/src/openssl31/fuzz/x509.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"); |
5 | | * you may not use this file except in compliance with the License. |
6 | | * You may obtain a copy of the License at |
7 | | * https://www.openssl.org/source/license.html |
8 | | * or in the file LICENSE in the source distribution. |
9 | | */ |
10 | | |
11 | | #include <openssl/x509.h> |
12 | | #include <openssl/ocsp.h> |
13 | | #include <openssl/bio.h> |
14 | | #include <openssl/err.h> |
15 | | #include <openssl/rand.h> |
16 | | #include "fuzzer.h" |
17 | | |
18 | | int FuzzerInitialize(int *argc, char ***argv) |
19 | 108 | { |
20 | 108 | FuzzerSetRand(); |
21 | 108 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
22 | 108 | | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); |
23 | 108 | ERR_clear_error(); |
24 | 108 | CRYPTO_free_ex_index(0, -1); |
25 | 108 | return 1; |
26 | 108 | } |
27 | | |
28 | | static int cb(int ok, X509_STORE_CTX *ctx) |
29 | 30.4k | { |
30 | 30.4k | return 1; |
31 | 30.4k | } |
32 | | |
33 | | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
34 | 38.3k | { |
35 | 38.3k | const unsigned char *p = buf; |
36 | 38.3k | size_t orig_len = len; |
37 | 38.3k | unsigned char *der = NULL; |
38 | 38.3k | BIO *bio = NULL; |
39 | 38.3k | X509 *x509_1 = NULL, *x509_2 = NULL; |
40 | 38.3k | X509_STORE *store = NULL; |
41 | 38.3k | X509_VERIFY_PARAM *param = NULL; |
42 | 38.3k | X509_STORE_CTX *ctx = NULL; |
43 | 38.3k | X509_CRL *crl = NULL; |
44 | 38.3k | STACK_OF(X509_CRL) *crls = NULL; |
45 | 38.3k | STACK_OF(X509) *certs = NULL; |
46 | 38.3k | OCSP_RESPONSE *resp = NULL; |
47 | 38.3k | OCSP_BASICRESP *bs = NULL; |
48 | 38.3k | OCSP_CERTID *id = NULL; |
49 | | |
50 | 38.3k | x509_1 = d2i_X509(NULL, &p, len); |
51 | 38.3k | if (x509_1 == NULL) |
52 | 16.4k | goto err; |
53 | | |
54 | 21.9k | bio = BIO_new(BIO_s_null()); |
55 | 21.9k | if (bio == NULL) |
56 | 0 | goto err; |
57 | | |
58 | | /* This will load and print the public key as well as extensions */ |
59 | 21.9k | X509_print(bio, x509_1); |
60 | 21.9k | BIO_free(bio); |
61 | | |
62 | 21.9k | X509_issuer_and_serial_hash(x509_1); |
63 | | |
64 | 21.9k | i2d_X509(x509_1, &der); |
65 | 21.9k | OPENSSL_free(der); |
66 | | |
67 | 21.9k | len = orig_len - (p - buf); |
68 | 21.9k | x509_2 = d2i_X509(NULL, &p, len); |
69 | 21.9k | if (x509_2 == NULL) |
70 | 16.6k | goto err; |
71 | | |
72 | 5.31k | len = orig_len - (p - buf); |
73 | 5.31k | crl = d2i_X509_CRL(NULL, &p, len); |
74 | 5.31k | if (crl == NULL) |
75 | 100 | goto err; |
76 | | |
77 | 5.21k | len = orig_len - (p - buf); |
78 | 5.21k | resp = d2i_OCSP_RESPONSE(NULL, &p, len); |
79 | | |
80 | 5.21k | store = X509_STORE_new(); |
81 | 5.21k | if (store == NULL) |
82 | 0 | goto err; |
83 | 5.21k | X509_STORE_add_cert(store, x509_2); |
84 | | |
85 | 5.21k | param = X509_VERIFY_PARAM_new(); |
86 | 5.21k | if (param == NULL) |
87 | 0 | goto err; |
88 | 5.21k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); |
89 | 5.21k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); |
90 | 5.21k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); |
91 | 5.21k | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); |
92 | | |
93 | 5.21k | X509_STORE_set1_param(store, param); |
94 | | |
95 | 5.21k | X509_STORE_set_verify_cb(store, cb); |
96 | | |
97 | 5.21k | ctx = X509_STORE_CTX_new(); |
98 | 5.21k | if (ctx == NULL) |
99 | 0 | goto err; |
100 | | |
101 | 5.21k | X509_STORE_CTX_init(ctx, store, x509_1, NULL); |
102 | | |
103 | 5.21k | if (crl != NULL) { |
104 | 5.21k | crls = sk_X509_CRL_new_null(); |
105 | 5.21k | if (crls == NULL) |
106 | 0 | goto err; |
107 | | |
108 | 5.21k | sk_X509_CRL_push(crls, crl); |
109 | 5.21k | X509_STORE_CTX_set0_crls(ctx, crls); |
110 | 5.21k | } |
111 | | |
112 | 5.21k | X509_verify_cert(ctx); |
113 | | |
114 | 5.21k | if (resp != NULL) |
115 | 541 | bs = OCSP_response_get1_basic(resp); |
116 | | |
117 | 5.21k | if (bs != NULL) { |
118 | 223 | int status, reason; |
119 | 223 | ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; |
120 | | |
121 | 223 | certs = sk_X509_new_null(); |
122 | 223 | if (certs == NULL) |
123 | 0 | goto err; |
124 | | |
125 | 223 | sk_X509_push(certs, x509_1); |
126 | 223 | sk_X509_push(certs, x509_2); |
127 | | |
128 | 223 | OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); |
129 | | |
130 | 223 | id = OCSP_cert_to_id(NULL, x509_1, x509_2); |
131 | 223 | if (id == NULL) |
132 | 0 | goto err; |
133 | 223 | OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, |
134 | 223 | &nextupd); |
135 | 223 | } |
136 | | |
137 | 38.3k | err: |
138 | 38.3k | X509_STORE_CTX_free(ctx); |
139 | 38.3k | X509_VERIFY_PARAM_free(param); |
140 | 38.3k | X509_STORE_free(store); |
141 | 38.3k | X509_free(x509_1); |
142 | 38.3k | X509_free(x509_2); |
143 | 38.3k | X509_CRL_free(crl); |
144 | 38.3k | OCSP_CERTID_free(id); |
145 | 38.3k | OCSP_BASICRESP_free(bs); |
146 | 38.3k | OCSP_RESPONSE_free(resp); |
147 | 38.3k | sk_X509_CRL_free(crls); |
148 | 38.3k | sk_X509_free(certs); |
149 | | |
150 | 38.3k | ERR_clear_error(); |
151 | 38.3k | return 0; |
152 | 5.21k | } |
153 | | |
154 | | void FuzzerCleanup(void) |
155 | 0 | { |
156 | 0 | FuzzerClearRand(); |
157 | 0 | } |