astarasikov · November 3, 2022 15:56
diff --git a/diff_openssl_x509_fuzzer_chain_pass.diff b/diff_openssl_x509_fuzzer_chain_pass.diff
 diff --git a/fuzz/helper.py b/fuzz/helper.py
 index 9185b17228..e1747b8eea 100755
 --- a/fuzz/helper.py
 +++ b/fuzz/helper.py
 @@ -43,7 +43,7 @@ def main():
     _create(FUZZER + "-crash")
     _add(FUZZER + "-seed")
 
 -    cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))]  + sys.argv[2:]
 +    cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + ["-use_value_profile=1 "] + ["-entropic=1 "] + ["-max_len=60240" ] + sys.argv[2:]
            + ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
     print(" ".join(cmd))
     subprocess.call(cmd)
 diff --git a/fuzz/x509.c b/fuzz/x509.c
 index 78061d176a..212f56fbd0 100644
 --- a/fuzz/x509.c
 +++ b/fuzz/x509.c
 @@ -23,6 +23,26 @@ int FuzzerInitialize(int *argc, char ***argv)
     return 1;
 }
 
 +static void test_self_signed(X509 *cert, int use_trusted)
 +{
 +    STACK_OF(X509) *trusted = sk_X509_new_null();
 +    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
 +
 +    X509_self_signed(cert, 1);
 +
 +    if (cert != NULL) {
 +        if (use_trusted)
 +            sk_X509_push(trusted, cert);
 +	X509_STORE_CTX_init(ctx, NULL, cert, NULL);
 +        X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
 +        X509_verify_cert(ctx);
 +    }
 +
 +    X509_STORE_CTX_free(ctx);
 +    sk_X509_free(trusted);
 +}
 +
 +
 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
     const unsigned char *p = buf;
 @@ -36,6 +56,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         BIO_free(bio);
 
         X509_issuer_and_serial_hash(x509);
 +        test_self_signed(x509, 1);
 +        test_self_signed(x509, 0);
 
         i2d_X509(x509, &der);
         OPENSSL_free(der);
	diff --git a/fuzz/helper.py b/fuzz/helper.py
	index 9185b17228..e1747b8eea 100755
	--- a/fuzz/helper.py
	+++ b/fuzz/helper.py
	@@ -43,7 +43,7 @@ def main():
	_create(FUZZER + "-crash")
	_add(FUZZER + "-seed")

	- cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:]
	+ cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + ["-use_value_profile=1 "] + ["-entropic=1 "] + ["-max_len=60240" ] + sys.argv[2:]
	+ ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
	print(" ".join(cmd))
	subprocess.call(cmd)
	diff --git a/fuzz/x509.c b/fuzz/x509.c
	index 78061d176a..212f56fbd0 100644
	--- a/fuzz/x509.c
	+++ b/fuzz/x509.c
	@@ -23,6 +23,26 @@ int FuzzerInitialize(int argc, char **argv)
	return 1;
	}

	+static void test_self_signed(X509 *cert, int use_trusted)
	+{
	+ STACK_OF(X509) *trusted = sk_X509_new_null();
	+ X509_STORE_CTX *ctx = X509_STORE_CTX_new();
	+
	+ X509_self_signed(cert, 1);
	+
	+ if (cert != NULL) {
	+ if (use_trusted)
	+ sk_X509_push(trusted, cert);
	+ X509_STORE_CTX_init(ctx, NULL, cert, NULL);
	+ X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
	+ X509_verify_cert(ctx);
	+ }
	+
	+ X509_STORE_CTX_free(ctx);
	+ sk_X509_free(trusted);
	+}
	+
	+
	int FuzzerTestOneInput(const uint8_t *buf, size_t len)
	{
	const unsigned char *p = buf;
	@@ -36,6 +56,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
	BIO_free(bio);

	X509_issuer_and_serial_hash(x509);
	+ test_self_signed(x509, 1);
	+ test_self_signed(x509, 0);

	i2d_X509(x509, &der);
	OPENSSL_free(der);