X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fuzz%2Fasn1.c;h=54cd0fcf826b2f02e891de83aba6187779427f23;hp=b4c20b51ab17893c8c73290dbbc0f3f4207937af;hb=8c00f267b8df1a8c70eff8198de40aa561299e48;hpb=2980ae2e78169b3b4d0b140c0c5796c441c5902c

diff --git a/fuzz/asn1.c b/fuzz/asn1.c
index b4c20b51ab..54cd0fcf82 100644
--- a/fuzz/asn1.c
+++ b/fuzz/asn1.c
@@ -1,7 +1,7 @@
 /*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
  *
- * Licensed under the OpenSSL licenses, (the "License");
+ * Licensed under the Apache License 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  * https://www.openssl.org/source/license.html
@@ -19,19 +19,32 @@
 #include <string.h>
 #include <openssl/asn1.h>
 #include <openssl/asn1t.h>
+#include <openssl/dh.h>
 #include <openssl/ec.h>
 #include <openssl/ocsp.h>
 #include <openssl/pkcs12.h>
+#include <openssl/rsa.h>
 #include <openssl/ts.h>
 #include <openssl/x509v3.h>
 #include <openssl/cms.h>
+#include <openssl/ess.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include <openssl/bio.h>
+#include <openssl/evp.h>
+#include <openssl/ssl.h>
+#include <internal/nelem.h>
 #include "fuzzer.h"
 
+#include "rand.inc"
+
 static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(ACCESS_DESCRIPTION),
+#ifndef OPENSSL_NO_RFC3779
     ASN1_ITEM_ref(ASIdentifierChoice),
     ASN1_ITEM_ref(ASIdentifiers),
     ASN1_ITEM_ref(ASIdOrRange),
+#endif
     ASN1_ITEM_ref(ASN1_ANY),
     ASN1_ITEM_ref(ASN1_BIT_STRING),
     ASN1_ITEM_ref(ASN1_BMPSTRING),
@@ -58,17 +71,23 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(ASN1_UTCTIME),
     ASN1_ITEM_ref(ASN1_UTF8STRING),
     ASN1_ITEM_ref(ASN1_VISIBLESTRING),
+#ifndef OPENSSL_NO_RFC3779
     ASN1_ITEM_ref(ASRange),
+#endif
     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
     ASN1_ITEM_ref(AUTHORITY_KEYID),
     ASN1_ITEM_ref(BASIC_CONSTRAINTS),
     ASN1_ITEM_ref(BIGNUM),
     ASN1_ITEM_ref(CBIGNUM),
     ASN1_ITEM_ref(CERTIFICATEPOLICIES),
+#ifndef OPENSSL_NO_CMS
     ASN1_ITEM_ref(CMS_ContentInfo),
     ASN1_ITEM_ref(CMS_ReceiptRequest),
     ASN1_ITEM_ref(CRL_DIST_POINTS),
+#endif
+#ifndef OPENSSL_NO_DH
     ASN1_ITEM_ref(DHparams),
+#endif
     ASN1_ITEM_ref(DIRECTORYSTRING),
     ASN1_ITEM_ref(DISPLAYTEXT),
     ASN1_ITEM_ref(DIST_POINT),
@@ -82,17 +101,22 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(GENERAL_NAME),
     ASN1_ITEM_ref(GENERAL_NAMES),
     ASN1_ITEM_ref(GENERAL_SUBTREE),
+#ifndef OPENSSL_NO_RFC3779
     ASN1_ITEM_ref(IPAddressChoice),
     ASN1_ITEM_ref(IPAddressFamily),
     ASN1_ITEM_ref(IPAddressOrRange),
     ASN1_ITEM_ref(IPAddressRange),
+#endif
     ASN1_ITEM_ref(ISSUING_DIST_POINT),
+#if !OPENSSL_API_3
     ASN1_ITEM_ref(LONG),
+#endif
     ASN1_ITEM_ref(NAME_CONSTRAINTS),
     ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
     ASN1_ITEM_ref(NETSCAPE_SPKAC),
     ASN1_ITEM_ref(NETSCAPE_SPKI),
     ASN1_ITEM_ref(NOTICEREF),
+#ifndef OPENSSL_NO_OCSP
     ASN1_ITEM_ref(OCSP_BASICRESP),
     ASN1_ITEM_ref(OCSP_CERTID),
     ASN1_ITEM_ref(OCSP_CERTSTATUS),
@@ -108,6 +132,7 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(OCSP_SERVICELOC),
     ASN1_ITEM_ref(OCSP_SIGNATURE),
     ASN1_ITEM_ref(OCSP_SINGLERESP),
+#endif
     ASN1_ITEM_ref(OTHERNAME),
     ASN1_ITEM_ref(PBE2PARAM),
     ASN1_ITEM_ref(PBEPARAM),
@@ -145,7 +170,6 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(RSAPublicKey),
     ASN1_ITEM_ref(SXNET),
     ASN1_ITEM_ref(SXNETID),
-    /*ASN1_ITEM_ref(TS_RESP),  want to do this, but type is hidden, however d2i exists... */
     ASN1_ITEM_ref(USERNOTICE),
     ASN1_ITEM_ref(X509),
     ASN1_ITEM_ref(X509_ALGOR),
@@ -165,25 +189,112 @@ static ASN1_ITEM_EXP *item_type[] = {
     ASN1_ITEM_ref(X509_REVOKED),
     ASN1_ITEM_ref(X509_SIG),
     ASN1_ITEM_ref(X509_VAL),
+#if !OPENSSL_API_3
     ASN1_ITEM_ref(ZLONG),
+#endif
+    ASN1_ITEM_ref(INT32),
+    ASN1_ITEM_ref(ZINT32),
+    ASN1_ITEM_ref(UINT32),
+    ASN1_ITEM_ref(ZUINT32),
+    ASN1_ITEM_ref(INT64),
+    ASN1_ITEM_ref(ZINT64),
+    ASN1_ITEM_ref(UINT64),
+    ASN1_ITEM_ref(ZUINT64),
     NULL
 };
 
