/src/openssl30/fuzz/x509.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"); |
5 | | * you may not use this file except in compliance with the License. |
6 | | * You may obtain a copy of the License at |
7 | | * https://www.openssl.org/source/license.html |
8 | | * or in the file LICENSE in the source distribution. |
9 | | */ |
10 | | |
11 | | #include <openssl/x509.h> |
12 | | #include <openssl/ocsp.h> |
13 | | #include <openssl/bio.h> |
14 | | #include <openssl/err.h> |
15 | | #include <openssl/rand.h> |
16 | | #include "fuzzer.h" |
17 | | |
18 | | int FuzzerInitialize(int *argc, char ***argv) |
19 | 2 | { |
20 | 2 | FuzzerSetRand(); |
21 | 2 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
22 | 2 | | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); |
23 | 2 | ERR_clear_error(); |
24 | 2 | CRYPTO_free_ex_index(0, -1); |
25 | 2 | return 1; |
26 | 2 | } |
27 | | |
28 | | static int cb(int ok, X509_STORE_CTX *ctx) |
29 | 284 | { |
30 | 284 | return 1; |
31 | 284 | } |
32 | | |
33 | | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
34 | 10.4k | { |
35 | 10.4k | const unsigned char *p = buf; |
36 | 10.4k | size_t orig_len = len; |
37 | 10.4k | unsigned char *der = NULL; |
38 | 10.4k | BIO *bio = NULL; |
39 | 10.4k | X509 *x509_1 = NULL, *x509_2 = NULL; |
40 | 10.4k | X509_STORE *store = NULL; |
41 | 10.4k | X509_VERIFY_PARAM *param = NULL; |
42 | 10.4k | X509_STORE_CTX *ctx = NULL; |
43 | 10.4k | X509_CRL *crl = NULL; |
44 | 10.4k | STACK_OF(X509_CRL) *crls = NULL; |
45 | 10.4k | STACK_OF(X509) *certs = NULL; |
46 | 10.4k | OCSP_RESPONSE *resp = NULL; |
47 | 10.4k | OCSP_BASICRESP *bs = NULL; |
48 | 10.4k | OCSP_CERTID *id = NULL; |
49 | | |
50 | 10.4k | x509_1 = d2i_X509(NULL, &p, len); |
51 | 10.4k | if (x509_1 == NULL) |
52 | 5.43k | goto err; |
53 | | |
54 | 5.03k | bio = BIO_new(BIO_s_null()); |
55 | 5.03k | if (bio == NULL) |
56 | 0 | goto err; |
57 | | |
58 | | /* This will load and print the public key as well as extensions */ |
59 | 5.03k | X509_print(bio, x509_1); |
60 | 5.03k | BIO_free(bio); |
61 | | |
62 | 5.03k | X509_issuer_and_serial_hash(x509_1); |
63 | | |
64 | 5.03k | i2d_X509(x509_1, &der); |
65 | 5.03k | OPENSSL_free(der); |
66 | | |
67 | 5.03k | len = orig_len - (p - buf); |
68 | 5.03k | x509_2 = d2i_X509(NULL, &p, len); |
69 | 5.03k | if (x509_2 == NULL) |
70 | 4.79k | goto err; |
71 | | |
72 | 237 | len = orig_len - (p - buf); |
73 | 237 | crl = d2i_X509_CRL(NULL, &p, len); |
74 | 237 | if (crl == NULL) |
75 | 17 | goto err; |
76 | | |
77 | 220 | len = orig_len - (p - buf); |
78 | 220 | resp = d2i_OCSP_RESPONSE(NULL, &p, len); |
79 | | |
80 | 220 | store = X509_STORE_new(); |
81 | 220 | X509_STORE_add_cert(store, x509_2); |
82 | | |
83 | 220 | param = X509_VERIFY_PARAM_new(); |
84 | 220 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); |
85 | 220 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); |
86 | 220 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); |
87 | 220 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); |
88 | | |
89 | 220 | X509_STORE_set1_param(store, param); |
90 | | |
91 | 220 | X509_STORE_set_verify_cb(store, cb); |
92 | | |
93 | 220 | ctx = X509_STORE_CTX_new(); |
94 | 220 | if (ctx == NULL) |
95 | 0 | goto err; |
96 | | |
97 | 220 | X509_STORE_CTX_init(ctx, store, x509_1, NULL); |
98 | | |
99 | 220 | if (crl != NULL) { |
100 | 220 | crls = sk_X509_CRL_new_null(); |
101 | 220 | if (crls == NULL) |
102 | 0 | goto err; |
103 | | |
104 | 220 | sk_X509_CRL_push(crls, crl); |
105 | 220 | X509_STORE_CTX_set0_crls(ctx, crls); |
106 | 220 | } |
107 | | |
108 | 220 | X509_verify_cert(ctx); |
109 | | |
110 | 220 | if (resp != NULL) |
111 | 1 | bs = OCSP_response_get1_basic(resp); |
112 | | |
113 | 220 | if (bs != NULL) { |
114 | 0 | int status, reason; |
115 | 0 | ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; |
116 | |
|
117 | 0 | certs = sk_X509_new_null(); |
118 | 0 | if (certs == NULL) |
119 | 0 | goto err; |
120 | | |
121 | 0 | sk_X509_push(certs, x509_1); |
122 | 0 | sk_X509_push(certs, x509_2); |
123 | |
|
124 | 0 | OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); |
125 | |
|
126 | 0 | id = OCSP_cert_to_id(NULL, x509_1, x509_2); |
127 | 0 | if (id == NULL) |
128 | 0 | goto err; |
129 | 0 | OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, |
130 | 0 | &nextupd); |
131 | 0 | } |
132 | | |
133 | 10.4k | err: |
134 | 10.4k | X509_STORE_CTX_free(ctx); |
135 | 10.4k | X509_VERIFY_PARAM_free(param); |
136 | 10.4k | X509_STORE_free(store); |
137 | 10.4k | X509_free(x509_1); |
138 | 10.4k | X509_free(x509_2); |
139 | 10.4k | X509_CRL_free(crl); |
140 | 10.4k | OCSP_CERTID_free(id); |
141 | 10.4k | OCSP_BASICRESP_free(bs); |
142 | 10.4k | OCSP_RESPONSE_free(resp); |
143 | 10.4k | sk_X509_CRL_free(crls); |
144 | 10.4k | sk_X509_free(certs); |
145 | | |
146 | 10.4k | ERR_clear_error(); |
147 | 10.4k | return 0; |
148 | 220 | } |
149 | | |
150 | | void FuzzerCleanup(void) |
151 | 0 | { |
152 | 0 | FuzzerClearRand(); |
153 | 0 | } |