On 25/08/16 22:33, Tom Ritter wrote: > NCC Group has prepared (or begun preparing) a patch that integrates > fuzzing of OpenSSL. This work was done primarily by Tim Newsham, > although the code is based on selftls by Hanno Böck, and it was modified > by me to fit into the OpenSSL tree. The general messiness is caused by > me, not Tim. > > Rather than attach a giant patch, I put it up here: > https://github.com/nccgroup/openssl/tree/ncc-fuzzer > > It consists of three parts: > > - Expansive changes to the ossltest engine to support (broken) RSA and > many more (broken) symmetric ciphers > - Two function additions to OpenSSL that, when compiled with > FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, insert deterministic > timestamps into the TLS protocol > - The ftls fuzz harness that speaks TLS to itself and allows for fuzzing > any individual client or server message in the handshake > > > This has only been tested on Linux x64 so far. I have had some trouble > getting some parts working, but the fuzzing does commence. > > wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz > tar xfv afl-<tab> > ln -s afl-2<tab> afl > cd afl ; make ; cd .. > git clone g...@github.com:nccgroup/openssl.git ncc-fuzzer > cd ncc-fuzzer > git checkout ncc-fuzzer > CC=../afl/afl-clang ./Configure linux-x86_64 > -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-ssl3 > enable-ssl3-method enable-weak-ssl-ciphers enable-crypto-mdebug > enable-asan enable-afl-fuzz > (Optional: Edit Makefile and change '-O3' to '-O0' and '-g' to '-ggdb'. > I couldn't figure out how to make this part of the Configure command.) > make > (Ignore errors at the end for code in test/fuzz) > cd test/ftls > ln -s ../../../afl-2<tab> afl > make all > ./genCerts > ./makeInputs > LD_LIBRARY_PATH=../../ ./afl/afl-fuzz -i inputs -o outputs -m > 99999999999999 -- ./ftls-afl > > > There are few pieces that I was unable to get working correctly: > > 1) The ossltest engine needs to have libcrypto statically linked into > it. ftls has openssl libraries statically linked into them for ASAN+AFL > fuzzing, but ossltest wants them loaded dynamically. The correct thing > to do is compile ossltest with libcrypto linked statically, but I could > not figure out the correct way to represent that with the build.info > <http://build.info> configurations. http://stackoverflow.com/a/2649792 > seems to be the correct instructions for the compiler/linker. > > Until this is fixed, the above LD_LIBRARY_PATH=../../ is needed. > > 2) I had trouble compiling with 'enable-asan' unless I used clang. gcc > gave me problems. > > 3) I got compilation errors for code in test/ when compiling with > enable-afl-fuzz; however the important stuff compiled. > > 4) ERR_load_OSSLTEST_strings() in the original e_ossltest.c was causing > a Segfault (under ASAN) on exit, so I commented it out. > > 5) The original version of ftls by Tim included support for compiling > and fuzzing on 32-bit and also getting gcov-based profiling information. > While references and stubs to this are still in the Makefile, I wasn't > able to fully investigate and get those aspects of it working > > 6) There are some memory leaks that are exposed when you run > ./makeInputs - I tracked most of them down, but a few remained. I > believe these are from ftls and not OpenSSL. > > > This fuzzer hits lots of things, but there are lots more things in > OpenSSL. It has the following limitations: > - It doesn't support all the possible features of TLS. But it does > support a lot of them. (makeInputs lists many things not completed at > the end of the file) > - The ossltest engine does not include support for removed ciphers like > DES, RC2, or GOST. However, there are some mentions/stubs of that, as > the fuzzer was written before all of these things were removed from 1.1 > - Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG > becomes constant. This causes an error in > ssl/ssl_sess.c:generate_session_id() because it always generates a > colliding Session ID. This breaks renegotiation in the test harness. I > haven't thought of an elegant way to resolve this. > > > My ability to continue this effort is going to be extremely limited in > the upcoming weeks, so I'm hopeful a community member will help us bring > this across the finish line if OpenSSL is (still) interested in having > this work merged into master.
Wow! Thanks Tom and Tim. This is fantastic. I really hope someone picks this up - this would be great to get integrated. Matt -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev