/src/openssl111/fuzz/asn1.c

Source (jump to first uncovered line)
/*
 * Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL licenses, (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

/*
 * Fuzz ASN.1 parsing for various data structures. Specify which on the
 * command line:
 *
 * asn1 <data structure>
 */

#include <stdio.h>
#include <string.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/dh.h>
#include <openssl/dsa.h>
#include <openssl/ec.h>
#include <openssl/ocsp.h>
#include <openssl/pkcs12.h>
#include <openssl/rsa.h>
#include <openssl/ts.h>
#include <openssl/x509v3.h>
#include <openssl/cms.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <openssl/bio.h>
#include <openssl/evp.h>
#include <openssl/ssl.h>
#include "fuzzer.h"

#include "rand.inc"

static ASN1_ITEM_EXP *item_type[] = {
    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
#ifndef OPENSSL_NO_RFC3779
    ASN1_ITEM_ref(ASIdentifierChoice),
    ASN1_ITEM_ref(ASIdentifiers),
    ASN1_ITEM_ref(ASIdOrRange),
#endif
    ASN1_ITEM_ref(ASN1_ANY),
    ASN1_ITEM_ref(ASN1_BIT_STRING),
    ASN1_ITEM_ref(ASN1_BMPSTRING),
    ASN1_ITEM_ref(ASN1_BOOLEAN),
    ASN1_ITEM_ref(ASN1_ENUMERATED),
    ASN1_ITEM_ref(ASN1_FBOOLEAN),
    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
    ASN1_ITEM_ref(ASN1_GENERALSTRING),
    ASN1_ITEM_ref(ASN1_IA5STRING),
    ASN1_ITEM_ref(ASN1_INTEGER),
    ASN1_ITEM_ref(ASN1_NULL),
    ASN1_ITEM_ref(ASN1_OBJECT),
    ASN1_ITEM_ref(ASN1_OCTET_STRING),
    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
    ASN1_ITEM_ref(ASN1_PRINTABLE),
    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
    ASN1_ITEM_ref(ASN1_SEQUENCE),
    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
    ASN1_ITEM_ref(ASN1_SET_ANY),
    ASN1_ITEM_ref(ASN1_T61STRING),
    ASN1_ITEM_ref(ASN1_TBOOLEAN),
    ASN1_ITEM_ref(ASN1_TIME),
    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
    ASN1_ITEM_ref(ASN1_UTCTIME),
    ASN1_ITEM_ref(ASN1_UTF8STRING),
    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
#ifndef OPENSSL_NO_RFC3779
    ASN1_ITEM_ref(ASRange),
#endif
    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
    ASN1_ITEM_ref(AUTHORITY_KEYID),
    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
    ASN1_ITEM_ref(BIGNUM),
    ASN1_ITEM_ref(CBIGNUM),
    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
#ifndef OPENSSL_NO_CMS
    ASN1_ITEM_ref(CMS_ContentInfo),
    ASN1_ITEM_ref(CMS_ReceiptRequest),
    ASN1_ITEM_ref(CRL_DIST_POINTS),
#endif
#ifndef OPENSSL_NO_DH
    ASN1_ITEM_ref(DHparams),
#endif
    ASN1_ITEM_ref(DIRECTORYSTRING),
    ASN1_ITEM_ref(DISPLAYTEXT),
    ASN1_ITEM_ref(DIST_POINT),
    ASN1_ITEM_ref(DIST_POINT_NAME),
#ifndef OPENSSL_NO_EC
    ASN1_ITEM_ref(ECPARAMETERS),
    ASN1_ITEM_ref(ECPKPARAMETERS),
#endif
    ASN1_ITEM_ref(EDIPARTYNAME),
    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
    ASN1_ITEM_ref(GENERAL_NAME),
    ASN1_ITEM_ref(GENERAL_NAMES),
    ASN1_ITEM_ref(GENERAL_SUBTREE),
#ifndef OPENSSL_NO_RFC3779
    ASN1_ITEM_ref(IPAddressChoice),
    ASN1_ITEM_ref(IPAddressFamily),
    ASN1_ITEM_ref(IPAddressOrRange),
    ASN1_ITEM_ref(IPAddressRange),
#endif
    ASN1_ITEM_ref(ISSUING_DIST_POINT),
#if OPENSSL_API_COMPAT < 0x10200000L
    ASN1_ITEM_ref(LONG),
#endif
    ASN1_ITEM_ref(NAME_CONSTRAINTS),
    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
    ASN1_ITEM_ref(NETSCAPE_SPKAC),
    ASN1_ITEM_ref(NETSCAPE_SPKI),
    ASN1_ITEM_ref(NOTICEREF),
#ifndef OPENSSL_NO_OCSP
    ASN1_ITEM_ref(OCSP_BASICRESP),
    ASN1_ITEM_ref(OCSP_CERTID),
    ASN1_ITEM_ref(OCSP_CERTSTATUS),
    ASN1_ITEM_ref(OCSP_CRLID),
    ASN1_ITEM_ref(OCSP_ONEREQ),
    ASN1_ITEM_ref(OCSP_REQINFO),
    ASN1_ITEM_ref(OCSP_REQUEST),
    ASN1_ITEM_ref(OCSP_RESPBYTES),
    ASN1_ITEM_ref(OCSP_RESPDATA),
    ASN1_ITEM_ref(OCSP_RESPID),
    ASN1_ITEM_ref(OCSP_RESPONSE),
    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
    ASN1_ITEM_ref(OCSP_SERVICELOC),
    ASN1_ITEM_ref(OCSP_SIGNATURE),
    ASN1_ITEM_ref(OCSP_SINGLERESP),
#endif
    ASN1_ITEM_ref(OTHERNAME),
    ASN1_ITEM_ref(PBE2PARAM),
    ASN1_ITEM_ref(PBEPARAM),
    ASN1_ITEM_ref(PBKDF2PARAM),
    ASN1_ITEM_ref(PKCS12),
    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
    ASN1_ITEM_ref(PKCS12_BAGS),
    ASN1_ITEM_ref(PKCS12_MAC_DATA),
    ASN1_ITEM_ref(PKCS12_SAFEBAG),
    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
    ASN1_ITEM_ref(PKCS7),
    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
    ASN1_ITEM_ref(PKCS7_DIGEST),
    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
    ASN1_ITEM_ref(PKCS7_ENCRYPT),
    ASN1_ITEM_ref(PKCS7_ENVELOPE),
    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
    ASN1_ITEM_ref(PKCS7_SIGNED),
    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
    ASN1_ITEM_ref(POLICYINFO),
    ASN1_ITEM_ref(POLICY_MAPPING),
    ASN1_ITEM_ref(POLICY_MAPPINGS),
    ASN1_ITEM_ref(POLICYQUALINFO),
    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
    ASN1_ITEM_ref(PROXY_POLICY),
    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
    ASN1_ITEM_ref(RSAPrivateKey),
    ASN1_ITEM_ref(RSA_PSS_PARAMS),
    ASN1_ITEM_ref(RSAPublicKey),
    ASN1_ITEM_ref(SXNET),
    ASN1_ITEM_ref(SXNETID),
    ASN1_ITEM_ref(USERNOTICE),
    ASN1_ITEM_ref(X509),
    ASN1_ITEM_ref(X509_ALGOR),
    ASN1_ITEM_ref(X509_ALGORS),
    ASN1_ITEM_ref(X509_ATTRIBUTE),
    ASN1_ITEM_ref(X509_CERT_AUX),
    ASN1_ITEM_ref(X509_CINF),
    ASN1_ITEM_ref(X509_CRL),
    ASN1_ITEM_ref(X509_CRL_INFO),
    ASN1_ITEM_ref(X509_EXTENSION),
    ASN1_ITEM_ref(X509_EXTENSIONS),
    ASN1_ITEM_ref(X509_NAME),
    ASN1_ITEM_ref(X509_NAME_ENTRY),
    ASN1_ITEM_ref(X509_PUBKEY),
    ASN1_ITEM_ref(X509_REQ),
    ASN1_ITEM_ref(X509_REQ_INFO),
    ASN1_ITEM_ref(X509_REVOKED),
    ASN1_ITEM_ref(X509_SIG),
    ASN1_ITEM_ref(X509_VAL),
#if OPENSSL_API_COMPAT < 0x10200000L
    ASN1_ITEM_ref(ZLONG),
#endif
    ASN1_ITEM_ref(INT32),
    ASN1_ITEM_ref(ZINT32),
    ASN1_ITEM_ref(UINT32),
    ASN1_ITEM_ref(ZUINT32),
    ASN1_ITEM_ref(INT64),
    ASN1_ITEM_ref(ZINT64),
    ASN1_ITEM_ref(UINT64),
    ASN1_ITEM_ref(ZUINT64),
    NULL
};

