/src/openssl31/fuzz/x509.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"); |
5 | | * you may not use this file except in compliance with the License. |
6 | | * You may obtain a copy of the License at |
7 | | * https://www.openssl.org/source/license.html |
8 | | * or in the file LICENSE in the source distribution. |
9 | | */ |
10 | | |
11 | | #include <openssl/x509.h> |
12 | | #include <openssl/ocsp.h> |
13 | | #include <openssl/bio.h> |
14 | | #include <openssl/err.h> |
15 | | #include <openssl/rand.h> |
16 | | #include "fuzzer.h" |
17 | | |
18 | | int FuzzerInitialize(int *argc, char ***argv) |
19 | 102 | { |
20 | 102 | FuzzerSetRand(); |
21 | 102 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
22 | 102 | | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); |
23 | 102 | ERR_clear_error(); |
24 | 102 | CRYPTO_free_ex_index(0, -1); |
25 | 102 | return 1; |
26 | 102 | } |
27 | | |
28 | | static int cb(int ok, X509_STORE_CTX *ctx) |
29 | 22.4k | { |
30 | 22.4k | return 1; |
31 | 22.4k | } |
32 | | |
33 | | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
34 | 47.0k | { |
35 | 47.0k | const unsigned char *p = buf; |
36 | 47.0k | size_t orig_len = len; |
37 | 47.0k | unsigned char *der = NULL; |
38 | 47.0k | BIO *bio = NULL; |
39 | 47.0k | X509 *x509_1 = NULL, *x509_2 = NULL; |
40 | 47.0k | X509_STORE *store = NULL; |
41 | 47.0k | X509_VERIFY_PARAM *param = NULL; |
42 | 47.0k | X509_STORE_CTX *ctx = NULL; |
43 | 47.0k | X509_CRL *crl = NULL; |
44 | 47.0k | STACK_OF(X509_CRL) *crls = NULL; |
45 | 47.0k | STACK_OF(X509) *certs = NULL; |
46 | 47.0k | OCSP_RESPONSE *resp = NULL; |
47 | 47.0k | OCSP_BASICRESP *bs = NULL; |
48 | 47.0k | OCSP_CERTID *id = NULL; |
49 | | |
50 | 47.0k | x509_1 = d2i_X509(NULL, &p, len); |
51 | 47.0k | if (x509_1 == NULL) |
52 | 21.5k | goto err; |
53 | | |
54 | 25.4k | bio = BIO_new(BIO_s_null()); |
55 | 25.4k | if (bio == NULL) |
56 | 0 | goto err; |
57 | | |
58 | | /* This will load and print the public key as well as extensions */ |
59 | 25.4k | X509_print(bio, x509_1); |
60 | 25.4k | BIO_free(bio); |
61 | | |
62 | 25.4k | X509_issuer_and_serial_hash(x509_1); |
63 | | |
64 | 25.4k | i2d_X509(x509_1, &der); |
65 | 25.4k | OPENSSL_free(der); |
66 | | |
67 | 25.4k | len = orig_len - (p - buf); |
68 | 25.4k | x509_2 = d2i_X509(NULL, &p, len); |
69 | 25.4k | if (x509_2 == NULL) |
70 | 20.7k | goto err; |
71 | | |
72 | 4.70k | len = orig_len - (p - buf); |
73 | 4.70k | crl = d2i_X509_CRL(NULL, &p, len); |
74 | 4.70k | if (crl == NULL) |
75 | 102 | goto err; |
76 | | |
77 | 4.59k | len = orig_len - (p - buf); |
78 | 4.59k | resp = d2i_OCSP_RESPONSE(NULL, &p, len); |
79 | | |
80 | 4.59k | store = X509_STORE_new(); |
81 | 4.59k | X509_STORE_add_cert(store, x509_2); |
82 | | |
83 | 4.59k | param = X509_VERIFY_PARAM_new(); |
84 | 4.59k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); |
85 | 4.59k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); |
86 | 4.59k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); |
87 | 4.59k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); |
88 | | |
89 | 4.59k | X509_STORE_set1_param(store, param); |
90 | | |
91 | 4.59k | X509_STORE_set_verify_cb(store, cb); |
92 | | |
93 | 4.59k | ctx = X509_STORE_CTX_new(); |
94 | 4.59k | if (ctx == NULL) |
95 | 0 | goto err; |
96 | | |
97 | 4.59k | X509_STORE_CTX_init(ctx, store, x509_1, NULL); |
98 | | |
99 | 4.59k | if (crl != NULL) { |
100 | 4.59k | crls = sk_X509_CRL_new_null(); |
101 | 4.59k | if (crls == NULL) |
102 | 0 | goto err; |
103 | | |
104 | 4.59k | sk_X509_CRL_push(crls, crl); |
105 | 4.59k | X509_STORE_CTX_set0_crls(ctx, crls); |
106 | 4.59k | } |
107 | | |
108 | 4.59k | X509_verify_cert(ctx); |
109 | | |
110 | 4.59k | if (resp != NULL) |
111 | 401 | bs = OCSP_response_get1_basic(resp); |
112 | | |
113 | 4.59k | if (bs != NULL) { |
114 | 207 | int status, reason; |
115 | 207 | ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; |
116 | | |
117 | 207 | certs = sk_X509_new_null(); |
118 | 207 | if (certs == NULL) |
119 | 0 | goto err; |
120 | | |
121 | 207 | sk_X509_push(certs, x509_1); |
122 | 207 | sk_X509_push(certs, x509_2); |
123 | | |
124 | 207 | OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); |
125 | | |
126 | 207 | id = OCSP_cert_to_id(NULL, x509_1, x509_2); |
127 | 207 | if (id == NULL) |
128 | 0 | goto err; |
129 | 207 | OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, |
130 | 207 | &nextupd); |
131 | 207 | } |
132 | | |
133 | 47.0k | err: |
134 | 47.0k | X509_STORE_CTX_free(ctx); |
135 | 47.0k | X509_VERIFY_PARAM_free(param); |
136 | 47.0k | X509_STORE_free(store); |
137 | 47.0k | X509_free(x509_1); |
138 | 47.0k | X509_free(x509_2); |
139 | 47.0k | X509_CRL_free(crl); |
140 | 47.0k | OCSP_CERTID_free(id); |
141 | 47.0k | OCSP_BASICRESP_free(bs); |
142 | 47.0k | OCSP_RESPONSE_free(resp); |
143 | 47.0k | sk_X509_CRL_free(crls); |
144 | 47.0k | sk_X509_free(certs); |
145 | | |
146 | 47.0k | ERR_clear_error(); |
147 | 47.0k | return 0; |
148 | 4.59k | } |
149 | | |
150 | | void FuzzerCleanup(void) |
151 | 0 | { |
152 | 0 | FuzzerClearRand(); |
153 | 0 | } |