2 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Test CMP DER parsing.
14 #include <openssl/bio.h>
15 #include <openssl/cmp.h>
16 #include "../crypto/cmp/cmp_local.h"
17 #include <openssl/err.h>
20 int FuzzerInitialize(int *argc
, char ***argv
)
23 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS
, NULL
);
25 CRYPTO_free_ex_index(0, -1);
29 static int num_responses
;
31 static OSSL_CMP_MSG
*transfer_cb(OSSL_CMP_CTX
*ctx
, const OSSL_CMP_MSG
*req
)
33 if (num_responses
++ > 2)
34 return NULL
; /* prevent loops due to repeated pollRep */
35 return OSSL_CMP_MSG_dup((OSSL_CMP_MSG
*)
36 OSSL_CMP_CTX_get_transfer_cb_arg(ctx
));
39 static int print_noop(const char *func
, const char *file
, int line
,
40 OSSL_CMP_severity level
, const char *msg
)
45 static int allow_unprotected(const OSSL_CMP_CTX
*ctx
, const OSSL_CMP_MSG
*rep
,
46 int invalid_protection
, int expected_type
)
51 static void cmp_client_process_response(OSSL_CMP_CTX
*ctx
, OSSL_CMP_MSG
*msg
)
53 X509_NAME
*name
= X509_NAME_new();
54 ASN1_INTEGER
*serial
= ASN1_INTEGER_new();
56 ctx
->unprotectedSend
= 1; /* satisfy ossl_cmp_msg_protect() */
57 ctx
->disableConfirm
= 1; /* check just one response message */
58 ctx
->popoMethod
= OSSL_CRMF_POPO_NONE
; /* satisfy ossl_cmp_certReq_new() */
59 ctx
->oldCert
= X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */
60 if (!OSSL_CMP_CTX_set1_secretValue(ctx
, (unsigned char *)"",
61 0) /* prevent too unspecific error */
62 || ctx
->oldCert
== NULL
63 || name
== NULL
|| !X509_set_issuer_name(ctx
->oldCert
, name
)
64 || serial
== NULL
|| !X509_set_serialNumber(ctx
->oldCert
, serial
))
67 (void)OSSL_CMP_CTX_set_transfer_cb(ctx
, transfer_cb
);
68 (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx
, msg
);
69 (void)OSSL_CMP_CTX_set_log_cb(ctx
, print_noop
);
71 switch (msg
->body
!= NULL
? msg
->body
->type
: -1) {
72 case OSSL_CMP_PKIBODY_IP
:
73 (void)OSSL_CMP_exec_IR_ses(ctx
);
75 case OSSL_CMP_PKIBODY_CP
:
76 (void)OSSL_CMP_exec_CR_ses(ctx
);
77 (void)OSSL_CMP_exec_P10CR_ses(ctx
);
79 case OSSL_CMP_PKIBODY_KUP
:
80 (void)OSSL_CMP_exec_KUR_ses(ctx
);
82 case OSSL_CMP_PKIBODY_POLLREP
:
83 ctx
->status
= OSSL_CMP_PKISTATUS_waiting
;
84 (void)OSSL_CMP_try_certreq(ctx
, OSSL_CMP_PKIBODY_CR
, NULL
, NULL
);
86 case OSSL_CMP_PKIBODY_RP
:
87 (void)OSSL_CMP_exec_RR_ses(ctx
);
89 case OSSL_CMP_PKIBODY_GENP
:
90 sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx
),
94 (void)ossl_cmp_msg_check_update(ctx
, msg
, allow_unprotected
, 0);
99 ASN1_INTEGER_free(serial
);
102 static OSSL_CMP_PKISI
*process_cert_request(OSSL_CMP_SRV_CTX
*srv_ctx
,
103 const OSSL_CMP_MSG
*cert_req
,
105 const OSSL_CRMF_MSG