static ASN1_PCTX *pctx;

#define DO_TEST(TYPE, D2I, I2D, PRINT) { \
    const unsigned char *p = buf; \
    unsigned char *der = NULL; \
    TYPE *type = D2I(NULL, &p, len); \
    \
    if (type != NULL) { \
        int len2; \
        BIO *bio = BIO_new(BIO_s_null()); \
        \
        PRINT(bio, type); \
        BIO_free(bio); \
        len2 = I2D(type, &der); \
        if (len2 != 0) {} \
        OPENSSL_free(der); \
        TYPE ## _free(type); \
    } \
}

#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \
    const unsigned char *p = buf; \
    unsigned char *der = NULL; \
    TYPE *type = D2I(NULL, &p, len); \
    \
    if (type != NULL) { \
        BIO *bio = BIO_new(BIO_s_null()); \
        \
        PRINT(bio, type, 0); \
        BIO_free(bio); \
        I2D(type, &der); \
        OPENSSL_free(der); \
        TYPE ## _free(type); \
    } \
}

#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \
    const unsigned char *p = buf; \
    unsigned char *der = NULL; \
    TYPE *type = D2I(NULL, &p, len); \
    \
    if (type != NULL) { \
        BIO *bio = BIO_new(BIO_s_null()); \
        \
        PRINT(bio, type, 0, pctx); \
        BIO_free(bio); \
        I2D(type, &der); \
        OPENSSL_free(der); \
        TYPE ## _free(type); \
    } \
}


#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \
    const unsigned char *p = buf; \
    unsigned char *der = NULL; \
    TYPE *type = D2I(NULL, &p, len); \
    \
    if (type != NULL) { \
        BIO *bio = BIO_new(BIO_s_null()); \
        \
        BIO_free(bio); \
        I2D(type, &der); \
        OPENSSL_free(der); \
        TYPE ## _free(type); \
    } \
}


int FuzzerInitialize(int *argc, char ***argv)
{
    pctx = ASN1_PCTX_new();
    ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
        ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
        ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
    ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
        ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);

    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
    ERR_get_state();
    CRYPTO_free_ex_index(0, -1);
    FuzzerSetRand();

    return 1;
}

int FuzzerTestOneInput(const uint8_t *buf, size_t len)
{
    int n;


    for (n = 0; item_type[n] != NULL; ++n) {
        const uint8_t *b = buf;
        unsigned char *der = NULL;
        const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);

        if (o != NULL) {
            BIO *bio = BIO_new(BIO_s_null());

            ASN1_item_print(bio, o, 4, i, pctx);
            BIO_free(bio);
            ASN1_item_i2d(o, &der, i);
            OPENSSL_free(der);
            ASN1_item_free(o, i);
        }
    }

#ifndef OPENSSL_NO_TS
    DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio);
    DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio);
    DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio);
    DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio);
    DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio);
    DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY);
    DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL);
    DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID);
    DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT);
#endif
#ifndef OPENSSL_NO_DH
    DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
    DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
#endif
#ifndef OPENSSL_NO_DSA
    DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
    DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
#endif
    DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
#ifndef OPENSSL_NO_EC
    DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
    DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
    DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
    DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
#endif
    DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private);
    DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print);

