55
DEFINE_ALGORITHMS(keyexch, EVP_KEYEXCH)
56

57
DEFINE_ALGORITHMS(rand, EVP_RAND)
58

59
DEFINE_ALGORITHMS(mac, EVP_MAC)
60

61
DEFINE_ALGORITHMS(keymgmt, EVP_KEYMGMT)
62

63
DEFINE_ALGORITHMS(signature, EVP_SIGNATURE)
64

65
DEFINE_ALGORITHMS(asym_ciphers, EVP_ASYM_CIPHER)
66

67
static OSSL_LIB_CTX *libctx = NULL;
68

69
int FuzzerInitialize(int *argc, char ***argv)
70
{
71
    libctx = OSSL_LIB_CTX_new();
72
    if (libctx == NULL)
73
        return 0;
74

75
    init_digests(libctx);
76
    init_kdf(libctx);
77
    init_cipher(libctx);
78
    init_kem(libctx);
79
    init_keyexch(libctx);
80
    init_rand(libctx);
81
    init_mac(libctx);
82
    init_keymgmt(libctx);
83
    init_signature(libctx);
84
    init_asym_ciphers(libctx);
85
    return 1;
86
}
87

88
void FuzzerCleanup(void)
89
{
90
    cleanup_digests();
91
    cleanup_kdf();
92
    cleanup_cipher();
93
    cleanup_kem();
94
    cleanup_keyexch();
95
    cleanup_rand();
96
    cleanup_mac();
97
    cleanup_keymgmt();
98
    cleanup_signature();
99
    cleanup_asym_ciphers();
100

101
    OSSL_LIB_CTX_free(libctx);
102
}
103

104
static int read_uint(const uint8_t **buf, size_t *len, uint64_t **res)
105
{
106
    int r = 1;
107

108
    if (*len < sizeof(uint64_t)) {
109
        r = 0;
110
        goto end;
111
    }
112

113
    *res = OPENSSL_malloc(sizeof(uint64_t));
114
    **res = (uint64_t) **buf;
115

116
    *buf += sizeof(uint64_t);
117
    *len -= sizeof(uint64_t);
118
end:
119
    return r;
120
}
121

122
static int read_int(const uint8_t **buf, size_t *len, int64_t **res)
123
{
124
    int r = 1;
125

126
    if (*len < sizeof(int64_t)) {
127
        r = 0;
128
        goto end;
129
    }
130

131
    *res = OPENSSL_malloc(sizeof(int64_t));
132
    **res = (int64_t) **buf;
133

134
    *buf += sizeof(int64_t);
135
    *len -= sizeof(int64_t);
136
end:
137
    return r;
138
}
139

140
static int read_double(const uint8_t **buf, size_t *len, double **res)
141
{
142
    int r = 1;
143

144
    if (*len < sizeof(double)) {
145
        r = 0;
146
        goto end;
147
    }
148

149
    *res = OPENSSL_malloc(sizeof(double));
150
    **res = (double) **buf;
151

152
    *buf += sizeof(double);
153
    *len -= sizeof(double);
154
end:
155
    return r;
156
}
157

158
static int read_utf8_string(const uint8_t **buf, size_t *len, char **res)
159
{
160
    size_t found_len;
161
    int r;
162

163
    found_len = OPENSSL_strnlen((const char *) *buf, *len);
164

165
    if (found_len == *len) {
166
        r = -1;
167
        goto end;
168
    }
169

170
    found_len++; /* skip over the \0 byte */
171

172
    r = (int) found_len;
173

174
    *res = (char *) *buf;
175
    *len -= found_len;
176
    *buf = *buf + found_len; /* continue after the \0 byte */
177
end:
178
    return r;
179
}
180

181
static int read_utf8_ptr(const uint8_t **buf, size_t *len, char **res)
182
{
183
    if (*len > 0 && **buf == 0xFF) {
184
        /* represent NULL somehow */
185
        *res = NULL;
186
        *buf += 1;
187
        *len -= 1;
188
        return 0;
189
    }
190
    return read_utf8_string(buf, len, res);
191
}
192

