X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=fuzz%2Fasn1.c;h=f7b5571d4f7d2d3e21352232b2dc32332c38fe20;hp=fdf4c5ee2986ce94fbfad5ffc5a6cfdd2242b708;hb=ad4da7fbc0779fb1730c9862221e19583de69f4f;hpb=e298cb10feab3115b6da189a0f569e24b4f6c2a9;ds=sidebyside diff --git a/fuzz/asn1.c b/fuzz/asn1.c index fdf4c5ee29..f7b5571d4f 100644 --- a/fuzz/asn1.c +++ b/fuzz/asn1.c @@ -19,52 +19,210 @@ #include #include #include +#include #include #include #include +#include #include #include +#include #include "fuzzer.h" -static const ASN1_ITEM *item_type[] = { - ASN1_ITEM_rptr(ASN1_SEQUENCE), - ASN1_ITEM_rptr(AUTHORITY_INFO_ACCESS), - ASN1_ITEM_rptr(BIGNUM), - ASN1_ITEM_rptr(ECPARAMETERS), - ASN1_ITEM_rptr(ECPKPARAMETERS), - ASN1_ITEM_rptr(GENERAL_NAME), - ASN1_ITEM_rptr(GENERAL_SUBTREE), - ASN1_ITEM_rptr(NAME_CONSTRAINTS), - ASN1_ITEM_rptr(OCSP_BASICRESP), - ASN1_ITEM_rptr(OCSP_RESPONSE), - ASN1_ITEM_rptr(PKCS12), - ASN1_ITEM_rptr(PKCS12_AUTHSAFES), - ASN1_ITEM_rptr(PKCS12_SAFEBAGS), - ASN1_ITEM_rptr(PKCS7), - ASN1_ITEM_rptr(PKCS7_ATTR_SIGN), - ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY), - ASN1_ITEM_rptr(PKCS7_DIGEST), - ASN1_ITEM_rptr(PKCS7_ENC_CONTENT), - ASN1_ITEM_rptr(PKCS7_ENCRYPT), - ASN1_ITEM_rptr(PKCS7_ENVELOPE), - ASN1_ITEM_rptr(PKCS7_RECIP_INFO), - ASN1_ITEM_rptr(PKCS7_SIGN_ENVELOPE), - ASN1_ITEM_rptr(PKCS7_SIGNED), - ASN1_ITEM_rptr(PKCS7_SIGNER_INFO), - ASN1_ITEM_rptr(POLICY_CONSTRAINTS), - ASN1_ITEM_rptr(POLICY_MAPPINGS), - ASN1_ITEM_rptr(SXNET), - //ASN1_ITEM_rptr(TS_RESP), want to do this, but type is hidden, however d2i exists... - ASN1_ITEM_rptr(X509), - ASN1_ITEM_rptr(X509_CRL), +static ASN1_ITEM_EXP *item_type[] = { + ASN1_ITEM_ref(ACCESS_DESCRIPTION), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(ASIdentifierChoice), + ASN1_ITEM_ref(ASIdentifiers), + ASN1_ITEM_ref(ASIdOrRange), +#endif + ASN1_ITEM_ref(ASN1_ANY), + ASN1_ITEM_ref(ASN1_BIT_STRING), + ASN1_ITEM_ref(ASN1_BMPSTRING), + ASN1_ITEM_ref(ASN1_BOOLEAN), + ASN1_ITEM_ref(ASN1_ENUMERATED), + ASN1_ITEM_ref(ASN1_FBOOLEAN), + ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), + ASN1_ITEM_ref(ASN1_GENERALSTRING), + ASN1_ITEM_ref(ASN1_IA5STRING), + ASN1_ITEM_ref(ASN1_INTEGER), + ASN1_ITEM_ref(ASN1_NULL), + ASN1_ITEM_ref(ASN1_OBJECT), + ASN1_ITEM_ref(ASN1_OCTET_STRING), + ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF), + ASN1_ITEM_ref(ASN1_PRINTABLE), + ASN1_ITEM_ref(ASN1_PRINTABLESTRING), + ASN1_ITEM_ref(ASN1_SEQUENCE), + ASN1_ITEM_ref(ASN1_SEQUENCE_ANY), + ASN1_ITEM_ref(ASN1_SET_ANY), + ASN1_ITEM_ref(ASN1_T61STRING), + ASN1_ITEM_ref(ASN1_TBOOLEAN), + ASN1_ITEM_ref(ASN1_TIME), + ASN1_ITEM_ref(ASN1_UNIVERSALSTRING), + ASN1_ITEM_ref(ASN1_UTCTIME), + ASN1_ITEM_ref(ASN1_UTF8STRING), + ASN1_ITEM_ref(ASN1_VISIBLESTRING), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(ASRange), +#endif + ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), + ASN1_ITEM_ref(AUTHORITY_KEYID), + ASN1_ITEM_ref(BASIC_CONSTRAINTS), + ASN1_ITEM_ref(BIGNUM), + ASN1_ITEM_ref(CBIGNUM), + ASN1_ITEM_ref(CERTIFICATEPOLICIES), +#ifndef OPENSSL_NO_CMS + ASN1_ITEM_ref(CMS_ContentInfo), + ASN1_ITEM_ref(CMS_ReceiptRequest), + ASN1_ITEM_ref(CRL_DIST_POINTS), +#endif +#ifndef OPENSSL_NO_DH + ASN1_ITEM_ref(DHparams), +#endif + ASN1_ITEM_ref(DIRECTORYSTRING), + ASN1_ITEM_ref(DISPLAYTEXT), + ASN1_ITEM_ref(DIST_POINT), + ASN1_ITEM_ref(DIST_POINT_NAME), +#ifndef OPENSSL_NO_EC + ASN1_ITEM_ref(ECPARAMETERS), + ASN1_ITEM_ref(ECPKPARAMETERS), +#endif + ASN1_ITEM_ref(EDIPARTYNAME), + ASN1_ITEM_ref(EXTENDED_KEY_USAGE), + ASN1_ITEM_ref(GENERAL_NAME), + ASN1_ITEM_ref(GENERAL_NAMES), + ASN1_ITEM_ref(GENERAL_SUBTREE), +#ifndef OPENSSL_NO_RFC3779 + ASN1_ITEM_ref(IPAddressChoice), + ASN1_ITEM_ref(IPAddressFamily), + ASN1_ITEM_ref(IPAddressOrRange), + ASN1_ITEM_ref(IPAddressRange), +#endif + ASN1_ITEM_ref(ISSUING_DIST_POINT), + ASN1_ITEM_ref(LONG), + ASN1_ITEM_ref(NAME_CONSTRAINTS), + ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE), + ASN1_ITEM_ref(NETSCAPE_SPKAC), + ASN1_ITEM_ref(NETSCAPE_SPKI), + ASN1_ITEM_ref(NOTICEREF), +#ifndef OPENSSL_NO_OCSP + ASN1_ITEM_ref(OCSP_BASICRESP), + ASN1_ITEM_ref(OCSP_CERTID), + ASN1_ITEM_ref(OCSP_CERTSTATUS), + ASN1_ITEM_ref(OCSP_CRLID), + ASN1_ITEM_ref(OCSP_ONEREQ), + ASN1_ITEM_ref(OCSP_REQINFO), + ASN1_ITEM_ref(OCSP_REQUEST), + ASN1_ITEM_ref(OCSP_RESPBYTES), + ASN1_ITEM_ref(OCSP_RESPDATA), + ASN1_ITEM_ref(OCSP_RESPID), + ASN1_ITEM_ref(OCSP_RESPONSE), + ASN1_ITEM_ref(OCSP_REVOKEDINFO), + ASN1_ITEM_ref(OCSP_SERVICELOC), + ASN1_ITEM_ref(OCSP_SIGNATURE), + ASN1_ITEM_ref(OCSP_SINGLERESP), +#endif + ASN1_ITEM_ref(OTHERNAME), + ASN1_ITEM_ref(PBE2PARAM), + ASN1_ITEM_ref(PBEPARAM), + ASN1_ITEM_ref(PBKDF2PARAM), + ASN1_ITEM_ref(PKCS12), + ASN1_ITEM_ref(PKCS12_AUTHSAFES), + ASN1_ITEM_ref(PKCS12_BAGS), + ASN1_ITEM_ref(PKCS12_MAC_DATA), + ASN1_ITEM_ref(PKCS12_SAFEBAG), + ASN1_ITEM_ref(PKCS12_SAFEBAGS), + ASN1_ITEM_ref(PKCS7), + ASN1_ITEM_ref(PKCS7_ATTR_SIGN), + ASN1_ITEM_ref(PKCS7_ATTR_VERIFY), + ASN1_ITEM_ref(PKCS7_DIGEST), + ASN1_ITEM_ref(PKCS7_ENC_CONTENT), + ASN1_ITEM_ref(PKCS7_ENCRYPT), + ASN1_ITEM_ref(PKCS7_ENVELOPE), + ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL), + ASN1_ITEM_ref(PKCS7_RECIP_INFO), + ASN1_ITEM_ref(PKCS7_SIGNED), + ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE), + ASN1_ITEM_ref(PKCS7_SIGNER_INFO), + ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO), + ASN1_ITEM_ref(PKEY_USAGE_PERIOD), + ASN1_ITEM_ref(POLICY_CONSTRAINTS), + ASN1_ITEM_ref(POLICYINFO), + ASN1_ITEM_ref(POLICY_MAPPING), + ASN1_ITEM_ref(POLICY_MAPPINGS), + ASN1_ITEM_ref(POLICYQUALINFO), + ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), + ASN1_ITEM_ref(PROXY_POLICY), + ASN1_ITEM_ref(RSA_OAEP_PARAMS), + ASN1_ITEM_ref(RSAPrivateKey), + ASN1_ITEM_ref(RSA_PSS_PARAMS), + ASN1_ITEM_ref(RSAPublicKey), + ASN1_ITEM_ref(SXNET), + ASN1_ITEM_ref(SXNETID), + /*ASN1_ITEM_ref(TS_RESP), want to do this, but type is hidden, however d2i exists... */ + ASN1_ITEM_ref(USERNOTICE), + ASN1_ITEM_ref(X509), + ASN1_ITEM_ref(X509_ALGOR), + ASN1_ITEM_ref(X509_ALGORS), + ASN1_ITEM_ref(X509_ATTRIBUTE), + ASN1_ITEM_ref(X509_CERT_AUX), + ASN1_ITEM_ref(X509_CINF), + ASN1_ITEM_ref(X509_CRL), + ASN1_ITEM_ref(X509_CRL_INFO), + ASN1_ITEM_ref(X509_EXTENSION), + ASN1_ITEM_ref(X509_EXTENSIONS), + ASN1_ITEM_ref(X509_NAME), + ASN1_ITEM_ref(X509_NAME_ENTRY), + ASN1_ITEM_ref(X509_PUBKEY), + ASN1_ITEM_ref(X509_REQ), + ASN1_ITEM_ref(X509_REQ_INFO), + ASN1_ITEM_ref(X509_REVOKED), + ASN1_ITEM_ref(X509_SIG), + ASN1_ITEM_ref(X509_VAL), + ASN1_ITEM_ref(ZLONG), NULL }; -int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { - for (int n = 0; item_type[n] != NULL; ++n) { +int FuzzerInitialize(int *argc, char ***argv) +{ + return 1; +} + +int FuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + int n; + + ASN1_PCTX *pctx = ASN1_PCTX_new(); + + ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT | + ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF | + ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME); + ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT | + ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL); + + for (n = 0; item_type[n] != NULL; ++n) { const uint8_t *b = buf; - ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]); - ASN1_item_free(o, item_type[n]); + unsigned char *der = NULL; + const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]); + ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i); + + if (o != NULL) { + BIO *bio = BIO_new(BIO_s_null()); + ASN1_item_print(bio, o, 4, i, pctx); + BIO_free(bio); + + ASN1_item_i2d(o, &der, i); + OPENSSL_free(der); + + ASN1_item_free(o, i); + } } + + ASN1_PCTX_free(pctx); + return 0; } + +void FuzzerCleanup(void) +{ +}