cmp.c 6.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
  1. /*
  2. * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /*
  10. * Test CMP DER parsing.
  11. */
  12. #include <openssl/bio.h>
  13. #include <openssl/cmp.h>
  14. #include "../crypto/cmp/cmp_local.h"
  15. #include <openssl/err.h>
  16. #include "fuzzer.h"
  17. #include "rand.inc"
  18. DEFINE_STACK_OF(OSSL_CMP_ITAV)
  19. int FuzzerInitialize(int *argc, char ***argv)
  20. {
  21. OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
  22. ERR_clear_error();
  23. CRYPTO_free_ex_index(0, -1);
  24. FuzzerSetRand();
  25. return 1;
  26. }
  27. static int num_responses;
  28. static OSSL_CMP_MSG *transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req)
  29. {
  30. if (num_responses++ > 2)
  31. return NULL; /* prevent loops due to repeated pollRep */
  32. return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *)
  33. OSSL_CMP_CTX_get_transfer_cb_arg(ctx));
  34. }
  35. static int print_noop(const char *func, const char *file, int line,
  36. OSSL_CMP_severity level, const char *msg)
  37. {
  38. return 1;
  39. }
  40. static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep,
  41. int invalid_protection, int expected_type)
  42. {
  43. return 1;
  44. }
  45. static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
  46. {
  47. X509_NAME *name = X509_NAME_new();
  48. ASN1_INTEGER *serial = ASN1_INTEGER_new();
  49. ctx->unprotectedSend = 1; /* satisfy ossl_cmp_msg_protect() */
  50. ctx->disableConfirm = 1; /* check just one response message */
  51. ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */
  52. ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */
  53. if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"",
  54. 0) /* prevent too unspecific error */
  55. || ctx->oldCert == NULL
  56. || name == NULL || !X509_set_issuer_name(ctx->oldCert, name)
  57. || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial))
  58. goto err;
  59. (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb);
  60. (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx, msg);
  61. (void)OSSL_CMP_CTX_set_log_cb(ctx, print_noop);
  62. num_responses = 0;
  63. switch (msg->body != NULL ? msg->body->type : -1) {
  64. case OSSL_CMP_PKIBODY_IP:
  65. (void)OSSL_CMP_exec_IR_ses(ctx);
  66. break;
  67. case OSSL_CMP_PKIBODY_CP:
  68. (void)OSSL_CMP_exec_CR_ses(ctx);
  69. (void)OSSL_CMP_exec_P10CR_ses(ctx);
  70. break;
  71. case OSSL_CMP_PKIBODY_KUP:
  72. (void)OSSL_CMP_exec_KUR_ses(ctx);
  73. break;
  74. case OSSL_CMP_PKIBODY_POLLREP:
  75. ctx->status = OSSL_CMP_PKISTATUS_waiting;
  76. (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL);
  77. break;
  78. case OSSL_CMP_PKIBODY_RP:
  79. (void)OSSL_CMP_exec_RR_ses(ctx);
  80. break;
  81. case OSSL_CMP_PKIBODY_GENP:
  82. sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx),
  83. OSSL_CMP_ITAV_free);
  84. break;
  85. default:
  86. (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0);
  87. break;
  88. }
  89. err:
  90. X509_NAME_free(name);
  91. ASN1_INTEGER_free(serial);
  92. }
  93. static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
  94. const OSSL_CMP_MSG *cert_req,
  95. int certReqId,
  96. const OSSL_CRMF_MSG *crm,
  97. const X509_REQ *p10cr,
  98. X509 **certOut,
  99. STACK_OF(X509) **chainOut,
  100. STACK_OF(X509) **caPubs)
  101. {
  102. CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
  103. return NULL;
  104. }
  105. static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
  106. const OSSL_CMP_MSG *rr,
  107. const X509_NAME *issuer,
  108. const ASN1_INTEGER *serial)
  109. {
  110. CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
  111. return NULL;
  112. }
  113. static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
  114. const OSSL_CMP_MSG *genm,
  115. const STACK_OF(OSSL_CMP_ITAV) *in,
  116. STACK_OF(OSSL_CMP_ITAV) **out)
  117. {
  118. CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
  119. return 0;
  120. }
  121. static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
  122. const OSSL_CMP_PKISI *statusInfo,
  123. const ASN1_INTEGER *errorCode,
  124. const OSSL_CMP_PKIFREETEXT *errorDetails)
  125. {
  126. CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
  127. }
  128. static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
  129. const OSSL_CMP_MSG *certConf, int certReqId,
  130. const ASN1_OCTET_STRING *certHash,
  131. const OSSL_CMP_PKISI *si)
  132. {
  133. CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
  134. return 0;
  135. }
  136. static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
  137. const OSSL_CMP_MSG *pollReq, int certReqId,
  138. OSSL_CMP_MSG **certReq, int64_t *check_after)
  139. {
  140. CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
  141. return 0;
  142. }
  143. int FuzzerTestOneInput(const uint8_t *buf, size_t len)
  144. {
  145. OSSL_CMP_MSG *msg;
  146. BIO *in;
  147. if (len == 0)
  148. return 0;
  149. in = BIO_new(BIO_s_mem());
  150. OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
  151. msg = d2i_OSSL_CMP_MSG_bio(in, NULL);
  152. if (msg != NULL) {
  153. BIO *out = BIO_new(BIO_s_null());
  154. OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new();
  155. OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new();
  156. i2d_OSSL_CMP_MSG_bio(out, msg);
  157. ASN1_item_print(out, (ASN1_VALUE *)msg, 4,
  158. ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL);
  159. BIO_free(out);
  160. if (client_ctx != NULL)
  161. cmp_client_process_response(client_ctx, msg);
  162. if (srv_ctx != NULL
  163. && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),
  164. print_noop)
  165. && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request,
  166. process_rr, process_genm, process_error,
  167. process_certConf, process_pollReq))
  168. OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg));
  169. OSSL_CMP_CTX_free(client_ctx);
  170. OSSL_CMP_SRV_CTX_free(srv_ctx);
  171. OSSL_CMP_MSG_free(msg);
  172. }
  173. BIO_free(in);
  174. ERR_clear_error();
  175. return 0;
  176. }
  177. void FuzzerCleanup(void)
  178. {
  179. }