    ERR_clear_error();

    return 0;
}

void FuzzerCleanup(void)
{
    ASN1_PCTX_free(pctx);
}

Coverage Report

Created: 2023-06-08 06:41

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the OpenSSL licenses, (the "License");
5		* you may not use this file except in compliance with the License.
6		* You may obtain a copy of the License at
7		* https://www.openssl.org/source/license.html
8		* or in the file LICENSE in the source distribution.
9		*/
10
11		/*
12		* Fuzz ASN.1 parsing for various data structures. Specify which on the
13		* command line:
14		*
15		* asn1 <data structure>
16		*/
17
18		#include <stdio.h>
19		#include <string.h>
20		#include <openssl/asn1.h>
21		#include <openssl/asn1t.h>
22		#include <openssl/dh.h>
23		#include <openssl/dsa.h>
24		#include <openssl/ec.h>
25		#include <openssl/ocsp.h>
26		#include <openssl/pkcs12.h>
27		#include <openssl/rsa.h>
28		#include <openssl/ts.h>
29		#include <openssl/x509v3.h>
30		#include <openssl/cms.h>
31		#include <openssl/err.h>
32		#include <openssl/rand.h>
33		#include <openssl/bio.h>
34		#include <openssl/evp.h>
35		#include <openssl/ssl.h>
36		#include "fuzzer.h"
37
38		#include "rand.inc"
39
40		static ASN1_ITEM_EXP *item_type[] = {
41		ASN1_ITEM_ref(ACCESS_DESCRIPTION),
42		#ifndef OPENSSL_NO_RFC3779
43		ASN1_ITEM_ref(ASIdentifierChoice),
44		ASN1_ITEM_ref(ASIdentifiers),
45		ASN1_ITEM_ref(ASIdOrRange),
46		#endif
47		ASN1_ITEM_ref(ASN1_ANY),
48		ASN1_ITEM_ref(ASN1_BIT_STRING),
49		ASN1_ITEM_ref(ASN1_BMPSTRING),
50		ASN1_ITEM_ref(ASN1_BOOLEAN),
51		ASN1_ITEM_ref(ASN1_ENUMERATED),
52		ASN1_ITEM_ref(ASN1_FBOOLEAN),
53		ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
54		ASN1_ITEM_ref(ASN1_GENERALSTRING),
55		ASN1_ITEM_ref(ASN1_IA5STRING),
56		ASN1_ITEM_ref(ASN1_INTEGER),
57		ASN1_ITEM_ref(ASN1_NULL),
58		ASN1_ITEM_ref(ASN1_OBJECT),
59		ASN1_ITEM_ref(ASN1_OCTET_STRING),
60		ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
61		ASN1_ITEM_ref(ASN1_PRINTABLE),
62		ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
63		ASN1_ITEM_ref(ASN1_SEQUENCE),
64		ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
65		ASN1_ITEM_ref(ASN1_SET_ANY),
66		ASN1_ITEM_ref(ASN1_T61STRING),
67		ASN1_ITEM_ref(ASN1_TBOOLEAN),
68		ASN1_ITEM_ref(ASN1_TIME),
69		ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
70		ASN1_ITEM_ref(ASN1_UTCTIME),
71		ASN1_ITEM_ref(ASN1_UTF8STRING),
72		ASN1_ITEM_ref(ASN1_VISIBLESTRING),
73		#ifndef OPENSSL_NO_RFC3779
74		ASN1_ITEM_ref(ASRange),
75		#endif
76		ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
77		ASN1_ITEM_ref(AUTHORITY_KEYID),
78		ASN1_ITEM_ref(BASIC_CONSTRAINTS),
79		ASN1_ITEM_ref(BIGNUM),
80		ASN1_ITEM_ref(CBIGNUM),
81		ASN1_ITEM_ref(CERTIFICATEPOLICIES),
82		#ifndef OPENSSL_NO_CMS
83		ASN1_ITEM_ref(CMS_ContentInfo),
84		ASN1_ITEM_ref(CMS_ReceiptRequest),
85		ASN1_ITEM_ref(CRL_DIST_POINTS),
86		#endif
87		#ifndef OPENSSL_NO_DH
88		ASN1_ITEM_ref(DHparams),
89		#endif
90		ASN1_ITEM_ref(DIRECTORYSTRING),
91		ASN1_ITEM_ref(DISPLAYTEXT),
92		ASN1_ITEM_ref(DIST_POINT),
93		ASN1_ITEM_ref(DIST_POINT_NAME),
94		#ifndef OPENSSL_NO_EC
95		ASN1_ITEM_ref(ECPARAMETERS),
96		ASN1_ITEM_ref(ECPKPARAMETERS),
97		#endif
98		ASN1_ITEM_ref(EDIPARTYNAME),
99		ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
100		ASN1_ITEM_ref(GENERAL_NAME),
101		ASN1_ITEM_ref(GENERAL_NAMES),
102		ASN1_ITEM_ref(GENERAL_SUBTREE),
103		#ifndef OPENSSL_NO_RFC3779
104		ASN1_ITEM_ref(IPAddressChoice),
105		ASN1_ITEM_ref(IPAddressFamily),
106		ASN1_ITEM_ref(IPAddressOrRange),
107		ASN1_ITEM_ref(IPAddressRange),
108		#endif
109		ASN1_ITEM_ref(ISSUING_DIST_POINT),
110		#if OPENSSL_API_COMPAT < 0x10200000L
111		ASN1_ITEM_ref(LONG),
112		#endif
113		ASN1_ITEM_ref(NAME_CONSTRAINTS),
114		ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
115		ASN1_ITEM_ref(NETSCAPE_SPKAC),
116		ASN1_ITEM_ref(NETSCAPE_SPKI),
117		ASN1_ITEM_ref(NOTICEREF),
118		#ifndef OPENSSL_NO_OCSP
119		ASN1_ITEM_ref(OCSP_BASICRESP),
120		ASN1_ITEM_ref(OCSP_CERTID),
121		ASN1_ITEM_ref(OCSP_CERTSTATUS),
122		ASN1_ITEM_ref(OCSP_CRLID),
123		ASN1_ITEM_ref(OCSP_ONEREQ),
124		ASN1_ITEM_ref(OCSP_REQINFO),
125		ASN1_ITEM_ref(OCSP_REQUEST),
126		ASN1_ITEM_ref(OCSP_RESPBYTES),
127		ASN1_ITEM_ref(OCSP_RESPDATA),
128		ASN1_ITEM_ref(OCSP_RESPID),
129		ASN1_ITEM_ref(OCSP_RESPONSE),
130		ASN1_ITEM_ref(OCSP_REVOKEDINFO),
131		ASN1_ITEM_ref(OCSP_SERVICELOC),
132		ASN1_ITEM_ref(OCSP_SIGNATURE),
133		ASN1_ITEM_ref(OCSP_SINGLERESP),
134		#endif
135		ASN1_ITEM_ref(OTHERNAME),
136		ASN1_ITEM_ref(PBE2PARAM),
137		ASN1_ITEM_ref(PBEPARAM),
138		ASN1_ITEM_ref(PBKDF2PARAM),
139		ASN1_ITEM_ref(PKCS12),
140		ASN1_ITEM_ref(PKCS12_AUTHSAFES),
141		ASN1_ITEM_ref(PKCS12_BAGS),
142		ASN1_ITEM_ref(PKCS12_MAC_DATA),
143		ASN1_ITEM_ref(PKCS12_SAFEBAG),
144		ASN1_ITEM_ref(PKCS12_SAFEBAGS),
145		ASN1_ITEM_ref(PKCS7),
146		ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
147		ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
148		ASN1_ITEM_ref(PKCS7_DIGEST),
149		ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
150		ASN1_ITEM_ref(PKCS7_ENCRYPT),
151		ASN1_ITEM_ref(PKCS7_ENVELOPE),
152		ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
153		ASN1_ITEM_ref(PKCS7_RECIP_INFO),
154		ASN1_ITEM_ref(PKCS7_SIGNED),
155		ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
156		ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
157		ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
158		ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
159		ASN1_ITEM_ref(POLICY_CONSTRAINTS),
160		ASN1_ITEM_ref(POLICYINFO),
161		ASN1_ITEM_ref(POLICY_MAPPING),
162		ASN1_ITEM_ref(POLICY_MAPPINGS),
163		ASN1_ITEM_ref(POLICYQUALINFO),
164		ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
165		ASN1_ITEM_ref(PROXY_POLICY),
166		ASN1_ITEM_ref(RSA_OAEP_PARAMS),
167		ASN1_ITEM_ref(RSAPrivateKey),
168		ASN1_ITEM_ref(RSA_PSS_PARAMS),
169		ASN1_ITEM_ref(RSAPublicKey),
170		ASN1_ITEM_ref(SXNET),
171		ASN1_ITEM_ref(SXNETID),
172		ASN1_ITEM_ref(USERNOTICE),
