]>
Commit | Line | Data |
---|---|---|
e599d0ae DDO |
1 | /* |
2 | * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | /* | |
11 | * Test CMP DER parsing. | |
12 | */ | |
13 | ||
14 | #include <openssl/bio.h> | |
15 | #include <openssl/cmp.h> | |
16 | #include "../crypto/cmp/cmp_local.h" | |
17 | #include <openssl/err.h> | |
18 | #include "fuzzer.h" | |
19 | #include "rand.inc" | |
20 | ||
21 | int FuzzerInitialize(int *argc, char ***argv) | |
22 | { | |
23 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); | |
24 | ERR_clear_error(); | |
25 | CRYPTO_free_ex_index(0, -1); | |
26 | FuzzerSetRand(); | |
27 | return 1; | |
28 | } | |
29 | ||
30 | static int num_responses; | |
31 | ||
32 | static OSSL_CMP_MSG *transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req) | |
33 | { | |
34 | if (num_responses++ > 2) | |
35 | return NULL; /* prevent loops due to repeated pollRep */ | |
36 | return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *) | |
37 | OSSL_CMP_CTX_get_transfer_cb_arg(ctx)); | |
38 | } | |
39 | ||
40 | static int print_noop(const char *func, const char *file, int line, | |
41 | OSSL_CMP_severity level, const char *msg) | |
42 | { | |
43 | return 1; | |
44 | } | |
45 | ||
46 | static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep, | |
47 | int invalid_protection, int expected_type) | |
48 | { | |
49 | return 1; | |
50 | } | |
51 | ||
52 | static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg) | |
53 | { | |
54 | X509_NAME *name = X509_NAME_new(); | |
55 | ASN1_INTEGER *serial = ASN1_INTEGER_new(); | |
56 | ||
57 | ctx->unprotectedSend = 1; /* satisfy ossl_cmp_msg_protect() */ | |
58 | ctx->disableConfirm = 1; /* check just one response message */ | |
59 | ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */ | |
60 | ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */ | |
61 | if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"", | |
62 | 0) /* prevent too unspecific error */ | |
63 | || ctx->oldCert == NULL | |
64 | || name == NULL || !X509_set_issuer_name(ctx->oldCert, name) | |
65 | || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial)) | |
66 | goto err; | |
67 | ||
68 | (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb); | |
69 | (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx, msg); | |
70 | (void)OSSL_CMP_CTX_set_log_cb(ctx, print_noop); | |
71 | num_responses = 0; | |
72 | switch (msg->body != NULL ? msg->body->type : -1) { | |
73 | case OSSL_CMP_PKIBODY_IP: | |
74 | (void)OSSL_CMP_exec_IR_ses(ctx); | |
75 | break; | |
76 | case OSSL_CMP_PKIBODY_CP: | |
77 | (void)OSSL_CMP_exec_CR_ses(ctx); | |
78 | (void)OSSL_CMP_exec_P10CR_ses(ctx); | |
79 | break; | |
80 | case OSSL_CMP_PKIBODY_KUP: | |
81 | (void)OSSL_CMP_exec_KUR_ses(ctx); | |
82 | break; | |
83 | case OSSL_CMP_PKIBODY_POLLREP: | |
84 | ctx->status = OSSL_CMP_PKISTATUS_waiting; | |
299e0f1e | 85 | (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL, NULL); |
e599d0ae DDO |
86 | break; |
87 | case OSSL_CMP_PKIBODY_RP: | |
88 | (void)OSSL_CMP_exec_RR_ses(ctx); | |
89 | break; | |
90 | case OSSL_CMP_PKIBODY_GENP: | |
91 | sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx), | |
92 | OSSL_CMP_ITAV_free); | |
93 | break; | |
94 | default: | |
430efff1 | 95 | (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0); |
e599d0ae DDO |
96 | break; |
97 | } | |
98 | err: | |
99 | X509_NAME_free(name); | |
100 | ASN1_INTEGER_free(serial); | |
101 | } | |
102 | ||
103 | static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx, | |
104 | const OSSL_CMP_MSG *cert_req, | |