193
static int read_octet_string(const uint8_t **buf, size_t *len, char **res)
194
{
195
    int r;
196
    size_t i;
197
    const uint8_t *ptr = *buf;
198
    int found = 0;
199

200
    for (i = 0; i < *len; ++i) {
201
        if (*ptr == 0xFF &&
202
            (i + 1 < *len && *(ptr + 1) == 0xFF)) {
203
            ptr++;
204
            found = 1;
205
            break;
206
        }
207
        ptr++;
208
    }
209

210
    if (!found) {
211
        r = -1;
212
        goto end;
213
    }
214

215
    *res = (char *) *buf;
216

217
    r = ptr - *buf;
218
    *len -= r;
219
    *buf = ptr;
220

221
end:
222
    return r;
223
}
224

225
static int read_octet_ptr(const uint8_t **buf, size_t *len, char **res)
226
{
227
    /* TODO: This representation could need an improvement potentially. */
228
    if (*len > 1 && **buf == 0xFF && *(*buf + 1) == 0xFF) {
229
        /* represent NULL somehow */
230
        *res = NULL;
231
        *buf += 2;
232
        *len -= 2;
233
        return 0;
234
    }
235
    return read_octet_string(buf, len, res);
236
}
237

238
static char *DFLT_STR = "";
239
static char *DFLT_UTF8_PTR = NULL;
240
static char *DFLT_OCTET_STRING = "";
241
static char *DFLT_OCTET_PTR = NULL;
242

243
static int64_t ITERS = 1;
244
static uint64_t UITERS = 1;
245
static int64_t BLOCKSIZE = 8;
246
static uint64_t UBLOCKSIZE = 8;
247

248

249
static void free_params(OSSL_PARAM *param)
250
{
251
    for (; param != NULL && param->key != NULL; param++) {
252
        switch (param->data_type) {
253
            case OSSL_PARAM_INTEGER:
254
            case OSSL_PARAM_UNSIGNED_INTEGER:
255
            case OSSL_PARAM_REAL:
256
                if (param->data != NULL) {
257
                    OPENSSL_free(param->data);
258
                }
259
                break;
260
        }
261
    }
262
}
263

264
static OSSL_PARAM *fuzz_params(OSSL_PARAM *param, const uint8_t **buf, size_t *len)
265
{
266
    OSSL_PARAM *p;
267
    OSSL_PARAM *fuzzed_parameters;
268
    int p_num = 0;
269

270
    for (p = param; p != NULL && p->key != NULL; p++)
271
        p_num++;
272

273
    fuzzed_parameters = OPENSSL_zalloc(sizeof(OSSL_PARAM) *(p_num + 1));
274
    p = fuzzed_parameters;
275

276
    for (; param != NULL && param->key != NULL; param++) {
277
        int64_t *use_param = NULL;
278
        int64_t *p_value_int = NULL;
279
        uint64_t *p_value_uint = NULL;
280
        double *p_value_double = NULL;
281
        char *p_value_utf8_str = DFLT_STR;
282
        char *p_value_octet_str = DFLT_OCTET_STRING;
283
        char *p_value_utf8_ptr = DFLT_UTF8_PTR;
284
        char *p_value_octet_ptr = DFLT_OCTET_PTR;
285

286
        int data_len = 0;
287

288
        if (!read_int(buf, len, &use_param)) {
289
            use_param = OPENSSL_malloc(sizeof(uint64_t));
290
            *use_param = 0;
291
        }
292

293
        switch (param->data_type) {
294
        case OSSL_PARAM_INTEGER:
295
            if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) {
296
                p_value_int = OPENSSL_malloc(sizeof(ITERS));
297
                *p_value_int = ITERS;
298
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) {
299
                p_value_int = OPENSSL_malloc(sizeof(ITERS));
300
                *p_value_int = ITERS;
301
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) {
302
                p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE));
303
                *p_value_int = BLOCKSIZE;
304
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) {
305
                p_value_int = OPENSSL_malloc(sizeof(BLOCKSIZE));
306
                *p_value_int = BLOCKSIZE;
307
            } else if (!*use_param || !read_int(buf, len, &p_value_int)) {
308
                p_value_int = OPENSSL_malloc(sizeof(int64_t));
309
                *p_value_int = 0;
310
            }
311

312
            *p = *param;
313
            p->data = p_value_int;
314
            p++;
315
            break;
316
        case OSSL_PARAM_UNSIGNED_INTEGER:
317
            if (strcmp(param->key, OSSL_KDF_PARAM_ITER) == 0) {
318
                p_value_uint = OPENSSL_malloc(sizeof(UITERS));
319
                *p_value_uint = UITERS;
320
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_N) == 0) {
321
                p_value_uint = OPENSSL_malloc(sizeof(UITERS));
322
                *p_value_uint = UITERS;
323
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_R) == 0) {
324
                p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE));
325
                *p_value_uint = UBLOCKSIZE;
326
            } else if (strcmp(param->key, OSSL_KDF_PARAM_SCRYPT_P) == 0) {
327
                p_value_uint = OPENSSL_malloc(sizeof(UBLOCKSIZE));
328
                *p_value_uint = UBLOCKSIZE;
329
            } else if (!*use_param || !read_uint(buf, len, &p_value_uint)) {
330
                p_value_uint = OPENSSL_malloc(sizeof(uint64_t));
331
                *p_value_uint = 0;
332
            }
333

334
            *p = *param;
335
            p->data = p_value_uint;
336
            p++;
337
            break;
338
        case OSSL_PARAM_REAL:
339
            if (!*use_param || !read_double(buf, len, &p_value_double)) {
340
                p_value_double = OPENSSL_malloc(sizeof(double));
341
                *p_value_double = 0;
342
            }
343

344
            *p = *param;
345
            p->data = p_value_double;
346
            p++;
347
            break;
348
        case OSSL_PARAM_UTF8_STRING:
349
            if (*use_param && (data_len = read_utf8_string(buf, len, &p_value_utf8_str)) < 0)
350
                data_len = 0;
351
            *p = *param;
352
            p->data = p_value_utf8_str;
353
            p->data_size = data_len;
354
            p++;
355
            break;
356
        case OSSL_PARAM_OCTET_STRING:
357
            if (*use_param && (data_len = read_octet_string(buf, len, &p_value_octet_str)) < 0)
358
                data_len = 0;
359
            *p = *param;
360
            p->data = p_value_octet_str;
361
            p->data_size = data_len;
362
            p++;
363
            break;
364
        case OSSL_PARAM_UTF8_PTR:
365
            if (*use_param && (data_len = read_utf8_ptr(buf, len, &p_value_utf8_ptr)) < 0)
366
                data_len = 0;
367
            *p = *param;
368
            p->data = p_value_utf8_ptr;
369
            p->data_size = data_len;
370
            p++;
371
            break;
372
        case OSSL_PARAM_OCTET_PTR:
373
            if (*use_param && (data_len = read_octet_ptr(buf, len, &p_value_octet_ptr)) < 0)
374
                data_len = 0;
375
            *p = *param;
376
            p->data = p_value_octet_ptr;
377
            p->data_size = data_len;
378
            p++;
379
            break;
380
        default:
381
            break;
382
        }
383

384
        OPENSSL_free(use_param);
385
    }
386

387
    return fuzzed_parameters;
388
}
389

390
static int do_evp_cipher(const EVP_CIPHER *evp_cipher, const OSSL_PARAM param[])
391
{
392
    unsigned char outbuf[1024];
393
    int outlen, tmplen;
394
    unsigned char key[] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15};
395
    unsigned char iv[] = {1, 2, 3, 4, 5, 6, 7, 8};
396
    const char intext[] = "text";
397
    EVP_CIPHER_CTX *ctx;
398

399
    ctx = EVP_CIPHER_CTX_new();
400

401
    if (!EVP_CIPHER_CTX_set_params(ctx, param)) {
402
        EVP_CIPHER_CTX_free(ctx);
403
        return 0;
404
    }
405

406
    if (!EVP_EncryptInit_ex2(ctx, evp_cipher, key, iv, NULL)) {
407
        /* Error */
408
        EVP_CIPHER_CTX_free(ctx);
409
        return 0;
410
    }
411

412
    if (!EVP_EncryptUpdate(ctx, outbuf, &outlen, (const unsigned char *) intext, strlen(intext))) {
413
        /* Error */
414
        EVP_CIPHER_CTX_free(ctx);
415
        return 0;
416
    }
417
    /*
418
     * Buffer passed to EVP_EncryptFinal() must be after data just
419
     * encrypted to avoid overwriting it.
420
     */
421
    if (!EVP_EncryptFinal_ex(ctx, outbuf + outlen, &tmplen)) {
422
        /* Error */
423
        EVP_CIPHER_CTX_free(ctx);
424
        return 0;
425
    }
426
    outlen += tmplen;
427
    EVP_CIPHER_CTX_free(ctx);
428
    return 1;
429
}
430

431
static int do_evp_kdf(EVP_KDF *evp_kdf, const OSSL_PARAM params[])
432
{
433
    int r = 1;
434
    EVP_KDF_CTX *kctx = NULL;
435
    unsigned char derived[32];
436

437
    kctx = EVP_KDF_CTX_new(evp_kdf);
438

439
    if (kctx == NULL) {
440
        r = 0;
441
        goto end;
442
    }
443

444
    if (EVP_KDF_CTX_set_params(kctx, params) <= 0) {
445
        r = 0;
446
        goto end;
447
    }
448

449
    if (EVP_KDF_derive(kctx, derived, sizeof(derived), NULL) <= 0) {
450
        r = 0;
451
        goto end;
452
    }
453

454
end:
455
    EVP_KDF_CTX_free(kctx);
456
    return r;
457
}
458

459
static int do_evp_mac(EVP_MAC *evp_mac, const OSSL_PARAM params[])
460
{
461
    int r = 1;
462
    const char *key = "mac_key";
463
    char text[] = "Some Crypto Text";
464
    EVP_MAC_CTX *ctx = NULL;
465
    unsigned char buf[4096];
466
    size_t final_l;
467

468
    if ((ctx = EVP_MAC_CTX_new(evp_mac)) == NULL
469
        || !EVP_MAC_init(ctx, (const unsigned char *) key, strlen(key),
470
                         params)) {
471
        r = 0;
472
        goto end;
473
    }
474

475
    if (EVP_MAC_CTX_set_params(ctx, params) <= 0) {
476
        r = 0;
477
        goto end;
478
    }
479

480
    if (!EVP_MAC_update(ctx, (unsigned char *) text, sizeof(text))) {
481
        r = 0;
482
        goto end;
483
    }
484

485
    if (!EVP_MAC_final(ctx, buf, &final_l, sizeof(buf))) {
486
        r = 0;
487
        goto end;
488
    }
489

490
end:
491
    EVP_MAC_CTX_free(ctx);
492
    return r;
493
}
494

495
static int do_evp_rand(EVP_RAND *evp_rand, const OSSL_PARAM params[])
496
{
497
    int r = 1;
498
    EVP_RAND_CTX *ctx = NULL;
499
    unsigned char buf[4096];
500

501
    if (!(ctx = EVP_RAND_CTX_new(evp_rand, NULL))) {
502
        r = 0;
503
        goto end;
504
    }
505

506
    if (EVP_RAND_CTX_set_params(ctx, params) <= 0) {
507
        r = 0;
508
        goto end;
509
    }
510

511
    if (!EVP_RAND_generate(ctx, buf, sizeof(buf), 0, 0, NULL, 0)) {
512
        r = 0;
513
        goto end;
514
    }
515

516
    if (!EVP_RAND_reseed(ctx, 0, 0, 0, NULL, 0)) {
517
        r = 0;
518
        goto end;
519
    }
520

521
end:
522
    EVP_RAND_CTX_free(ctx);
523
    return r;
524
}
525

526
static int do_evp_sig(EVP_SIGNATURE *evp_sig, const OSSL_PARAM params[])
527
{
528
    return 0;
529
}
530

531
static int do_evp_asym_cipher(EVP_ASYM_CIPHER *evp_asym_cipher, const OSSL_PARAM params[])
532
{
533
    return 0;
534
}
535

536
static int do_evp_kem(EVP_KEM *evp_kem, const OSSL_PARAM params[])
537
{
538
    return 0;
539
}
540

