diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index f10022ad783..fbbbe09fdb8 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -36,5 +36,6 @@ fuzzer(read_pem) fuzzer(server ssl) fuzzer(session ssl) fuzzer(spki) +fuzzer(ssl_buffer ssl) fuzzer(ssl_ctx_api ssl) fuzzer(ssl_serialization ssl) diff --git a/fuzz/ssl_buffer.cc b/fuzz/ssl_buffer.cc new file mode 100644 index 00000000000..cc601696b56 --- /dev/null +++ b/fuzz/ssl_buffer.cc @@ -0,0 +1,158 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC + +#include +#include +#include +#include +#include "../ssl/internal.h" + +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + CBS cbs; + CBS_init(&cbs, buf, len); + + bssl::SSLBuffer buffer; + + if (!buffer.DoDeserialization(cbs)) { + return 0; + } + + // See if we can serialize it back + bssl::ScopedCBB cbb; + CBB_init(cbb.get(), len); + if (!buffer.DoSerialization(*cbb.get())) { + return 1; + } + cbb.Reset(); + + // If the restore buffer is not empty lets use it + if (!buffer.empty()) { + // Get a view to the written but not discarded data and verify + // we can safely read it all. + auto span = buffer.span(); + { + volatile const uint8_t *vp = span.data(); + for (size_t i = 0; i < span.size(); i++) { + uint8_t v = vp[i]; + (void)v; + } + } + // Now "consume" the content we read which moves offset_ forward and reduces size_ and cap_. + buffer.Consume(span.size()); + + // Serialize the read span we were using. This is valid and allowed use case + // as the data is still kept until we call discard. + bssl::ScopedCBB spanCBB; + CBB_init(spanCBB.get(), span.size()); + if (!buffer.SerializeBufferView(*spanCBB.get(), span)) { + return 1; + } + + // Serialize the current buffer state, we should be able to restore it + // and restore the span and use it safely. + CBB_init(cbb.get(), len); + if (!buffer.DoSerialization(*cbb.get())) { + return 1; + } + + // Now let's try to fill the rest of the buffer's remaining space + { + // Fill the remaining capacity with 1's + auto remaining = buffer.remaining(); + memset(remaining.data(), 1, remaining.size()); + buffer.DidWrite(remaining.size()); + + // Since we told the buffer we wrote remaining.size(), then the + // buffer.span() should now point to that content. + auto remSpan = buffer.span(); + if (remSpan.size() != remaining.size()) { + return 1; + } + + // Validate we read all 1's + for (size_t i = 0; i < remSpan.size(); i++) { + uint8_t v = remSpan.data()[i]; + if (v != 1) { + return 1; + } + } + + // Inform that we have now consumed the data + buffer.Consume(remSpan.size()); + remaining = buffer.remaining(); + + // There should be no space left... + if (remaining.size() != 0) { + return 1; + } + + // This should cause the buffer to be free'd + buffer.DiscardConsumed(); + if (buffer.buf_ptr() != nullptr) { + return 1; + } + } + + // Reset to the serialized version before the above writes + CBS_init(&cbs, CBB_data(cbb.get()), CBB_len(cbb.get())); + if (!buffer.DoDeserialization(cbs)) { + return 1; + } + + // Restore the span to the earlier data we consumed + CBS_init(&cbs, CBB_data(spanCBB.get()), CBB_len(spanCBB.get())); + if (!buffer.DeserializeBufferView(cbs, span)) { + return 1; + } + + // We should still be able to safely read the data the span referred to. + { + volatile const uint8_t *vp = span.data(); + for (size_t i = 0; i < span.size(); i++) { + uint8_t v = vp[i]; + (void)v; + } + } + } + + // let's try to fill the rest of the buffer's remaining space. + // We did this earlier if the buffer was not empty as well. + { + // Fill the remaining capacity with 1's + auto remaining = buffer.remaining(); + memset(remaining.data(), 1, remaining.size()); + buffer.DidWrite(remaining.size()); + + // Since we told the buffer we wrote remaining.size(), then the + // buffer.span() should now point to that content. + auto span = buffer.span(); + if (span.size() != remaining.size()) { + return 1; + } + + // Validate we read all 1's + for (size_t i = 0; i < span.size(); i++) { + uint8_t v = span.data()[i]; + if (v != 1) { + return 1; + } + } + + // Inform that we have now consumed the data + buffer.Consume(span.size()); + remaining = buffer.remaining(); + + // There should be no space left... + if (remaining.size() != 0) { + return 1; + } + + // This should cause the buffer to be free'd + buffer.DiscardConsumed(); + if (buffer.buf_ptr() != nullptr) { + return 1; + } + } + + return 0; +} diff --git a/fuzz/ssl_buffer_corpus/00b28ff06b788b9b67c6b259800f404f9f3761fd b/fuzz/ssl_buffer_corpus/00b28ff06b788b9b67c6b259800f404f9f3761fd new file mode 100644 index 00000000000..59f144ee093 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/00b28ff06b788b9b67c6b259800f404f9f3761fd differ diff --git a/fuzz/ssl_buffer_corpus/05cdf702b3f41216fa036ec8032f48dc8332d0ac b/fuzz/ssl_buffer_corpus/05cdf702b3f41216fa036ec8032f48dc8332d0ac new file mode 100644 index 00000000000..addefda8ec0 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/05cdf702b3f41216fa036ec8032f48dc8332d0ac differ diff --git a/fuzz/ssl_buffer_corpus/06edc4b90e8d6e23d9fb1693a835097909a1af3f b/fuzz/ssl_buffer_corpus/06edc4b90e8d6e23d9fb1693a835097909a1af3f new file mode 100644 index 00000000000..1769231e7de Binary files /dev/null and b/fuzz/ssl_buffer_corpus/06edc4b90e8d6e23d9fb1693a835097909a1af3f differ diff --git a/fuzz/ssl_buffer_corpus/08fa414c47f174ee2ecce3dc635add97aed316a6 b/fuzz/ssl_buffer_corpus/08fa414c47f174ee2ecce3dc635add97aed316a6 new file mode 100644 index 00000000000..eaa05b248c4 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/08fa414c47f174ee2ecce3dc635add97aed316a6 differ diff --git a/fuzz/ssl_buffer_corpus/0c1b3695706adb4e02451e6e6f18d404964910e2 b/fuzz/ssl_buffer_corpus/0c1b3695706adb4e02451e6e6f18d404964910e2 new file mode 100644 index 00000000000..625d7c3743b Binary files /dev/null and b/fuzz/ssl_buffer_corpus/0c1b3695706adb4e02451e6e6f18d404964910e2 differ diff --git a/fuzz/ssl_buffer_corpus/0ddb893b94fadc031d349809ba621c0a01cf3b13 b/fuzz/ssl_buffer_corpus/0ddb893b94fadc031d349809ba621c0a01cf3b13 new file mode 100644 index 00000000000..3fdc0ad97b1 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/0ddb893b94fadc031d349809ba621c0a01cf3b13 differ diff --git a/fuzz/ssl_buffer_corpus/103c823c96f67a527dab1090143b5a55997f2af2 b/fuzz/ssl_buffer_corpus/103c823c96f67a527dab1090143b5a55997f2af2 new file mode 100644 index 00000000000..1f81da5047c Binary files /dev/null and b/fuzz/ssl_buffer_corpus/103c823c96f67a527dab1090143b5a55997f2af2 differ diff --git a/fuzz/ssl_buffer_corpus/14ec1f6605827f6df9e618b9bf203491e5c5beff b/fuzz/ssl_buffer_corpus/14ec1f6605827f6df9e618b9bf203491e5c5beff new file mode 100644 index 00000000000..bed0e2abd0f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/14ec1f6605827f6df9e618b9bf203491e5c5beff differ diff --git a/fuzz/ssl_buffer_corpus/1bb822afaf5d86445ddc8054be9d3ba2203975c7 b/fuzz/ssl_buffer_corpus/1bb822afaf5d86445ddc8054be9d3ba2203975c7 new file mode 100644 index 00000000000..4f5197737b1 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/1bb822afaf5d86445ddc8054be9d3ba2203975c7 differ diff --git a/fuzz/ssl_buffer_corpus/1e85ab941d1ad04e4e798651211c32c05bc15edd b/fuzz/ssl_buffer_corpus/1e85ab941d1ad04e4e798651211c32c05bc15edd new file mode 100644 index 00000000000..799e293262f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/1e85ab941d1ad04e4e798651211c32c05bc15edd differ diff --git a/fuzz/ssl_buffer_corpus/247947ffecb30cc6386778aa1631394ec622068e b/fuzz/ssl_buffer_corpus/247947ffecb30cc6386778aa1631394ec622068e new file mode 100644 index 00000000000..73b52eb3792 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/247947ffecb30cc6386778aa1631394ec622068e differ diff --git a/fuzz/ssl_buffer_corpus/25a7f46dab03f7d63c0d92ce87053132a53093b5 b/fuzz/ssl_buffer_corpus/25a7f46dab03f7d63c0d92ce87053132a53093b5 new file mode 100644 index 00000000000..fdf295abe3b --- /dev/null +++ b/fuzz/ssl_buffer_corpus/25a7f46dab03f7d63c0d92ce87053132a53093b5 @@ -0,0 +1 @@ +X€ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/261332a3ce15014f211ac34846bf30da38576001 b/fuzz/ssl_buffer_corpus/261332a3ce15014f211ac34846bf30da38576001 new file mode 100644 index 00000000000..e341d7baff5 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/261332a3ce15014f211ac34846bf30da38576001 differ diff --git a/fuzz/ssl_buffer_corpus/297481028fe206507ed33ec0b0eee1039d9a6140 b/fuzz/ssl_buffer_corpus/297481028fe206507ed33ec0b0eee1039d9a6140 new file mode 100644 index 00000000000..222de7f742c Binary files /dev/null and b/fuzz/ssl_buffer_corpus/297481028fe206507ed33ec0b0eee1039d9a6140 differ diff --git a/fuzz/ssl_buffer_corpus/2c2cf540cb9e4144c3354b8992aeeb1b322f0ca8 b/fuzz/ssl_buffer_corpus/2c2cf540cb9e4144c3354b8992aeeb1b322f0ca8 new file mode 100644 index 00000000000..eea57fc7438 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/2c2cf540cb9e4144c3354b8992aeeb1b322f0ca8 differ diff --git a/fuzz/ssl_buffer_corpus/2e7112ac524a7a663632397cbb41f7dfd22e92c6 b/fuzz/ssl_buffer_corpus/2e7112ac524a7a663632397cbb41f7dfd22e92c6 new file mode 100644 index 00000000000..95769397bf6 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/2e7112ac524a7a663632397cbb41f7dfd22e92c6 differ diff --git a/fuzz/ssl_buffer_corpus/2eab92389f092e213871bb28000e8a216c1b0e3d b/fuzz/ssl_buffer_corpus/2eab92389f092e213871bb28000e8a216c1b0e3d new file mode 100644 index 00000000000..7dd39c6193f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/2eab92389f092e213871bb28000e8a216c1b0e3d differ diff --git a/fuzz/ssl_buffer_corpus/2ec3a880f745bef2bf9a4eafcdb84cb025b11cc4 b/fuzz/ssl_buffer_corpus/2ec3a880f745bef2bf9a4eafcdb84cb025b11cc4 new file mode 100644 index 00000000000..cdc97805d8d Binary files /dev/null and b/fuzz/ssl_buffer_corpus/2ec3a880f745bef2bf9a4eafcdb84cb025b11cc4 differ diff --git a/fuzz/ssl_buffer_corpus/36225b4f7f3591bed4fc5ed26c3901e09bbfa4d8 b/fuzz/ssl_buffer_corpus/36225b4f7f3591bed4fc5ed26c3901e09bbfa4d8 new file mode 100644 index 00000000000..497194906cf Binary files /dev/null and b/fuzz/ssl_buffer_corpus/36225b4f7f3591bed4fc5ed26c3901e09bbfa4d8 differ diff --git a/fuzz/ssl_buffer_corpus/36d006eab33e4d923f034bdb0facd45b28c74da2 b/fuzz/ssl_buffer_corpus/36d006eab33e4d923f034bdb0facd45b28c74da2 new file mode 100644 index 00000000000..48f7da9f9ac Binary files /dev/null and b/fuzz/ssl_buffer_corpus/36d006eab33e4d923f034bdb0facd45b28c74da2 differ diff --git a/fuzz/ssl_buffer_corpus/36dcacf75d5999b1d9f9df6ac3b8d6a03989baff b/fuzz/ssl_buffer_corpus/36dcacf75d5999b1d9f9df6ac3b8d6a03989baff new file mode 100644 index 00000000000..b86a8299651 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/36dcacf75d5999b1d9f9df6ac3b8d6a03989baff differ diff --git a/fuzz/ssl_buffer_corpus/3b0e0f7820e9fd971609fbfa034bd87992fcd996 b/fuzz/ssl_buffer_corpus/3b0e0f7820e9fd971609fbfa034bd87992fcd996 new file mode 100644 index 00000000000..a936ce12484 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/3b0e0f7820e9fd971609fbfa034bd87992fcd996 differ diff --git a/fuzz/ssl_buffer_corpus/400dd7bb11494a61ef8930c9f8e5b92edc904926 b/fuzz/ssl_buffer_corpus/400dd7bb11494a61ef8930c9f8e5b92edc904926 new file mode 100644 index 00000000000..5fbd385530f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/400dd7bb11494a61ef8930c9f8e5b92edc904926 differ diff --git a/fuzz/ssl_buffer_corpus/46c07202cd55c3ea627b6fe0b34af3009d281ffb b/fuzz/ssl_buffer_corpus/46c07202cd55c3ea627b6fe0b34af3009d281ffb new file mode 100644 index 00000000000..58025134ef7 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/46c07202cd55c3ea627b6fe0b34af3009d281ffb differ diff --git a/fuzz/ssl_buffer_corpus/4790aa02dc90818f850fb25320d9901ff0bd05ab b/fuzz/ssl_buffer_corpus/4790aa02dc90818f850fb25320d9901ff0bd05ab new file mode 100644 index 00000000000..f6bec291eab Binary files /dev/null and b/fuzz/ssl_buffer_corpus/4790aa02dc90818f850fb25320d9901ff0bd05ab differ diff --git a/fuzz/ssl_buffer_corpus/49781c4b8a286777b4cc40db8d4cf0645a21bc12 b/fuzz/ssl_buffer_corpus/49781c4b8a286777b4cc40db8d4cf0645a21bc12 new file mode 100644 index 00000000000..e59b1a35657 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/49781c4b8a286777b4cc40db8d4cf0645a21bc12 differ diff --git a/fuzz/ssl_buffer_corpus/4cb06db787a8460fa79bb88a24da09de8eb955ba b/fuzz/ssl_buffer_corpus/4cb06db787a8460fa79bb88a24da09de8eb955ba new file mode 100644 index 00000000000..5013fc00c5e Binary files /dev/null and b/fuzz/ssl_buffer_corpus/4cb06db787a8460fa79bb88a24da09de8eb955ba differ diff --git a/fuzz/ssl_buffer_corpus/521ae6b368dbc2557ac7a8eae9ff1fed206e69f0 b/fuzz/ssl_buffer_corpus/521ae6b368dbc2557ac7a8eae9ff1fed206e69f0 new file mode 100644 index 00000000000..150c7bb1110 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/521ae6b368dbc2557ac7a8eae9ff1fed206e69f0 differ diff --git a/fuzz/ssl_buffer_corpus/5386dac4e0fbd4237609d412b37c3c08f4e142d2 b/fuzz/ssl_buffer_corpus/5386dac4e0fbd4237609d412b37c3c08f4e142d2 new file mode 100644 index 00000000000..eed4d49be37 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/5386dac4e0fbd4237609d412b37c3c08f4e142d2 differ diff --git a/fuzz/ssl_buffer_corpus/5432c7108df0c89ab128fa3850bf89320a6f6204 