fuzz: Add fuzzing targets for OCSP requests/responses

fuzz/.gitignore

@@ -1,5 +1,7 @@
 fuzz_certs
 fuzz_crls
+fuzz_ocsp_req
+fuzz_ocsp_rsp
 fuzz_ids
 fuzz_pa_tnc
 fuzz_pb_tnc

fuzz/Makefile.am

@@ -25,7 +25,8 @@ pb_tnc_ldflags = \
 	$(top_builddir)/src/libtncif/.libs/libtncif.a \
 	$(fuzz_ldflags)
 
-FUZZ_TARGETS=fuzz_certs fuzz_crls fuzz_ids fuzz_pa_tnc fuzz_pb_tnc
+FUZZ_TARGETS=fuzz_certs fuzz_crls fuzz_ocsp_req fuzz_ocsp_rsp \
+	fuzz_ids fuzz_pa_tnc fuzz_pb_tnc
 
 all-local: $(FUZZ_TARGETS)
 
@@ -37,6 +38,12 @@ fuzz_certs: fuzz_certs.c ${libfuzzer}
 fuzz_crls: fuzz_crls.c ${libfuzzer}
 	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 
+fuzz_ocsp_req: fuzz_ocsp_req.c ${libfuzzer}
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
+fuzz_ocsp_rsp: fuzz_ocsp_rsp.c ${libfuzzer}
+	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
+
 fuzz_ids: fuzz_ids.c ${libfuzzer}
 	$(CC) $(AM_CPPFLAGS) $(CFLAGS) -o $@ $< $(fuzz_ldflags)
 

fuzz/fuzz_ocsp_req.c

@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2023 Tobias Brunner
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <utils/debug.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+	certificate_t *cert;
+	chunk_t chunk;
+
+	dbg_default_set_level(-1);
+	library_init(NULL, "fuzz_ocsp_req");
+	plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
+	if (!lib->plugins->load(lib->plugins, PLUGINS))
+	{
+		return 1;
+	}
+
+	chunk = chunk_create((u_char*)buf, len);
+	cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_REQUEST,
+							  BUILD_BLOB, chunk, BUILD_END);
+	DESTROY_IF(cert);
+
+	lib->plugins->unload(lib->plugins);
+	library_deinit();
+	return 0;
+}

fuzz/fuzz_ocsp_rsp.c

@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2023 Tobias Brunner
+ *
+ * Copyright (C) secunet Security Networks AG
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include <library.h>
+#include <utils/debug.h>
+
+int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
+{
+	certificate_t *cert;
+	chunk_t chunk;
+
+	dbg_default_set_level(-1);
+	library_init(NULL, "fuzz_ocsp_rsp");
+	plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
+	if (!lib->plugins->load(lib->plugins, PLUGINS))
+	{
+		return 1;
+	}
+
+	chunk = chunk_create((u_char*)buf, len);
+	cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509_OCSP_RESPONSE,
+							  BUILD_BLOB, chunk, BUILD_END);
+	DESTROY_IF(cert);
+
+	lib->plugins->unload(lib->plugins);
+	library_deinit();
+	return 0;
+}