[openssl-dev] Fuzzer Patch(es)

Thu Aug 25 21:33:31 UTC 2016

NCC Group has prepared (or begun preparing) a patch that integrates fuzzing
of OpenSSL.  This work was done primarily by Tim Newsham, although the code
is based on selftls by Hanno Böck, and it was modified by me to fit into
the OpenSSL tree. The general messiness is caused by me, not Tim.

Rather than attach a giant patch, I put it up here:
https://github.com/nccgroup/openssl/tree/ncc-fuzzer

It consists of three parts:

- Expansive changes to the ossltest engine to support (broken) RSA and many
more (broken) symmetric ciphers
- Two function additions to OpenSSL that, when compiled with
FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, insert deterministic timestamps
into the TLS protocol
- The ftls fuzz harness that speaks TLS to itself and allows for fuzzing
any individual client or server message in the handshake

This has only been tested on Linux x64 so far. I have had some trouble
getting some parts working, but the fuzzing does commence.

wget http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz
tar xfv afl-<tab>
ln -s afl-2<tab> afl
cd afl ; make ; cd ..
git clone git at github.com:nccgroup/openssl.git ncc-fuzzer
cd ncc-fuzzer
git checkout ncc-fuzzer
CC=../afl/afl-clang ./Configure linux-x86_64
-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-ssl3 enable-ssl3-method
enable-weak-ssl-ciphers enable-crypto-mdebug enable-asan enable-afl-fuzz
(Optional: Edit Makefile and change '-O3' to '-O0' and '-g' to '-ggdb'.  I
couldn't figure out how to make this part of the Configure command.)
make
(Ignore errors at the end for code in test/fuzz)
cd test/ftls
ln -s ../../../afl-2<tab> afl
make all
./genCerts
./makeInputs
LD_LIBRARY_PATH=../../ ./afl/afl-fuzz -i inputs -o outputs -m
99999999999999 -- ./ftls-afl

There are few pieces that I was unable to get working correctly:

1) The ossltest engine needs to have libcrypto statically linked into it.
ftls has openssl libraries statically linked into them for ASAN+AFL
fuzzing, but ossltest wants them loaded dynamically.  The correct thing to
do is compile ossltest with libcrypto linked statically, but I could not
figure out the correct way to represent that with the build.info
configurations. http://stackoverflow.com/a/2649792 seems to be the correct
instructions for the compiler/linker.

Until this is fixed, the above LD_LIBRARY_PATH=../../ is needed.

2) I had trouble compiling with 'enable-asan' unless I used clang. gcc gave
me problems.

3) I got compilation errors for code in test/ when compiling with
enable-afl-fuzz; however the important stuff compiled.

4) ERR_load_OSSLTEST_strings() in the original e_ossltest.c was causing a
Segfault (under ASAN) on exit, so I commented it out.

5) The original version of ftls by Tim included support for compiling and
fuzzing on 32-bit and also getting gcov-based profiling information. While
references and stubs to this are still in the Makefile, I wasn't able to
fully investigate and get those aspects of it working

6) There are some memory leaks that are exposed when you run ./makeInputs -
I tracked most of them down, but a few remained. I believe these are from
ftls and not OpenSSL.

This fuzzer hits lots of things, but there are lots more things in
OpenSSL.  It has the following limitations:
- It doesn't support all the possible features of TLS. But it does support
a lot of them. (makeInputs lists many things not completed at the end of
the file)
- The ossltest engine does not include support for removed ciphers like
DES, RC2, or GOST. However, there are some mentions/stubs of that, as the
fuzzer was written before all of these things were removed from 1.1
- Because ossltest cooks MD5 to output a constant value, OpenSSL's RNG
becomes constant. This causes an error in
ssl/ssl_sess.c:generate_session_id() because it always generates a
colliding Session ID. This breaks renegotiation in the test harness. I
haven't thought of an elegant way to resolve this.

My ability to continue this effort is going to be extremely limited in the
upcoming weeks, so I'm hopeful a community member will help us bring this
across the finish line if OpenSSL is (still) interested in having this work
merged into master.

-tom
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160825/c87f6b5e/attachment.html>