541
static int do_evp_key_exch(EVP_KEYEXCH *evp_kdf, const OSSL_PARAM params[])
542
{
543
    return 0;
544
}
545

546
static int do_evp_md(EVP_MD *evp_md, const OSSL_PARAM params[])
547
{
548
    int r = 1;
549
    unsigned char md_value[EVP_MAX_MD_SIZE];
550
    unsigned int md_len;
551
    EVP_MD_CTX *mdctx = NULL;
552

553
    if (!(mdctx = EVP_MD_CTX_new())) {
554
        r = 0;
555
        goto end;
556
    }
557

558
    if (!EVP_MD_CTX_set_params(mdctx, params)) {
559
        r = 0;
560
        goto end;
561
    }
562

563
    if (!EVP_DigestInit_ex2(mdctx, evp_md, NULL)) {
564
        r = 0;
565
        goto end;
566
    }
567
    if (!EVP_DigestUpdate(mdctx, "Test", strlen("Test"))) {
568
        r = 0;
569
        goto end;
570
    }
571
    if (!EVP_DigestFinal_ex(mdctx, md_value, &md_len)) {
572
        r = 0;
573
        goto end;
574
    }
575

576
end:
577
    EVP_MD_CTX_free(mdctx);
578
    return r;
579
}
580

581
#define EVP_FUZZ(source, evp, f) \
582
    do { \
583
        evp *alg = sk_##evp##_value(source, *algorithm % sk_##evp##_num(source)); \
584
        OSSL_PARAM *fuzzed_params; \
585
        \
586
        if (alg == NULL) \
587
            break; \
588
        fuzzed_params = fuzz_params((OSSL_PARAM*) evp##_settable_ctx_params(alg), &buf, &len); \
589
        if (fuzzed_params != NULL) \
590
            f(alg, fuzzed_params); \
591
        free_params(fuzzed_params); \
592
        OSSL_PARAM_free(fuzzed_params); \
593
    } while (0);
594

595
int FuzzerTestOneInput(const uint8_t *buf, size_t len)
596
{
597
    int r = 1;
598
    uint64_t *operation = NULL;
599
    int64_t *algorithm = NULL;
600

601
    if (!read_uint(&buf, &len, &operation)) {
602
        r = 0;
603
        goto end;
604
    }
605

606
    if (!read_int(&buf, &len, &algorithm)) {
607
        r = 0;
608
        goto end;
609
    }
610

611
    switch (*operation % 10) {
612
    case 0:
613
        EVP_FUZZ(digests_collection, EVP_MD, do_evp_md);
614
        break;
615
    case 1:
616
        EVP_FUZZ(cipher_collection, EVP_CIPHER, do_evp_cipher);
617
        break;
618
    case 2:
619
        EVP_FUZZ(kdf_collection, EVP_KDF, do_evp_kdf);
620
        break;
621
    case 3:
622
        EVP_FUZZ(mac_collection, EVP_MAC, do_evp_mac);
623
        break;
624
    case 4:
625
        EVP_FUZZ(kem_collection, EVP_KEM, do_evp_kem);
626
        break;
627
    case 5:
628
        EVP_FUZZ(rand_collection, EVP_RAND, do_evp_rand);
629
        break;
630
    case 6:
631
        EVP_FUZZ(asym_ciphers_collection, EVP_ASYM_CIPHER, do_evp_asym_cipher);
632
        break;
633
    case 7:
634
        EVP_FUZZ(signature_collection, EVP_SIGNATURE, do_evp_sig);
635
        break;
636
    case 8:
637
        EVP_FUZZ(keyexch_collection, EVP_KEYEXCH, do_evp_key_exch);
638
        break;
639
    case 9:
640
        /*
641
        Implement and call:
642
        static int do_evp_keymgmt(EVP_KEYMGMT *evp_kdf, const OSSL_PARAM params[])
643
        {
644
            return 0;
645
        }
646
        */
647
        /* not yet implemented */
648
        break;
649
    default:
650
        r = 0;
651
        goto end;
652
    }
653

654
end:
655
    OPENSSL_free(operation);
656
    OPENSSL_free(algorithm);
657
    return r;
658
}
659

660