b/fuzz/ssl_buffer_corpus/5432c7108df0c89ab128fa3850bf89320a6f6204 new file mode 100644 index 00000000000..e7307325a9b Binary files /dev/null and b/fuzz/ssl_buffer_corpus/5432c7108df0c89ab128fa3850bf89320a6f6204 differ diff --git a/fuzz/ssl_buffer_corpus/57dfc4e288a8913e01c4455690535b525cf36d46 b/fuzz/ssl_buffer_corpus/57dfc4e288a8913e01c4455690535b525cf36d46 new file mode 100644 index 00000000000..1d01a1e1c7e --- /dev/null +++ b/fuzz/ssl_buffer_corpus/57dfc4e288a8913e01c4455690535b525cf36d46 @@ -0,0 +1 @@ +€ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f b/fuzz/ssl_buffer_corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f new file mode 100644 index 00000000000..f76dd238ade Binary files /dev/null and b/fuzz/ssl_buffer_corpus/5ba93c9db0cff93f52b521d7420e43f6eda2784f differ diff --git a/fuzz/ssl_buffer_corpus/5d76885e3cbabbf9daae38188943ac8bf8af063c b/fuzz/ssl_buffer_corpus/5d76885e3cbabbf9daae38188943ac8bf8af063c new file mode 100644 index 00000000000..8417a36513c Binary files /dev/null and b/fuzz/ssl_buffer_corpus/5d76885e3cbabbf9daae38188943ac8bf8af063c differ diff --git a/fuzz/ssl_buffer_corpus/5e977b47f557d2778e9d9bb00ceddbda18e459eb b/fuzz/ssl_buffer_corpus/5e977b47f557d2778e9d9bb00ceddbda18e459eb new file mode 100644 index 00000000000..9e49098ecf4 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/5e977b47f557d2778e9d9bb00ceddbda18e459eb @@ -0,0 +1 @@ +€ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/606be05f1885f1275a89e6c5148fe1ad47e55762 b/fuzz/ssl_buffer_corpus/606be05f1885f1275a89e6c5148fe1ad47e55762 new file mode 100644 index 00000000000..db1915aee5e --- /dev/null +++ b/fuzz/ssl_buffer_corpus/606be05f1885f1275a89e6c5148fe1ad47e55762 @@ -0,0 +1 @@ +ÿÿÿÿ¨ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/657444880bf5aa712068bcf83d8afc6b041e67b9 b/fuzz/ssl_buffer_corpus/657444880bf5aa712068bcf83d8afc6b041e67b9 new file mode 100644 index 00000000000..66c2bae924d Binary files /dev/null and b/fuzz/ssl_buffer_corpus/657444880bf5aa712068bcf83d8afc6b041e67b9 differ diff --git a/fuzz/ssl_buffer_corpus/678f2602dce3cd2de3d31bb701558303221efcec b/fuzz/ssl_buffer_corpus/678f2602dce3cd2de3d31bb701558303221efcec new file mode 100644 index 00000000000..24c46a4e7d0 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/678f2602dce3cd2de3d31bb701558303221efcec differ diff --git a/fuzz/ssl_buffer_corpus/6aa469c0f913d049445ea607b0945a84520dc977 b/fuzz/ssl_buffer_corpus/6aa469c0f913d049445ea607b0945a84520dc977 new file mode 100644 index 00000000000..f6e8414cdf1 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/6aa469c0f913d049445ea607b0945a84520dc977 differ diff --git a/fuzz/ssl_buffer_corpus/6be4ad656833c62e10ee5d02dd60edffc22c97e6 b/fuzz/ssl_buffer_corpus/6be4ad656833c62e10ee5d02dd60edffc22c97e6 new file mode 100644 index 00000000000..a40add28a80 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/6be4ad656833c62e10ee5d02dd60edffc22c97e6 @@ -0,0 +1 @@ +0ÿ,ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/6c5450a97f1a83de503a9cc89dfc4437f36e6ab5 b/fuzz/ssl_buffer_corpus/6c5450a97f1a83de503a9cc89dfc4437f36e6ab5 new file mode 100644 index 00000000000..9403afd26d8 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/6c5450a97f1a83de503a9cc89dfc4437f36e6ab5 differ diff --git a/fuzz/ssl_buffer_corpus/7121121267bc9ee67703d9018f2f1d145e86ebe4 b/fuzz/ssl_buffer_corpus/7121121267bc9ee67703d9018f2f1d145e86ebe4 new file mode 100644 index 00000000000..f3e4bcfdf97 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/7121121267bc9ee67703d9018f2f1d145e86ebe4 @@ -0,0 +1 @@ +ßÿÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/71853c6197a6a7f222db0f1978c7cb232b87c5ee b/fuzz/ssl_buffer_corpus/71853c6197a6a7f222db0f1978c7cb232b87c5ee new file mode 100644 index 00000000000..139597f9cb0 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/71853c6197a6a7f222db0f1978c7cb232b87c5ee @@ -0,0 +1,2 @@ + + diff --git a/fuzz/ssl_buffer_corpus/7bac215ab5ae730609fcecc54182cbfd30bcfd30 b/fuzz/ssl_buffer_corpus/7bac215ab5ae730609fcecc54182cbfd30bcfd30 new file mode 100644 index 00000000000..61d0a7ed3f4 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/7bac215ab5ae730609fcecc54182cbfd30bcfd30 @@ -0,0 +1 @@ +ÿÿÿÿÿÿÿÿÿ…¾ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/7c9b70172b418633cd4a5b33f8cf733c7be2d3a5 b/fuzz/ssl_buffer_corpus/7c9b70172b418633cd4a5b33f8cf733c7be2d3a5 new file mode 100644 index 00000000000..a37b7a0065e Binary files /dev/null and b/fuzz/ssl_buffer_corpus/7c9b70172b418633cd4a5b33f8cf733c7be2d3a5 differ diff --git a/fuzz/ssl_buffer_corpus/7dbdbdc20e4b2c1cf46d04c72b4ef7740b49f306 b/fuzz/ssl_buffer_corpus/7dbdbdc20e4b2c1cf46d04c72b4ef7740b49f306 new file mode 100644 index 00000000000..408e7e74462 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/7dbdbdc20e4b2c1cf46d04c72b4ef7740b49f306 @@ -0,0 +1 @@ +0F \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/7ec00f99e8cd481be99afc1767079c51d0b13a52 b/fuzz/ssl_buffer_corpus/7ec00f99e8cd481be99afc1767079c51d0b13a52 new file mode 100644 index 00000000000..3d861fce06a --- /dev/null +++ b/fuzz/ssl_buffer_corpus/7ec00f99e8cd481be99afc1767079c51d0b13a52 @@ -0,0 +1 @@ +0:” \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/850865be6952c4b4679444ff39f31509fe6ccf8b b/fuzz/ssl_buffer_corpus/850865be6952c4b4679444ff39f31509fe6ccf8b new file mode 100644 index 00000000000..eb927d1a88b --- /dev/null +++ b/fuzz/ssl_buffer_corpus/850865be6952c4b4679444ff39f31509fe6ccf8b @@ -0,0 +1 @@ +0ƒ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/85e53271e14006f0265921d02d4d736cdc580b0b b/fuzz/ssl_buffer_corpus/85e53271e14006f0265921d02d4d736cdc580b0b new file mode 100644 index 00000000000..ce542efaa51 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/85e53271e14006f0265921d02d4d736cdc580b0b @@ -0,0 +1 @@ +ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/896e4413c87262255e0262e6c5a0b0069d23f1bf b/fuzz/ssl_buffer_corpus/896e4413c87262255e0262e6c5a0b0069d23f1bf new file mode 100644 index 00000000000..833dcd43602 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/896e4413c87262255e0262e6c5a0b0069d23f1bf differ diff --git a/fuzz/ssl_buffer_corpus/8c4101a44c1a2f990e1ea29fece3c5f866fe561b b/fuzz/ssl_buffer_corpus/8c4101a44c1a2f990e1ea29fece3c5f866fe561b new file mode 100644 index 00000000000..7b407dbd97f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/8c4101a44c1a2f990e1ea29fece3c5f866fe561b differ diff --git a/fuzz/ssl_buffer_corpus/8d3f9be542f540f1abf3997293d48bf3b053ee4f b/fuzz/ssl_buffer_corpus/8d3f9be542f540f1abf3997293d48bf3b053ee4f new file mode 100644 index 00000000000..24aa517198f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/8d3f9be542f540f1abf3997293d48bf3b053ee4f differ diff --git a/fuzz/ssl_buffer_corpus/8d6e7faf4d1d4c4ec72ac30ec2ae2686eba94226 b/fuzz/ssl_buffer_corpus/8d6e7faf4d1d4c4ec72ac30ec2ae2686eba94226 new file mode 100644 index 00000000000..daa28508045 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/8d6e7faf4d1d4c4ec72ac30ec2ae2686eba94226 @@ -0,0 +1 @@ +0 \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/8ef3e1865e0ee0756ebccdb1e4952c44c94160ec b/fuzz/ssl_buffer_corpus/8ef3e1865e0ee0756ebccdb1e4952c44c94160ec new file mode 100644 index 00000000000..89c335dab65 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/8ef3e1865e0ee0756ebccdb1e4952c44c94160ec differ diff --git a/fuzz/ssl_buffer_corpus/8f0431ea9ff8df3320d9bbc4a106e5979641ea68 b/fuzz/ssl_buffer_corpus/8f0431ea9ff8df3320d9bbc4a106e5979641ea68 new file mode 100644 index 00000000000..aa55dfef6b2 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/8f0431ea9ff8df3320d9bbc4a106e5979641ea68 differ diff --git a/fuzz/ssl_buffer_corpus/8ffc53a44319a1fa0dfaeb4594c4f4f873e40987 b/fuzz/ssl_buffer_corpus/8ffc53a44319a1fa0dfaeb4594c4f4f873e40987 new file mode 100644 index 00000000000..9724769f93e Binary files /dev/null and b/fuzz/ssl_buffer_corpus/8ffc53a44319a1fa0dfaeb4594c4f4f873e40987 differ diff --git a/fuzz/ssl_buffer_corpus/90d80b0214715c2117f1db310cc56f1e87dc4775 b/fuzz/ssl_buffer_corpus/90d80b0214715c2117f1db310cc56f1e87dc4775 new file mode 100644 index 00000000000..e7ddd93dfa9 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/90d80b0214715c2117f1db310cc56f1e87dc4775 @@ -0,0 +1 @@ +0 \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/91f0941a4fea10ecc020f2e88cc541b5b799b5be b/fuzz/ssl_buffer_corpus/91f0941a4fea10ecc020f2e88cc541b5b799b5be new file mode 100644 index 00000000000..2321a00d068 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/91f0941a4fea10ecc020f2e88cc541b5b799b5be @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/93180e17879ddf1b62782b1313dedbdc101492de b/fuzz/ssl_buffer_corpus/93180e17879ddf1b62782b1313dedbdc101492de new file mode 100644 index 00000000000..1fffa743d35 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/93180e17879ddf1b62782b1313dedbdc101492de @@ -0,0 +1 @@ +„ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/94115a03e72587ffa15bc457576e46c75ae51483 b/fuzz/ssl_buffer_corpus/94115a03e72587ffa15bc457576e46c75ae51483 new file mode 100644 index 00000000000..34cd51b07cd --- /dev/null +++ b/fuzz/ssl_buffer_corpus/94115a03e72587ffa15bc457576e46c75ae51483 @@ -0,0 +1 @@ +ÿÿÿðÿ? \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/95120d53a6b9cabbe8c71ba250c8f0dfc53cdc35 b/fuzz/ssl_buffer_corpus/95120d53a6b9cabbe8c71ba250c8f0dfc53cdc35 new file mode 100644 index 00000000000..1471c5a7a0f --- /dev/null +++ b/fuzz/ssl_buffer_corpus/95120d53a6b9cabbe8c71ba250c8f0dfc53cdc35 @@ -0,0 +1 @@ +0ÿÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/986ebf03655a936088aed0af29211b822cd481c6 b/fuzz/ssl_buffer_corpus/986ebf03655a936088aed0af29211b822cd481c6 new file mode 100644 index 00000000000..6417995f146 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/986ebf03655a936088aed0af29211b822cd481c6 differ diff --git a/fuzz/ssl_buffer_corpus/9a5e735be8b0fa2f631990f5df49a4be31817c4a b/fuzz/ssl_buffer_corpus/9a5e735be8b0fa2f631990f5df49a4be31817c4a new file mode 100644 index 00000000000..c3c97e143f5 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/9a5e735be8b0fa2f631990f5df49a4be31817c4a differ diff --git a/fuzz/ssl_buffer_corpus/9bd2029b1a2d1f3447dbbb4f72052f4fc7ba0765 b/fuzz/ssl_buffer_corpus/9bd2029b1a2d1f3447dbbb4f72052f4fc7ba0765 new file mode 100644 index 00000000000..7b90fd23046 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/9bd2029b1a2d1f3447dbbb4f72052f4fc7ba0765 differ diff --git a/fuzz/ssl_buffer_corpus/9c4e333e42ff35f6a8c929f0cfe248f81e7e0f95 b/fuzz/ssl_buffer_corpus/9c4e333e42ff35f6a8c929f0cfe248f81e7e0f95 new file mode 100644 index 00000000000..96a14edd30c Binary files /dev/null and b/fuzz/ssl_buffer_corpus/9c4e333e42ff35f6a8c929f0cfe248f81e7e0f95 differ diff --git a/fuzz/ssl_buffer_corpus/a213723e9d422a365dd8a5070eaa3c1f55e28e00 b/fuzz/ssl_buffer_corpus/a213723e9d422a365dd8a5070eaa3c1f55e28e00 new file mode 100644 index 00000000000..9144d57d84c Binary files /dev/null and b/fuzz/ssl_buffer_corpus/a213723e9d422a365dd8a5070eaa3c1f55e28e00 differ diff --git a/fuzz/ssl_buffer_corpus/a6e4ab80aab34b9b56858b2b2e17de67c888da4e b/fuzz/ssl_buffer_corpus/a6e4ab80aab34b9b56858b2b2e17de67c888da4e new file mode 100644 index 00000000000..8a65510e9dc Binary files /dev/null and b/fuzz/ssl_buffer_corpus/a6e4ab80aab34b9b56858b2b2e17de67c888da4e differ diff --git a/fuzz/ssl_buffer_corpus/aa24d2941a651836a47239a958b9951fe2032f8b b/fuzz/ssl_buffer_corpus/aa24d2941a651836a47239a958b9951fe2032f8b new file mode 100644 index 00000000000..af7334365a3 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/aa24d2941a651836a47239a958b9951fe2032f8b differ diff --git a/fuzz/ssl_buffer_corpus/aaca4c158e8e383447dfcb913caa893a06c4c6ce b/fuzz/ssl_buffer_corpus/aaca4c158e8e383447dfcb913caa893a06c4c6ce new file mode 100644 index 00000000000..f8132f4b7ee Binary files /dev/null and b/fuzz/ssl_buffer_corpus/aaca4c158e8e383447dfcb913caa893a06c4c6ce differ diff --git a/fuzz/ssl_buffer_corpus/adcb2457c772915bd43683b37d912237b50f998c b/fuzz/ssl_buffer_corpus/adcb2457c772915bd43683b37d912237b50f998c new file mode 100644 index 00000000000..5432ee9b23a --- /dev/null +++ b/fuzz/ssl_buffer_corpus/adcb2457c772915bd43683b37d912237b50f998c @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/af482e82869c12f27b2d176981ee37c8c13223e4 b/fuzz/ssl_buffer_corpus/af482e82869c12f27b2d176981ee37c8c13223e4 new file mode 100644 index 00000000000..223de9c8ccb Binary files /dev/null and b/fuzz/ssl_buffer_corpus/af482e82869c12f27b2d176981ee37c8c13223e4 differ diff --git a/fuzz/ssl_buffer_corpus/b0636704e10d98cd37a5a7836aebab775134fa0e b/fuzz/ssl_buffer_corpus/b0636704e10d98cd37a5a7836aebab775134fa0e new file mode 100644 index 00000000000..24d10d4bbf4 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/b0636704e10d98cd37a5a7836aebab775134fa0e differ diff --git a/fuzz/ssl_buffer_corpus/b06641f05e7582df71b83c52f118847940adb417 b/fuzz/ssl_buffer_corpus/b06641f05e7582df71b83c52f118847940adb417 new file mode 100644 index 00000000000..de8d1a35b16 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/b06641f05e7582df71b83c52f118847940adb417 differ diff --git a/fuzz/ssl_buffer_corpus/b0e2da251ea353bc6242c1be179c882aa8ee4721 