Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/fuzz/x509.c
34859 views
1
/*

2
 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License");

5
 * you may not use this file except in compliance with the License.

6
 * You may obtain a copy of the License at

7
 * https://www.openssl.org/source/license.html

8
 * or in the file LICENSE in the source distribution.

9
 */

10


11
#include <openssl/x509.h>

12
#include <openssl/ocsp.h>

13
#include <openssl/bio.h>

14
#include <openssl/err.h>

15
#include <openssl/rand.h>

16
#include "fuzzer.h"

17


18
int FuzzerInitialize(int *argc, char ***argv)

19
{

20
    FuzzerSetRand();

21
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS

22
       | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);

23
    ERR_clear_error();

24
    CRYPTO_free_ex_index(0, -1);

25
    return 1;

26
}

27


28
static int cb(int ok, X509_STORE_CTX *ctx)

29
{

30
    return 1;

31
}

32


33
int FuzzerTestOneInput(const uint8_t *buf, size_t len)

34
{

35
    const unsigned char *p = buf;

36
    size_t orig_len = len;

37
    unsigned char *der = NULL;

38
    BIO *bio = NULL;

39
    X509 *x509_1 = NULL, *x509_2 = NULL;

40
    X509_STORE *store = NULL;

41
    X509_VERIFY_PARAM *param = NULL;

42
    X509_STORE_CTX *ctx = NULL;

43
    X509_CRL *crl = NULL;

44
    STACK_OF(X509_CRL) *crls = NULL;

45
    STACK_OF(X509) *certs = NULL;

46
    OCSP_RESPONSE *resp = NULL;

47
    OCSP_BASICRESP *bs = NULL;

48
    OCSP_CERTID *id = NULL;

49


50
    x509_1 = d2i_X509(NULL, &p, len);

51
    if (x509_1 == NULL)

52
        goto err;

53


54
    bio = BIO_new(BIO_s_null());

55
    if (bio == NULL)

56
        goto err;

57


58
    /* This will load and print the public key as well as extensions */

59
    X509_print(bio, x509_1);

60
    BIO_free(bio);

61


62
    X509_issuer_and_serial_hash(x509_1);

63


64
    i2d_X509(x509_1, &der);

65
    OPENSSL_free(der);

66


67
    len = orig_len - (p - buf);

68
    x509_2 = d2i_X509(NULL, &p, len);

69
    if (x509_2 == NULL)

70
        goto err;

71


72
    len = orig_len - (p - buf);

73
    crl = d2i_X509_CRL(NULL, &p, len);

74
    if (crl == NULL)

75
        goto err;

76


77
    len = orig_len - (p - buf);

78
    resp = d2i_OCSP_RESPONSE(NULL, &p, len);

79


80
    store = X509_STORE_new();

81
    if (store == NULL)

82
        goto err;

83
    X509_STORE_add_cert(store, x509_2);

84


85
    param = X509_VERIFY_PARAM_new();

86
    if (param == NULL)

87
        goto err;

88
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);

89
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);

90
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);

91
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);

92


93
    X509_STORE_set1_param(store, param);

94


95
    X509_STORE_set_verify_cb(store, cb);

96


97
    ctx = X509_STORE_CTX_new();

98
    if (ctx == NULL)

99
        goto err;

100


101
    X509_STORE_CTX_init(ctx, store, x509_1, NULL);

102


103
    if (crl != NULL) {

104
        crls = sk_X509_CRL_new_null();

105
        if (crls == NULL

106
            || !sk_X509_CRL_push(crls, crl))

107
            goto err;

108


109
        X509_STORE_CTX_set0_crls(ctx, crls);

110
    }

111


112
    X509_verify_cert(ctx);

113


114
    if (resp != NULL)

115
        bs = OCSP_response_get1_basic(resp);

116


117
    if (bs != NULL) {

118
        int status, reason;

119
        ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd;

120


121
        certs = sk_X509_new_null();

122
        if (certs == NULL

123
            || !sk_X509_push(certs, x509_1)

124
            || !sk_X509_push(certs, x509_2))

125
            goto err;

126


127
        OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN);

128


129
        id = OCSP_cert_to_id(NULL, x509_1, x509_2);

130
        if (id == NULL)

131
            goto err;

132
        OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd,

133
                              &nextupd);

134
    }

135


136
err:

137
    X509_STORE_CTX_free(ctx);

138
    X509_VERIFY_PARAM_free(param);

139
    X509_STORE_free(store);

140
    X509_free(x509_1);

141
    X509_free(x509_2);

142
    X509_CRL_free(crl);

143
    OCSP_CERTID_free(id);

144
    OCSP_BASICRESP_free(bs);

145
    OCSP_RESPONSE_free(resp);

146
    sk_X509_CRL_free(crls);

147
    sk_X509_free(certs);

148


149
    ERR_clear_error();

150
    return 0;

151
}

152


153
void FuzzerCleanup(void)

154
{

155
    FuzzerClearRand();

156
}

157


158