Fix typo in OPENSSL_LH_new compat API

[openssl.git] / fuzz / asn1.c

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index 66825f1b2cb120343d47ad937bbed432bb7071f0..c45fd7932832fb8c1ee9c39f699c881cc5dc64b6 100644 (file)
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -19,52 +19,242 @@
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>

+#include <openssl/dh.h>

 #include <openssl/ec.h>
 #include <openssl/ocsp.h>
 #include <openssl/pkcs12.h>
 #include <openssl/ec.h>
 #include <openssl/ocsp.h>
 #include <openssl/pkcs12.h>

+#include <openssl/rsa.h>

 #include <openssl/ts.h>
 #include <openssl/x509v3.h>
 #include <openssl/ts.h>
 #include <openssl/x509v3.h>

+#include <openssl/cms.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>

 #include "fuzzer.h"
 
 #include "fuzzer.h"
 

-static const ASN1_ITEM *item_type[] = {
-    ASN1_ITEM_rptr(ASN1_SEQUENCE),
-    ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS),
-    ASN1_ITEM_rptr(BIGNUM),
-    ASN1_ITEM_rptr(ECPARAMETERS),
-    ASN1_ITEM_rptr(ECPKPARAMETERS),
-    ASN1_ITEM_rptr(GENERAL_NAME),
-    ASN1_ITEM_rptr(GENERAL_SUBTREE),
-    ASN1_ITEM_rptr(NAME_CONSTRAINTS),
-    ASN1_ITEM_rptr(OCSP_BASICRESP),
-    ASN1_ITEM_rptr(OCSP_RESPONSE),
-    ASN1_ITEM_rptr(PKCS12),
-    ASN1_ITEM_rptr(PKCS12_AUTHSAFES),
-    ASN1_ITEM_rptr(PKCS12_SAFEBAGS),
-    ASN1_ITEM_rptr(PKCS7),
-    ASN1_ITEM_rptr(PKCS7_ATTR_SIGN),
-    ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY),
-    ASN1_ITEM_rptr(PKCS7_DIGEST),
-    ASN1_ITEM_rptr(PKCS7_ENC_CONTENT),
-    ASN1_ITEM_rptr(PKCS7_ENCRYPT),
-    ASN1_ITEM_rptr(PKCS7_ENVELOPE),
-    ASN1_ITEM_rptr(PKCS7_RECIP_INFO),
-    ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE),
-    ASN1_ITEM_rptr(PKCS7_SIGNED),
-    ASN1_ITEM_rptr(PKCS7_SIGNER_INFO),
-    ASN1_ITEM_rptr(POLICY_CONSTRAINTS),
-    ASN1_ITEM_rptr(POLICY_MAPPINGS),
-    ASN1_ITEM_rptr(SXNET),
-    //ASN1_ITEM_rptr(TS_RESP),  want to do this, but type is hidden, however d2i exists...
-    ASN1_ITEM_rptr(X509),
-    ASN1_ITEM_rptr(X509_CRL),
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+extern int rand_predictable;
+#endif
+#define ENTROPY_NEEDED 32
+
+static ASN1_ITEM_EXP *item_type[] = {
+    ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASIdentifierChoice),
+    ASN1_ITEM_ref(ASIdentifiers),
+    ASN1_ITEM_ref(ASIdOrRange),
+#endif
+    ASN1_ITEM_ref(ASN1_ANY),
+    ASN1_ITEM_ref(ASN1_BIT_STRING),
+    ASN1_ITEM_ref(ASN1_BMPSTRING),
+    ASN1_ITEM_ref(ASN1_BOOLEAN),
+    ASN1_ITEM_ref(ASN1_ENUMERATED),
+    ASN1_ITEM_ref(ASN1_FBOOLEAN),
+    ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
+    ASN1_ITEM_ref(ASN1_GENERALSTRING),
+    ASN1_ITEM_ref(ASN1_IA5STRING),
+    ASN1_ITEM_ref(ASN1_INTEGER),
+    ASN1_ITEM_ref(ASN1_NULL),
+    ASN1_ITEM_ref(ASN1_OBJECT),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING),
+    ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
+    ASN1_ITEM_ref(ASN1_PRINTABLE),
+    ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
+    ASN1_ITEM_ref(ASN1_SEQUENCE),
+    ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
