]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"); | |
5 | * you may not use this file except in compliance with the License. | |
6 | * You may obtain a copy of the License at | |
7 | * https://www.openssl.org/source/license.html | |
8 | * or in the file LICENSE in the source distribution. | |
9 | */ | |
10 | ||
11 | /* | |
12 | * Fuzz ASN.1 parsing for various data structures. Specify which on the | |
13 | * command line: | |
14 | * | |
15 | * asn1 <data structure> | |
16 | */ | |
17 | ||
18 | /* We need to use some deprecated APIs */ | |
19 | #define OPENSSL_SUPPRESS_DEPRECATED | |
20 | ||
21 | #include <stdio.h> | |
22 | #include <string.h> | |
23 | #include <openssl/asn1.h> | |
24 | #include <openssl/asn1t.h> | |
25 | #include <openssl/dh.h> | |
26 | #include <openssl/ec.h> | |
27 | #include <openssl/ocsp.h> | |
28 | #include <openssl/pkcs12.h> | |
29 | #include <openssl/rsa.h> | |
30 | #include <openssl/ts.h> | |
31 | #include <openssl/x509v3.h> | |
32 | #include <openssl/cms.h> | |
33 | #include <openssl/ess.h> | |
34 | #include <openssl/err.h> | |
35 | #include <openssl/rand.h> | |
36 | #include <openssl/bio.h> | |
37 | #include <openssl/evp.h> | |
38 | #include <openssl/ssl.h> | |
39 | #include <internal/nelem.h> | |
40 | #include "fuzzer.h" | |
41 | ||
42 | #include "rand.inc" | |
43 | ||
44 | static ASN1_ITEM_EXP *item_type[] = { | |
45 | ASN1_ITEM_ref(ACCESS_DESCRIPTION), | |
46 | #ifndef OPENSSL_NO_RFC3779 | |
47 | ASN1_ITEM_ref(ASIdentifierChoice), | |
48 | ASN1_ITEM_ref(ASIdentifiers), | |
49 | ASN1_ITEM_ref(ASIdOrRange), | |
50 | #endif | |
51 | ASN1_ITEM_ref(ASN1_ANY), | |
52 | ASN1_ITEM_ref(ASN1_BIT_STRING), | |
53 | ASN1_ITEM_ref(ASN1_BMPSTRING), | |
54 | ASN1_ITEM_ref(ASN1_BOOLEAN), | |
55 | ASN1_ITEM_ref(ASN1_ENUMERATED), | |
56 | ASN1_ITEM_ref(ASN1_FBOOLEAN), | |
57 | ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), | |
58 | ASN1_ITEM_ref(ASN1_GENERALSTRING), | |
59 | ASN1_ITEM_ref(ASN1_IA5STRING), | |
60 | ASN1_ITEM_ref(ASN1_INTEGER), | |
61 | ASN1_ITEM_ref(ASN1_NULL), | |
62 | ASN1_ITEM_ref(ASN1_OBJECT), | |
63 | ASN1_ITEM_ref(ASN1_OCTET_STRING), | |
64 | ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF), | |
65 | ASN1_ITEM_ref(ASN1_PRINTABLE), | |
66 | ASN1_ITEM_ref(ASN1_PRINTABLESTRING), | |
67 | ASN1_ITEM_ref(ASN1_SEQUENCE), | |
68 | ASN1_ITEM_ref(ASN1_SEQUENCE_ANY), | |
69 | ASN1_ITEM_ref(ASN1_SET_ANY), | |
70 | ASN1_ITEM_ref(ASN1_T61STRING), | |
71 | ASN1_ITEM_ref(ASN1_TBOOLEAN), | |
72 | ASN1_ITEM_ref(ASN1_TIME), | |
73 | ASN1_ITEM_ref(ASN1_UNIVERSALSTRING), | |
74 | ASN1_ITEM_ref(ASN1_UTCTIME), | |
75 | ASN1_ITEM_ref(ASN1_UTF8STRING), | |
76 | ASN1_ITEM_ref(ASN1_VISIBLESTRING), | |
77 | #ifndef OPENSSL_NO_RFC3779 | |
78 | ASN1_ITEM_ref(ASRange), | |
79 | #endif | |
80 | ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), | |
81 | ASN1_ITEM_ref(AUTHORITY_KEYID), | |
82 | ASN1_ITEM_ref(BASIC_CONSTRAINTS), | |
83 | ASN1_ITEM_ref(BIGNUM), | |
84 | ASN1_ITEM_ref(CBIGNUM), | |
85 | ASN1_ITEM_ref(CERTIFICATEPOLICIES), | |
86 | #ifndef OPENSSL_NO_CMS | |
87 | ASN1_ITEM_ref(CMS_ContentInfo), | |
88 | ASN1_ITEM_ref(CMS_ReceiptRequest), | |
89 | ASN1_ITEM_ref(CRL_DIST_POINTS), | |
90 | #endif | |
91 | #ifndef OPENSSL_NO_DH | |
92 | ASN1_ITEM_ref(DHparams), | |
93 | #endif | |
94 | ASN1_ITEM_ref(DIRECTORYSTRING), | |
