diff options
Diffstat (limited to 'deps/openssl/openssl/fuzz/asn1.c')
| -rw-r--r-- | deps/openssl/openssl/fuzz/asn1.c | 148 |
1 files changed, 139 insertions, 9 deletions
diff --git a/deps/openssl/openssl/fuzz/asn1.c b/deps/openssl/openssl/fuzz/asn1.c index 5125f363ff..fd2271bf52 100644 --- a/deps/openssl/openssl/fuzz/asn1.c +++ b/deps/openssl/openssl/fuzz/asn1.c @@ -27,8 +27,15 @@ #include <openssl/ts.h> #include <openssl/x509v3.h> #include <openssl/cms.h> +#include <openssl/err.h> +#include <openssl/rand.h> +#include <openssl/bio.h> +#include <openssl/evp.h> +#include <openssl/ssl.h> #include "fuzzer.h" +#include "rand.inc" + static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(ACCESS_DESCRIPTION), #ifndef OPENSSL_NO_RFC3779 @@ -99,7 +106,9 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), +#if OPENSSL_API_COMPAT < 0x10200000L ASN1_ITEM_ref(LONG), +#endif ASN1_ITEM_ref(NAME_CONSTRAINTS), ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), ASN1_ITEM_ref(NETSCAPE_SPKAC), @@ -159,7 +168,6 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(RSAPublicKey), ASN1_ITEM_ref(SXNET), ASN1_ITEM_ref(SXNETID), - /*ASN1_ITEM_ref(TS_RESP), want to do this, but type is hidden, however d2i exists... */ ASN1_ITEM_ref(USERNOTICE), ASN1_ITEM_ref(X509), ASN1_ITEM_ref(X509_ALGOR), @@ -179,25 +187,112 @@ static ASN1_ITEM_EXP *item_type[] = { ASN1_ITEM_ref(X509_REVOKED), ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), +#if OPENSSL_API_COMPAT < 0x10200000L ASN1_ITEM_ref(ZLONG), +#endif + ASN1_ITEM_ref(INT32), + ASN1_ITEM_ref(ZINT32), + ASN1_ITEM_ref(UINT32), + ASN1_ITEM_ref(ZUINT32), + ASN1_ITEM_ref(INT64), + ASN1_ITEM_ref(ZINT64), + ASN1_ITEM_ref(UINT64), + ASN1_ITEM_ref(ZUINT64), NULL }; -int FuzzerInitialize(int *argc, char ***argv) { - return 1; +static ASN1_PCTX *pctx; + +#define DO_TEST(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + int len2; \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + PRINT(bio, type); \ + BIO_free(bio); \ + len2 = I2D(type, &der); \ + if (len2 != 0) {} \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ } -int FuzzerTestOneInput(const uint8_t *buf, size_t len) { - int n; +#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + PRINT(bio, type, 0); \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + +#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + PRINT(bio, type, 0, pctx); \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} - ASN1_PCTX *pctx = ASN1_PCTX_new(); +#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \ + const unsigned char *p = buf; \ + unsigned char *der = NULL; \ + TYPE *type = D2I(NULL, &p, len); \ + \ + if (type != NULL) { \ + BIO *bio = BIO_new(BIO_s_null()); \ + \ + BIO_free(bio); \ + I2D(type, &der); \ + OPENSSL_free(der); \ + TYPE ## _free(type); \ + } \ +} + + +int FuzzerInitialize(int *argc, char ***argv) +{ + pctx = ASN1_PCTX_new(); ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); + ERR_get_state(); + CRYPTO_free_ex_index(0, -1); + FuzzerSetRand(); + + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + int n; + + for (n = 0; item_type[n] != NULL; ++n) { const uint8_t *b = buf; unsigned char *der = NULL; @@ -206,17 +301,52 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) { if (o != NULL) { BIO *bio = BIO_new(BIO_s_null()); + ASN1_item_print(bio, o, 4, i, pctx); BIO_free(bio); - ASN1_item_i2d(o, &der, i); OPENSSL_free(der); - ASN1_item_free(o, i); } } - ASN1_PCTX_free(pctx); +#ifndef OPENSSL_NO_TS + DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio); + DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio); + DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio); + DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio); + DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio); + DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY); + DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL); + DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID); + DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT); +#endif +#ifndef OPENSSL_NO_DH + DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print); + DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print); +#endif +#ifndef OPENSSL_NO_DSA + DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG); + DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print); + DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print); + DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print); +#endif + DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print); +#ifndef OPENSSL_NO_EC + DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print); + DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print); + DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print); + DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG); +#endif + DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private); + DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print); + + ERR_clear_error(); return 0; } + +void FuzzerCleanup(void) +{ + ASN1_PCTX_free(pctx); +} |