+    ASN1_ITEM_ref(ASN1_SET_ANY),
+    ASN1_ITEM_ref(ASN1_T61STRING),
+    ASN1_ITEM_ref(ASN1_TBOOLEAN),
+    ASN1_ITEM_ref(ASN1_TIME),
+    ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
+    ASN1_ITEM_ref(ASN1_UTCTIME),
+    ASN1_ITEM_ref(ASN1_UTF8STRING),
+    ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(ASRange),
+#endif
+    ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
+    ASN1_ITEM_ref(AUTHORITY_KEYID),
+    ASN1_ITEM_ref(BASIC_CONSTRAINTS),
+    ASN1_ITEM_ref(BIGNUM),
+    ASN1_ITEM_ref(CBIGNUM),
+    ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
+    ASN1_ITEM_ref(CMS_ContentInfo),
+    ASN1_ITEM_ref(CMS_ReceiptRequest),
+    ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
+    ASN1_ITEM_ref(DHparams),
+#endif
+    ASN1_ITEM_ref(DIRECTORYSTRING),
+    ASN1_ITEM_ref(DISPLAYTEXT),
+    ASN1_ITEM_ref(DIST_POINT),
+    ASN1_ITEM_ref(DIST_POINT_NAME),
+#ifndef OPENSSL_NO_EC
+    ASN1_ITEM_ref(ECPARAMETERS),
+    ASN1_ITEM_ref(ECPKPARAMETERS),
+#endif
+    ASN1_ITEM_ref(EDIPARTYNAME),
+    ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
+    ASN1_ITEM_ref(GENERAL_NAME),
+    ASN1_ITEM_ref(GENERAL_NAMES),
+    ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
+    ASN1_ITEM_ref(IPAddressChoice),
+    ASN1_ITEM_ref(IPAddressFamily),
+    ASN1_ITEM_ref(IPAddressOrRange),
+    ASN1_ITEM_ref(IPAddressRange),
+#endif
+    ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(LONG),
+#endif
+    ASN1_ITEM_ref(NAME_CONSTRAINTS),
+    ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
+    ASN1_ITEM_ref(NETSCAPE_SPKAC),
+    ASN1_ITEM_ref(NETSCAPE_SPKI),
+    ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
+    ASN1_ITEM_ref(OCSP_BASICRESP),
+    ASN1_ITEM_ref(OCSP_CERTID),
+    ASN1_ITEM_ref(OCSP_CERTSTATUS),
+    ASN1_ITEM_ref(OCSP_CRLID),
+    ASN1_ITEM_ref(OCSP_ONEREQ),
+    ASN1_ITEM_ref(OCSP_REQINFO),
+    ASN1_ITEM_ref(OCSP_REQUEST),
+    ASN1_ITEM_ref(OCSP_RESPBYTES),
+    ASN1_ITEM_ref(OCSP_RESPDATA),
+    ASN1_ITEM_ref(OCSP_RESPID),
+    ASN1_ITEM_ref(OCSP_RESPONSE),
+    ASN1_ITEM_ref(OCSP_REVOKEDINFO),
+    ASN1_ITEM_ref(OCSP_SERVICELOC),
+    ASN1_ITEM_ref(OCSP_SIGNATURE),
+    ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
+    ASN1_ITEM_ref(OTHERNAME),
+    ASN1_ITEM_ref(PBE2PARAM),
+    ASN1_ITEM_ref(PBEPARAM),
+    ASN1_ITEM_ref(PBKDF2PARAM),
+    ASN1_ITEM_ref(PKCS12),
+    ASN1_ITEM_ref(PKCS12_AUTHSAFES),
+    ASN1_ITEM_ref(PKCS12_BAGS),
+    ASN1_ITEM_ref(PKCS12_MAC_DATA),
+    ASN1_ITEM_ref(PKCS12_SAFEBAG),
+    ASN1_ITEM_ref(PKCS12_SAFEBAGS),
+    ASN1_ITEM_ref(PKCS7),
+    ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
+    ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
+    ASN1_ITEM_ref(PKCS7_DIGEST),
+    ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
+    ASN1_ITEM_ref(PKCS7_ENCRYPT),
+    ASN1_ITEM_ref(PKCS7_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
+    ASN1_ITEM_ref(PKCS7_RECIP_INFO),
+    ASN1_ITEM_ref(PKCS7_SIGNED),
+    ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