173		ASN1_ITEM_ref(X509),
174		ASN1_ITEM_ref(X509_ALGOR),
175		ASN1_ITEM_ref(X509_ALGORS),
176		ASN1_ITEM_ref(X509_ATTRIBUTE),
177		ASN1_ITEM_ref(X509_CERT_AUX),
178		ASN1_ITEM_ref(X509_CINF),
179		ASN1_ITEM_ref(X509_CRL),
180		ASN1_ITEM_ref(X509_CRL_INFO),
181		ASN1_ITEM_ref(X509_EXTENSION),
182		ASN1_ITEM_ref(X509_EXTENSIONS),
183		ASN1_ITEM_ref(X509_NAME),
184		ASN1_ITEM_ref(X509_NAME_ENTRY),
185		ASN1_ITEM_ref(X509_PUBKEY),
186		ASN1_ITEM_ref(X509_REQ),
187		ASN1_ITEM_ref(X509_REQ_INFO),
188		ASN1_ITEM_ref(X509_REVOKED),
189		ASN1_ITEM_ref(X509_SIG),
190		ASN1_ITEM_ref(X509_VAL),
191		#if OPENSSL_API_COMPAT < 0x10200000L
192		ASN1_ITEM_ref(ZLONG),
193		#endif
194		ASN1_ITEM_ref(INT32),
195		ASN1_ITEM_ref(ZINT32),
196		ASN1_ITEM_ref(UINT32),
197		ASN1_ITEM_ref(ZUINT32),
198		ASN1_ITEM_ref(INT64),
199		ASN1_ITEM_ref(ZINT64),
200		ASN1_ITEM_ref(UINT64),
201		ASN1_ITEM_ref(ZUINT64),
202		NULL
203		};
204
205		static ASN1_PCTX *pctx;
206
207	127k	#define DO_TEST(TYPE, D2I, I2D, PRINT) { \
208	127k	const unsigned char *p = buf; \
209	127k	unsigned char *der = NULL; \
210	127k	TYPE *type = D2I(NULL, &p, len); \
211	127k	\
212	127k	if (type != NULL) { \
213	2.50k	int len2; \
214	2.50k	BIO *bio = BIO_new(BIO_s_null()); \
215	2.50k	\
216	2.50k	PRINT(bio, type); \
217	2.50k	BIO_free(bio); \
218	2.50k	len2 = I2D(type, &der); \
219	2.50k	if (len2 != 0) {} \
220	2.50k	OPENSSL_free(der); \
221	2.50k	TYPE ## _free(type); \
222	2.50k	} \
223	127k	}
224
225	63.9k	#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \
226	63.9k	const unsigned char *p = buf; \
227	63.9k	unsigned char *der = NULL; \
228	63.9k	TYPE *type = D2I(NULL, &p, len); \
229	63.9k	\
230	63.9k	if (type != NULL) { \
231	752	BIO *bio = BIO_new(BIO_s_null()); \
232	752	\
233	752	PRINT(bio, type, 0); \
234	752	BIO_free(bio); \
235	752	I2D(type, &der); \
236	752	OPENSSL_free(der); \
237	752	TYPE ## _free(type); \
238	752	} \
239	63.9k	}
240
241	12.7k	#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \
242	12.7k	const unsigned char *p = buf; \
243	12.7k	unsigned char *der = NULL; \
244	12.7k	TYPE *type = D2I(NULL, &p, len); \
245	12.7k	\
246	12.7k	if (type != NULL) { \
247	813	BIO *bio = BIO_new(BIO_s_null()); \
248	813	\
249	813	PRINT(bio, type, 0, pctx); \
250	813	BIO_free(bio); \
251	813	I2D(type, &der); \
252	813	OPENSSL_free(der); \
253	813	TYPE ## _free(type); \
254	813	} \
255	12.7k	}
256
257
258	76.7k	#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \
259	76.7k	const unsigned char *p = buf; \
260	76.7k	unsigned char *der = NULL; \
261	76.7k	TYPE *type = D2I(NULL, &p, len); \
262	76.7k	\
263	76.7k	if (type != NULL) { \
264	493	BIO *bio = BIO_new(BIO_s_null()); \
265	493	\
266	493	BIO_free(bio); \
267	493	I2D(type, &der); \
268	493	OPENSSL_free(der); \
269	493	TYPE ## _free(type); \
270	493	} \
271	76.7k	}
272
273
274		int FuzzerInitialize(int argc, char **argv)
275	2	{
276	2	pctx = ASN1_PCTX_new();
277	2	ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT \|
