1/* 2 * Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * https://www.openssl.org/source/license.html 8 * or in the file LICENSE in the source distribution. 9 */ 10 11#include <openssl/x509.h> 12#include <openssl/ocsp.h> 13#include <openssl/bio.h> 14#include <openssl/err.h> 15#include <openssl/rand.h> 16#include "fuzzer.h" 17 18int FuzzerInitialize(int *argc, char ***argv) 19{ 20 FuzzerSetRand(); 21 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS 22 | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); 23 ERR_clear_error(); 24 CRYPTO_free_ex_index(0, -1); 25 return 1; 26} 27 28static int cb(int ok, X509_STORE_CTX *ctx) 29{ 30 return 1; 31} 32 33int FuzzerTestOneInput(const uint8_t *buf, size_t len) 34{ 35 const unsigned char *p = buf; 36 size_t orig_len = len; 37 unsigned char *der = NULL; 38 BIO *bio = NULL; 39 X509 *x509_1 = NULL, *x509_2 = NULL; 40 X509_STORE *store = NULL; 41 X509_VERIFY_PARAM *param = NULL; 42 X509_STORE_CTX *ctx = NULL; 43 X509_CRL *crl = NULL; 44 STACK_OF(X509_CRL) *crls = NULL; 45 STACK_OF(X509) *certs = NULL; 46 OCSP_RESPONSE *resp = NULL; 47 OCSP_BASICRESP *bs = NULL; 48 OCSP_CERTID *id = NULL; 49 50 x509_1 = d2i_X509(NULL, &p, len); 51 if (x509_1 == NULL) 52 goto err; 53 54 bio = BIO_new(BIO_s_null()); 55 if (bio == NULL) 56 goto err; 57 58 /* This will load and print the public key as well as extensions */ 59 X509_print(bio, x509_1); 60 BIO_free(bio); 61 62 X509_issuer_and_serial_hash(x509_1); 63 64 i2d_X509(x509_1, &der); 65 OPENSSL_free(der); 66 67 len = orig_len - (p - buf); 68 x509_2 = d2i_X509(NULL, &p, len); 69 if (x509_2 == NULL) 70 goto err; 71 72 len = orig_len - (p - buf); 73 crl = d2i_X509_CRL(NULL, &p, len); 74 if (crl == NULL) 75 goto err; 76 77 len = orig_len - (p - buf); 78 resp = d2i_OCSP_RESPONSE(NULL, &p, len); 79 80 store = X509_STORE_new(); 81 X509_STORE_add_cert(store, x509_2); 82 83 param = X509_VERIFY_PARAM_new(); 84 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); 85 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT); 86 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN); 87 X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK); 88 89 X509_STORE_set1_param(store, param); 90 91 X509_STORE_set_verify_cb(store, cb); 92 93 ctx = X509_STORE_CTX_new(); 94 if (ctx == NULL) 95 goto err; 96 97 X509_STORE_CTX_init(ctx, store, x509_1, NULL); 98 99 if (crl != NULL) { 100 crls = sk_X509_CRL_new_null(); 101 if (crls == NULL) 102 goto err; 103 104 sk_X509_CRL_push(crls, crl); 105 X509_STORE_CTX_set0_crls(ctx, crls); 106 } 107 108 X509_verify_cert(ctx); 109 110 if (resp != NULL) 111 bs = OCSP_response_get1_basic(resp); 112 113 if (bs != NULL) { 114 int status, reason; 115 ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd; 116 117 certs = sk_X509_new_null(); 118 if (certs == NULL) 119 goto err; 120 121 sk_X509_push(certs, x509_1); 122 sk_X509_push(certs, x509_2); 123 124 OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN); 125 126 id = OCSP_cert_to_id(NULL, x509_1, x509_2); 127 if (id == NULL) 128 goto err; 129 OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd, 130 &nextupd); 131 } 132 133err: 134 X509_STORE_CTX_free(ctx); 135 X509_VERIFY_PARAM_free(param); 136 X509_STORE_free(store); 137 X509_free(x509_1); 138 X509_free(x509_2); 139 X509_CRL_free(crl); 140 OCSP_CERTID_free(id); 141 OCSP_BASICRESP_free(bs); 142 OCSP_RESPONSE_free(resp); 143 sk_X509_CRL_free(crls); 144 sk_X509_free(certs); 145 146 ERR_clear_error(); 147 return 0; 148} 149 150void FuzzerCleanup(void) 151{ 152 FuzzerClearRand(); 153} 154