NCC Group has prepared (or begun preparing) a patch that integrates fuzzing of OpenSSL. This work was done primarily by Tim Newsham, although the code is based on selftls by Hanno Böck, and it was modified by me to fit into the OpenSSL tree. The general messiness is caused by me, not Tim.
Rather than attach a giant patch, I put it up here: https://github.com/nccgroup/openssl/tree/ncc-fuzzer It consists of three parts: - Expansive changes to the ossltest engine to support (broken) RSA and many more (broken) symmetric ciphers - Two function additions to OpenSSL that, when compiled with FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, insert deterministic timestamps into the TLS protocol - The ftls fuzz harness that speaks TLS to itself and allows for fuzzing any individual client or server message in the handshake This has only been tested on Linux x64 so far. I have had some trouble getting some parts working, but the fuzzing does commence. wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz tar xfv afl-<tab> ln -s afl-2<tab> afl cd afl ; make ; cd .. git clone g...@github.com:nccgroup/openssl.git ncc-fuzzer cd ncc-fuzzer git checkout ncc-fuzzer CC=../afl/afl-clang ./Configure linux-x86_64 -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-crypto-mdebug enable-asan enable-afl-fuzz (Optional: Edit Makefile and change '-O3' to '-O0' and '-g' to '-ggdb'. I couldn't figure out how to make this part of the Configure command.) make (Ignore errors at the end for code in test/fuzz) cd test/ftls ln -s ../../../afl-2<tab> afl make all ./genCerts ./makeInputs LD_LIBRARY_PATH=../../ ./afl/afl-fuzz -i inputs -o outputs -m 99999999999999 -- ./ftls-afl There are few pieces that I was unable to get working correctly: 1) The ossltest engine needs to have libcrypto statically linked into it. ftls has openssl libraries statically linked into them for ASAN+AFL fuzzing, but ossltest wants them loaded dynamically. The correct thing to do is compile ossltest with libcrypto linked statically, but I could not figure out the correct way to represent that with the build.info configurations. http://stackoverflow.com/a/2649792 seems to be the correct instructions for the compiler/linker. Until this is fixed, the above LD_LIBRARY_PATH=../../ is needed. 2) I had trouble compiling with 'enable-asan' unless I used clang. gcc gave me problems. 3) I got compilation errors for code in test/ when compiling with enable-afl-fuzz; however the important stuff compiled. 4) ERR_load_OSSLTEST_strings() in the original e_ossltest.c was causing a Segfault (under ASAN) on exit, so I commented it out. 5) The original version of ftls by Tim included support for compiling and fuzzing on 32-bit and also getting gcov-based profiling information. While references and stubs to this are still in the Makefile, I wasn't able to fully investigate and get those aspects of it working 6) There are some memory leaks that are exposed when you run ./makeInputs - I tracked most of them down, but a few remained. I believe these are from ftls and not OpenSSL. This fuzzer hits lots of things, but there are lots more things in OpenSSL. It has the following limitations: - It doesn't support all the possible features of TLS. But it does support a lot of them. (makeInputs lists many things not completed at the end of the file) - The ossltest engine does not include support for removed ciphers like DES, RC2, or GOST. However, there are some mentions/stubs of that, as the fuzzer was written before all of these things were removed from 1.1 - Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG becomes constant. This causes an error in ssl/ssl_sess.c:generate_session_id() because it always generates a colliding Session ID. This breaks renegotiation in the test harness. I haven't thought of an elegant way to resolve this. My ability to continue this effort is going to be extremely limited in the upcoming weeks, so I'm hopeful a community member will help us bring this across the finish line if OpenSSL is (still) interested in having this work merged into master. -tom
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev