VirtualBox

source: vbox/trunk/src/libs/openssl-3.0.9/fuzz/cmp.c@ 100906

Last change on this file since 100906 was 100487, checked in by vboxsync, 17 months ago

openssl-3.0.9: Applied and adjusted our OpenSSL changes we made to 3.0.7. bugref:10484

File size: 6.7 KB
Line 
1/*
2 * Copyright 2007-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/*
11 * Test CMP DER parsing.
12 */
13
14#include <openssl/bio.h>
15#include <openssl/cmp.h>
16#include "../crypto/cmp/cmp_local.h"
17#include <openssl/err.h>
18#include "fuzzer.h"
19
20int FuzzerInitialize(int *argc, char ***argv)
21{
22 FuzzerSetRand();
23 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
24 ERR_clear_error();
25 CRYPTO_free_ex_index(0, -1);
26 return 1;
27}
28
29static int num_responses;
30
31static OSSL_CMP_MSG *transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req)
32{
33 if (num_responses++ > 2)
34 return NULL; /* prevent loops due to repeated pollRep */
35 return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *)
36 OSSL_CMP_CTX_get_transfer_cb_arg(ctx));
37}
38
39static int print_noop(const char *func, const char *file, int line,
40 OSSL_CMP_severity level, const char *msg)
41{
42 return 1;
43}
44
45static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep,
46 int invalid_protection, int expected_type)
47{
48 return 1;
49}
50
51static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
52{
53 X509_NAME *name = X509_NAME_new();
54 ASN1_INTEGER *serial = ASN1_INTEGER_new();
55
56 ctx->unprotectedSend = 1; /* satisfy ossl_cmp_msg_protect() */
57 ctx->disableConfirm = 1; /* check just one response message */
58 ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */
59 ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */
60 if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"",
61 0) /* prevent too unspecific error */
62 || ctx->oldCert == NULL
63 || name == NULL || !X509_set_issuer_name(ctx->oldCert, name)
64 || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial))
65 goto err;
66
67 (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb);
68 (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx, msg);
69 (void)OSSL_CMP_CTX_set_log_cb(ctx, print_noop);
70 num_responses = 0;
71 switch (msg->body != NULL ? msg->body->type : -1) {
72 case OSSL_CMP_PKIBODY_IP:
73 (void)OSSL_CMP_exec_IR_ses(ctx);
74 break;
75 case OSSL_CMP_PKIBODY_CP:
76 (void)OSSL_CMP_exec_CR_ses(ctx);
77 (void)OSSL_CMP_exec_P10CR_ses(ctx);
78 break;
79 case OSSL_CMP_PKIBODY_KUP:
80 (void)OSSL_CMP_exec_KUR_ses(ctx);
81 break;
82 case OSSL_CMP_PKIBODY_POLLREP:
83 ctx->status = OSSL_CMP_PKISTATUS_waiting;
84 (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL, NULL);
85 break;
86 case OSSL_CMP_PKIBODY_RP:
87 (void)OSSL_CMP_exec_RR_ses(ctx);
88 break;
89 case OSSL_CMP_PKIBODY_GENP:
90 sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx),
91 OSSL_CMP_ITAV_free);
92 break;
93 default:
94 (void)ossl_cmp_msg_check_update(ctx, msg, allow_unprotected, 0);
95 break;
96 }
97 err:
98 X509_NAME_free(name);
99 ASN1_INTEGER_free(serial);
100}
101
102static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
103 const OSSL_CMP_MSG *cert_req,
104 int certReqId,
105 const OSSL_CRMF_MSG *crm,
106 const X509_REQ *p10cr,
107 X509 **certOut,
108 STACK_OF(X509) **chainOut,
109 STACK_OF(X509) **caPubs)
110{
111 ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
112 return NULL;
113}
114
115static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
116 const OSSL_CMP_MSG *rr,
117 const X509_NAME *issuer,
118 const ASN1_INTEGER *serial)
119{
120 ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
121 return NULL;
122}
123
124static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
125 const OSSL_CMP_MSG *genm,
126 const STACK_OF(OSSL_CMP_ITAV) *in,
127 STACK_OF(OSSL_CMP_ITAV) **out)
128{
129 ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
130 return 0;
131}
132
133static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
134 const OSSL_CMP_PKISI *statusInfo,
135 const ASN1_INTEGER *errorCode,
136 const OSSL_CMP_PKIFREETEXT *errorDetails)
137{
138 ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
139}
140
141static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
142 const OSSL_CMP_MSG *certConf, int certReqId,
143 const ASN1_OCTET_STRING *certHash,
144 const OSSL_CMP_PKISI *si)
145{
146 ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
147 return 0;
148}
149
150static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
151 const OSSL_CMP_MSG *pollReq, int certReqId,
152 OSSL_CMP_MSG **certReq, int64_t *check_after)
153{
154 ERR_raise(ERR_LIB_CMP, CMP_R_ERROR_PROCESSING_MESSAGE);
155 return 0;
156}
157
158int FuzzerTestOneInput(const uint8_t *buf, size_t len)
159{
160 OSSL_CMP_MSG *msg;
161 BIO *in;
162
163 if (len == 0)
164 return 0;
165
166 in = BIO_new(BIO_s_mem());
167 OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
168 msg = d2i_OSSL_CMP_MSG_bio(in, NULL);
169 if (msg != NULL) {
170 BIO *out = BIO_new(BIO_s_null());
171 OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new(NULL, NULL);
172 OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new(NULL, NULL);
173
174 i2d_OSSL_CMP_MSG_bio(out, msg);
175 ASN1_item_print(out, (ASN1_VALUE *)msg, 4,
176 ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL);
177 BIO_free(out);
178
179 if (client_ctx != NULL)
180 cmp_client_process_response(client_ctx, msg);
181 if (srv_ctx != NULL
182 && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),
183 print_noop)
184 && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request,
185 process_rr, process_genm, process_error,
186 process_certConf, process_pollReq))
187 OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg));
188
189 OSSL_CMP_CTX_free(client_ctx);
190 OSSL_CMP_SRV_CTX_free(srv_ctx);
191 OSSL_CMP_MSG_free(msg);
192 }
193
194 BIO_free(in);
195 ERR_clear_error();
196
197 return 0;
198}
199
200void FuzzerCleanup(void)
201{
202 FuzzerClearRand();
203}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette