projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| e1859d8d | 1 | /* |
| da1c088f | 2 | * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. |
| e1859d8d | 3 | * |
| 0642931f | 4 | * Licensed under the Apache License 2.0 (the "License"); |
| e1859d8d KR |
5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at | |
| 7 | * https://www.openssl.org/source/license.html | |
| 8 | * or in the file LICENSE in the source distribution. | |
| 9 | */ | |
| 10 | ||
| 11 | #include <openssl/x509.h> | |
| 399c2da0 | 12 | #include <openssl/ocsp.h> |
| e1859d8d | 13 | #include <openssl/bio.h> |
| d69d8f90 | 14 | #include <openssl/err.h> |
| b534df96 | 15 | #include <openssl/rand.h> |
| e1859d8d KR |
16 | #include "fuzzer.h" |
| 17 | ||
| f3e911d5 KR |
18 | int FuzzerInitialize(int *argc, char ***argv) |
| 19 | { | |
| de2ea978 | 20 | FuzzerSetRand(); |
| 399c2da0 KR |
21 | OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS |
| 22 | | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); | |
| e5d4233f | 23 | ERR_clear_error(); |
| d69d8f90 | 24 | CRYPTO_free_ex_index(0, -1); |
| a05b0bcf KR |
25 | return 1; |
| 26 | } | |
| 27 | ||
| 399c2da0 KR |
28 | static int cb(int ok, X509_STORE_CTX *ctx) |
| 29 | { | |
| 30 | return 1; | |
| 31 | } | |
| 32 | ||
| f3e911d5 KR |
33 | int FuzzerTestOneInput(const uint8_t *buf, size_t len) |
| 34 | { | |
| e1859d8d | 35 | const unsigned char *p = buf; |
| 399c2da0 | 36 | size_t orig_len = len; |
| e1859d8d | 37 | unsigned char *der = NULL; |
| 399c2da0 KR |
38 | BIO *bio = NULL; |
| 39 | X509 *x509_1 = NULL, *x509_2 = NULL; | |
| 40 | X509_STORE *store = NULL; | |
| 41 | X509_VERIFY_PARAM *param = NULL; | |
| 42 | X509_STORE_CTX *ctx = NULL; | |
| 43 | X509_CRL *crl = NULL; | |
| 44 | STACK_OF(X509_CRL) *crls = NULL; | |
| 45 | STACK_OF(X509) *certs = NULL; | |
| 46 | OCSP_RESPONSE *resp = NULL; | |
| 47 | OCSP_BASICRESP *bs = NULL; | |
| 48 | OCSP_CERTID *id = NULL; | |
| 49 | ||
| 50 | x509_1 = d2i_X509(NULL, &p, len); | |
| 51 | if (x509_1 == NULL) | |
| 52 | goto err; | |
| 53 | ||
| 54 | bio = BIO_new(BIO_s_null()); | |
| 55 | if (bio == NULL) | |
| 56 | goto err; | |
| 57 | ||
| 58 | /* This will load and print the public key as well as extensions */ | |
| 59 | X509_print(bio, x509_1); | |
| 60 | BIO_free(bio); | |
| 61 | ||
| 62 | X509_issuer_and_serial_hash(x509_1); | |
| 63 | ||
| 64 | i2d_X509(x509_1, &der); | |
| 65 | OPENSSL_free(der); | |
| 66 | ||
| 67 | len = orig_len - (p - buf); | |
| 68 | x509_2 = d2i_X509(NULL, &p, len); | |
| 69 | if (x509_2 == NULL) | |
| 70 | goto err; | |
| 71 | ||
| 72 | len = orig_len - (p - buf); | |
| 73 | crl = d2i_X509_CRL(NULL, &p, len); | |
| 74 | if (crl == NULL) | |
| 75 | goto err; | |
| 76 | ||
| 77 | len = orig_len - (p - buf); | |
| 78 | resp = d2i_OCSP_RESPONSE(NULL, &p, len); | |
| 79 | ||
| 80 | store = X509_STORE_new(); | |
| 81 | X509_STORE_add_cert(store, x509_2); | |
| e1859d8d | 82 | |
| 399c2da0 KR |
83 | param = X509_VERIFY_PARAM_new(); |
| 84 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); | |
| 85 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); | |
| 86 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); | |
| 87 | X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); | |
| e1859d8d | 88 | |
| 399c2da0 | 89 | X509_STORE_set1_param(store, param); |
| 55869f59 | 90 | |
| 399c2da0 | 91 | X509_STORE_set_verify_cb(store, cb); |
| e1859d8d | 92 | |
| 399c2da0 KR |
93 | ctx = X509_STORE_CTX_new(); |
| 94 | if (ctx == NULL) | |
| 95 | goto err; | |
| 96 | ||
| 97 | X509_STORE_CTX_init(ctx, store, x509_1, NULL); | |
| 98 | ||
| 99 | if (crl != NULL) { | |
| 100 | crls = sk_X509_CRL_new_null(); | |
| 101 | if (crls == NULL) | |
| 102 | goto err; | |
| 103 | ||
| 104 | sk_X509_CRL_push(crls, crl); | |
| 105 | X509_STORE_CTX_set0_crls(ctx, crls); | |
| e1859d8d | 106 | } |
| 399c2da0 KR |
107 | |
| 108 | X509_verify_cert(ctx); | |
| 109 | ||
| 110 | if (resp != NULL) | |
| 111 | bs = OCSP_response_get1_basic(resp); | |
| 112 | ||
| 113 | if (bs != NULL) { | |
| 114 | int status, reason; | |
| 115 | ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; | |
| 116 | ||
| 117 | certs = sk_X509_new_null(); | |
| 118 | if (certs == NULL) | |
| 119 | goto err; | |
| 120 | ||
| 121 | sk_X509_push(certs, x509_1); | |
| 122 | sk_X509_push(certs, x509_2); | |
| 123 | ||
| 124 | OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); | |
| 125 | ||
| 126 | id = OCSP_cert_to_id(NULL, x509_1, x509_2); | |
| 127 | if (id == NULL) | |
| 128 | goto err; | |
| 129 | OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, | |
| 130 | &nextupd); | |
| 131 | } | |
| 132 | ||
| 133 | err: | |
| 134 | X509_STORE_CTX_free(ctx); | |
| 135 | X509_VERIFY_PARAM_free(param); | |
| 136 | X509_STORE_free(store); | |
| 137 | X509_free(x509_1); | |
| 138 | X509_free(x509_2); | |
| 139 | X509_CRL_free(crl); | |
| 140 | OCSP_CERTID_free(id); | |
| 141 | OCSP_BASICRESP_free(bs); | |
| 142 | OCSP_RESPONSE_free(resp); | |
| 143 | sk_X509_CRL_free(crls); | |
| 144 | sk_X509_free(certs); | |
| 145 | ||
| d69d8f90 | 146 | ERR_clear_error(); |
| e1859d8d KR |
147 | return 0; |
| 148 | } | |
| ad4da7fb KR |
149 | |
| 150 | void FuzzerCleanup(void) | |
| 151 | { | |
| de2ea978 | 152 | FuzzerClearRand(); |
| ad4da7fb | 153 | } |