Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
freebsd
GitHub Repository: freebsd/freebsd-src
 Path: blob/main/crypto/openssl/fuzz/x509.c
105175 views
1
/*

2
 * Copyright 2016-2025 The OpenSSL Project Authors. All Rights Reserved.

3
 *

4
 * Licensed under the Apache License 2.0 (the "License");

5
 * you may not use this file except in compliance with the License.

6
 * You may obtain a copy of the License at

7
 * https://www.openssl.org/source/license.html

8
 * or in the file LICENSE in the source distribution.

9
 */

10


11
#include <openssl/x509.h>

12
#include <openssl/ocsp.h>

13
#include <openssl/bio.h>

14
#include <openssl/err.h>

15
#include <openssl/rand.h>

16
#include "fuzzer.h"

17


18
int FuzzerInitialize(int *argc, char ***argv)

19
{

20
    FuzzerSetRand();

21
    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS

22
            | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS,

23
        NULL);

24
    ERR_clear_error();

25
    CRYPTO_free_ex_index(0, -1);

26
    return 1;

27
}

28


29
static int cb(int ok, X509_STORE_CTX *ctx)

30
{

31
    return 1;

32
}

33


34
int FuzzerTestOneInput(const uint8_t *buf, size_t len)

35
{

36
    const unsigned char *p = buf;

37
    size_t orig_len = len;

38
    unsigned char *der = NULL;

39
    BIO *bio = NULL;

40
    X509 *x509_1 = NULL, *x509_2 = NULL;

41
    X509_STORE *store = NULL;

42
    X509_VERIFY_PARAM *param = NULL;

43
    X509_STORE_CTX *ctx = NULL;

44
    X509_CRL *crl = NULL;

45
    STACK_OF(X509_CRL) *crls = NULL;

46
    STACK_OF(X509) *certs = NULL;

47
    OCSP_RESPONSE *resp = NULL;

48
    OCSP_BASICRESP *bs = NULL;

49
    OCSP_CERTID *id = NULL;

50


51
    x509_1 = d2i_X509(NULL, &p, len);

52
    if (x509_1 == NULL)

53
        goto err;

54


55
    bio = BIO_new(BIO_s_null());

56
    if (bio == NULL)

57
        goto err;

58


59
    /* This will load and print the public key as well as extensions */

60
    X509_print(bio, x509_1);

61
    BIO_free(bio);

62


63
    X509_issuer_and_serial_hash(x509_1);

64


65
    i2d_X509(x509_1, &der);

66
    OPENSSL_free(der);

67


68
    len = orig_len - (p - buf);

69
    x509_2 = d2i_X509(NULL, &p, len);

70
    if (x509_2 == NULL)

71
        goto err;

72


73
    len = orig_len - (p - buf);

74
    crl = d2i_X509_CRL(NULL, &p, len);

75
    if (crl == NULL)

76
        goto err;

77


78
    len = orig_len - (p - buf);

79
    resp = d2i_OCSP_RESPONSE(NULL, &p, len);

80


81
    store = X509_STORE_new();

82
    if (store == NULL)

83
        goto err;

84
    X509_STORE_add_cert(store, x509_2);

85


86
    param = X509_VERIFY_PARAM_new();

87
    if (param == NULL)

88
        goto err;

89
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);

90
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_X509_STRICT);

91
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_PARTIAL_CHAIN);

92
    X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_CRL_CHECK);

93


94
    X509_STORE_set1_param(store, param);

95


96
    X509_STORE_set_verify_cb(store, cb);

97


98
    ctx = X509_STORE_CTX_new();

99
    if (ctx == NULL)

100
        goto err;

101


102
    X509_STORE_CTX_init(ctx, store, x509_1, NULL);

103


104
    if (crl != NULL) {

105
        crls = sk_X509_CRL_new_null();

106
        if (crls == NULL

107
            || !sk_X509_CRL_push(crls, crl))

108
            goto err;

109


110
        X509_STORE_CTX_set0_crls(ctx, crls);

111
    }

112


113
    X509_verify_cert(ctx);

114


115
    if (resp != NULL)

116
        bs = OCSP_response_get1_basic(resp);

117


118
    if (bs != NULL) {

119
        int status, reason;

120
        ASN1_GENERALIZEDTIME *revtime, *thisupd, *nextupd;

121


122
        certs = sk_X509_new_null();

123
        if (certs == NULL

124
            || !sk_X509_push(certs, x509_1)

125
            || !sk_X509_push(certs, x509_2))

126
            goto err;

127


128
        OCSP_basic_verify(bs, certs, store, OCSP_PARTIAL_CHAIN);

129


130
        id = OCSP_cert_to_id(NULL, x509_1, x509_2);

131
        if (id == NULL)

132
            goto err;

133
        OCSP_resp_find_status(bs, id, &status, &reason, &revtime, &thisupd,

134
            &nextupd);

135
    }

136


137
err:

138
    X509_STORE_CTX_free(ctx);

139
    X509_VERIFY_PARAM_free(param);

140
    X509_STORE_free(store);

141
    X509_free(x509_1);

142
    X509_free(x509_2);

143
    X509_CRL_free(crl);

144
    OCSP_CERTID_free(id);

145
    OCSP_BASICRESP_free(bs);

146
    OCSP_RESPONSE_free(resp);

147
    sk_X509_CRL_free(crls);

148
    sk_X509_free(certs);

149


150
    ERR_clear_error();

151
    return 0;

152
}

153


154
void FuzzerCleanup(void)

155
{

156
    FuzzerClearRand();

157
}

158


159