b/fuzz/ssl_buffer_corpus/b0e2da251ea353bc6242c1be179c882aa8ee4721 new file mode 100644 index 00000000000..b8c815dbe27 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/b0e2da251ea353bc6242c1be179c882aa8ee4721 @@ -0,0 +1 @@ +ÿÿÿÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/b298ebaf19deb2d1db87cf0203f77c9575ba679a b/fuzz/ssl_buffer_corpus/b298ebaf19deb2d1db87cf0203f77c9575ba679a new file mode 100644 index 00000000000..769a77a6030 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/b298ebaf19deb2d1db87cf0203f77c9575ba679a differ diff --git a/fuzz/ssl_buffer_corpus/b44d319ae066d4072c9dd2d0b0a6c42d4f363d5d b/fuzz/ssl_buffer_corpus/b44d319ae066d4072c9dd2d0b0a6c42d4f363d5d new file mode 100644 index 00000000000..3a523fa50e9 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/b44d319ae066d4072c9dd2d0b0a6c42d4f363d5d differ diff --git a/fuzz/ssl_buffer_corpus/b4c4891f60dc48fa3c4579c5b164723fec04b9dc b/fuzz/ssl_buffer_corpus/b4c4891f60dc48fa3c4579c5b164723fec04b9dc new file mode 100644 index 00000000000..4297199393b Binary files /dev/null and b/fuzz/ssl_buffer_corpus/b4c4891f60dc48fa3c4579c5b164723fec04b9dc differ diff --git a/fuzz/ssl_buffer_corpus/ba7c084ca2e77be198b423522375d07293493368 b/fuzz/ssl_buffer_corpus/ba7c084ca2e77be198b423522375d07293493368 new file mode 100644 index 00000000000..438ef3bf522 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/ba7c084ca2e77be198b423522375d07293493368 @@ -0,0 +1 @@ +0Í \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/bbab0b76d3e6126e90ee2f56e87e7e211894c40b b/fuzz/ssl_buffer_corpus/bbab0b76d3e6126e90ee2f56e87e7e211894c40b new file mode 100644 index 00000000000..d2bac685579 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/bbab0b76d3e6126e90ee2f56e87e7e211894c40b @@ -0,0 +1 @@ +0ÿ, \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/bc30cad6ea29132eace78b8470805505d4062fb4 b/fuzz/ssl_buffer_corpus/bc30cad6ea29132eace78b8470805505d4062fb4 new file mode 100644 index 00000000000..f73c46eef07 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/bc30cad6ea29132eace78b8470805505d4062fb4 @@ -0,0 +1 @@ +ÿÿÿÿÿÿÿÿÿ` \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/be737f522ca9e10e4429339ca3576a0afbee55b4 b/fuzz/ssl_buffer_corpus/be737f522ca9e10e4429339ca3576a0afbee55b4 new file mode 100644 index 00000000000..f5a26b1a52f --- /dev/null +++ b/fuzz/ssl_buffer_corpus/be737f522ca9e10e4429339ca3576a0afbee55b4 @@ -0,0 +1 @@ +0ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/bfe29ddd2eb7f6ff7d713a4a33e5e10694ab35d1 b/fuzz/ssl_buffer_corpus/bfe29ddd2eb7f6ff7d713a4a33e5e10694ab35d1 new file mode 100644 index 00000000000..cc1487712eb --- /dev/null +++ b/fuzz/ssl_buffer_corpus/bfe29ddd2eb7f6ff7d713a4a33e5e10694ab35d1 @@ -0,0 +1,2 @@ + +Š \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/c276b423f4c2b75193dd888af24795b21d4ac382 b/fuzz/ssl_buffer_corpus/c276b423f4c2b75193dd888af24795b21d4ac382 new file mode 100644 index 00000000000..8ca8929152f Binary files /dev/null and b/fuzz/ssl_buffer_corpus/c276b423f4c2b75193dd888af24795b21d4ac382 differ diff --git a/fuzz/ssl_buffer_corpus/c3a25ec770d049dbe8d860d6910847e64a5154d5 b/fuzz/ssl_buffer_corpus/c3a25ec770d049dbe8d860d6910847e64a5154d5 new file mode 100644 index 00000000000..83698e626f1 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/c3a25ec770d049dbe8d860d6910847e64a5154d5 differ diff --git a/fuzz/ssl_buffer_corpus/c482649b6791c0f85b30f17bb60c47432e003d73 b/fuzz/ssl_buffer_corpus/c482649b6791c0f85b30f17bb60c47432e003d73 new file mode 100644 index 00000000000..e5bcaecd30b Binary files /dev/null and b/fuzz/ssl_buffer_corpus/c482649b6791c0f85b30f17bb60c47432e003d73 differ diff --git a/fuzz/ssl_buffer_corpus/c4b48906f911f8bff63a2fe44fffc65465652d30 b/fuzz/ssl_buffer_corpus/c4b48906f911f8bff63a2fe44fffc65465652d30 new file mode 100644 index 00000000000..e7899878b34 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/c4b48906f911f8bff63a2fe44fffc65465652d30 @@ -0,0 +1 @@ +ÿÿÿÿ¨ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/c5c8677b6db7c014ac870cc8d70be7854f7fbbf8 b/fuzz/ssl_buffer_corpus/c5c8677b6db7c014ac870cc8d70be7854f7fbbf8 new file mode 100644 index 00000000000..7fb121a3167 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/c5c8677b6db7c014ac870cc8d70be7854f7fbbf8 differ diff --git a/fuzz/ssl_buffer_corpus/c85392bb86e4afa8a62f78761f7377f81096dbcf b/fuzz/ssl_buffer_corpus/c85392bb86e4afa8a62f78761f7377f81096dbcf new file mode 100644 index 00000000000..87e8d5d7dca Binary files /dev/null and b/fuzz/ssl_buffer_corpus/c85392bb86e4afa8a62f78761f7377f81096dbcf differ diff --git a/fuzz/ssl_buffer_corpus/c936565e442ff6ee53e96effc2c96ab8ed048b2c b/fuzz/ssl_buffer_corpus/c936565e442ff6ee53e96effc2c96ab8ed048b2c new file mode 100644 index 00000000000..b8abe3a6fab Binary files /dev/null and b/fuzz/ssl_buffer_corpus/c936565e442ff6ee53e96effc2c96ab8ed048b2c differ diff --git a/fuzz/ssl_buffer_corpus/c9735b3c8b4d936374f6d7543cd6fd3af0f84760 b/fuzz/ssl_buffer_corpus/c9735b3c8b4d936374f6d7543cd6fd3af0f84760 new file mode 100644 index 00000000000..ee8f4361d13 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/c9735b3c8b4d936374f6d7543cd6fd3af0f84760 @@ -0,0 +1 @@ +0# \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/c9c225027a0d3ba02890011e5238e0c210930df1 b/fuzz/ssl_buffer_corpus/c9c225027a0d3ba02890011e5238e0c210930df1 new file mode 100644 index 00000000000..404f89a53cc --- /dev/null +++ b/fuzz/ssl_buffer_corpus/c9c225027a0d3ba02890011e5238e0c210930df1 @@ -0,0 +1 @@ +0ÿ0 \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/ccf16d28124a3fe0bcdde7122f8ed70f5b514a09 b/fuzz/ssl_buffer_corpus/ccf16d28124a3fe0bcdde7122f8ed70f5b514a09 new file mode 100644 index 00000000000..011bc08a333 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/ccf16d28124a3fe0bcdde7122f8ed70f5b514a09 @@ -0,0 +1 @@ +0ÿ2ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/cf12aaeb741d15b9489cc69b05bace35a6aa9ca5 b/fuzz/ssl_buffer_corpus/cf12aaeb741d15b9489cc69b05bace35a6aa9ca5 new file mode 100644 index 00000000000..4efafefe2b2 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/cf12aaeb741d15b9489cc69b05bace35a6aa9ca5 differ diff --git a/fuzz/ssl_buffer_corpus/d280261612794940c879d1b90b8246be29aeeb12 b/fuzz/ssl_buffer_corpus/d280261612794940c879d1b90b8246be29aeeb12 new file mode 100644 index 00000000000..03516590f27 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/d280261612794940c879d1b90b8246be29aeeb12 differ diff --git a/fuzz/ssl_buffer_corpus/d392583f92c3fc1f83e97aa47ad20415f28b0f93 b/fuzz/ssl_buffer_corpus/d392583f92c3fc1f83e97aa47ad20415f28b0f93 new file mode 100644 index 00000000000..832fac06bbd --- /dev/null +++ b/fuzz/ssl_buffer_corpus/d392583f92c3fc1f83e97aa47ad20415f28b0f93 @@ -0,0 +1 @@ +0ÿ,ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/d719ca0670243de5d440431c752b7d9afc29fe3b b/fuzz/ssl_buffer_corpus/d719ca0670243de5d440431c752b7d9afc29fe3b new file mode 100644 index 00000000000..3a0845a07fc --- /dev/null +++ b/fuzz/ssl_buffer_corpus/d719ca0670243de5d440431c752b7d9afc29fe3b @@ -0,0 +1 @@ +0ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/d89149f08756a5c69a351dbc4e2600702befc0b7 b/fuzz/ssl_buffer_corpus/d89149f08756a5c69a351dbc4e2600702befc0b7 new file mode 100644 index 00000000000..90d5db7b529 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/d89149f08756a5c69a351dbc4e2600702befc0b7 differ diff --git a/fuzz/ssl_buffer_corpus/dbfd8422fbc6d97d0aa36261f472765e3a8036d1 b/fuzz/ssl_buffer_corpus/dbfd8422fbc6d97d0aa36261f472765e3a8036d1 new file mode 100644 index 00000000000..35d276beaf4 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/dbfd8422fbc6d97d0aa36261f472765e3a8036d1 differ diff --git a/fuzz/ssl_buffer_corpus/dc70f08f6d89ae414a6fd1b8da59a11ba1aa044c b/fuzz/ssl_buffer_corpus/dc70f08f6d89ae414a6fd1b8da59a11ba1aa044c new file mode 100644 index 00000000000..0da311e496f --- /dev/null +++ b/fuzz/ssl_buffer_corpus/dc70f08f6d89ae414a6fd1b8da59a11ba1aa044c @@ -0,0 +1 @@ +?ÿ½ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/de8b393d2d22914df5991814e0db530b9adb33c1 b/fuzz/ssl_buffer_corpus/de8b393d2d22914df5991814e0db530b9adb33c1 new file mode 100644 index 00000000000..5b1ed44dfc4 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/de8b393d2d22914df5991814e0db530b9adb33c1 @@ -0,0 +1 @@ +0ÿÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/de9dda71ca2becd3223194ae0726e46f0cd3cd9a b/fuzz/ssl_buffer_corpus/de9dda71ca2becd3223194ae0726e46f0cd3cd9a new file mode 100644 index 00000000000..6ce720033f3 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/de9dda71ca2becd3223194ae0726e46f0cd3cd9a differ diff --git a/fuzz/ssl_buffer_corpus/e0553c1fc622d1d99c3e541fd36a504582984dd9 b/fuzz/ssl_buffer_corpus/e0553c1fc622d1d99c3e541fd36a504582984dd9 new file mode 100644 index 00000000000..f3a308ad570 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/e0553c1fc622d1d99c3e541fd36a504582984dd9 differ diff --git a/fuzz/ssl_buffer_corpus/e3ebc017cf10ad0068dc388142d939cec07548ff b/fuzz/ssl_buffer_corpus/e3ebc017cf10ad0068dc388142d939cec07548ff new file mode 100644 index 00000000000..695cad07aa9 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/e3ebc017cf10ad0068dc388142d939cec07548ff differ diff --git a/fuzz/ssl_buffer_corpus/e4ac9c595c211569f93df7d5c505c7ea144ce2d0 b/fuzz/ssl_buffer_corpus/e4ac9c595c211569f93df7d5c505c7ea144ce2d0 new file mode 100644 index 00000000000..3fe0f1f78fb Binary files /dev/null and b/fuzz/ssl_buffer_corpus/e4ac9c595c211569f93df7d5c505c7ea144ce2d0 differ diff --git a/fuzz/ssl_buffer_corpus/e65ce1c83294a2386c2b5fadec714f203e4994bf b/fuzz/ssl_buffer_corpus/e65ce1c83294a2386c2b5fadec714f203e4994bf new file mode 100644 index 00000000000..3b735a6056f --- /dev/null +++ b/fuzz/ssl_buffer_corpus/e65ce1c83294a2386c2b5fadec714f203e4994bf @@ -0,0 +1 @@ +0¢ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/e667f3e03cf8c6532bf080a611e65061f29d9ca5 b/fuzz/ssl_buffer_corpus/e667f3e03cf8c6532bf080a611e65061f29d9ca5 new file mode 100644 index 00000000000..230f3d0dded Binary files /dev/null and b/fuzz/ssl_buffer_corpus/e667f3e03cf8c6532bf080a611e65061f29d9ca5 differ diff --git a/fuzz/ssl_buffer_corpus/e7064f0b80f61dbc65915311032d27baa569ae2a b/fuzz/ssl_buffer_corpus/e7064f0b80f61dbc65915311032d27baa569ae2a new file mode 100644 index 00000000000..e8a0f87653d --- /dev/null +++ b/fuzz/ssl_buffer_corpus/e7064f0b80f61dbc65915311032d27baa569ae2a @@ -0,0 +1 @@ +) \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/e9580c48733630742ccc467c78e16b8703c025e9 b/fuzz/ssl_buffer_corpus/e9580c48733630742ccc467c78e16b8703c025e9 new file mode 100644 index 00000000000..a30e5359aa2 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/e9580c48733630742ccc467c78e16b8703c025e9 differ diff --git a/fuzz/ssl_buffer_corpus/ea9611a6436abfa835153697a67f958a864ab0fc b/fuzz/ssl_buffer_corpus/ea9611a6436abfa835153697a67f958a864ab0fc new file mode 100644 index 00000000000..e1ee6bf388e --- /dev/null +++ b/fuzz/ssl_buffer_corpus/ea9611a6436abfa835153697a67f958a864ab0fc @@ -0,0 +1 @@ +D„ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/eb0a15f377fd713933499dfdb2644c055673f299 b/fuzz/ssl_buffer_corpus/eb0a15f377fd713933499dfdb2644c055673f299 new file mode 100644 index 00000000000..561e533c977 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/eb0a15f377fd713933499dfdb2644c055673f299 @@ -0,0 +1 @@ +00 \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/ebd1c08abc7a609f2cb813a82cff090ad7ef47fb b/fuzz/ssl_buffer_corpus/ebd1c08abc7a609f2cb813a82cff090ad7ef47fb new file mode 100644 index 00000000000..6ad4a264a0a Binary files /dev/null and b/fuzz/ssl_buffer_corpus/ebd1c08abc7a609f2cb813a82cff090ad7ef47fb differ diff --git a/fuzz/ssl_buffer_corpus/efcf075bf52d2652a54197f66e46857ae3f92426 b/fuzz/ssl_buffer_corpus/efcf075bf52d2652a54197f66e46857ae3f92426 new file mode 100644 index 00000000000..2d400ebabb9 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/efcf075bf52d2652a54197f66e46857ae3f92426 @@ -0,0 +1 @@ +0ÿ0ÿ^ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/f35688efe04b94f882bcaf316d0e53c2e1d9dd16 b/fuzz/ssl_buffer_corpus/f35688efe04b94f882bcaf316d0e53c2e1d9dd16 new file mode 100644 index 00000000000..abc54bf19a7 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/f35688efe04b94f882bcaf316d0e53c2e1d9dd16 differ diff --git a/fuzz/ssl_buffer_corpus/f3aee3b8e93348c918cd5b5498dbe4126971cda5 b/fuzz/ssl_buffer_corpus/f3aee3b8e93348c918cd5b5498dbe4126971cda5 new file mode 100644 index 00000000000..1e51ab48c35 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/f3aee3b8e93348c918cd5b5498dbe4126971cda5 @@ -0,0 +1 @@ +0ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/f876dd9b719cc6f0036e9d3c047963a1453398f5 b/fuzz/ssl_buffer_corpus/f876dd9b719cc6f0036e9d3c047963a1453398f5 new file mode 100644 index 00000000000..d477d47b9f5 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/f876dd9b719cc6f0036e9d3c047963a1453398f5 @@ -0,0 +1 @@ +ÿªªªªªªªª \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/f8a770061e7401e29397fc55763a08ea60c744b0 b/fuzz/ssl_buffer_corpus/f8a770061e7401e29397fc55763a08ea60c744b0 new file mode 100644 