xref: /netbsd-src/crypto/external/bsd/openssl/dist/fuzz/asn1.c (revision bdc22b2e01993381dcefeff2bc9b56ca75a4235c) 
1 /*
2  * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the OpenSSL licenses, (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  * https://www.openssl.org/source/license.html
8  * or in the file LICENSE in the source distribution.
9  */
10 
11 /*
12  * Fuzz ASN.1 parsing for various data structures. Specify which on the
13  * command line:
14  *
15  * asn1 <data structure>
16  */
17 
18 #include <stdio.h>
19 #include <string.h>
20 #include <openssl/asn1.h>
21 #include <openssl/asn1t.h>
22 #include <openssl/dh.h>
23 #include <openssl/ec.h>
24 #include <openssl/ocsp.h>
25 #include <openssl/pkcs12.h>
26 #include <openssl/rsa.h>
27 #include <openssl/ts.h>
28 #include <openssl/x509v3.h>
29 #include <openssl/cms.h>
30 #include "fuzzer.h"
31 
32 static ASN1_ITEM_EXP *item_type[] = {
33     ASN1_ITEM_ref(ACCESS_DESCRIPTION),
34 #ifndef OPENSSL_NO_RFC3779
35     ASN1_ITEM_ref(ASIdentifierChoice),
36     ASN1_ITEM_ref(ASIdentifiers),
37     ASN1_ITEM_ref(ASIdOrRange),
38 #endif
39     ASN1_ITEM_ref(ASN1_ANY),
40     ASN1_ITEM_ref(ASN1_BIT_STRING),
41     ASN1_ITEM_ref(ASN1_BMPSTRING),
42     ASN1_ITEM_ref(ASN1_BOOLEAN),
43     ASN1_ITEM_ref(ASN1_ENUMERATED),
44     ASN1_ITEM_ref(ASN1_FBOOLEAN),
45     ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
46     ASN1_ITEM_ref(ASN1_GENERALSTRING),
47     ASN1_ITEM_ref(ASN1_IA5STRING),
48     ASN1_ITEM_ref(ASN1_INTEGER),
49     ASN1_ITEM_ref(ASN1_NULL),
50     ASN1_ITEM_ref(ASN1_OBJECT),
51     ASN1_ITEM_ref(ASN1_OCTET_STRING),
52     ASN1_ITEM_ref(ASN1_OCTET_STRING_NDEF),
53     ASN1_ITEM_ref(ASN1_PRINTABLE),
54     ASN1_ITEM_ref(ASN1_PRINTABLESTRING),
55     ASN1_ITEM_ref(ASN1_SEQUENCE),
56     ASN1_ITEM_ref(ASN1_SEQUENCE_ANY),
57     ASN1_ITEM_ref(ASN1_SET_ANY),
58     ASN1_ITEM_ref(ASN1_T61STRING),
59     ASN1_ITEM_ref(ASN1_TBOOLEAN),
60     ASN1_ITEM_ref(ASN1_TIME),
61     ASN1_ITEM_ref(ASN1_UNIVERSALSTRING),
62     ASN1_ITEM_ref(ASN1_UTCTIME),
63     ASN1_ITEM_ref(ASN1_UTF8STRING),
64     ASN1_ITEM_ref(ASN1_VISIBLESTRING),
65 #ifndef OPENSSL_NO_RFC3779
66     ASN1_ITEM_ref(ASRange),
67 #endif
68     ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS),
69     ASN1_ITEM_ref(AUTHORITY_KEYID),
70     ASN1_ITEM_ref(BASIC_CONSTRAINTS),
71     ASN1_ITEM_ref(BIGNUM),
72     ASN1_ITEM_ref(CBIGNUM),
73     ASN1_ITEM_ref(CERTIFICATEPOLICIES),
74 #ifndef OPENSSL_NO_CMS
75     ASN1_ITEM_ref(CMS_ContentInfo),
76     ASN1_ITEM_ref(CMS_ReceiptRequest),
