diff options
| author | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-03-24 10:33:16 +0100 |
|---|---|---|
| committer | Dr. David von Oheimb <David.von.Oheimb@siemens.com> | 2020-04-18 19:54:17 +0200 |
| commit | e599d0aecd3e9419d1558628cb42db9cf0fa5fd0 (patch) | |
| tree | 09744b062a8d0f7f04251f1e13ee7deaee5ccf38 /crypto/cmp/cmp_vfy.c | |
| parent | a81151bd56d55d52c40865f2f135355a2164062e (diff) | |
Add CMP fuzzing to fuzz/cmp.c, including a couple of helpers in crypto/cmp/
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11386)
Diffstat (limited to 'crypto/cmp/cmp_vfy.c')
| -rw-r--r-- | crypto/cmp/cmp_vfy.c | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/crypto/cmp/cmp_vfy.c b/crypto/cmp/cmp_vfy.c index 1ee1b3325e..137b65b06b 100644 --- a/crypto/cmp/cmp_vfy.c +++ b/crypto/cmp/cmp_vfy.c @@ -700,26 +700,34 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, /* detect explicitly permitted exceptions for invalid protection */ if (!OSSL_CMP_validate_msg(ctx, msg) && (cb == NULL || (*cb)(ctx, msg, 1, cb_arg) <= 0)) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_ERROR_VALIDATING_PROTECTION); return -1; +#endif } } else { /* detect explicitly permitted exceptions for missing protection */ if (cb == NULL || (*cb)(ctx, msg, 0, cb_arg) <= 0) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_MISSING_PROTECTION); return -1; +#endif } } /* check CMP version number in header */ if (ossl_cmp_hdr_get_pvno(OSSL_CMP_MSG_get0_header(msg)) != OSSL_CMP_PVNO) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_UNEXPECTED_PVNO); return -1; +#endif } if ((rcvd_type = ossl_cmp_msg_get_bodytype(msg)) < 0) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_PKIBODY_ERROR); return -1; +#endif } /* compare received transactionID with the expected one in previous msg */ @@ -727,8 +735,10 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, && (msg->header->transactionID == NULL || ASN1_OCTET_STRING_cmp(ctx->transactionID, msg->header->transactionID) != 0)) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_TRANSACTIONID_UNMATCHED); return -1; +#endif } /* compare received nonce with the one we sent */ @@ -736,8 +746,10 @@ int ossl_cmp_msg_check_received(OSSL_CMP_CTX *ctx, const OSSL_CMP_MSG *msg, && (msg->header->recipNonce == NULL || ASN1_OCTET_STRING_cmp(ctx->senderNonce, msg->header->recipNonce) != 0)) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION CMPerr(0, CMP_R_RECIPNONCE_UNMATCHED); return -1; +#endif } /* @@ -776,19 +788,27 @@ int ossl_cmp_verify_popo(const OSSL_CMP_MSG *msg, int accept_RAVerified) { X509_REQ *req = msg->body->value.p10cr; - if (X509_REQ_verify(req, X509_REQ_get0_pubkey(req)) > 0) - return 1; - CMPerr(0, CMP_R_REQUEST_NOT_ACCEPTED); - return 0; + if (X509_REQ_verify(req, X509_REQ_get0_pubkey(req)) <= 0) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + CMPerr(0, CMP_R_REQUEST_NOT_ACCEPTED); + return 0; +#endif + } } + break; case OSSL_CMP_PKIBODY_IR: case OSSL_CMP_PKIBODY_CR: case OSSL_CMP_PKIBODY_KUR: - return OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, - OSSL_CMP_CERTREQID, - accept_RAVerified); + if (!OSSL_CRMF_MSGS_verify_popo(msg->body->value.ir, OSSL_CMP_CERTREQID, + accept_RAVerified)) { +#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION + return 0; +#endif + } + break; default: CMPerr(0, CMP_R_PKIBODY_ERROR); return 0; } + return 1; } |