index 00000000000..c907aa25c21 --- /dev/null +++ b/fuzz/ssl_buffer_corpus/f8a770061e7401e29397fc55763a08ea60c744b0 @@ -0,0 +1 @@ +0ÿ \ No newline at end of file diff --git a/fuzz/ssl_buffer_corpus/f944dcd635f9801f7ac90a407fbc479964dec024 b/fuzz/ssl_buffer_corpus/f944dcd635f9801f7ac90a407fbc479964dec024 new file mode 100644 index 00000000000..def7fcb589b Binary files /dev/null and b/fuzz/ssl_buffer_corpus/f944dcd635f9801f7ac90a407fbc479964dec024 differ diff --git a/fuzz/ssl_buffer_corpus/f9b50070ea788e98b4f5ce42dbd1ce56efc51c91 b/fuzz/ssl_buffer_corpus/f9b50070ea788e98b4f5ce42dbd1ce56efc51c91 new file mode 100644 index 00000000000..2167eb4bf2d Binary files /dev/null and b/fuzz/ssl_buffer_corpus/f9b50070ea788e98b4f5ce42dbd1ce56efc51c91 differ diff --git a/fuzz/ssl_buffer_corpus/fe4c8f046cb92bc4ac74f761132134233c2e17dc b/fuzz/ssl_buffer_corpus/fe4c8f046cb92bc4ac74f761132134233c2e17dc new file mode 100644 index 00000000000..0bf909570c5 Binary files /dev/null and b/fuzz/ssl_buffer_corpus/fe4c8f046cb92bc4ac74f761132134233c2e17dc differ diff --git a/ssl/internal.h b/ssl/internal.h index b81f73394a9..7a8e566e654 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -1312,9 +1312,16 @@ void ssl_do_msg_callback(const SSL *ssl, int is_write, int content_type, // Transport buffers. +enum SSL_BUFFER_SERDE_VERSION { + SSL_BUFFER_SERDE_VERSION_ONE = 1, + SSL_BUFFER_SERDE_VERSION_TWO = 2 +}; + +const unsigned kSSLBufferMaxSerDeVersion = SSL_BUFFER_SERDE_VERSION_TWO; + #define SSLBUFFER_READ_AHEAD_MIN_CAPACITY 512 -#define SSLBUFFER_MAX_CAPACITY UINT16_MAX -class SSLBuffer { +#define SSLBUFFER_MAX_CAPACITY INT_MAX +class OPENSSL_EXPORT SSLBuffer { public: SSLBuffer() {} ~SSLBuffer() { Clear(); } @@ -1358,28 +1365,48 @@ class SSLBuffer { void DiscardConsumed(); // DoSerialization writes all fields into |cbb|. - bool DoSerialization(CBB *cbb); + bool DoSerialization(CBB &cbb); // DoDeserialization recovers the states encoded via |DoSerialization|. - bool DoDeserialization(CBS *in); + bool DoDeserialization(CBS &in); + + bool SerializeBufferView(CBB &cbb, Span &view); + bool DeserializeBufferView(CBS &cbb, Span &view); private: // buf_ is the memory allocated for this buffer. uint8_t *buf_ = nullptr; - // offset_ is the offset into |buf_| which the buffer contents start at. - uint16_t offset_ = 0; - // size_ is the size of the buffer contents from |buf_| + |offset_|. - uint16_t size_ = 0; - // cap_ is how much memory beyond |buf_| + |offset_| is available. - uint16_t cap_ = 0; - // inline_buf_ is a static buffer for short reads. - uint8_t inline_buf_[SSL3_RT_HEADER_LENGTH]; // buf_allocated_ is true if |buf_| points to allocated data and must be freed // or false if it points into |inline_buf_|. bool buf_allocated_ = false; + // The total capacity requested for this buffer by |EnsureCap|. + size_t buf_cap_ = 0; // buf_size_ is how much memory allocated for |buf_|. This is needed by - // |DoSerialization|. + // |DoSerializationV1|. This is the total size of the buffer with the requested capacity + padding. size_t buf_size_ = 0; + // header length used to calculate initial offset + size_t header_len_ = 0; + // offset_ is the offset into |buf_| which the buffer contents start at, and is moved as contents are consumed + int offset_ = 0; + // size_ is the size of the buffer contents from |buf_| + |offset_|. + int size_ = 0; + // cap_ is how much memory beyond |buf_| + |offset_| is available. + int cap_ = 0; + // inline_buf_ is a static buffer for short reads. + uint8_t inline_buf_[SSL3_RT_HEADER_LENGTH]; + + // The V1 version has some intricacies were solved in later serialization versions. + // This is mainly to capture if a V1 version was restored and whether it needs to be + // re-serialized as that version. + uint32_t max_serialization_version_ = SSL_BUFFER_SERDE_VERSION_TWO; + + bool DoSerializationV1(CBB &cbb); + bool DoSerializationV2(CBB &cbb); + + bool DoDeserializationV1(CBS &in); + bool DoDeserializationV2(CBS &in); + + bool ValidateBuffersState(); }; // ssl_read_buffer_extend_to extends the read buffer to the desired length. For @@ -4136,6 +4163,10 @@ struct ssl_st { // as will fit in the SSLBuffer from the BIO, or just enough to read the record // header and then the length of the body bool enable_read_ahead : 1; + + // is_suspended_state indicates that the |SSL| object has been serialized and + // operations should not be performed on the connection. + bool is_suspended_state : 1; }; struct ssl_session_st { diff --git a/ssl/ssl_buffer.cc b/ssl/ssl_buffer.cc index b61e1ad846f..f257d3fc828 100644 --- a/ssl/ssl_buffer.cc +++ b/ssl/ssl_buffer.cc @@ -31,21 +31,34 @@ BSSL_NAMESPACE_BEGIN // BIO uses int instead of size_t. No lengths will exceed SSLBUFFER_MAX_CAPACITY // (uint16_t), so this will not overflow. -static_assert(SSLBUFFER_MAX_CAPACITY <= INT_MAX, "uint16_t does not fit in int"); +static_assert(SSLBUFFER_MAX_CAPACITY <= INT_MAX, + "uint16_t does not fit in int"); static_assert((SSL3_ALIGN_PAYLOAD & (SSL3_ALIGN_PAYLOAD - 1)) == 0, "SSL3_ALIGN_PAYLOAD must be a power of 2"); +static OPENSSL_INLINE size_t compute_buffer_size(size_t capacity) { + return capacity + SSL3_ALIGN_PAYLOAD - 1; +} + +static OPENSSL_INLINE size_t compute_buffer_offset(size_t header_len, + uint8_t *buffer) { + return (0 - header_len - (uintptr_t)buffer) & (SSL3_ALIGN_PAYLOAD - 1); +} + void SSLBuffer::Clear() { if (buf_allocated_) { free(buf_); // Allocated with malloc(). } buf_ = nullptr; buf_allocated_ = false; + buf_cap_ = 0; + buf_size_ = 0; + header_len_ = 0; offset_ = 0; size_ = 0; cap_ = 0; - buf_size_ = 0; + max_serialization_version_ = kSSLBufferMaxSerDeVersion; } bool SSLBuffer::EnsureCap(size_t header_len, size_t new_cap) { @@ -54,7 +67,7 @@ bool SSLBuffer::EnsureCap(size_t header_len, size_t new_cap) { return false; } - if (cap_ >= new_cap) { + if ((size_t)cap_ >= new_cap) { return true; } @@ -67,23 +80,22 @@ bool SSLBuffer::EnsureCap(size_t header_len, size_t new_cap) { new_buf = inline_buf_; new_buf_allocated = false; new_offset = 0; + buf_size_ = sizeof(inline_buf_); } else { // Add up to |SSL3_ALIGN_PAYLOAD| - 1 bytes of slack for alignment. // // Since this buffer gets allocated quite frequently and doesn't contain any // sensitive data, we allocate with malloc rather than |OPENSSL_malloc| and // avoid zeroing on free. - buf_size_ = new_cap + SSL3_ALIGN_PAYLOAD - 1; + buf_size_ = compute_buffer_size(new_cap); new_buf = (uint8_t *)malloc(buf_size_); if (new_buf == NULL) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return false; } new_buf_allocated = true; - // Offset the buffer such that the record body is aligned. - new_offset = - (0 - header_len - (uintptr_t)new_buf) & (SSL3_ALIGN_PAYLOAD - 1); + new_offset = compute_buffer_offset(header_len, new_buf); } // Note if the both old and new buffer are inline, the source and destination @@ -96,8 +108,10 @@ bool SSLBuffer::EnsureCap(size_t header_len, size_t new_cap) { buf_ = new_buf; buf_allocated_ = new_buf_allocated; + header_len_ = header_len; offset_ = new_offset; - cap_ = new_cap; + buf_cap_ = cap_ = new_cap; + max_serialization_version_ = kSSLBufferMaxSerDeVersion; return true; } @@ -109,12 +123,12 @@ void SSLBuffer::DidWrite(size_t new_size) { } void SSLBuffer::Consume(size_t len) { - if (len > size_) { + if (len > (size_t)size_) { abort(); } - offset_ += (uint16_t)len; - size_ -= (uint16_t)len; - cap_ -= (uint16_t)len; + offset_ += (int)len; + size_ -= (int)len; + cap_ -= (int)len; } void SSLBuffer::DiscardConsumed() { @@ -125,54 +139,145 @@ void SSLBuffer::DiscardConsumed() { // An SSLBuffer is serialized as the following ASN.1 structure: // +// -- The V2 Serialization +// SSLBuffer ::= SEQUENCE { +// version INTEGER (2), -- SSLBuffer structure +// bufAllocated BOOLEAN, +// bufferCapacity INTEGER, +// headerLength INTEGER, +// relativeOffset INTEGER, +// remainingCapacity INTEGER, +// buf OCTET STRING, +// } +// +// -- The V1 Serialization // SSLBuffer ::= SEQUENCE { -// version INTEGER (1), -- SSLBuffer structure version +// version INTEGER (1), -- SSLBuffer structure // bufAllocated BOOLEAN, // offset INTEGER, // size INTEGER, // cap INTEGER, // buf OCTET STRING, // } -static const unsigned kSSLBufferVersion = 1; -bool SSLBuffer::DoSerialization(CBB *cbb) { - if (!cbb) { +bool SSLBuffer::DoSerializationV1(CBB &seq) { + if (!CBB_add_asn1_uint64(&seq, SSL_BUFFER_SERDE_VERSION_ONE) || + !CBB_add_asn1_bool(&seq, (buf_allocated_ ? 1 : 0)) || + !CBB_add_asn1_uint64(&seq, offset_) || + !CBB_add_asn1_uint64(&seq, size_) || !CBB_add_asn1_uint64(&seq, cap_) || + (buf_allocated_ && !CBB_add_asn1_octet_string(&seq, buf_, buf_size_)) || + (!buf_allocated_ && + !CBB_add_asn1_octet_string(&seq, inline_buf_, SSL3_RT_HEADER_LENGTH))) { return false; } - CBB seq; - if (!CBB_add_asn1(cbb, &seq, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1_uint64(&seq, kSSLBufferVersion) || + return true; +} + +bool SSLBuffer::DoSerializationV2(CBB &seq) { + size_t align_offset = 0; + if (buf_allocated_) { + align_offset = compute_buffer_offset(header_len_, buf_); + } + + size_t rel_offset = offset_ - align_offset; + + if (!CBB_add_asn1_uint64(&seq, SSL_BUFFER_SERDE_VERSION_TWO) || !CBB_add_asn1_bool(&seq, (buf_allocated_ ? 1 : 0)) || - !CBB_add_asn1_uint64(&seq, offset_) || - !CBB_add_asn1_uint64(&seq, size_) || + !CBB_add_asn1_uint64(&seq, buf_cap_) || + !CBB_add_asn1_uint64(&seq, header_len_) || + !CBB_add_asn1_uint64(&seq, rel_offset) || !CBB_add_asn1_uint64(&seq, cap_) || - (buf_allocated_ && !CBB_add_asn1_octet_string(&seq, buf_, buf_size_)) || - (!buf_allocated_ && !CBB_add_asn1_octet_string(&seq, inline_buf_, SSL3_RT_HEADER_LENGTH))) { + (buf_allocated_ && !CBB_add_asn1_octet_string(&seq, buf_ + align_offset, + rel_offset + size_)) || + (!buf_allocated_ && + !CBB_add_asn1_octet_string(&seq, inline_buf_ + align_offset, + rel_offset + size_))) { return false; } - return CBB_flush(cbb) == 1; + + return true; +} + +bool SSLBuffer::DoSerialization(CBB &cbb) { + CBB seq; + + if (!CBB_add_asn1(&cbb, &seq, CBS_ASN1_SEQUENCE)) { + return false; + } + + switch (max_serialization_version_) { + case SSL_BUFFER_SERDE_VERSION_TWO: + if (!DoSerializationV2(seq)) { + return false; + } + break; + case SSL_BUFFER_SERDE_VERSION_ONE: + if (!DoSerializationV1(seq)) { + return false; + } + break; + default: + // Only possible with a programming error + abort(); + } + + return CBB_flush(&cbb) == 1; } -bool SSLBuffer::DoDeserialization(CBS *cbs) { - if (!cbs) { +bool SSLBuffer::ValidateBuffersState() { + const uint8_t *start_ptr = buf_; + const uint8_t *end_ptr = buf_ + buf_size_; + const uint8_t *data_start_ = buf_ + offset_; + const uint8_t *data_end_ptr = data_start_ + size_; + const uint8_t *remaining_ptr = data_end_ptr + (cap_ - size_); + if (data_start_ > end_ptr || data_start_ < start_ptr || + data_end_ptr > end_ptr || data_end_ptr < start_ptr || size_ > cap_ || + remaining_ptr > end_ptr || remaining_ptr < start_ptr) { return false; } + return true; +} - CBS seq, buf; - int buf_allocated_int; - uint64_t version, offset, size, cap; - if (!CBS_get_asn1(cbs, &seq, CBS_ASN1_SEQUENCE) || +bool SSLBuffer::DoDeserialization(CBS &cbs) { + CBS seq; + uint64_t version = 0; + if (!CBS_get_asn1(&cbs, &seq, CBS_ASN1_SEQUENCE) || !CBS_get_asn1_uint64(&seq, &version) || - version != kSSLBufferVersion || - !CBS_get_asn1_bool(&seq, &buf_allocated_int) || - !CBS_get_asn1_uint64(&seq, &offset) || - !CBS_get_asn1_uint64(&seq, &size) || - !CBS_get_asn1_uint64(&seq, &cap) || - !CBS_get_asn1(&seq, &buf, CBS_ASN1_OCTETSTRING) || - CBS_len(&seq) != 0) { + version > kSSLBufferMaxSerDeVersion) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + switch (version) { + case SSL_BUFFER_SERDE_VERSION_TWO: + return DoDeserializationV2(seq); + case SSL_BUFFER_SERDE_VERSION_ONE: + return DoDeserializationV1(seq); + default: + return false; + } +} + +bool SSLBuffer::DoDeserializationV1(CBS &cbs) { + CBS buf; + int buf_allocated_int = 0; + uint64_t offset = 0, size = 0, cap = 0; + if (!CBS_get_asn1_bool(&cbs, &buf_allocated_int) || + !CBS_get_asn1_uint64(&cbs, &offset) || + !CBS_get_asn1_uint64(&cbs, &size) || !CBS_get_asn1_uint64(&cbs, &cap) || + !CBS_get_asn1(&cbs, &buf, CBS_ASN1_OCTETSTRING) || CBS_len(&cbs) != 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); return false; } + + if (offset > INT_MAX || size > INT_MAX || cap > INT_MAX) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + // In the event that deserialization happens into an existing buffer. + Clear(); + bool buf_allocated = !!buf_allocated_int; if (buf_allocated) { // When buf_allocated, CBS_len(&buf) should be larger than @@ -181,8 +286,10 @@ bool SSLBuffer::DoDeserialization(CBS *cbs) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); return false; } + buf_allocated_ = true; buf_ = (uint8_t *)malloc(CBS_len(&buf)); if (buf_ == NULL) { + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return false; } buf_size_ = CBS_len(&buf); @@ -192,13 +299,249 @@ bool SSLBuffer::DoDeserialization(CBS *cbs) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); return false; } - buf_size_ = 0; + buf_allocated_ = false; + buf_ = inline_buf_; + buf_size_ = sizeof(inline_buf_); OPENSSL_memcpy(inline_buf_, CBS_data(&buf), CBS_len(&buf)); } - buf_allocated_ = buf_allocated; - offset_ = (uint16_t)offset; - size_ = (uint16_t)size; - cap_ = (uint16_t)cap; + buf_cap_ = header_len_ = 0; // V1 was lossy :( + offset_ = (int)offset; + size_ = (int)size; + cap_ = (int)cap; + // As we restored from a V1 format we can only serialize as V1 until the next + // |EnsureCap| call. + max_serialization_version_ = SSL_BUFFER_SERDE_VERSION_ONE; + + // Final sanity check + if(!ValidateBuffersState()) { + Clear(); + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + return true; +} + +bool SSLBuffer::DoDeserializationV2(CBS &cbs) { + CBS buf; + int buf_allocated_int = 0; + uint64_t header_len = 0, buf_cap = 0, rel_offset = 0, cap = 0; + size_t align_offset = 0; + if (!CBS_get_asn1_bool(&cbs, &buf_allocated_int) || + !CBS_get_asn1_uint64(&cbs, &buf_cap) || + !CBS_get_asn1_uint64(&cbs, &header_len) || + !CBS_get_asn1_uint64(&cbs, &rel_offset) || + !CBS_get_asn1_uint64(&cbs, &cap) || + !CBS_get_asn1(&cbs, &buf, CBS_ASN1_OCTETSTRING) || CBS_len(&cbs) != 0) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + if (buf_cap > SSLBUFFER_MAX_CAPACITY || rel_offset > INT_MAX || + rel_offset > CBS_len(&buf) || cap > INT_MAX) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + // In the event that deserialization happens into an existing buffer. + Clear(); + + bool buf_allocated = !!buf_allocated_int; + if (buf_allocated) { + buf_allocated_ = true; + buf_size_ = compute_buffer_size(buf_cap); + buf_ = (uint8_t *)malloc(buf_size_); + if (buf_ == NULL) { + Clear(); + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); + return false; + } + align_offset = compute_buffer_offset(header_len, buf_); + if (rel_offset > INT_MAX - align_offset || + CBS_len(&buf) - rel_offset > INT_MAX || + CBS_len(&buf) > buf_size_ - align_offset) { + Clear(); + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + OPENSSL_memcpy(buf_ + align_offset, CBS_data(&buf), CBS_len(&buf)); + } else { + buf_allocated_ = false; + buf_ = inline_buf_; + buf_size_ = sizeof(inline_buf_); + // We could relax this and just allocate a in-memory buffer with correct + // alignment. But this value is not configurable (unlike + // SSL3_ALIGN_PAYLOAD), so we can adjust this in the future if we modify + // sizeof(inline_buf_); + if (CBS_len(&buf) > sizeof(inline_buf_) || buf_cap > sizeof(inline_buf_)) { + Clear(); + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + OPENSSL_memcpy(buf_, CBS_data(&buf), CBS_len(&buf)); + } + buf_cap_ = (size_t)buf_cap; + header_len_ = (size_t)header_len; + offset_ = (int)(align_offset + rel_offset); + size_ = (int)(CBS_len(&buf) - rel_offset); + cap_ = (int)cap; + max_serialization_version_ = SSL_BUFFER_SERDE_VERSION_TWO; + + // Final sanity check + if (!ValidateBuffersState()) { + Clear(); + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + return true; +} + +static const unsigned kBufferViewOffsetFromDataPtr = + CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 0; + +bool SSLBuffer::SerializeBufferView(CBB &cbb, Span &view) { + // View must be a span that points into this buffer. + if (!buf_ptr() || !view.data() || + view.data() < + buf_ptr() || // does the start of the view fall before the buffer + (view.data() + view.size()) < + buf_ptr() || // does the end of the view fall before the buffer + (buf_ptr() + buf_size()) < + view.data() || // does the start of the view fall after the end of + // the buffer + (buf_ptr() + buf_size()) < + (view.data() + view.size()) // does the end of of the view fall after + // the end of the buffer + ) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + // Important: The offset should not be relative to + // |buf_ptr()|, as the alignment can change on restore. + // It should be relative to |data()|, which can mean it may + // currently point towards data before the current offset and thus be + // negative. + // + // Ideally for simplicity we would make this relative to read buffer's + // alignment offset, but we might not know this in the V1 case if the buffer + // had been restored from a V1 format :\. So this is the better option at this + // time. + ptrdiff_t offset = view.data() - data(); + + CBB child, child2; + if (!CBB_add_asn1(&cbb, &child, CBS_ASN1_SEQUENCE) || + !CBB_add_asn1(&child, &child2, kBufferViewOffsetFromDataPtr) || + !CBB_add_asn1_int64(&child2, offset) || + !CBB_add_asn1_uint64(&child, view.size())) { + return false; + } + + return CBB_flush(&cbb) == 1; +} + +static bool deserialize_buffer_view_from_buf_ptr_offset(CBS &cbs, + SSLBuffer *buffer, + Span &view) { + if (!buffer) { + abort(); + } + uint64_t offset = 0, size = 0; + if (!CBS_get_asn1_uint64(&cbs, &offset) || + !CBS_get_asn1_uint64(&cbs, &size)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return 0; + } + uint8_t *view_ptr = buffer->buf_ptr() + offset; + if (view_ptr < buffer->buf_ptr() || // does the start of the view fall before + // the buffer + view_ptr > (buffer->buf_ptr() + + buffer->buf_size()) || // does the the start of the view fall + // after the end of the buffer + (view_ptr + size) < + buffer->buf_ptr() || // does the end of the view fall + // before the start of the buffer + (view_ptr + size) > (buffer->buf_ptr() + + buffer->buf_size()) // does the end of the view fall + // after the end of the buffer + + ) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + view = MakeSpan(view_ptr, size); + return true; +} + +static int fits_in_ptrdiff_int64(int64_t x) { +#if PTRDIFF_MAX > INT64_MAX || PTRDIFF_MAX == INT64_MAX + // ptrdiff_t is equal to or wider than int64_t — all int64_t fit + (void)x; + return 1; +#else + // ptrdiff_t is narrower than int64_t — cast to int64_t for safe compare + return x >= (int64_t)PTRDIFF_MIN && x <= (int64_t)PTRDIFF_MAX; +#endif +} + +static bool deserialize_buffer_view_from_data_offset(CBS &cbs, + SSLBuffer *buffer, + Span &view) { + if (!buffer) { + abort(); + } + CBS child; + int64_t offset = 0; + uint64_t size = 0; + if (!CBS_get_asn1(&cbs, &child, kBufferViewOffsetFromDataPtr) || + !CBS_get_asn1_int64(&child, &offset) || + !CBS_get_asn1_uint64(&cbs, &size)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return 0; + } + if (!fits_in_ptrdiff_int64(offset)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return 0; + } + uint8_t *view_ptr = buffer->data() + (ptrdiff_t)offset; + if (view_ptr < + buffer->buf_ptr() || // does the view start fall before the buffer + view_ptr > + (buffer->buf_ptr() + + buffer->buf_size()) || // does the view start fall after the buffer + (view_ptr + size) < buffer->buf_ptr() || // does the end of the view fall + // before the buffer start + (view_ptr + size) > (buffer->buf_ptr() + + buffer->buf_size() // does the end of the view fall + // after the end of the buffer + )) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return 0; + } + view = MakeSpan(view_ptr, size); + + return true; +} + + +bool SSLBuffer::DeserializeBufferView(CBS &cbs, Span &view) { + CBS app_seq; + + if (!CBS_get_asn1(&cbs, &app_seq, CBS_ASN1_SEQUENCE)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + + if (CBS_peek_asn1_tag(&app_seq, CBS_ASN1_INTEGER)) { + return deserialize_buffer_view_from_buf_ptr_offset(app_seq, this, view); + } else if (CBS_peek_asn1_tag(&app_seq, kBufferViewOffsetFromDataPtr)) { + return deserialize_buffer_view_from_data_offset(app_seq, this, view); + } else { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL_BUFFER); + return false; + } + return true; } @@ -241,8 +584,8 @@ static int tls_read_buffer_extend_to(SSL *ssl, size_t len) { // of data. If not enable_read_ahead, only read as much to get to len bytes, // at this point we know len is less than the overall size of the buffer. assert(buf->cap() >= buf->size()); - size_t read_amount = ssl->enable_read_ahead ? buf->cap() - buf->size() : - len - buf->size(); + size_t read_amount = + ssl->enable_read_ahead ? buf->cap() - buf->size() : len - buf->size(); assert(read_amount <= buf->cap() - buf->size()); int ret = BIO_read(ssl->rbio.get(), buf->data() + buf->size(), static_cast(read_amount)); @@ -261,9 +604,9 @@ int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { ssl->s3->read_buffer.DiscardConsumed(); size_t buffer_size = len; if (SSL_is_dtls(ssl)) { - static_assert( - DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= SSLBUFFER_MAX_CAPACITY, - "DTLS read buffer is too large"); + static_assert(DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH <= + SSLBUFFER_MAX_CAPACITY, + "DTLS read buffer is too large"); // The |len| parameter is ignored in DTLS. len = DTLS1_RT_HEADER_LENGTH + SSL3_RT_MAX_ENCRYPTED_LENGTH; @@ -276,7 +619,8 @@ int ssl_read_buffer_extend_to(SSL *ssl, size_t len) { } } - if (!ssl->s3->read_buffer.EnsureCap(ssl_record_prefix_len(ssl), buffer_size)) { + if (!ssl->s3->read_buffer.EnsureCap(ssl_record_prefix_len(ssl), + buffer_size)) { return -1; } diff --git a/ssl/ssl_lib.cc b/ssl/ssl_lib.cc index 092dbef31e8..0d140b3d9c8 100644 --- a/ssl/ssl_lib.cc +++ b/ssl/ssl_lib.cc @@ -167,6 +167,14 @@ BSSL_NAMESPACE_BEGIN +#define GUARD_SUSPENDED_STATE(ptr,code) \ + do { \ + if (ptr->is_suspended_state) { \ + OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); \ + return code; \ + } \ + } while (0) + // |SSL_R_UNKNOWN_PROTOCOL| is no longer emitted, but continue to define it // to avoid downstream churn. OPENSSL_DECLARE_ERROR_REASON(SSL, UNKNOWN_PROTOCOL) @@ -633,7 +641,8 @@ ssl_st::ssl_st(SSL_CTX *ctx_arg) server(false), quiet_shutdown(ctx->quiet_shutdown), enable_early_data(ctx->enable_early_data), - enable_read_ahead(ctx->enable_read_ahead) { + enable_read_ahead(ctx->enable_read_ahead), + is_suspended_state(false) { CRYPTO_new_ex_data(&ex_data); } @@ -862,6 +871,8 @@ int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level, } int SSL_do_handshake(SSL *ssl) { + GUARD_SUSPENDED_STATE(ssl, -1); + ssl_reset_error_state(ssl); if (ssl->do_handshake == NULL) { @@ -894,6 +905,8 @@ int SSL_do_handshake(SSL *ssl) { } int SSL_connect(SSL *ssl) { + GUARD_SUSPENDED_STATE(ssl, -1); + if (ssl->do_handshake == NULL) { // Not properly initialized yet SSL_set_connect_state(ssl); @@ -903,6 +916,8 @@ int SSL_connect(SSL *ssl) { } int SSL_accept(SSL *ssl) { + GUARD_SUSPENDED_STATE(ssl, -1); + if (ssl->do_handshake == NULL) { // Not properly initialized yet SSL_set_accept_state(ssl); @@ -1044,6 +1059,8 @@ static int ssl_read_impl(SSL *ssl) { } int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read_bytes) { + GUARD_SUSPENDED_STATE(ssl, 0); + if (num == 0 && read_bytes != nullptr) { *read_bytes = 0; return 1; @@ -1059,6 +1076,8 @@ int SSL_read_ex(SSL *ssl, void *buf, size_t num, size_t *read_bytes) { } int SSL_read(SSL *ssl, void *buf, int num) { + GUARD_SUSPENDED_STATE(ssl, -1); + int ret = SSL_peek(ssl, buf, num); if (ret <= 0) { return ret; @@ -1074,6 +1093,8 @@ int SSL_read(SSL *ssl, void *buf, int num) { } int SSL_peek(SSL *ssl, void *buf, int num) { + GUARD_SUSPENDED_STATE(ssl, -1); + if (ssl->quic_method != nullptr) { OPENSSL_PUT_ERROR(SSL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); return -1; @@ -1093,6 +1114,7 @@ int SSL_peek(SSL *ssl, void *buf, int num) { } int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read_bytes) { + GUARD_SUSPENDED_STATE(ssl, 0); int ret = SSL_peek(ssl, buf, (int)num); if (ret <= 0) { return 0; @@ -1102,6 +1124,8 @@ int SSL_peek_ex(SSL *ssl, void *buf, size_t num, size_t *read_bytes) { } int SSL_write(SSL *ssl, const void *buf, int num) { + GUARD_SUSPENDED_STATE(ssl, -1); + ssl_reset_error_state(ssl); if (ssl->quic_method != nullptr) { @@ -1143,6 +1167,7 @@ int SSL_write(SSL *ssl, const void *buf, int num) { } int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *written) { + GUARD_SUSPENDED_STATE(ssl, 0); if (num == 0 && written != nullptr) { *written = 0; return 1; @@ -1158,6 +1183,8 @@ int SSL_write_ex(SSL *ssl, const void *buf, size_t num, size_t *written) { } int SSL_key_update(SSL *ssl, int request_type) { + GUARD_SUSPENDED_STATE(ssl, 0); + ssl_reset_error_state(ssl); if (ssl->do_handshake == NULL) { @@ -1189,6 +1216,8 @@ int SSL_key_update(SSL *ssl, int request_type) { } int SSL_shutdown(SSL *ssl) { + GUARD_SUSPENDED_STATE(ssl, -1); + ssl_reset_error_state(ssl); if (ssl->do_handshake == NULL) { diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index 50b93131383..968f443b8f6 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -1496,7 +1496,7 @@ static void EncodeAndDecodeSSL(SSL *in, SSL_CTX *ctx, out->reset(server2_); } -static void TransferBIOs(bssl::UniquePtr *from, SSL *to) { +static void TransferBIOs(bssl::UniquePtr *from, SSL *to, bool free_from) { // Fetch the bio. BIO *rbio = SSL_get_rbio(from->get()); ASSERT_TRUE(rbio) << "rbio is not set" @@ -1516,7 +1516,9 @@ static void TransferBIOs(bssl::UniquePtr *from, SSL *to) { // TODO: test half read and write hold by SSL. // TODO: add a test to check error code? // e.g. ASSERT_EQ(SSL_get_error(server1_, 0), SSL_ERROR_ZERO_RETURN); - SSL_free(from->release()); + if(free_from) { + SSL_free(from->release()); + } } // TransferSSL