xref: /openssl/fuzz/x509.c (revision da1c088f)
1 /*
2  * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  * https://www.openssl.org/source/license.html
8  * or in the file LICENSE in the source distribution.
9  */
10 
11 #include <openssl/x509.h>
12 #include <openssl/ocsp.h>
13 #include <openssl/bio.h>
14 #include <openssl/err.h>
15 #include <openssl/rand.h>
16 #include "fuzzer.h"
17 
FuzzerInitialize(int * argc,char *** argv)18 int FuzzerInitialize(int *argc, char ***argv)
19 {
20     FuzzerSetRand();
21     OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS
22        | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
23     ERR_clear_error();
24     CRYPTO_free_ex_index(0, -1);
25     return 1;
26 }
27 
cb(int ok,X509_STORE_CTX * ctx)28 static int cb(int ok, X509_STORE_CTX *ctx)
29 {
30     return 1;
31 }
32 
FuzzerTestOneInput(const uint8_t * buf,size_t len)33 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
34 {
35     const unsigned char *p = buf;
36     size_t orig_len = len;
37     unsigned char *der = NULL;
38     BIO *bio = NULL;
39     X509 *x509_1 = NULL, *x509_2 = NULL;
40     X509_STORE *store = NULL;
41     X509_VERIFY_PARAM *param = NULL;
42     X509_STORE_CTX *ctx = NULL;
43     X509_CRL *crl = NULL;
44     STACK_OF(X509_CRL) *crls = NULL;
45     STACK_OF(X509) *certs = NULL;
46     OCSP_RESPONSE *resp = NULL;
47     OCSP_BASICRESP *bs = NULL;
48     OCSP_CERTID *id = NULL;
49 
50     x509_1 = d2i_X509(NULL, &p, len);
51     if (x509_1 == NULL)
52         goto err;
53 
54     bio = BIO_new(BIO_s_null());
55     if (bio == NULL)
56         goto err;
57 
58     /* This will load and print the public key as well as extensions */
59     X509_print(bio, x509_1);
60     BIO_free(bio);
61 
62     X509_issuer_and_serial_hash(x509_1);
63 
64     i2d_X509(x509_1, &der);
65     OPENSSL_free(der);
66 
67     len = orig_len - (p - buf);
68     x509_2 = d2i_X509(NULL, &p, len);
69     if (x509_2 == NULL)
70         goto err;
71 
72     len = orig_len - (p - buf);
73     crl = d2i_X509_CRL(NULL, &p, len);
74     if (crl == NULL)
75         goto err;
76 
77     len = orig_len - (p - buf);
78     resp = d2i_OCSP_RESPONSE(NULL, &p, len);
79 
80     store = X509_STORE_new();
81     X509_STORE_add_cert(store, x509_2);
82 
83     param = X509_VERIFY_PARAM_new();
84     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
85     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);
86     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);
87     X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
88 
89     X509_STORE_set1_param(store, param);
90 
91     X509_STORE_set_verify_cb(store, cb);
92 
93     ctx = X509_STORE_CTX_new();
94     if (ctx == NULL)
95         goto err;
96 
97     X509_STORE_CTX_init(ctx, store, x509_1, NULL);
98 
99     if (crl != NULL) {
100         crls = sk_X509_CRL_new_null();
101         if (crls == NULL)
102             goto err;
103 
104         sk_X509_CRL_push(crls, crl);
105         X509_STORE_CTX_set0_crls(ctx, crls);
106     }
107 
108     X509_verify_cert(ctx);
109 
110     if (resp != NULL)
111         bs = OCSP_response_get1_basic(resp);
112 
113     if (bs != NULL) {
114         int status, reason;
115         ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd;
116 
117         certs = sk_X509_new_null();
118         if (certs == NULL)
119             goto err;
120 
121         sk_X509_push(certs, x509_1);
122         sk_X509_push(certs, x509_2);
123 
124         OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN);
125 
126         id = OCSP_cert_to_id(NULL, x509_1, x509_2);
127         if (id == NULL)
128             goto err;
129         OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd,
130                               &nextupd);
131     }
132 
133 err:
134     X509_STORE_CTX_free(ctx);
135     X509_VERIFY_PARAM_free(param);
136     X509_STORE_free(store);
137     X509_free(x509_1);
138     X509_free(x509_2);
139     X509_CRL_free(crl);
140     OCSP_CERTID_free(id);
141     OCSP_BASICRESP_free(bs);
142     OCSP_RESPONSE_free(resp);
143     sk_X509_CRL_free(crls);
144     sk_X509_free(certs);
145 
146     ERR_clear_error();
147     return 0;
148 }
149 
FuzzerCleanup(void)150 void FuzzerCleanup(void)
151 {
152     FuzzerClearRand();
153 }
154