+    ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
+    ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
+    ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
+    ASN1_ITEM_ref(POLICY_CONSTRAINTS),
+    ASN1_ITEM_ref(POLICYINFO),
+    ASN1_ITEM_ref(POLICY_MAPPING),
+    ASN1_ITEM_ref(POLICY_MAPPINGS),
+    ASN1_ITEM_ref(POLICYQUALINFO),
+    ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
+    ASN1_ITEM_ref(PROXY_POLICY),
+    ASN1_ITEM_ref(RSA_OAEP_PARAMS),
+    ASN1_ITEM_ref(RSAPrivateKey),
+    ASN1_ITEM_ref(RSA_PSS_PARAMS),
+    ASN1_ITEM_ref(RSAPublicKey),
+    ASN1_ITEM_ref(SXNET),
+    ASN1_ITEM_ref(SXNETID),
+    /*ASN1_ITEM_ref(TS_RESP),  want to do this, but type is hidden, however d2i exists... */
+    ASN1_ITEM_ref(USERNOTICE),
+    ASN1_ITEM_ref(X509),
+    ASN1_ITEM_ref(X509_ALGOR),
+    ASN1_ITEM_ref(X509_ALGORS),
+    ASN1_ITEM_ref(X509_ATTRIBUTE),
+    ASN1_ITEM_ref(X509_CERT_AUX),
+    ASN1_ITEM_ref(X509_CINF),
+    ASN1_ITEM_ref(X509_CRL),
+    ASN1_ITEM_ref(X509_CRL_INFO),
+    ASN1_ITEM_ref(X509_EXTENSION),
+    ASN1_ITEM_ref(X509_EXTENSIONS),
+    ASN1_ITEM_ref(X509_NAME),
+    ASN1_ITEM_ref(X509_NAME_ENTRY),
+    ASN1_ITEM_ref(X509_PUBKEY),
+    ASN1_ITEM_ref(X509_REQ),
+    ASN1_ITEM_ref(X509_REQ_INFO),
+    ASN1_ITEM_ref(X509_REVOKED),
+    ASN1_ITEM_ref(X509_SIG),
+    ASN1_ITEM_ref(X509_VAL),
+#if OPENSSL_API_COMPAT < 0x10200000L
+    ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZUINT64),

     NULL
 };
 
     NULL
 };
 

-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-    for (int n = 0; item_type[n] != NULL; ++n) {
+static ASN1_PCTX *pctx;
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    pctx = ASN1_PCTX_new();
+    ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
+        ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
+        ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
+    ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
+        ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
+
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    RAND_add("", 1, ENTROPY_NEEDED);
+    RAND_status();
+
+#ifdef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
+    rand_predictable = 1;
+#endif
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    int n;
+
+
+    for (n = 0; item_type[n] != NULL; ++n) {

         const uint8_t *b = buf;
         const uint8_t *b = buf;

-        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);
-        ASN1_item_free(o, item_type[n]);
+        unsigned char *der = NULL;
+        const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
+        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
+
+        if (o != NULL) {
+            BIO *bio = BIO_new(BIO_s_null());
+            ASN1_item_print(bio, o, 4, i, pctx);
+            BIO_free(bio);
+
+            ASN1_item_i2d(o, &der, i);
+            OPENSSL_free(der);
+
+            ASN1_item_free(o, i);
+        }

     }
     }

+
+    ERR_clear_error();
+

     return 0;
 }
     return 0;
 }

+
+void FuzzerCleanup(void)
+{
+    ASN1_PCTX_free(pctx);
+}