cmp.c 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203
  1. /*
  2. * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Test CMP DER parsing.
  11. */
  12. #include <openssl/bio.h>
  13. #include <openssl/cmp.h>
  14. #include "../crypto/cmp/cmp_local.h"
  15. #include <openssl/err.h>
  16. #include "fuzzer.h"
  17. int FuzzerInitialize(int *argc, char ***argv)
  18. {
  19. FuzzerSetRand();
  20. OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
  21. ERR_clear_error();
  22. CRYPTO_free_ex_index(0, -1);
  23. return 1;
  24. }
  25. static int num_responses;
  26. static OSSL_CMP_MSG *transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req)
  27. {
  28. if (num_responses++ > 2)
  29. return NULL; /* prevent loops due to repeated pollRep */
  30. return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *)
  31. OSSL_CMP_CTX_get_transfer_cb_arg(ctx));
  32. }
  33. static int print_noop(const char *func, const char *file, int line,
  34. OSSL_CMP_severity level, const char *msg)
  35. {
  36. return 1;
  37. }
  38. static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep,
  39. int invalid_protection, int expected_type)
  40. {
  41. return 1;
  42. }
  43. static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
  44. {
  45. X509_NAME *name = X509_NAME_new();
  46. ASN1_INTEGER *serial = ASN1_INTEGER_new();
  47. ctx->unprotectedSend = 1; /* satisfy ossl_cmp_msg_protect() */
  48. ctx->disableConfirm = 1; /* check just one response message */
  49. ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */
  50. ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */
  51. if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"",
  52. 0) /* prevent too unspecific error */
  53. || ctx->oldCert == NULL
  54. || name == NULL || !X509_set_issuer_name(ctx->oldCert, name)
  55. || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial))
  56. goto err;
  57. (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb);
  58. (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx, msg);
  59. (void)OSSL_CMP_CTX_set_log_cb(ctx, print_noop);
  60. num_responses = 0;
  61. switch (msg->body != NULL ? msg->body->type : -1) {
  62. case OSSL_CMP_PKIBODY_IP:
  63. (void)OSSL_CMP_exec_IR_ses(ctx);
  64. break;
  65. case OSSL_CMP_PKIBODY_CP:
  66. (void)OSSL_CMP_exec_CR_ses(ctx);
  67. (void)OSSL_CMP_exec_P10CR_ses(ctx);
  68. break;
  69. case OSSL_CMP_PKIBODY_KUP:
  70. (void)OSSL_CMP_exec_KUR_ses(ctx);
  71. break;
  72. case OSSL_CMP_PKIBODY_POLLREP:
  73. ctx->status = OSSL_CMP_PKISTATUS_waiting;
  74. (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL, NULL);
  75. break;
  76. case OSSL_CMP_PKIBODY_RP:
  77. (void)OSSL_CMP_exec_RR_ses(ctx);
  78. break;
  79. case OSSL_CMP_PKIBODY_GENP:
  80. sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx),
  81. OSSL_CMP_ITAV_free);
  82. break;
  83. default:
  84. (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0);
  85. break;
  86. }
  87. err:
  88. X509_NAME_free(name);
  89. ASN1_INTEGER_free(serial);
  90. }
  91. static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
  92. const OSSL_CMP_MSG *cert_req,
  93. int certReqId,
  94. const OSSL_CRMF_MSG *crm,
  95. const X509_REQ *p10cr,
  96. X509 **certOut,
  97. STACK_OF(X509) **chainOut,
  98. STACK_OF(X509) **caPubs)
  99. {
  100. ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
  101. return NULL;
  102. }
  103. static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
  104. const OSSL_CMP_MSG *rr,
  105. const X509_NAME *issuer,
  106. const ASN1_INTEGER *serial)
  107. {
  108. ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
  109. return NULL;
  110. }
  111. static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
  112. const OSSL_CMP_MSG *genm,
  113. const STACK_OF(OSSL_CMP_ITAV) *in,
  114. STACK_OF(OSSL_CMP_ITAV) **out)
  115. {
  116. ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
  117. return 0;
  118. }
  119. static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
  120. const OSSL_CMP_PKISI *statusInfo,
  121. const ASN1_INTEGER *errorCode,
  122. const OSSL_CMP_PKIFREETEXT *errorDetails)
  123. {
  124. ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
  125. }
  126. static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
  127. const OSSL_CMP_MSG *certConf, int certReqId,
  128. const ASN1_OCTET_STRING *certHash,
  129. const OSSL_CMP_PKISI *si)
  130. {
  131. ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
  132. return 0;
  133. }
  134. static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
  135. const OSSL_CMP_MSG *pollReq, int certReqId,
  136. OSSL_CMP_MSG **certReq, int64_t *check_after)
  137. {
  138. ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
  139. return 0;
  140. }
  141. int FuzzerTestOneInput(const uint8_t *buf, size_t len)
  142. {
  143. OSSL_CMP_MSG *msg;
  144. BIO *in;
  145. if (len == 0)
  146. return 0;
  147. in = BIO_new(BIO_s_mem());
  148. OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
  149. msg = d2i_OSSL_CMP_MSG_bio(in, NULL);
  150. if (msg != NULL) {
  151. BIO *out = BIO_new(BIO_s_null());
  152. OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL);
  153. OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(NULL, NULL);
  154. i2d_OSSL_CMP_MSG_bio(out, msg);
  155. ASN1_item_print(out, (ASN1_VALUE *)msg, 4,
  156. ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL);
  157. BIO_free(out);
  158. if (client_ctx != NULL)
  159. cmp_client_process_response(client_ctx, msg);
  160. if (srv_ctx != NULL
  161. && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),
  162. print_noop)
  163. && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request,
  164. process_rr, process_genm, process_error,
  165. process_certConf, process_pollReq))
  166. OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg));
  167. OSSL_CMP_CTX_free(client_ctx);
  168. OSSL_CMP_SRV_CTX_free(srv_ctx);
  169. OSSL_CMP_MSG_free(msg);
  170. }
  171. BIO_free(in);
  172. ERR_clear_error();
  173. return 0;
  174. }
  175. void FuzzerCleanup(void)
  176. {
  177. FuzzerClearRand();
  178. }