278	2	ASN1_PCTX_FLAGS_SHOW_SEQUENCE \| ASN1_PCTX_FLAGS_SHOW_SSOF \|
279	2	ASN1_PCTX_FLAGS_SHOW_TYPE \| ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
280	2	ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT \|
281	2	ASN1_STRFLGS_SHOW_TYPE \| ASN1_STRFLGS_DUMP_ALL);
282
283	2	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
284	2	OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
285	2	ERR_get_state();
286	2	CRYPTO_free_ex_index(0, -1);
287	2	FuzzerSetRand();
288
289	2	return 1;
290	2	}
291
292		int FuzzerTestOneInput(const uint8_t *buf, size_t len)
293	12.7k	{
294	12.7k	int n;
295
296
297	1.84M	for (n = 0; item_type[n] != NULL; ++n) {
298	1.82M	const uint8_t *b = buf;
299	1.82M	unsigned char *der = NULL;
300	1.82M	const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
301	1.82M	ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
302
303	1.82M	if (o != NULL) {
304	47.2k	BIO *bio = BIO_new(BIO_s_null());
305
306	47.2k	ASN1_item_print(bio, o, 4, i, pctx);
307	47.2k	BIO_free(bio);
308	47.2k	ASN1_item_i2d(o, &der, i);
309	47.2k	OPENSSL_free(der);
310	47.2k	ASN1_item_free(o, i);
311	47.2k	}
312	1.82M	}
313
314	12.7k	#ifndef OPENSSL_NO_TS
315	12.7k	DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio);
316	12.7k	DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio);
317	12.7k	DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio);
318	12.7k	DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio);
319	12.7k	DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio);
320	12.7k	DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY);
321	12.7k	DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL);
322	12.7k	DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID);
323	12.7k	DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT);
324	12.7k	#endif
325	12.7k	#ifndef OPENSSL_NO_DH
326	12.7k	DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
327	12.7k	DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
328	12.7k	#endif
329	12.7k	#ifndef OPENSSL_NO_DSA
330	12.7k	DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
331	12.7k	DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
332	12.7k	DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
333	12.7k	DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
334	12.7k	#endif
335	12.7k	DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
336	12.7k	#ifndef OPENSSL_NO_EC
337	12.7k	DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
338	12.7k	DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
339	12.7k	DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
340	12.7k	DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
341	12.7k	#endif
342	12.7k	DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private);
343	12.7k	DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print);
344
345	12.7k	ERR_clear_error();
346
347	12.7k	return 0;
348	12.7k	}
349
350		void FuzzerCleanup(void)
351	0	{
352	0	ASN1_PCTX_free(pctx);
353	0	}