95 | ASN1_ITEM_ref(DISPLAYTEXT), | |
96 | ASN1_ITEM_ref(DIST_POINT), | |
97 | ASN1_ITEM_ref(DIST_POINT_NAME), | |
98 | #ifndef OPENSSL_NO_EC | |
99 | ASN1_ITEM_ref(ECPARAMETERS), | |
100 | ASN1_ITEM_ref(ECPKPARAMETERS), | |
101 | #endif | |
102 | ASN1_ITEM_ref(EDIPARTYNAME), | |
103 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), | |
104 | ASN1_ITEM_ref(GENERAL_NAME), | |
105 | ASN1_ITEM_ref(GENERAL_NAMES), | |
106 | ASN1_ITEM_ref(GENERAL_SUBTREE), | |
107 | #ifndef OPENSSL_NO_RFC3779 | |
108 | ASN1_ITEM_ref(IPAddressChoice), | |
109 | ASN1_ITEM_ref(IPAddressFamily), | |
110 | ASN1_ITEM_ref(IPAddressOrRange), | |
111 | ASN1_ITEM_ref(IPAddressRange), | |
112 | #endif | |
113 | ASN1_ITEM_ref(ISSUING_DIST_POINT), | |
114 | #ifndef OPENSSL_NO_DEPRECATED_3_0 | |
115 | ASN1_ITEM_ref(LONG), | |
116 | #endif | |
117 | ASN1_ITEM_ref(NAME_CONSTRAINTS), | |
118 | ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), | |
119 | ASN1_ITEM_ref(NETSCAPE_SPKAC), | |
120 | ASN1_ITEM_ref(NETSCAPE_SPKI), | |
121 | ASN1_ITEM_ref(NOTICEREF), | |
122 | #ifndef OPENSSL_NO_OCSP | |
123 | ASN1_ITEM_ref(OCSP_BASICRESP), | |
124 | ASN1_ITEM_ref(OCSP_CERTID), | |
125 | ASN1_ITEM_ref(OCSP_CERTSTATUS), | |
126 | ASN1_ITEM_ref(OCSP_CRLID), | |
127 | ASN1_ITEM_ref(OCSP_ONEREQ), | |
128 | ASN1_ITEM_ref(OCSP_REQINFO), | |
129 | ASN1_ITEM_ref(OCSP_REQUEST), | |
130 | ASN1_ITEM_ref(OCSP_RESPBYTES), | |
131 | ASN1_ITEM_ref(OCSP_RESPDATA), | |
132 | ASN1_ITEM_ref(OCSP_RESPID), | |
133 | ASN1_ITEM_ref(OCSP_RESPONSE), | |
134 | ASN1_ITEM_ref(OCSP_REVOKEDINFO), | |
135 | ASN1_ITEM_ref(OCSP_SERVICELOC), | |
136 | ASN1_ITEM_ref(OCSP_SIGNATURE), | |
137 | ASN1_ITEM_ref(OCSP_SINGLERESP), | |
138 | #endif | |
139 | ASN1_ITEM_ref(OTHERNAME), | |
140 | ASN1_ITEM_ref(PBE2PARAM), | |
141 | ASN1_ITEM_ref(PBEPARAM), | |
142 | ASN1_ITEM_ref(PBKDF2PARAM), | |
143 | ASN1_ITEM_ref(PKCS12), | |
144 | ASN1_ITEM_ref(PKCS12_AUTHSAFES), | |
145 | ASN1_ITEM_ref(PKCS12_BAGS), | |
146 | ASN1_ITEM_ref(PKCS12_MAC_DATA), | |
147 | ASN1_ITEM_ref(PKCS12_SAFEBAG), | |
148 | ASN1_ITEM_ref(PKCS12_SAFEBAGS), | |
149 | ASN1_ITEM_ref(PKCS7), | |
150 | ASN1_ITEM_ref(PKCS7_ATTR_SIGN), | |
151 | ASN1_ITEM_ref(PKCS7_ATTR_VERIFY), | |
152 | ASN1_ITEM_ref(PKCS7_DIGEST), | |
153 | ASN1_ITEM_ref(PKCS7_ENC_CONTENT), | |
154 | ASN1_ITEM_ref(PKCS7_ENCRYPT), | |
155 | ASN1_ITEM_ref(PKCS7_ENVELOPE), | |
156 | ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL), | |
157 | ASN1_ITEM_ref(PKCS7_RECIP_INFO), | |
158 | ASN1_ITEM_ref(PKCS7_SIGNED), | |
159 | ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE), | |
160 | ASN1_ITEM_ref(PKCS7_SIGNER_INFO), | |
161 | ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO), | |
162 | ASN1_ITEM_ref(PKEY_USAGE_PERIOD), | |
163 | ASN1_ITEM_ref(POLICY_CONSTRAINTS), | |
164 | ASN1_ITEM_ref(POLICYINFO), | |
165 | ASN1_ITEM_ref(POLICY_MAPPING), | |
166 | ASN1_ITEM_ref(POLICY_MAPPINGS), | |
167 | ASN1_ITEM_ref(POLICYQUALINFO), | |
168 | ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), | |
169 | ASN1_ITEM_ref(PROXY_POLICY), | |
170 | ASN1_ITEM_ref(RSA_OAEP_PARAMS), | |
171 | ASN1_ITEM_ref(RSAPrivateKey), | |
172 | ASN1_ITEM_ref(RSA_PSS_PARAMS), | |
173 | ASN1_ITEM_ref(RSAPublicKey), | |
174 | ASN1_ITEM_ref(SXNET), | |
175 | ASN1_ITEM_ref(SXNETID), | |