77     ASN1_ITEM_ref(CRL_DIST_POINTS),
78 #endif
79 #ifndef OPENSSL_NO_DH
80     ASN1_ITEM_ref(DHparams),
81 #endif
82     ASN1_ITEM_ref(DIRECTORYSTRING),
83     ASN1_ITEM_ref(DISPLAYTEXT),
84     ASN1_ITEM_ref(DIST_POINT),
85     ASN1_ITEM_ref(DIST_POINT_NAME),
86 #ifndef OPENSSL_NO_EC
87     ASN1_ITEM_ref(ECPARAMETERS),
88     ASN1_ITEM_ref(ECPKPARAMETERS),
89 #endif
90     ASN1_ITEM_ref(EDIPARTYNAME),
91     ASN1_ITEM_ref(EXTENDED_KEY_USAGE),
92     ASN1_ITEM_ref(GENERAL_NAME),
93     ASN1_ITEM_ref(GENERAL_NAMES),
94     ASN1_ITEM_ref(GENERAL_SUBTREE),
95 #ifndef OPENSSL_NO_RFC3779
96     ASN1_ITEM_ref(IPAddressChoice),
97     ASN1_ITEM_ref(IPAddressFamily),
98     ASN1_ITEM_ref(IPAddressOrRange),
99     ASN1_ITEM_ref(IPAddressRange),
100 #endif
101     ASN1_ITEM_ref(ISSUING_DIST_POINT),
102     ASN1_ITEM_ref(LONG),
103     ASN1_ITEM_ref(NAME_CONSTRAINTS),
104     ASN1_ITEM_ref(NETSCAPE_CERT_SEQUENCE),
105     ASN1_ITEM_ref(NETSCAPE_SPKAC),
106     ASN1_ITEM_ref(NETSCAPE_SPKI),
107     ASN1_ITEM_ref(NOTICEREF),
108 #ifndef OPENSSL_NO_OCSP
109     ASN1_ITEM_ref(OCSP_BASICRESP),
110     ASN1_ITEM_ref(OCSP_CERTID),
111     ASN1_ITEM_ref(OCSP_CERTSTATUS),
112     ASN1_ITEM_ref(OCSP_CRLID),
113     ASN1_ITEM_ref(OCSP_ONEREQ),
114     ASN1_ITEM_ref(OCSP_REQINFO),
115     ASN1_ITEM_ref(OCSP_REQUEST),
116     ASN1_ITEM_ref(OCSP_RESPBYTES),
117     ASN1_ITEM_ref(OCSP_RESPDATA),
118     ASN1_ITEM_ref(OCSP_RESPID),
119     ASN1_ITEM_ref(OCSP_RESPONSE),
120     ASN1_ITEM_ref(OCSP_REVOKEDINFO),
121     ASN1_ITEM_ref(OCSP_SERVICELOC),
122     ASN1_ITEM_ref(OCSP_SIGNATURE),
123     ASN1_ITEM_ref(OCSP_SINGLERESP),
124 #endif
125     ASN1_ITEM_ref(OTHERNAME),
126     ASN1_ITEM_ref(PBE2PARAM),
127     ASN1_ITEM_ref(PBEPARAM),
128     ASN1_ITEM_ref(PBKDF2PARAM),
129     ASN1_ITEM_ref(PKCS12),
130     ASN1_ITEM_ref(PKCS12_AUTHSAFES),
131     ASN1_ITEM_ref(PKCS12_BAGS),
132     ASN1_ITEM_ref(PKCS12_MAC_DATA),
133     ASN1_ITEM_ref(PKCS12_SAFEBAG),
134     ASN1_ITEM_ref(PKCS12_SAFEBAGS),
135     ASN1_ITEM_ref(PKCS7),
136     ASN1_ITEM_ref(PKCS7_ATTR_SIGN),
137     ASN1_ITEM_ref(PKCS7_ATTR_VERIFY),
138     ASN1_ITEM_ref(PKCS7_DIGEST),
139     ASN1_ITEM_ref(PKCS7_ENC_CONTENT),
140     ASN1_ITEM_ref(PKCS7_ENCRYPT),
141     ASN1_ITEM_ref(PKCS7_ENVELOPE),
142     ASN1_ITEM_ref(PKCS7_ISSUER_AND_SERIAL),
143     ASN1_ITEM_ref(PKCS7_RECIP_INFO),
144     ASN1_ITEM_ref(PKCS7_SIGNED),
145     ASN1_ITEM_ref(PKCS7_SIGN_ENVELOPE),
146     ASN1_ITEM_ref(PKCS7_SIGNER_INFO),
147     ASN1_ITEM_ref(PKCS8_PRIV_KEY_INFO),
148     ASN1_ITEM_ref(PKEY_USAGE_PERIOD),