performs SSL transfer by @@ -1526,14 +1528,14 @@ static void TransferBIOs(bssl::UniquePtr *from, SSL *to) { // 4. If |out| is not nullptr, |out| will hold the decoded SSL. // Else, |in| will get reset to hold the decoded SSL. static void TransferSSL(bssl::UniquePtr *in, SSL_CTX *in_ctx, - bssl::UniquePtr *out) { + bssl::UniquePtr *out, bool free_from=true) { bssl::UniquePtr decoded_ssl; EncodeAndDecodeSSL(in->get(), in_ctx, &decoded_ssl); if (!decoded_ssl) { return; } // Transfer the bio. - TransferBIOs(in, decoded_ssl.get()); + TransferBIOs(in, decoded_ssl.get(), free_from); if (out == nullptr) { in->reset(decoded_ssl.release()); } else { @@ -4164,12 +4166,16 @@ class SSLVersionTest : public ::testing::TestWithParam<::std::tuple key_; }; -INSTANTIATE_TEST_SUITE_P(WithVersion, SSLVersionTest, - testing::Combine(::testing::ValuesIn(kAllVersions), testing::Values(0, 128, 512, 8192, 65535)), - [](const testing::TestParamInfo<::std::tuple>& test_info) { - std::string test_name = std::string(std::get<0>(test_info.param).name) + "_BufferSize_"; - return test_name + std::to_string(std::get<1>(test_info.param)); - }); +INSTANTIATE_TEST_SUITE_P( + WithVersion, SSLVersionTest, + testing::Combine(::testing::ValuesIn(kAllVersions), + testing::Values(0, 128, 512, 8192, 65535, 131072)), + [](const testing::TestParamInfo<::std::tuple> + &test_info) { + std::string test_name = + std::string(std::get<0>(test_info.param).name) + "_BufferSize_"; + return test_name + std::to_string(std::get<1>(test_info.param)); + }); TEST_P(SSLVersionTest, SequenceNumber) { CheckCounterInit(); @@ -6777,16 +6783,75 @@ TEST_P(MultiTransferReadWriteTest, SuiteTransfers) { ASSERT_TRUE(CompleteHandshakes(client.get(), server.get())); bssl::UniquePtr transfer_server; - TransferSSL(&server, server_ctx.get(), &transfer_server); + TransferSSL(&server, server_ctx.get(), &transfer_server, false); + + // All Read/Write connection operations should fail now for a transferred server + ASSERT_EQ(-1, SSL_connect(server.get())); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(-1, SSL_accept(server.get())); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(-1, SSL_shutdown(server.get())); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(-1, SSL_do_handshake(server.get())); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(-1, SSL_peek(server.get(), nullptr, 0)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(0, SSL_peek_ex(server.get(), nullptr, 0, nullptr)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(-1, SSL_read(server.get(), nullptr, 0)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(0, SSL_read_ex(server.get(), nullptr, 0, nullptr)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(-1, SSL_write(server.get(), nullptr, 0)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(0, SSL_write_ex(server.get(), nullptr, 0, nullptr)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + + ASSERT_EQ(0, SSL_key_update(server.get(), SSL_KEY_UPDATE_REQUESTED)); + ASSERT_EQ(ERR_GET_REASON(ERR_get_error()), ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); + ERR_clear_error(); + server = std::move(transfer_server); char buf[3]; size_t buf_cap = sizeof(buf); - for (size_t t = 0; t < 5; t++) { - for (size_t i = 0; i < 20; i++) { + size_t server_transfers = 5; + size_t read_write_per_instance = 20; + + for (size_t t = 0; t < server_transfers; t++) { + for (size_t i = 0; i < read_write_per_instance; i++) { std::string send_str = std::to_string(i); + if(t > 0 && i == 0) { + // Actually read the previously peeked data from the last transfer + std::string peeked_str = std::to_string(read_write_per_instance-1); + int read = SSL_read(server.get(), buf, buf_cap); + ASSERT_TRUE(read); + ASSERT_TRUE((size_t)read == peeked_str.length()); + std::string read_str(buf, read); + ASSERT_EQ(peeked_str, read_str); + } + // Assert server open ASSERT_TRUE(SSL_write(client.get(), send_str.c_str(), send_str.length())); int read = SSL_read(server.get(), buf, buf_cap); @@ -6802,6 +6867,20 @@ TEST_P(MultiTransferReadWriteTest, SuiteTransfers) { ASSERT_TRUE((size_t)read == send_str.length()); read_str = std::string(buf, read); ASSERT_EQ(send_str, read_str); + + if(i == read_write_per_instance - 1) { + // Peek some client data before serialization + ASSERT_TRUE(SSL_write(client.get(), send_str.c_str(), send_str.length())); + read = SSL_peek(server.get(), buf, buf_cap); + ASSERT_TRUE(read); + ASSERT_TRUE((size_t)read == send_str.length()); + read_str = std::string(buf, read); + ASSERT_EQ(send_str, read_str); + } + } + if(version == TLS1_3_VERSION) { + // Queue a Key Update to validate pending handshake flight messages are serialized + SSL_key_update(server.get(), SSL_KEY_UPDATE_REQUESTED); } TransferSSL(&server, server_ctx.get(), &transfer_server); server = std::move(transfer_server); @@ -7895,14 +7974,14 @@ static const EncodeDecodeKATTestParam kEncodeDecodeKATs[] = { "a80400043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f67868232" "4fd8098dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b10301" "01ffb20302011da206040474657374a7030101ff020108020100a0030101ff", - "308201173082011302010102020303020240003081fa0201020408000000000000000104" - "0800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb44" - "4f574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274d9" - "42e99e42a604020000020100020103040cb9b409f5129440622f87f84402010c040c1f49" - "e2e989c66a263e9c227502010c020100020100020100a05b3059020101020203030402cc" - "a80400043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f67868232" - "4fd8098dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b10301" - "01ffb20302011da206040474657374a7030101ff020108020100a0030101ff"}, + "308201173082011302010102020303020240003081fa02010304080000000000000001040" + "800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb444f" + "574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274d942e" + "99e42a604020000020100020103040cb9b409f5129440622f87f84402010c040c1f49e2e9" + "89c66a263e9c227502010c020100020100020100a05b3059020101020203030402cca8040" + "0043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f678682324fd809" + "8dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b1030101ffb20" + "302011da206040474657374a7030101ff020108020100a0030101ff"}, // In runner.go, the test case "Basic-Server-TLS-Sync-SSL_Transfer" is used // to generate below bytes by adding print statement on the output of // |SSL_to_bytes| in bssl_shim.cc. @@ -7914,7 +7993,14 @@ static const EncodeDecodeKATTestParam kEncodeDecodeKATs[] = { "a80400043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f67868232" "4fd8098dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b10301" "01ffb20302011da206040474657374a7030101ff020108020100a0030101ff", - nullptr}, + "308201173082011302010102020303020240003081fa02010304080000000000000001040" + "800000000000000010420000004d29e62f41ded4bb33d0faa6ffada380e2c489dfbfb444f" + "574e475244010420cf3926d1ec5a562a642935a8050222b0aed93ffd9d1cac682274d942e" + "99e42a604020000020100020103040cb9b409f5129440622f87f84402010c040c1f49e2e9" + "89c66a263e9c227502010c020100020100020100a05b3059020101020203030402cca8040" + "0043085668dcf9f0921094ebd7f91bf2a8c60d276e4c279fd85a989402f678682324fd809" + "8dc19d900b856d0a77e048e3ced2a104020204d2a20402021c20a4020400b1030101ffb20" + "302011da206040474657374a7030101ff020108020100a0030101ff"}, // In runner.go, the test case // "TLS-TLS13-AES_128_GCM_SHA256-server-SSL_Transfer" is used to generate // below bytes by adding print statement on the output of |SSL_to_bytes| in @@ -7944,6 +8030,54 @@ static const EncodeDecodeKATTestParam kEncodeDecodeKATs[] = { "41be58ecbd60d18128dfa28f4b1a00042a2a0000ba2330210201010204030013013016020" "101020117040e300c0201010201000201000101ffbb233021020101020403001301301602" "0101020117040e300c0201010201000201000101ff020108020100a0030101ff", + "3082034530820341020101020203040202400030820327020103040800000000000000000" + "408000000000000000004206beca5c14aff6b92757545948b883c6c175327814bedcf38a6" + "b2e4c43bc02d180420a32aee5b7705a19e4bb2b47f4918199c76cee7245f1311bc4ba3888" + "3d33f236a0402000002010002010104000201000400020100020100020100020100a04e30" + "4c0201010202030404021301040004200b66320d38c8fa1b0dfe9e37fcf2bf0bafb43077f" + "a31ed2f1220dd245cef4c4da104020204d2a205020302a300a4020400b20302011db90502" + "03093a80a206040474657374ab03020100ac03010100ad03010100ae03010100af0302010" + "0b022042034c0893be938badee7029ca3cfea4c821dde48e03f0d07641cba33b247bc161c" + "b103020120b222042094b319ed2f41ee11aa73e141a238e5724c04f2aa8298c16b43c910c" + "40cc98d15b303020120b422042015a178ce69c0110ad36da8d58ca8428d9615ff07fc6a4e" + "1bbab026c1bb0c0218b503020120b88201700482016c040000b20002a3005635545201000" + "0a027abfd1f1aa28cee6e8e2396112e8285f150768898158dbce97a1aef0a63fa6dda1002" + "a4d75942a3739c11e4b25827f529ab59d22e34e0cf0b59b9336eb60edbb1f686c072ab33c" + "30e784f876da5b4c7fddd67f4a2ffa995f8c9ccf2128200ae9668d626866b1b7c6bb11186" + "7a87ed2a96122736595374f8fe5343e6ca492b278b67b1571423f2c1bcb673922e9044e90" + "949975ff72ab4a0eb659d8de664cac600042a2a0000040000b20002a3009e8c6738010100" + "a027abfd1f1aa28cee6e8e2396112e82851f15c84668b2f1d717681d1a3c6d2ea52d3401d" + "3110a04498246480b96a7e5b3c39ea6cef3a2a86b81896f1621950472d858d18796c97e83" + "204daf94c1f30dfe763cd282fbee718a679dca8bff3cc8e11724062232e573bcf0252dc4d" + "390baa2b7f49a164b46d2d685e9fe826465cc135130f3e2e47838658af57173f864070fdc" + "e241be58ecbd60d18128dfa28f4b1a00042a2a0000ba23302102010102040300130130160" + "20101020117040e300c0201010201000201000101ffbb2330210201010204030013013016" + "020101020117040e300c0201010201000201000101ffbc030201ff020108020100a003010" + "1ff"}, + {"3082034530820341020101020203040202400030820327020103040800000000000000000" + "408000000000000000004201ec09b310b21fe025483234c92310afe79d005ba2148ddb65b" + "8e1d33f508b18e04208c80f5aae40b6cfe25d4663d3fae6a5f65a69bd5212d73a51eaf603" + "932b6c95b0402000002010002010104000201000400020100020100020100020100a04e30" + "4c0201010202030404021301040004203f681997b297ab22ce1dfbe6c0f24417957ee6f3f" + "275600d9dc528784fc55978a104020204d2a205020302a300a4020400b20302011db90502" + "03093a80a206040474657374ab03020100ac03010100ad03010100ae03010100af0302010" + "0b02204208596c151ee601e9fb6df4ea1d7bcbd3c04b92cf79f27fd43218f81d7901419be" + "b103020120b2220420bbb03421d68749511fe0ce078acf1abf83138aed184ba2393ef1587" + "6a36abd79b303020120b4220420c3141ec98fa15af35bde589f89b0a3e79a35507a203153" + "7688a8907ef3797473b503020120b88201700482016c040000b20002a3007cd2c7b701000" + "0a0e51a68fb096fd5fa797af5a256ecb0f6c6428eb497d03c1cc4bf739cc79690ac291bd4" + "3c132779f79935b7a87b4a3938fe96ed900a93657e7c9d1081fca0a3a28085cda61b03ec4" + "f7e65ec441decd4cf2f7635194534d613fc2b75ea3d6e0ea037c4b07fb3a5d652bcf61765" + "20d1f26b340fe3c93e0d5ad8520dba11acae0f7ef787b9b920c001422e29e4c7fd31e451d" + "08d72e2af58138582ad99cd792b0a4500046a6a0000040000b20002a300f19f835a010100" + "a0e51a68fb096fd5fa797af5a256ecb0f6731d508ada4a528e95791f0bf32a62cbdd62f0c" + "4f84f3ba8ac793807dbff8ef105b00b36579fcfe07eea241f842ddc5143f0039f8b086649" + "b2de317cbb4b86b4d16396ca6af829b3ad5456749be4fa4bcab61621387c8a453dd75269c" + "bf986be094f8e0da56851509f2bdf0548a836f8981961dccd78001a155c090d9b565f5f8a" + "d21de62c344b798b08e5a649a0c42700046a6a0000ba23302102010102040300130130160" + "20101020117040e300c0201010201000201000101ffbb2330210201010204030013013016" + "020101020117040e300c0201010201000201000101ffbc030201ff020108020100a003010" + "1ff", nullptr}}; class EncodeDecodeKATTest @@ -12989,5 +13123,353 @@ TEST(SSLTest, IncompatibleTLSVersionState) { SSL_R_SERIALIZATION_INVALID_SERDE_VERSION); } +struct InvalidTransferEncodingTestParam { + const char *input; +}; + +static const InvalidTransferEncodingTestParam kInvalidTransferEncodings[] = { + // The serialized read_buffer OCTET STRING has 8 extra bytes then it should + {"3082026e3082026a020101020203040202400030820250020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201ed020102a93630340201020101ff02011802010502011802010004201703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7e0001020304050607ab03020100ac0301" + "0100ad03010100ae03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b" + "1f3d2c95839fd9b380b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b4" + "3f7857797569b0459c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e" + "4d4d31da55f01129be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b1703" + "030016835338b2dcab482315b8d92421d601c602b50f2041bbba233021020101020403001" + "3013016020101020117040e300c0201010201000201000101ffbb23302102010102040300" + "13013016020101020117040e300c0201010201000201000101ffbc0302010102010802010" + "0a203020100"}, + // The serialized read_buffer OCTET STRING is larger then inline_buf_ + {"308202493082024502010102020304020240003082022b020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a91d30" + "1b020102010100020105020105020100020100040700010203040506ab03020100ac03010" + "100ad03010100ae03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1" + "f3d2c95839fd9b380b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43" + "f7857797569b0459c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4" + "d4d31da55f01129be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b17030" + "30016835338b2dcab482315b8d92421d601c602b50f2041bbba2330210201010204030013" + "013016020101020117040e300c0201010201000201000101ffbb233021020101020403001" + "3013016020101020117040e300c0201010201000201000101ffbc03020101020108020100" + "a203020100"}, + // pending_app_data offset is smaller then what is representable as int64 + {"3082027530820271020101020203040202400030820257020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a81930" + "17a0120210ffffffffffffffff7fffffffffffffff020102a92e302c0201020101ff02011" + "802010502011802010004181703030013313917e5402dfef87b011cdaedf9fb56e0ce7eab" + "03020100ac03010100ad03010100ae03010100af03020100b0220420ee4651b968739c5f6" + "e10f16b49f8e4b1f3d2c95839fd9b380b90a2f327e8d8a1b103020120b22204202d2027d1" + "5f143f516939b43f7857797569b0459c0b3f9e02c9d798e891d5a5a6b303020120b422042" + "07d6420075c44e4d4d31da55f01129be4208c0f4a8bca3da25615289c1eba7674b5030201" + "20b91d041b1703030016835338b2dcab482315b8d92421d601c602b50f2041bbba2330210" + "201010204030013013016020101020117040e300c0201010201000201000101ffbb233021" + "0201010204030013013016020101020117040e300c0201010201000201000101ffbc03020" + "101020108020100a203020100"}, + // pending_app_data offset is larger then what is representable as int64 + {"3082027530820271020101020203040202400030820257020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a81930" + "17a012021000000000000000008000000000000000020102a92e302c0201020101ff02011" + "802010502011802010004181703030013313917e5402dfef87b011cdaedf9fb56e0ce7eab" + "03020100ac03010100ad03010100ae03010100af03020100b0220420ee4651b968739c5f6" + "e10f16b49f8e4b1f3d2c95839fd9b380b90a2f327e8d8a1b103020120b22204202d2027d1" + "5f143f516939b43f7857797569b0459c0b3f9e02c9d798e891d5a5a6b303020120b422042" + "07d6420075c44e4d4d31da55f01129be4208c0f4a8bca3da25615289c1eba7674b5030201" + "20b91d041b1703030016835338b2dcab482315b8d92421d601c602b50f2041bbba2330210" + "201010204030013013016020101020117040e300c0201010201000201000101ffbb233021" + "0201010204030013013016020101020117040e300c0201010201000201000101ffbc03020" + "101020108020100a203020100"}, + // pending_app_data offset falls outside of read_buffer + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a003020108020100a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // pending_app_data offset+size falls outside of read_buffer + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a003020107020101a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // pending_app_data offset falls before read_buffer start + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201e0020100a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // CBS_len(&previous_client_finished) != previous_client_finished_len + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201050420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201ed020102a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // previous_client_finished_len > PREV_FINISHED_MAX_SIZE + {"3082028730820283020101020203040202400030820269020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010441da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d42120521da505fe678128954a65c747dee14514f160b3b3c670e10469" + "c94e67d42120521ff0201410420b4a380d705da4a9138c941f97a95ff5029e0a91041d019" + "c7f311126faf72e728020120020100020100020100a050304e02010102020304040213010" + "4000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30df354a1" + "06020468a38654a205020302a300a4020400b20302011db9050203093a80a80a3008a0030" + "201ed020102a92e302c0201020101ff020118020105020118020100041817030300133139" + "17e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae0301010" + "0af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b380b90a2" + "f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b0459c0b3f9" + "e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129be4208c" + "0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dcab48231" + "5b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020117040e" + "300c0201010201000201000101ffbb2330210201010204030013013016020101020117040" + "e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // CBS_len(&previous_server_finished) != previous_server_finished_len) + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020140020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201ed020102a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // previous_server_finished_len > PREV_FINISHED_MAX_SIZE + {"3082028730820283020101020203040202400030820269020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200441b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728b4a380d705da4a9138c941f97a95ff5029e0a91041d019c7" + "f311126faf72e728ff020141020100020100020100a050304e02010102020304040213010" + "4000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30df354a1" + "06020468a38654a205020302a300a4020400b20302011db9050203093a80a80a3008a0030" + "201ed020102a92e302c0201020101ff020118020105020118020100041817030300133139" + "17e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae0301010" + "0af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b380b90a2" + "f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b0459c0b3f9" + "e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129be4208c" + "0f4a8bca3da25615289c1eba7674b503020120b91d041b1703030016835338b2dcab48231" + "5b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020117040e" + "300c0201010201000201000101ffbb2330210201010204030013013016020101020117040" + "e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // exporter_secret_len > UINT8_MAX + {"3082026730820263020101020203040202400030820249020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201ed020102a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b50402020100b91d041b1703030016835338b2" + "dcab482315b8d92421d601c602b50f2041bbba23302102010102040300130130160201010" + "20117040e300c0201010201000201000101ffbb2330210201010204030013013016020101" + "020117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // exporter_secret_len > SSL_MAX_MD_SIZE + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201ed020102a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020131b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, + // CBS_len(&exporter_secret) != exporter_secret_len) + {"3082026630820262020101020203040202400030820248020103040800000000000000140" + "40800000000000000000420b01de2070af16e7412a6fa4fd947248c2df0f1ebbaf3adc9a4" + "b97f3b0be6ae360420a606b526d185e18a6eb1a2d88943d3ac4d2d14db0807af71d39f4f8" + "77d3ec125040200000201000201010420da505fe678128954a65c747dee14514f160b3b3c" + "670e10469c94e67d421205210201200420b4a380d705da4a9138c941f97a95ff5029e0a91" + "041d019c7f311126faf72e728020120020100020100020100a050304e0201010202030404" + "02130104000420ae1689a5645a728a77eb1869e3b2d7d67b79c12229e7027b2847215ca30" + "df354a106020468a38654a205020302a300a4020400b20302011db9050203093a80a80a30" + "08a0030201ed020102a92e302c0201020101ff02011802010502011802010004181703030" + "013313917e5402dfef87b011cdaedf9fb56e0ce7eab03020100ac03010100ad03010100ae" + "03010100af03020100b0220420ee4651b968739c5f6e10f16b49f8e4b1f3d2c95839fd9b3" + "80b90a2f327e8d8a1b103020120b22204202d2027d15f143f516939b43f7857797569b045" + "9c0b3f9e02c9d798e891d5a5a6b303020120b42204207d6420075c44e4d4d31da55f01129" + "be4208c0f4a8bca3da25615289c1eba7674b503020130b91d041b1703030016835338b2dc" + "ab482315b8d92421d601c602b50f2041bbba2330210201010204030013013016020101020" + "117040e300c0201010201000201000101ffbb233021020101020403001301301602010102" + "0117040e300c0201010201000201000101ffbc03020101020108020100a203020100"}, +}; + +class InvalidTransferEncoding + : public testing::TestWithParam {}; + +INSTANTIATE_TEST_SUITE_P(InvalidTransferEncodings, InvalidTransferEncoding, + testing::ValuesIn(kInvalidTransferEncodings)); + +TEST_P(InvalidTransferEncoding, FailsDeserialization) { + std::string input(GetParam().input); + + std::vector input_bytes; + ASSERT_TRUE(DecodeHex(&input_bytes, input)); + + bssl::UniquePtr server_ctx(SSL_CTX_new(TLS_method())); + bssl::UniquePtr ssl( + SSL_from_bytes(input_bytes.data(), input_bytes.size(), server_ctx.get())); + ASSERT_FALSE(ssl); +} + +// Test the specific scenario that was failing: buffer +// serialization/deserialization with sizes larger than uint16_t max (65535) +TEST(SSLBufferSizeFailureTest, SerDeLargeBuffer) { + // Create a buffer with capacity larger than the old uint16_t limit of 65535 + SSLBuffer buffer; + const size_t large_capacity = 70000; + + // Test that we can allocate a buffer larger than 65535 bytes + EXPECT_TRUE(buffer.EnsureCap(0, large_capacity)); + + // Fill the buffer with test data + std::vector test_data(large_capacity); + for (size_t i = 0; i < large_capacity; i++) { + test_data[i] = static_cast(i % 256); + } + + // Write data to the buffer using the correct API + OPENSSL_memcpy(buffer.data(), test_data.data(), test_data.size()); + buffer.DidWrite(test_data.size()); + EXPECT_EQ(buffer.size(), large_capacity); + + // Test serialization (this would have failed before the fix due to uint16_t + // overflow) + bssl::ScopedCBB cbb; + EXPECT_TRUE(CBB_init(cbb.get(), 0)); + EXPECT_TRUE(buffer.DoSerialization(*cbb.get())); + + uint8_t *serialized_data = nullptr; + size_t serialized_len = 0; + EXPECT_TRUE(CBB_finish(cbb.get(), &serialized_data, &serialized_len)); + bssl::UniquePtr serialized_ptr(serialized_data); + EXPECT_GT(serialized_len, 0u); + + // Test deserialization (this would have failed before the fix) + SSLBuffer deserialized_buffer; + CBS cbs; + CBS_init(&cbs, serialized_data, serialized_len); + EXPECT_TRUE(deserialized_buffer.DoDeserialization(cbs)); + + // Verify the deserialized buffer has the correct size and capacity + EXPECT_EQ(deserialized_buffer.size(), large_capacity); + EXPECT_GE(deserialized_buffer.cap(), large_capacity); + + // Verify the data integrity + EXPECT_EQ(0, OPENSSL_memcmp(deserialized_buffer.data(), test_data.data(), + large_capacity)); +} + +// Test that specifically targets the internal buffer allocation logic +TEST(SSLVersionTest, InternalBufferAllocationLimits) { + // This test directly exercises the SSLBuffer class to ensure it properly + // handles large buffer size requests + SSLBuffer buffer; + + // Test various sizes around the boundary + EXPECT_TRUE(buffer.EnsureCap(5, 65535)); // Old limit + buffer.Clear(); + + EXPECT_TRUE(buffer.EnsureCap(5, 65536)); // Just above old limit + buffer.Clear(); + + // These should fail - beyond the maximum capacity + EXPECT_FALSE(buffer.EnsureCap(5, UINT32_MAX)); + EXPECT_FALSE(buffer.EnsureCap(5, SIZE_MAX)); +} + } // namespace BSSL_NAMESPACE_END diff --git a/ssl/ssl_transfer_asn1.cc b/ssl/ssl_transfer_asn1.cc index f2baa2dd2b6..9204983d09d 100644 --- a/ssl/ssl_transfer_asn1.cc +++ b/ssl/ssl_transfer_asn1.cc @@ -36,7 +36,8 @@ bool ssl_transfer_supported(const SSL *in) { in->s3->pending_write.size() > 0 || in->s3->pending_flight_offset > 0 || // (7) in->s3->read_shutdown != ssl_shutdown_none || // (8) - in->s3->write_shutdown != ssl_shutdown_none) { + in->s3->write_shutdown != ssl_shutdown_none || + in->is_suspended_state) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_UNSUPPORTED); return false; } @@ -115,7 +116,8 @@ static bool SSL3_STATE_get_optional_octet_string(CBS *cbs, void *dst, enum SSL3_STATE_SERDE_VERSION { SSL3_STATE_SERDE_VERSION_ONE = 1, - SSL3_STATE_SERDE_VERSION_TWO = 2 + SSL3_STATE_SERDE_VERSION_TWO = 2, + SSL3_STATE_SERDE_VERSION_THREE = 3 }; static const unsigned kS3EstablishedSessionTag = @@ -174,6 +176,36 @@ static const unsigned kS3AeadReadCtxTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 26; static const unsigned kS3AeadWriteCtxTag = CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 27; +static const unsigned kS3KeyUpdatePending = + CBS_ASN1_CONSTRUCTED | CBS_ASN1_CONTEXT_SPECIFIC | 28; + +static int serialize_buf_mem(bssl::UniquePtr &buf, CBS_ASN1_TAG tag, + CBB &cbb) { + CBB child; + if (!CBB_add_asn1(&cbb, &child, tag) || + !CBB_add_asn1_octet_string(&child, reinterpret_cast(buf->data), + buf->length) || + !CBB_flush(&cbb)) { + return 0; + } + return 1; +} + +static int deserialize_buf_mem(bssl::UniquePtr &buf, int &present, + CBS_ASN1_TAG tag, CBS &cbs) { + CBS child; + + if (!CBS_get_optional_asn1_octet_string(&cbs, &child, &present, tag)) { + return 0; + } + + buf.reset(BUF_MEM_new()); + if (!BUF_MEM_append(buf.get(), CBS_data(&child), CBS_len(&child))) { + return 0; + } + + return 1; +} // *** EXPERIMENTAL — DO NOT USE WITHOUT CHECKING *** // These SSL3_STATE serialization functions are developed to support SSL @@ -189,9 +221,9 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, return 0; } - CBB s3, child, child2; + CBB s3, child; if (!CBB_add_asn1(cbb, &s3, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1_uint64(&s3, SSL3_STATE_SERDE_VERSION_TWO) || + !CBB_add_asn1_uint64(&s3, SSL3_STATE_SERDE_VERSION_THREE) || !CBB_add_asn1_octet_string(&s3, in->read_sequence, TLS_SEQ_NUM_SIZE) || !CBB_add_asn1_octet_string(&s3, in->write_sequence, TLS_SEQ_NUM_SIZE) || !CBB_add_asn1_octet_string(&s3, in->server_random, SSL3_RANDOM_SIZE) || @@ -200,10 +232,10 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, !CBB_add_asn1_int64(&s3, in->rwstate) || !CBB_add_asn1_int64(&s3, in->early_data_reason) || !CBB_add_asn1_octet_string(&s3, in->previous_client_finished, - PREV_FINISHED_MAX_SIZE) || + in->previous_client_finished_len) || !CBB_add_asn1_uint64(&s3, in->previous_client_finished_len) || !CBB_add_asn1_octet_string(&s3, in->previous_server_finished, - PREV_FINISHED_MAX_SIZE) || + in->previous_server_finished_len) || !CBB_add_asn1_uint64(&s3, in->previous_server_finished_len) || !CBB_add_asn1_uint64(&s3, in->empty_record_count) || !CBB_add_asn1_uint64(&s3, in->warning_alert_count) || @@ -268,25 +300,15 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, } if (!in->pending_app_data.empty()) { - // This should never happen because pending_app_data is just a span and - // points to read_buffer. - if (!in->read_buffer.buf_ptr() || - in->read_buffer.buf_ptr() > in->pending_app_data.data()) { - OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); - return 0; - } - uint64_t offset = in->pending_app_data.data() - in->read_buffer.buf_ptr(); if (!CBB_add_asn1(&s3, &child, kS3PendingAppDataTag) || - !CBB_add_asn1(&child, &child2, CBS_ASN1_SEQUENCE) || - !CBB_add_asn1_uint64(&child2, offset) || - !CBB_add_asn1_uint64(&child2, in->pending_app_data.size())) { + !in->read_buffer.SerializeBufferView(child, in->pending_app_data)) { return 0; } } if (!in->pending_app_data.empty() || !in->read_buffer.empty()) { if (!CBB_add_asn1(&s3, &child, kS3ReadBufferTag) || - !in->read_buffer.DoSerialization(&child)) { + !in->read_buffer.DoSerialization(child)) { return 0; } } @@ -299,7 +321,7 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, } } - // Version 2 extensions starts below, all which are optional as they are + // Version 2 and higher extensions starts below, all which are optional as they are // TLS 1.3 specific. if (protocol_version >= TLS1_3_VERSION) { if (!CBB_add_asn1(&s3, &child, kS3EarlyDataSkippedTag) || @@ -334,7 +356,7 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, if (!CBB_add_asn1(&s3, &child, kS3WriteTrafficSecretTag) || !CBB_add_asn1_octet_string(&child, in->write_traffic_secret, - SSL_MAX_MD_SIZE)) { + in->write_traffic_secret_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -347,7 +369,7 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, if (!CBB_add_asn1(&s3, &child, kS3ReadTrafficSecretTag) || !CBB_add_asn1_octet_string(&child, in->read_traffic_secret, - SSL_MAX_MD_SIZE)) { + in->read_traffic_secret_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -360,7 +382,7 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, if (!CBB_add_asn1(&s3, &child, kS3ExporterSecretTag) || !CBB_add_asn1_octet_string(&child, in->exporter_secret, - SSL_MAX_MD_SIZE)) { + in->exporter_secret_len)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -389,11 +411,17 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, } } - if (in->pending_hs_data && in->pending_hs_data->length > 0) { - if (!CBB_add_asn1(&s3, &child, kS3PendingHsDataTag) || - !CBB_add_asn1_octet_string( - &child, reinterpret_cast(in->pending_hs_data->data), - in->pending_hs_data->length)) { + if (in->pending_hs_data && + (in->pending_hs_data->length > 0 || in->pending_hs_data->max > 0)) { + if (!serialize_buf_mem(in->pending_hs_data, kS3PendingHsDataTag, s3)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); + return 0; + } + } + + if (in->pending_flight && + (in->pending_flight->length > 0 || in->pending_flight->max > 0)) { + if (!serialize_buf_mem(in->pending_flight, kS3PendingFlightTag, s3)) { OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); return 0; } @@ -414,6 +442,12 @@ static int SSL3_STATE_to_bytes(SSL3_STATE *in, uint16_t protocol_version, return 0; } } + + if (!CBB_add_asn1(&s3, &child, kS3KeyUpdatePending) || + !CBB_add_asn1_int64(&child, in->key_update_pending)) { + OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); + return 0; + } } return CBB_flush(cbb); @@ -469,7 +503,7 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { int pending_app_data_present, read_buffer_present; if (!CBS_get_asn1(cbs, &s3, CBS_ASN1_SEQUENCE) || !CBS_get_asn1_uint64(&s3, &serde_version) || - serde_version > SSL3_STATE_SERDE_VERSION_TWO || + serde_version > SSL3_STATE_SERDE_VERSION_THREE || (is_tls13 && serde_version < SSL3_STATE_SERDE_VERSION_TWO) || !CBS_get_asn1(&s3, &read_seq, CBS_ASN1_OCTETSTRING) || CBS_len(&read_seq) != TLS_SEQ_NUM_SIZE || @@ -485,13 +519,19 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { !CBS_get_asn1_uint64(&s3, &early_data_reason) || early_data_reason > ssl_early_data_reason_max_value || !CBS_get_asn1(&s3, &previous_client_finished, CBS_ASN1_OCTETSTRING) || - CBS_len(&previous_client_finished) != PREV_FINISHED_MAX_SIZE || !CBS_get_asn1_uint64(&s3, &previous_client_finished_len) || previous_client_finished_len > PREV_FINISHED_MAX_SIZE || + (serde_version >= SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&previous_client_finished) != previous_client_finished_len) || + (serde_version < SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&previous_client_finished) > PREV_FINISHED_MAX_SIZE) || !CBS_get_asn1(&s3, &previous_server_finished, CBS_ASN1_OCTETSTRING) || - CBS_len(&previous_server_finished) != PREV_FINISHED_MAX_SIZE || !CBS_get_asn1_uint64(&s3, &previous_server_finished_len) || previous_server_finished_len > PREV_FINISHED_MAX_SIZE || + (serde_version >= SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&previous_server_finished) != previous_server_finished_len) || + (serde_version < SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&previous_server_finished) > PREV_FINISHED_MAX_SIZE) || !CBS_get_asn1_uint64(&s3, &empty_record_count) || !CBS_get_asn1_uint64(&s3, &warning_alert_count) || !CBS_get_asn1_uint64(&s3, &total_renegotiations) || @@ -521,11 +561,9 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { return 0; } - bool is_v2 = (serde_version == SSL3_STATE_SERDE_VERSION_TWO); - // We should have no more data at this point if we are deserializing v1 // encoding. - if (!is_v2 && CBS_len(&s3) > 0) { + if (serde_version < SSL3_STATE_SERDE_VERSION_TWO && CBS_len(&s3) > 0) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); return 0; } @@ -567,7 +605,7 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { int64_t ticket_age_skew; if (!CBS_get_optional_asn1_int64(&s3, &ticket_age_skew, kS3TicketAgeSkewTag, 0) || - ticket_age_skew > INT32_MAX) { + ticket_age_skew > INT32_MAX || ticket_age_skew < INT32_MIN) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); return 0; } @@ -636,19 +674,19 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { return 0; } - CBS pending_hs_data; + bssl::UniquePtr pending_hs_data; int pending_hs_data_present; - if (!CBS_get_optional_asn1_octet_string(&s3, &pending_hs_data, - &pending_hs_data_present, - kS3PendingHsDataTag)) { + + if (!deserialize_buf_mem(pending_hs_data, pending_hs_data_present, + kS3PendingHsDataTag, s3)) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); return 0; } - CBS pending_flight; + bssl::UniquePtr pending_flight; int pending_flight_present; - if (!CBS_get_optional_asn1_octet_string( - &s3, &pending_flight, &pending_flight_present, kS3PendingFlightTag)) { + if (!deserialize_buf_mem(pending_flight, pending_flight_present, + kS3PendingFlightTag, s3)) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); return 0; } @@ -669,17 +707,40 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { return 0; } + int64_t key_update_pending = SSL_KEY_UPDATE_NONE; + if (!CBS_get_optional_asn1_int64(&s3, &key_update_pending, + kS3KeyUpdatePending, SSL_KEY_UPDATE_NONE)) { + OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); + return 0; + } + if (is_tls13) { - if (!write_traffic_secret_present || - CBS_len(&write_traffic_secret) != SSL_MAX_MD_SIZE || - !write_traffic_secret_len || write_traffic_secret_len > UINT8_MAX || - !read_traffic_secret_present || - CBS_len(&read_traffic_secret) != SSL_MAX_MD_SIZE || - !read_traffic_secret_len || read_traffic_secret_len > UINT8_MAX || - !exporter_secret_present || - CBS_len(&exporter_secret) != SSL_MAX_MD_SIZE || !exporter_secret_len || - exporter_secret_len > UINT8_MAX || ech_status > ssl_ech_rejected || - !aead_read_ctx_present || !aead_write_ctx_present) { + if (!write_traffic_secret_present || !write_traffic_secret_len || + write_traffic_secret_len > UINT8_MAX || + write_traffic_secret_len > SSL_MAX_MD_SIZE || + (serde_version >= SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&write_traffic_secret) != write_traffic_secret_len) || + (serde_version < SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&write_traffic_secret) != SSL_MAX_MD_SIZE) || + !read_traffic_secret_present || !read_traffic_secret_len || + read_traffic_secret_len > UINT8_MAX || + read_traffic_secret_len > SSL_MAX_MD_SIZE || + (serde_version >= SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&read_traffic_secret) != read_traffic_secret_len) || + (serde_version < SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&read_traffic_secret) != SSL_MAX_MD_SIZE) || + !exporter_secret_present || !exporter_secret_len || + exporter_secret_len > UINT8_MAX || + exporter_secret_len > SSL_MAX_MD_SIZE || + (serde_version >= SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&exporter_secret) != exporter_secret_len) || + (serde_version < SSL3_STATE_SERDE_VERSION_THREE && + CBS_len(&exporter_secret) != SSL_MAX_MD_SIZE) || + ech_status > ssl_ech_rejected || !aead_read_ctx_present || + !aead_write_ctx_present || + !(key_update_pending == SSL_KEY_UPDATE_NONE || + key_update_pending == SSL_KEY_UPDATE_NOT_REQUESTED || + key_update_pending == SSL_KEY_UPDATE_REQUESTED)) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); return 0; } @@ -707,30 +768,16 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { } if (read_buffer_present && - !out->read_buffer.DoDeserialization(&read_buffer)) { + !out->read_buffer.DoDeserialization(read_buffer)) { return 0; } // If |pending_app_data_size| is not zero, it needs to point to |read_buffer|. if (pending_app_data_present) { - if (!read_buffer_present) { + if (!read_buffer_present || !out->read_buffer.DeserializeBufferView( + pending_app_data, out->pending_app_data)) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); return 0; } - CBS app_seq; - uint64_t pending_app_data_offset, pending_app_data_size; - if (!CBS_get_asn1(&pending_app_data, &app_seq, CBS_ASN1_SEQUENCE) || - !CBS_get_asn1_uint64(&app_seq, &pending_app_data_offset) || - !CBS_get_asn1_uint64(&app_seq, &pending_app_data_size)) { - OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); - return 0; - } - if (pending_app_data_size > out->read_buffer.buf_size()) { - OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL3_STATE); - return 0; - } - out->pending_app_data = - MakeSpan(out->read_buffer.buf_ptr() + pending_app_data_offset, - pending_app_data_size); } if (CBS_len(&s3)) { @@ -768,23 +815,16 @@ static int SSL3_STATE_from_bytes(SSL *ssl, CBS *cbs, const SSL_CTX *ctx) { // tls13_set_traffic_key from trying to flush their contents if they are not // empty !! - out->pending_hs_data.reset(BUF_MEM_new()); if (pending_hs_data_present) { - if (!BUF_MEM_append(out->pending_hs_data.get(), - CBS_data(&pending_hs_data), - CBS_len(&pending_hs_data))) { - OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; - } + out->pending_hs_data = std::move(pending_hs_data); + } else { + out->pending_hs_data.reset(BUF_MEM_new()); } - out->pending_flight.reset(BUF_MEM_new()); if (pending_flight_present) { - if (!BUF_MEM_append(out->pending_flight.get(), CBS_data(&pending_flight), - CBS_len(&pending_flight))) { - OPENSSL_PUT_ERROR(SSL, ERR_R_MALLOC_FAILURE); - return 0; - } + out->pending_flight = std::move(pending_flight); + } else { + out->pending_flight.reset(BUF_MEM_new()); } } else { // the impl of |SSL_serialize_handback|, which only fetch IV when it's @@ -1070,6 +1110,7 @@ static int SSL_parse(SSL *ssl, CBS *cbs, SSL_CTX *ctx) { OPENSSL_PUT_ERROR(SSL, SSL_R_SERIALIZATION_INVALID_SSL); return 0; } + ssl->is_suspended_state = false; return 1; } @@ -1115,5 +1156,7 @@ int SSL_to_bytes(const SSL *in, uint8_t **out_data, size_t *out_len) { return 0; } + const_cast(in)->is_suspended_state = true; + return CBB_finish(cbb.get(), out_data, out_len); } diff --git a/tests/ci/integration/run_curl_integration.sh b/tests/ci/integration/run_curl_integration.sh index 306a54167c8..f918c119da9 100755 --- a/tests/ci/integration/run_curl_integration.sh +++ b/tests/ci/integration/run_curl_integration.sh @@ -32,7 +32,7 @@ cd ${SCRATCH_FOLDER} function curl_build() { autoreconf -fi - ./configure --enable-warnings --enable-werror --with-openssl=${AWS_LC_INSTALL_FOLDER} --without-libpsl + ./configure --enable-warnings --enable-werror --with-openssl=${AWS_LC_INSTALL_FOLDER} --without-libpsl --enable-debug make -j "$NUM_CPU_THREADS" make -j "$NUM_CPU_THREADS" examples }