From d10b020e2e389f4e5f5c84ce8d4512536dd3027a Mon Sep 17 00:00:00 2001
From: Damian Hobson-Garcia <dhobsong@igel.co.jp>
Date: Tue, 4 Apr 2023 14:52:56 -0400
Subject: fuzz: Add attribute certificate fuzz test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
---
 fuzz/acert.c    | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 fuzz/build.info | 12 ++++++++++--
 fuzz/corpora    |  2 +-
 3 files changed, 59 insertions(+), 3 deletions(-)
 create mode 100644 fuzz/acert.c

(limited to 'fuzz')

diff --git a/fuzz/acert.c b/fuzz/acert.c
new file mode 100644
index 0000000000..542e793f9f
--- /dev/null
+++ b/fuzz/acert.c
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * https://www.openssl.org/source/license.html
+ * or in the file LICENSE in the source distribution.
+ */
+
+#include <openssl/x509_acert.h>
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/rand.h>
+#include "fuzzer.h"
+
+int FuzzerInitialize(int *argc, char ***argv)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+    ERR_clear_error();
+    CRYPTO_free_ex_index(0, -1);
+    return 1;
+}
+
+int FuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+    const unsigned char *p = buf;
+    unsigned char *der = NULL;
+
+    X509_ACERT *acert = d2i_X509_ACERT(NULL, &p, len);
+    if (acert != NULL) {
+        BIO *bio = BIO_new(BIO_s_null());
+
+        X509_ACERT_print(bio, acert);
+        BIO_free(bio);
+
+        i2d_X509_ACERT(acert, &der);
+        OPENSSL_free(der);
+
+        X509_ACERT_free(acert);
+    }
+    ERR_clear_error();
+    return 0;
+}
+
+void FuzzerCleanup(void)
+{
+}
diff --git a/fuzz/build.info b/fuzz/build.info
index 0a7b047898..dde0e811f5 100644
--- a/fuzz/build.info
+++ b/fuzz/build.info
@@ -10,7 +10,7 @@
 
 IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
   PROGRAMS{noinst}=asn1 asn1parse bignum bndiv client conf crl server smime
-  PROGRAMS{noinst}=punycode pem decoder hashtable
+  PROGRAMS{noinst}=punycode pem decoder hashtable acert
   PROGRAMS{noinst}=v3name
 
   IF[{- !$disabled{"cmp"} -}]
@@ -97,6 +97,10 @@ IF[{- !$disabled{"fuzz-afl"} || !$disabled{"fuzz-libfuzzer"} -}]
   INCLUDE[hashtable]=../include {- $ex_inc -}
   DEPEND[hashtable]=../libcrypto {- $ex_lib -}
 
+  SOURCE[acert]=acert.c driver.c
+  INCLUDE[acert]=../include {- $ex_inc -}
+  DEPEND[acert]=../libcrypto {- $ex_lib -}
+
   SOURCE[punycode]=punycode.c driver.c
   INCLUDE[punycode]=../include {- $ex_inc -}
   DEPEND[punycode]=../libcrypto.a {- $ex_lib -}
@@ -136,7 +140,7 @@ ENDIF
 
 IF[{- !$disabled{tests} -}]
   PROGRAMS{noinst}=asn1-test asn1parse-test bignum-test bndiv-test client-test conf-test crl-test server-test smime-test
-  PROGRAMS{noinst}=punycode-test pem-test decoder-test hashtable-test
+  PROGRAMS{noinst}=punycode-test pem-test decoder-test hashtable-test acert-test
   PROGRAMS{noinst}=v3name-test
 
   IF[{- !$disabled{"cmp"} -}]
@@ -225,6 +229,10 @@ IF[{- !$disabled{tests} -}]
   INCLUDE[hashtable-test]=../include
   DEPEND[hashtable-test]=../libcrypto.a
 
+  SOURCE[acert-test]=acert.c test-corpus.c
+  INCLUDE[acert-test]=../include
+  DEPEND[acert-test]=../libcrypto
+
   SOURCE[punycode-test]=punycode.c test-corpus.c
   INCLUDE[punycode-test]=../include
   DEPEND[punycode-test]=../libcrypto.a
diff --git a/fuzz/corpora b/fuzz/corpora
index 39aa3842a9..9f76670613 160000
--- a/fuzz/corpora
+++ b/fuzz/corpora
@@ -1 +1 @@
-Subproject commit 39aa3842a915cd909bf422bb70b70e80f19e858f
+Subproject commit 9f7667061314ecf9a287ce1c9702073ca1e345e3
-- 
cgit v1.2.3