149     ASN1_ITEM_ref(POLICY_CONSTRAINTS),
150     ASN1_ITEM_ref(POLICYINFO),
151     ASN1_ITEM_ref(POLICY_MAPPING),
152     ASN1_ITEM_ref(POLICY_MAPPINGS),
153     ASN1_ITEM_ref(POLICYQUALINFO),
154     ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION),
155     ASN1_ITEM_ref(PROXY_POLICY),
156     ASN1_ITEM_ref(RSA_OAEP_PARAMS),
157     ASN1_ITEM_ref(RSAPrivateKey),
158     ASN1_ITEM_ref(RSA_PSS_PARAMS),
159     ASN1_ITEM_ref(RSAPublicKey),
160     ASN1_ITEM_ref(SXNET),
161     ASN1_ITEM_ref(SXNETID),
162     /*ASN1_ITEM_ref(TS_RESP),  want to do this, but type is hidden, however d2i exists... */
163     ASN1_ITEM_ref(USERNOTICE),
164     ASN1_ITEM_ref(X509),
165     ASN1_ITEM_ref(X509_ALGOR),
166     ASN1_ITEM_ref(X509_ALGORS),
167     ASN1_ITEM_ref(X509_ATTRIBUTE),
168     ASN1_ITEM_ref(X509_CERT_AUX),
169     ASN1_ITEM_ref(X509_CINF),
170     ASN1_ITEM_ref(X509_CRL),
171     ASN1_ITEM_ref(X509_CRL_INFO),
172     ASN1_ITEM_ref(X509_EXTENSION),
173     ASN1_ITEM_ref(X509_EXTENSIONS),
174     ASN1_ITEM_ref(X509_NAME),
175     ASN1_ITEM_ref(X509_NAME_ENTRY),
176     ASN1_ITEM_ref(X509_PUBKEY),
177     ASN1_ITEM_ref(X509_REQ),
178     ASN1_ITEM_ref(X509_REQ_INFO),
179     ASN1_ITEM_ref(X509_REVOKED),
180     ASN1_ITEM_ref(X509_SIG),
181     ASN1_ITEM_ref(X509_VAL),
182     ASN1_ITEM_ref(ZLONG),
183     NULL
184 };
185 
186 int FuzzerInitialize(int *argc, char ***argv) {
187     return 1;
188 }
189 
190 int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
191     int n;
192 
193     ASN1_PCTX *pctx = ASN1_PCTX_new();
194 
195     ASN1_PCTX_set_flags(pctx, ASN1_PCTX_FLAGS_SHOW_ABSENT |
196         ASN1_PCTX_FLAGS_SHOW_SEQUENCE | ASN1_PCTX_FLAGS_SHOW_SSOF |
197         ASN1_PCTX_FLAGS_SHOW_TYPE | ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME);
198     ASN1_PCTX_set_str_flags(pctx, ASN1_STRFLGS_UTF8_CONVERT |
199         ASN1_STRFLGS_SHOW_TYPE | ASN1_STRFLGS_DUMP_ALL);
200 
201     for (n = 0; item_type[n] != NULL; ++n) {
202         const uint8_t *b = buf;
203         unsigned char *der = NULL;
204         const ASN1_ITEM *i = ASN1_ITEM_ptr(item_type[n]);
205         ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, i);
206 
207         if (o != NULL) {
208             BIO *bio = BIO_new(BIO_s_null());
209             ASN1_item_print(bio, o, 4, i, pctx);
210             BIO_free(bio);
211 
212             ASN1_item_i2d(o, &der, i);
213             OPENSSL_free(der);
214 
215             ASN1_item_free(o, i);
216         }
217     }
218 
219     ASN1_PCTX_free(pctx);
220 
221     return 0;
222 }
223