openssl/fuzz/x509.c

/*
 * Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * https://www.openssl.org/source/license.html
 * or in the file LICENSE in the source distribution.
 */

#include <openssl/x509.h>
#include <openssl/bio.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include "fuzzer.h"

int FuzzerInitialize(int *argc, char ***argv)
{
    FuzzerSetRand();
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
    ERR_clear_error();
    CRYPTO_free_ex_index(0, -1);
    return 1;
}

int FuzzerTestOneInput(const uint8_t *buf, size_t len)
{
    const unsigned char *p = buf;
    unsigned char *der = NULL;

    X509 *x509 = d2i_X509(NULL, &p, len);
    if (x509 != NULL) {
        BIO *bio = BIO_new(BIO_s_null());
        /* This will load and print the public key as well as extensions */
        X509_print(bio, x509);
        BIO_free(bio);

        X509_issuer_and_serial_hash(x509);

        i2d_X509(x509, &der);
        OPENSSL_free(der);

        X509_free(x509);
    }
    ERR_clear_error();
    return 0;
}

void FuzzerCleanup(void)
{
    FuzzerClearRand();
}
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`/*`
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14235) 2021-02-18 22:57:13 +08:00			`* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.`
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`*`
Following the license change, modify the boilerplates in fuzz/ [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7833) 2018-12-06 21:07:47 +08:00			`* Licensed under the Apache License 2.0 (the "License");`
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`* https://www.openssl.org/source/license.html`
			`* or in the file LICENSE in the source distribution.`
			`*/`

			`#include <openssl/x509.h>`
			`#include <openssl/bio.h>`
Make the fuzzers more reproducible We want to be in the same global state each time we come in FuzzerTestOneInput(). There are various reasons why we might not be that include: - Initialization that happens on first use. This is mostly the RUN_ONCE() things, or loading of error strings. - Results that get cached. For instance a stack that is sorted, RSA blinding that has been set up, ... So I try to trigger as much as possible in FuzzerInitialize(), and for things I didn't find out how to trigger this it needs to happen in FuzzerTestOneInput(). Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-12-03 02:34:54 +08:00			`#include <openssl/err.h>`
Make x509 and asn1 fuzzer reproducible Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> GH: #2683 2017-02-20 00:04:11 +08:00			`#include <openssl/rand.h>`
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`#include "fuzzer.h"`

Fix formatting of fuzzers Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-11-20 00:10:35 +08:00			`int FuzzerInitialize(int argc, char **argv)`
			`{`
RAND_METHOD deprecation: fuzzer Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652) 2020-12-10 10:04:58 +08:00			`FuzzerSetRand();`
Make the fuzzers more reproducible We want to be in the same global state each time we come in FuzzerTestOneInput(). There are various reasons why we might not be that include: - Initialization that happens on first use. This is mostly the RUN_ONCE() things, or loading of error strings. - Results that get cached. For instance a stack that is sorted, RSA blinding that has been set up, ... So I try to trigger as much as possible in FuzzerInitialize(), and for things I didn't find out how to trigger this it needs to happen in FuzzerTestOneInput(). Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-12-03 02:34:54 +08:00			`OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);`
Deprecate ERR_get_state() Internally, we still need this function, so we make it internal and then add a new ERR_get_state() that simply calls the internal variant, unless it's "removed" by configuration. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9462) 2019-07-27 00:11:55 +08:00			`ERR_clear_error();`
Make the fuzzers more reproducible We want to be in the same global state each time we come in FuzzerTestOneInput(). There are various reasons why we might not be that include: - Initialization that happens on first use. This is mostly the RUN_ONCE() things, or loading of error strings. - Results that get cached. For instance a stack that is sorted, RSA blinding that has been set up, ... So I try to trigger as much as possible in FuzzerInitialize(), and for things I didn't find out how to trigger this it needs to happen in FuzzerTestOneInput(). Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-12-03 02:34:54 +08:00			`CRYPTO_free_ex_index(0, -1);`
Re-add x509 and crl fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1276 2016-07-01 22:42:15 +08:00			`return 1;`
			`}`

Fix formatting of fuzzers Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-11-20 00:10:35 +08:00			`int FuzzerTestOneInput(const uint8_t *buf, size_t len)`
			`{`
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`const unsigned char *p = buf;`
			`unsigned char *der = NULL;`

			`X509 *x509 = d2i_X509(NULL, &p, len);`
			`if (x509 != NULL) {`
			`BIO *bio = BIO_new(BIO_s_null());`
Add comment about X509_print Signed-off-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Emilia Kasper <emilia@openssl.org> GH: #1255 2016-06-26 22:37:03 +08:00			`/* This will load and print the public key as well as extensions */`
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`X509_print(bio, x509);`
			`BIO_free(bio);`

Test that X509_issuer_and_serial_hash doesn't crash Provide a certificate with a bad issuer and check that X509_issuer_and_serial_hash doesn't crash. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> 2021-02-11 00:36:57 +08:00			`X509_issuer_and_serial_hash(x509);`

Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`i2d_X509(x509, &der);`
			`OPENSSL_free(der);`

			`X509_free(x509);`
			`}`
Make the fuzzers more reproducible We want to be in the same global state each time we come in FuzzerTestOneInput(). There are various reasons why we might not be that include: - Initialization that happens on first use. This is mostly the RUN_ONCE() things, or loading of error strings. - Results that get cached. For instance a stack that is sorted, RSA blinding that has been set up, ... So I try to trigger as much as possible in FuzzerInitialize(), and for things I didn't find out how to trigger this it needs to happen in FuzzerTestOneInput(). Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-12-03 02:34:54 +08:00			`ERR_clear_error();`
Add X509 and CRL fuzzer Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #1229 2016-06-18 21:56:49 +08:00			`return 0;`
			`}`
Add a FuzzerClean() function This allows to free everything we allocated, so we can detect memory leaks. Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-11-20 00:13:10 +08:00
			`void FuzzerCleanup(void)`
			`{`
RAND_METHOD deprecation: fuzzer Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13652) 2020-12-10 10:04:58 +08:00			`FuzzerClearRand();`
Add a FuzzerClean() function This allows to free everything we allocated, so we can detect memory leaks. Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023 2016-11-20 00:13:10 +08:00			`}`