2 * Copyright 2007-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
11 * Test CMP DER parsing.
14 #include <openssl/bio.h>
15 #include <openssl/cmp.h>
16 #include "../crypto/cmp/cmp_local.h"
17 #include <openssl/err.h>
21 DEFINE_STACK_OF(OSSL_CMP_ITAV)
23 int FuzzerInitialize(int *argc, char ***argv)
25 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
27 CRYPTO_free_ex_index(0, -1);
32 static int num_responses;
34 static OSSL_CMP_MSG *transfer_cb(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *req)
36 if (num_responses++ > 2)
37 return NULL; /* prevent loops due to repeated pollRep */
38 return OSSL_CMP_MSG_dup((OSSL_CMP_MSG *)
39 OSSL_CMP_CTX_get_transfer_cb_arg(ctx));
42 static int print_noop(const char *func, const char *file, int line,
43 OSSL_CMP_severity level, const char *msg)
48 static int allow_unprotected(const OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *rep,
49 int invalid_protection, int expected_type)
54 static void cmp_client_process_response(OSSL_CMP_CTX *ctx, OSSL_CMP_MSG *msg)
56 X509_NAME *name = X509_NAME_new();
57 ASN1_INTEGER *serial = ASN1_INTEGER_new();
59 ctx->unprotectedSend = 1; /* satisfy ossl_cmp_msg_protect() */
60 ctx->disableConfirm = 1; /* check just one response message */
61 ctx->popoMethod = OSSL_CRMF_POPO_NONE; /* satisfy ossl_cmp_certReq_new() */
62 ctx->oldCert = X509_new(); /* satisfy crm_new() and ossl_cmp_rr_new() */
63 if (!OSSL_CMP_CTX_set1_secretValue(ctx, (unsigned char *)"",
64 0) /* prevent too unspecific error */
65 || ctx->oldCert == NULL
66 || name == NULL || !X509_set_issuer_name(ctx->oldCert, name)
67 || serial == NULL || !X509_set_serialNumber(ctx->oldCert, serial))
70 (void)OSSL_CMP_CTX_set_transfer_cb(ctx, transfer_cb);
71 (void)OSSL_CMP_CTX_set_transfer_cb_arg(ctx, msg);
72 (void)OSSL_CMP_CTX_set_log_cb(ctx, print_noop);
74 switch (msg->body != NULL ? msg->body->type : -1) {
75 case OSSL_CMP_PKIBODY_IP:
76 (void)OSSL_CMP_exec_IR_ses(ctx);
78 case OSSL_CMP_PKIBODY_CP:
79 (void)OSSL_CMP_exec_CR_ses(ctx);
80 (void)OSSL_CMP_exec_P10CR_ses(ctx);
82 case OSSL_CMP_PKIBODY_KUP:
83 (void)OSSL_CMP_exec_KUR_ses(ctx);
85 case OSSL_CMP_PKIBODY_POLLREP:
86 ctx->status = OSSL_CMP_PKISTATUS_waiting;
87 (void)OSSL_CMP_try_certreq(ctx, OSSL_CMP_PKIBODY_CR, NULL);
89 case OSSL_CMP_PKIBODY_RP:
90 (void)OSSL_CMP_exec_RR_ses(ctx);
92 case OSSL_CMP_PKIBODY_GENP:
93 sk_OSSL_CMP_ITAV_pop_free(OSSL_CMP_exec_GENM_ses(ctx),
97 (void)ossl_cmp_msg_check_received(ctx, msg, allow_unprotected, 0);
101 X509_NAME_free(name);
102 ASN1_INTEGER_free(serial);
105 static OSSL_CMP_PKISI *process_cert_request(OSSL_CMP_SRV_CTX *srv_ctx,
106 const OSSL_CMP_MSG *cert_req,
108 const OSSL_CRMF_MSG *crm,
109 const X509_REQ *p10cr,
111 STACK_OF(X509) **chainOut,
112 STACK_OF(X509) **caPubs)
114 CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
118 static OSSL_CMP_PKISI *process_rr(OSSL_CMP_SRV_CTX *srv_ctx,
119 const OSSL_CMP_MSG *rr,
120 const X509_NAME *issuer,
121 const ASN1_INTEGER *serial)
123 CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
127 static int process_genm(OSSL_CMP_SRV_CTX *srv_ctx,
128 const OSSL_CMP_MSG *genm,
129 const STACK_OF(OSSL_CMP_ITAV) *in,
130 STACK_OF(OSSL_CMP_ITAV) **out)
132 CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
136 static void process_error(OSSL_CMP_SRV_CTX *srv_ctx, const OSSL_CMP_MSG *error,
137 const OSSL_CMP_PKISI *statusInfo,
138 const ASN1_INTEGER *errorCode,
139 const OSSL_CMP_PKIFREETEXT *errorDetails)
141 CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
144 static int process_certConf(OSSL_CMP_SRV_CTX *srv_ctx,
145 const OSSL_CMP_MSG *certConf, int certReqId,
146 const ASN1_OCTET_STRING *certHash,
147 const OSSL_CMP_PKISI *si)
149 CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
153 static int process_pollReq(OSSL_CMP_SRV_CTX *srv_ctx,
154 const OSSL_CMP_MSG *pollReq, int certReqId,
155 OSSL_CMP_MSG **certReq, int64_t *check_after)
157 CMPerr(0, CMP_R_ERROR_PROCESSING_MESSAGE);
161 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
169 in = BIO_new(BIO_s_mem());
170 OPENSSL_assert((size_t)BIO_write(in, buf, len) == len);
171 msg = d2i_OSSL_CMP_MSG_bio(in, NULL);
173 BIO *out = BIO_new(BIO_s_null());
174 OSSL_CMP_SRV_CTX *srv_ctx = OSSL_CMP_SRV_CTX_new();
175 OSSL_CMP_CTX *client_ctx = OSSL_CMP_CTX_new();
177 i2d_OSSL_CMP_MSG_bio(out, msg);
178 ASN1_item_print(out, (ASN1_VALUE *)msg, 4,
179 ASN1_ITEM_rptr(OSSL_CMP_MSG), NULL);
182 if (client_ctx != NULL)
183 cmp_client_process_response(client_ctx, msg);
185 && OSSL_CMP_CTX_set_log_cb(OSSL_CMP_SRV_CTX_get0_cmp_ctx(srv_ctx),
187 && OSSL_CMP_SRV_CTX_init(srv_ctx, NULL, process_cert_request,
188 process_rr, process_genm, process_error,
189 process_certConf, process_pollReq))
190 OSSL_CMP_MSG_free(OSSL_CMP_SRV_process_request(srv_ctx, msg));
192 OSSL_CMP_CTX_free(client_ctx);
193 OSSL_CMP_SRV_CTX_free(srv_ctx);
194 OSSL_CMP_MSG_free(msg);
203 void FuzzerCleanup(void)