2
0

x509.c 3.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153
  1. /*
  2. * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License");
  5. * you may not use this file except in compliance with the License.
  6. * You may obtain a copy of the License at
  7. * https://www.openssl.org/source/license.html
  8. * or in the file LICENSE in the source distribution.
  9. */
  10. #include <openssl/x509.h>
  11. #include <openssl/ocsp.h>
  12. #include <openssl/bio.h>
  13. #include <openssl/err.h>
  14. #include <openssl/rand.h>
  15. #include "fuzzer.h"
  16. int FuzzerInitialize(int *argc, char ***argv)
  17. {
  18. FuzzerSetRand();
  19. OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS
  20. | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
  21. ERR_clear_error();
  22. CRYPTO_free_ex_index(0, -1);
  23. return 1;
  24. }
  25. static int cb(int ok, X509_STORE_CTX *ctx)
  26. {
  27. return 1;
  28. }
  29. int FuzzerTestOneInput(const uint8_t *buf, size_t len)
  30. {
  31. const unsigned char *p = buf;
  32. size_t orig_len = len;
  33. unsigned char *der = NULL;
  34. BIO *bio = NULL;
  35. X509 *x509_1 = NULL, *x509_2 = NULL;
  36. X509_STORE *store = NULL;
  37. X509_VERIFY_PARAM *param = NULL;
  38. X509_STORE_CTX *ctx = NULL;
  39. X509_CRL *crl = NULL;
  40. STACK_OF(X509_CRL) *crls = NULL;
  41. STACK_OF(X509) *certs = NULL;
  42. OCSP_RESPONSE *resp = NULL;
  43. OCSP_BASICRESP *bs = NULL;
  44. OCSP_CERTID *id = NULL;
  45. x509_1 = d2i_X509(NULL, &p, len);
  46. if (x509_1 == NULL)
  47. goto err;
  48. bio = BIO_new(BIO_s_null());
  49. if (bio == NULL)
  50. goto err;
  51. /* This will load and print the public key as well as extensions */
  52. X509_print(bio, x509_1);
  53. BIO_free(bio);
  54. X509_issuer_and_serial_hash(x509_1);
  55. i2d_X509(x509_1, &der);
  56. OPENSSL_free(der);
  57. len = orig_len - (p - buf);
  58. x509_2 = d2i_X509(NULL, &p, len);
  59. if (x509_2 == NULL)
  60. goto err;
  61. len = orig_len - (p - buf);
  62. crl = d2i_X509_CRL(NULL, &p, len);
  63. if (crl == NULL)
  64. goto err;
  65. len = orig_len - (p - buf);
  66. resp = d2i_OCSP_RESPONSE(NULL, &p, len);
  67. store = X509_STORE_new();
  68. X509_STORE_add_cert(store, x509_2);
  69. param = X509_VERIFY_PARAM_new();
  70. X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
  71. X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);
  72. X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);
  73. X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);
  74. X509_STORE_set1_param(store, param);
  75. X509_STORE_set_verify_cb(store, cb);
  76. ctx = X509_STORE_CTX_new();
  77. if (ctx == NULL)
  78. goto err;
  79. X509_STORE_CTX_init(ctx, store, x509_1, NULL);
  80. if (crl != NULL) {
  81. crls = sk_X509_CRL_new_null();
  82. if (crls == NULL)
  83. goto err;
  84. sk_X509_CRL_push(crls, crl);
  85. X509_STORE_CTX_set0_crls(ctx, crls);
  86. }
  87. X509_verify_cert(ctx);
  88. if (resp != NULL)
  89. bs = OCSP_response_get1_basic(resp);
  90. if (bs != NULL) {
  91. int status, reason;
  92. ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd;
  93. certs = sk_X509_new_null();
  94. if (certs == NULL)
  95. goto err;
  96. sk_X509_push(certs, x509_1);
  97. sk_X509_push(certs, x509_2);
  98. OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN);
  99. id = OCSP_cert_to_id(NULL, x509_1, x509_2);
  100. if (id == NULL)
  101. goto err;
  102. OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd,
  103. &nextupd);
  104. }
  105. err:
  106. X509_STORE_CTX_free(ctx);
  107. X509_VERIFY_PARAM_free(param);
  108. X509_STORE_free(store);
  109. X509_free(x509_1);
  110. X509_free(x509_2);
  111. X509_CRL_free(crl);
  112. OCSP_CERTID_free(id);
  113. OCSP_BASICRESP_free(bs);
  114. OCSP_RESPONSE_free(resp);
  115. sk_X509_CRL_free(crls);
  116. sk_X509_free(certs);
  117. ERR_clear_error();
  118. return 0;
  119. }
  120. void FuzzerCleanup(void)
  121. {
  122. FuzzerClearRand();
  123. }