105 | int certReqId, | |
106 | const OSSL_CRMF_MSG *crm, | |
107 | const X509_REQ *p10cr, | |
108 | X509 **certOut, | |
109 | STACK_OF(X509) **chainOut, | |
110 | STACK_OF(X509) **caPubs) | |
111 | { | |
9311d0c4 | 112 | ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); |
e599d0ae DDO |
113 | return NULL; |
114 | } | |
115 | ||
116 | static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx, | |
117 | const OSSL_CMP_MSG *rr, | |
118 | const X509_NAME *issuer, | |
119 | const ASN1_INTEGER *serial) | |
120 | { | |
9311d0c4 | 121 | ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); |
e599d0ae DDO |
122 | return NULL; |
123 | } | |
124 | ||
125 | static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx, | |
126 | const OSSL_CMP_MSG *genm, | |
127 | const STACK_OF(OSSL_CMP_ITAV) *in, | |
128 | STACK_OF(OSSL_CMP_ITAV) **out) | |
129 | { | |
9311d0c4 | 130 | ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); |
e599d0ae DDO |
131 | return 0; |
132 | } | |
133 | ||
134 | static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error, | |
135 | const OSSL_CMP_PKISI *statusInfo, | |
136 | const ASN1_INTEGER *errorCode, | |
137 | const OSSL_CMP_PKIFREETEXT *errorDetails) | |
138 | { | |
9311d0c4 | 139 | ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); |
e599d0ae DDO |
140 | } |
141 | ||
142 | static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx, | |
143 | const OSSL_CMP_MSG *certConf, int certReqId, | |
144 | const ASN1_OCTET_STRING *certHash, | |
145 | const OSSL_CMP_PKISI *si) | |
146 | { | |
9311d0c4 | 147 | ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); |
e599d0ae DDO |
148 | return 0; |
149 | } | |
150 | ||
151 | static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx, | |
152 | const OSSL_CMP_MSG *pollReq, int certReqId, | |
153 | OSSL_CMP_MSG **certReq, int64_t *check_after) | |
154 | { | |
9311d0c4 | 155 | ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE); |
e599d0ae DDO |
156 | return 0; |
157 | } | |
158 | ||
159 | int FuzzerTestOneInput(const uint8_t *buf, size_t len) | |
160 | { | |
161 | OSSL_CMP_MSG *msg; | |
162 | BIO *in; | |
163 | ||
164 | if (len == 0) | |
165 | return 0; | |
166 | ||
167 | in = BIO_new(BIO_s_mem()); | |
168 | OPENSSL_assert((size_t)BIO_write(in, buf, len) == len); | |
169 | msg = d2i_OSSL_CMP_MSG_bio(in, NULL); | |
170 | if (msg != NULL) { | |
171 | BIO *out = BIO_new(BIO_s_null()); | |
1a7cd250 DDO |
172 | OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL); |
173 | OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(NULL, NULL); | |
e599d0ae DDO |
174 | |
175 | i2d_OSSL_CMP_MSG_bio(out, msg); | |
176 | ASN1_item_print(out, (ASN1_VALUE *)msg, 4, | |
177 | ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL); | |
178 | BIO_free(out); | |
179 | ||
180 | if (client_ctx != NULL) | |
181 | cmp_client_process_response(client_ctx, msg); | |
182 | if (srv_ctx != NULL | |
183 | && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx), | |
184 | print_noop) | |
185 | && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request, | |
186 | process_rr, process_genm, process_error, | |
187 | process_certConf, process_pollReq)) | |
188 | OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg)); | |
189 | ||
190 | OSSL_CMP_CTX_free(client_ctx); | |
191 | OSSL_CMP_SRV_CTX_free(srv_ctx); | |
192 | OSSL_CMP_MSG_free(msg); | |
193 | } | |
194 | ||
195 | BIO_free(in); | |
196 | ERR_clear_error(); | |
197 | ||
198 | return 0; | |
199 | } | |
200 | ||
201 | void FuzzerCleanup(void) | |
202 | { | |
203 | } |