*crm
,
106 const X509_REQ
*p10cr
,
108 STACK_OF(X509
) **chainOut
,
109 STACK_OF(X509
) **caPubs
)
111 ERR_raise(ERR_LIB_CMP
, CMP_R_ERROR_PROCESSING_MESSAGE
);
115 static OSSL_CMP_PKISI
*process_rr(OSSL_CMP_SRV_CTX
*srv_ctx
,
116 const OSSL_CMP_MSG
*rr
,
117 const X509_NAME
*issuer
,
118 const ASN1_INTEGER
*serial
)
120 ERR_raise(ERR_LIB_CMP
, CMP_R_ERROR_PROCESSING_MESSAGE
);
124 static int process_genm(OSSL_CMP_SRV_CTX
*srv_ctx
,
125 const OSSL_CMP_MSG
*genm
,
126 const STACK_OF(OSSL_CMP_ITAV
) *in
,
127 STACK_OF(OSSL_CMP_ITAV
) **out
)
129 ERR_raise(ERR_LIB_CMP
, CMP_R_ERROR_PROCESSING_MESSAGE
);
133 static void process_error(OSSL_CMP_SRV_CTX
*srv_ctx
, const OSSL_CMP_MSG
*error
,
134 const OSSL_CMP_PKISI
*statusInfo
,
135 const ASN1_INTEGER
*errorCode
,
136 const OSSL_CMP_PKIFREETEXT
*errorDetails
)
138 ERR_raise(ERR_LIB_CMP
, CMP_R_ERROR_PROCESSING_MESSAGE
);
141 static int process_certConf(OSSL_CMP_SRV_CTX
*srv_ctx
,
142 const OSSL_CMP_MSG
*certConf
, int certReqId
,
143 const ASN1_OCTET_STRING
*certHash
,
144 const OSSL_CMP_PKISI
*si
)
146 ERR_raise(ERR_LIB_CMP
, CMP_R_ERROR_PROCESSING_MESSAGE
);
150 static int process_pollReq(OSSL_CMP_SRV_CTX
*srv_ctx
,
151 const OSSL_CMP_MSG
*pollReq
, int certReqId
,
152 OSSL_CMP_MSG
**certReq
, int64_t *check_after
)
154 ERR_raise(ERR_LIB_CMP
, CMP_R_ERROR_PROCESSING_MESSAGE
);
158 static int clean_transaction(ossl_unused OSSL_CMP_SRV_CTX
*srv_ctx
,
159 ossl_unused
const ASN1_OCTET_STRING
*id
)
164 static int delayed_delivery(ossl_unused OSSL_CMP_SRV_CTX
*srv_ctx
,
165 ossl_unused
const OSSL_CMP_MSG
*req
)
170 int FuzzerTestOneInput(const uint8_t *buf
, size_t len
)
178 in
= BIO_new(BIO_s_mem());
179 OPENSSL_assert((size_t)BIO_write(in
, buf
, len
) == len
);
180 msg
= d2i_OSSL_CMP_MSG_bio(in
, NULL
);
182 BIO
*out
= BIO_new(BIO_s_null());
183 OSSL_CMP_SRV_CTX
*srv_ctx
= OSSL_CMP_SRV_CTX_new(NULL
, NULL
);
184 OSSL_CMP_CTX
*client_ctx
= OSSL_CMP_CTX_new(NULL
, NULL
);
186 i2d_OSSL_CMP_MSG_bio(out
, msg
);
187 ASN1_item_print(out
, (ASN1_VALUE
*)msg
, 4,
188 ASN1_ITEM_rptr(OSSL_CMP_MSG
), NULL
);
191 if (client_ctx
!= NULL
)
192 cmp_client_process_response(client_ctx
, msg
);
194 && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx
),
196 && OSSL_CMP_SRV_CTX_init(srv_ctx
, NULL
, process_cert_request
,
197 process_rr
, process_genm
, process_error
,
198 process_certConf
, process_pollReq
)
199 && OSSL_CMP_SRV_CTX_init_trans(srv_ctx
, delayed_delivery
,
201 OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx
, msg
));
203 OSSL_CMP_CTX_free(client_ctx
);
204 OSSL_CMP_SRV_CTX_free(srv_ctx
);
205 OSSL_CMP_MSG_free(msg
);
214 void FuzzerCleanup(void)