-int FuzzerInitialize(int *argc, char ***argv) {
-    return 1;
+static ASN1_PCTX *pctx;
+
+#define DO_TEST(TYPE, D2I, I2D, PRINT) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        int len2; \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        PRINT(bio, type); \
+        BIO_free(bio); \
+        len2 = I2D(type, &der); \
+        if (len2 != 0) {} \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
 }
 
-int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
-    int n;
+#define DO_TEST_PRINT_OFFSET(TYPE, D2I, I2D, PRINT) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        PRINT(bio, type, 0); \
+        BIO_free(bio); \
+        I2D(type, &der); \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
+
+#define DO_TEST_PRINT_PCTX(TYPE, D2I, I2D, PRINT) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        PRINT(bio, type, 0, pctx); \
+        BIO_free(bio); \
+        I2D(type, &der); \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
 
-    ASN1_PCTX *pctx = ASN1_PCTX_new();
 
+#define DO_TEST_NO_PRINT(TYPE, D2I, I2D) { \
+    const unsigned char *p = buf; \
+    unsigned char *der = NULL; \
+    TYPE *type = D2I(NULL, &p, len); \
+    \
+    if (type != NULL) { \
+        BIO *bio = BIO_new(BIO_s_null()); \
+        \
+        BIO_free(bio); \
+        I2D(type, &der); \
+        OPENSSL_free(der); \
+        TYPE ## _free(type); \
+    } \
+}
+
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    pctx = ASN1_PCTX_new();
     ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
         ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
         ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
     ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
         ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
 
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL);
+    ERR_get_state();
+    CRYPTO_free_ex_index(0, -1);
+    FuzzerSetRand();
+
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    int n;
+
+
     for (n = 0; item_type[n] != NULL; ++n) {
         const uint8_t *b = buf;
         unsigned char *der = NULL;
@@ -192,17 +303,54 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
 
         if (o != NULL) {
             BIO *bio = BIO_new(BIO_s_null());
+
             ASN1_item_print(bio, o, 4, i, pctx);
             BIO_free(bio);
-
             ASN1_item_i2d(o, &der, i);
             OPENSSL_free(der);
-
             ASN1_item_free(o, i);
         }
     }
 
-    ASN1_PCTX_free(pctx);
+#ifndef OPENSSL_NO_TS
+    DO_TEST(TS_REQ, d2i_TS_REQ, i2d_TS_REQ, TS_REQ_print_bio);
+    DO_TEST(TS_MSG_IMPRINT, d2i_TS_MSG_IMPRINT, i2d_TS_MSG_IMPRINT, TS_MSG_IMPRINT_print_bio);
+    DO_TEST(TS_RESP, d2i_TS_RESP, i2d_TS_RESP, TS_RESP_print_bio);
+    DO_TEST(TS_STATUS_INFO, d2i_TS_STATUS_INFO, i2d_TS_STATUS_INFO, TS_STATUS_INFO_print_bio);
+    DO_TEST(TS_TST_INFO, d2i_TS_TST_INFO, i2d_TS_TST_INFO, TS_TST_INFO_print_bio);
+    DO_TEST_NO_PRINT(TS_ACCURACY, d2i_TS_ACCURACY, i2d_TS_ACCURACY);
+#endif
+    DO_TEST_NO_PRINT(ESS_ISSUER_SERIAL, d2i_ESS_ISSUER_SERIAL, i2d_ESS_ISSUER_SERIAL);
+    DO_TEST_NO_PRINT(ESS_CERT_ID, d2i_ESS_CERT_ID, i2d_ESS_CERT_ID);
+    DO_TEST_NO_PRINT(ESS_SIGNING_CERT, d2i_ESS_SIGNING_CERT, i2d_ESS_SIGNING_CERT);
+    DO_TEST_NO_PRINT(ESS_CERT_ID_V2, d2i_ESS_CERT_ID_V2, i2d_ESS_CERT_ID_V2);
+    DO_TEST_NO_PRINT(ESS_SIGNING_CERT_V2, d2i_ESS_SIGNING_CERT_V2, i2d_ESS_SIGNING_CERT_V2);
+#ifndef OPENSSL_NO_DH
+    DO_TEST(DH, d2i_DHparams, i2d_DHparams, DHparams_print);
+    DO_TEST(DH, d2i_DHxparams, i2d_DHxparams, DHparams_print);
+#endif
+#ifndef OPENSSL_NO_DSA
+    DO_TEST_NO_PRINT(DSA_SIG, d2i_DSA_SIG, i2d_DSA_SIG);
+    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPrivateKey, i2d_DSAPrivateKey, DSA_print);
+    DO_TEST_PRINT_OFFSET(DSA, d2i_DSAPublicKey, i2d_DSAPublicKey, DSA_print);
+    DO_TEST(DSA, d2i_DSAparams, i2d_DSAparams, DSAparams_print);
+#endif
+    DO_TEST_PRINT_OFFSET(RSA, d2i_RSAPublicKey, i2d_RSAPublicKey, RSA_print);
+#ifndef OPENSSL_NO_EC
+    DO_TEST_PRINT_OFFSET(EC_GROUP, d2i_ECPKParameters, i2d_ECPKParameters, ECPKParameters_print);
+    DO_TEST_PRINT_OFFSET(EC_KEY, d2i_ECPrivateKey, i2d_ECPrivateKey, EC_KEY_print);
+    DO_TEST(EC_KEY, d2i_ECParameters, i2d_ECParameters, ECParameters_print);
+    DO_TEST_NO_PRINT(ECDSA_SIG, d2i_ECDSA_SIG, i2d_ECDSA_SIG);
+#endif
+    DO_TEST_PRINT_PCTX(EVP_PKEY, d2i_AutoPrivateKey, i2d_PrivateKey, EVP_PKEY_print_private);
+    DO_TEST(SSL_SESSION, d2i_SSL_SESSION, i2d_SSL_SESSION, SSL_SESSION_print);
+
+    ERR_clear_error();
 
     return 0;
 }
+
+void FuzzerCleanup(void)
+{
+    ASN1_PCTX_free(pctx);
+}