From e493a3f37da4da101faa88b4afc50304286ed0b6 Mon Sep 17 00:00:00 2001 From: Justin Smith Date: Tue, 10 Dec 2024 10:28:47 -0500 Subject: [PATCH] Add fuzz test for PKCS7_verify --- fuzz/CMakeLists.txt | 1 + fuzz/pkcs7_verify.cc | 85 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 fuzz/pkcs7_verify.cc diff --git a/fuzz/CMakeLists.txt b/fuzz/CMakeLists.txt index f10022ad783..6b1cebb00d0 100644 --- a/fuzz/CMakeLists.txt +++ b/fuzz/CMakeLists.txt @@ -29,6 +29,7 @@ fuzzer(ocsp) fuzzer(ocsp_http) fuzzer(ocsp_parse_url) fuzzer(pkcs12) +fuzzer(pkcs7_verify) fuzzer(pkcs8) fuzzer(pkcs8_v2) fuzzer(privkey) diff --git a/fuzz/pkcs7_verify.cc b/fuzz/pkcs7_verify.cc new file mode 100644 index 00000000000..e10a25df70c --- /dev/null +++ b/fuzz/pkcs7_verify.cc @@ -0,0 +1,85 @@ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC + +#include +#include + +#include +#include +#include +#include +#include +#include + +const char *amazon_ca_cert = "-----BEGIN CERTIFICATE-----" + "MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF\n" + "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n" + "b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL\n" + "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\n" + "b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK\n" + "gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ\n" + "W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg\n" + "1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K\n" + "8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r\n" + "2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me\n" + "z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR\n" + "8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj\n" + "mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz\n" + "7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6\n" + "+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI\n" + "0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB\n" + "Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm\n" + "UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2\n" + "LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY\n" + "+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS\n" + "k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl\n" + "7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm\n" + "btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl\n" + "urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+\n" + "fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63\n" + "n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE\n" + "76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H\n" + "9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT\n" + "4PsJYGw=\n" + "-----END CERTIFICATE-----\n"; + +OPENSSL_BEGIN_ALLOW_DEPRECATED +extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + BIO* bio_amazon = nullptr; + X509* amazon_cert = nullptr; + X509_STORE* store = nullptr; + STACK_OF(X509)* certs = nullptr; + PKCS7* pkcs7(d2i_PKCS7(nullptr, &buf, len)); + if (!pkcs7) { + goto end; + } + bio_amazon = BIO_new_mem_buf(amazon_ca_cert, strlen(amazon_ca_cert)); + if (!bio_amazon) { + goto end; + } + amazon_cert = + PEM_read_bio_X509(bio_amazon, nullptr, nullptr, nullptr); + store = X509_STORE_new(); + if (!store) { + goto end; + } + if (!X509_STORE_add_cert(store, X509_dup(amazon_cert))) { + goto end; + } + certs = sk_X509_new_null(); + if (!sk_X509_unshift(certs, amazon_cert)) { + goto end; + } + amazon_cert = nullptr; + + PKCS7_verify(pkcs7, certs, store, nullptr, nullptr, 0); + +end: + BIO_free(bio_amazon); + X509_free(amazon_cert); + X509_STORE_free(store); + sk_X509_free(certs); + PKCS7_free(pkcs7); + return 0; +} +OPENSSL_END_ALLOW_DEPRECATED