176 | ASN1_ITEM_ref(USERNOTICE), | |
177 | ASN1_ITEM_ref(X509), | |
178 | ASN1_ITEM_ref(X509_ALGOR), | |
179 | ASN1_ITEM_ref(X509_ALGORS), | |
180 | ASN1_ITEM_ref(X509_ATTRIBUTE), | |
181 | ASN1_ITEM_ref(X509_CERT_AUX), | |
182 | ASN1_ITEM_ref(X509_CINF), | |
183 | ASN1_ITEM_ref(X509_CRL), | |
184 | ASN1_ITEM_ref(X509_CRL_INFO), | |
185 | ASN1_ITEM_ref(X509_EXTENSION), | |
186 | ASN1_ITEM_ref(X509_EXTENSIONS), | |
187 | ASN1_ITEM_ref(X509_NAME), | |
188 | ASN1_ITEM_ref(X509_NAME_ENTRY), | |
189 | ASN1_ITEM_ref(X509_PUBKEY), | |
190 | ASN1_ITEM_ref(X509_REQ), | |
191 | ASN1_ITEM_ref(X509_REQ_INFO), | |
192 | ASN1_ITEM_ref(X509_REVOKED), | |
193 | ASN1_ITEM_ref(X509_SIG), | |
194 | ASN1_ITEM_ref(X509_VAL), | |
195 | #ifndef OPENSSL_NO_DEPRECATED_3_0 | |
196 | ASN1_ITEM_ref(ZLONG), | |
197 | #endif | |
198 | ASN1_ITEM_ref(INT32), | |
199 | ASN1_ITEM_ref(ZINT32), | |
200 | ASN1_ITEM_ref(UINT32), | |
201 | ASN1_ITEM_ref(ZUINT32), | |
202 | ASN1_ITEM_ref(INT64), | |
203 | ASN1_ITEM_ref(ZINT64), | |
204 | ASN1_ITEM_ref(UINT64), | |
205 | ASN1_ITEM_ref(ZUINT64), | |
206 | NULL | |
207 | }; | |
208 | ||
209 | static ASN1_PCTX *pctx; | |
210 | ||
211 | #define DO_TEST(TYPE, D2I, I2D, PRINT) { \ | |
212 | const unsigned char *p = buf; \ | |
213 | unsigned char *der = NULL; \ | |
214 | TYPE *type = D2I(NULL, &p, len); \ | |
215 | \ | |
216 | if (type != NULL) { \ | |
217 | int len2; \ | |
218 | BIO *bio = BIO_new(BIO_s_null()); \ | |
219 | \ | |
220 | PRINT(bio, type); \ | |
221 | BIO_free(bio); \ | |
222 | len2 = I2D(type, &der); \ | |
223 | if (len2 != 0) {} \ | |
224 | OPENSSL_free(der); \ | |
225 | TYPE ## _free(type); \ | |
226 | } \ | |
227 | } | |
228 | ||
229 | #define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \ | |
230 | const unsigned char *p = buf; \ | |
231 | unsigned char *der = NULL; \ | |
232 | TYPE *type = D2I(NULL, &p, len); \ | |
233 | \ | |
234 | if (type != NULL) { \ | |
235 | BIO *bio = BIO_new(BIO_s_null()); \ | |
236 | \ | |
237 | PRINT(bio, type, 0); \ | |
238 | BIO_free(bio); \ | |
239 | I2D(type, &der); \ | |
240 | OPENSSL_free(der); \ | |
241 | TYPE ## _free(type); \ | |
242 | } \ | |
243 | } | |
244 | ||
245 | #define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \ | |
246 | const unsigned char *p = buf; \ | |
247 | unsigned char *der = NULL; \ | |
248 | TYPE *type = D2I(NULL, &p, len); \ | |
249 | \ | |
250 | if (type != NULL) { \ | |
251 | BIO *bio = BIO_new(BIO_s_null()); \ | |
252 | \ | |
253 | PRINT(bio, type, 0, pctx); \ | |
254 | BIO_free(bio); \ | |
255 | I2D(type, &der); \ | |
256 | OPENSSL_free(der); \ | |
257 | TYPE ## _free(type); \ | |
258 | } \ | |
259 | } | |
260 | ||
261 | ||
262 | #define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \ | |
263 | const unsigned char *p = buf; \ | |
264 | unsigned char *der = NULL; \ | |
265 | TYPE *type = D2I(NULL, &p, len); \ | |
266 | \ | |
267 | if (type != NULL) { \ | |
268 | BIO *bio = BIO_new(BIO_s_null()); \ | |
269 | \ | |
270 | BIO_free(bio); \ | |
271 | I2D(type, &der); \ | |
272 | OPENSSL_free(der); \ | |
273 | TYPE ## _free(type); \ | |
274 | } \ | |
275 | } | |
276 | ||
277 | ||
278 | int FuzzerInitialize(int *argc, char ***argv) | |
279 | { | |
280 | pctx = ASN1_PCTX_new(); | |
281 | ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | | |
282 | ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | | |
283 | ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); | |
284 | ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | | |
285 | ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); | |
286 | ||
287 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); | |
288 | OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); | |
289 | ERR_clear_error(); | |
290 | CRYPTO_free_ex_index(0, -1); | |
291 | FuzzerSetRand(); | |
292 | ||
293 | return 1; | |
294 | } | |
295 | ||
296 | int FuzzerTestOneInput(const uint8_t *buf, size_t len) | |
297 | { | |
298 | int n; | |
299 | ||
300 | ||
301 | for (n = 0; item_type[n] != NULL; ++n) { | |
302 | const uint8_t *b = buf; | |
303 | unsigned char *der = NULL; | |
304 | const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]); | |
305 | ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i); | |
306 | ||
307 | if (o != NULL) { | |
308 | BIO *bio = BIO_new(BIO_s_null()); | |
309 | ||
310 | ASN1_item_print(bio, o, 4, i, pctx); | |
311 | BIO_free(bio); | |
312 | ASN1_item_i2d(o, &der, i); | |
313 | OPENSSL_free(der); | |
314 | ASN1_item_free(o, i); | |
315 | } | |
316 | } | |
317 | ||
318 | #ifndef OPENSSL_NO_TS | |
319 | DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio); | |
320 | DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio); | |
321 | DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio); | |
322 | DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio); | |
323 | DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio); | |
324 | DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY); | |
325 | #endif | |
326 | DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL); | |
327 | DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID); | |
328 | DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT); | |
329 | DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2); | |
330 | DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2); | |
331 | #ifndef OPENSSL_NO_DH | |
332 | DO_TEST_NO_PRINT(DH, d2i_DHparams, i2d_DHparams); | |
333 | DO_TEST_NO_PRINT(DH, d2i_DHxparams, i2d_DHxparams); | |
334 | #endif | |
335 | #ifndef OPENSSL_NO_DSA | |
336 | DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG); | |
337 | DO_TEST_NO_PRINT(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey); | |
338 | DO_TEST_NO_PRINT(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey); | |
339 | DO_TEST_NO_PRINT(DSA, d2i_DSAparams, i2d_DSAparams); | |
340 | #endif | |
341 | DO_TEST_NO_PRINT(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey); | |
342 | #ifndef OPENSSL_NO_EC | |
343 | DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); | |
344 | DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); | |
345 | DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print); | |
346 | # ifndef OPENSSL_NO_DEPRECATED_3_0 | |
347 | DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG); | |
348 | # endif | |
349 | #endif | |
350 | DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private); | |
351 | DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print); | |
352 | ||
353 | ERR_clear_error(); | |
354 | ||
355 | return 0; | |
356 | } | |
357 | ||
358 | void FuzzerCleanup(void) | |
359 | { | |
360 | ASN1_PCTX_free(pctx); | |
361 | } |