astarasikov/diff_openssl_x509_fuzzer_chain_pass.diff

## diff_openssl_x509_fuzzer_chain_pass.diff
diff --git a/fuzz/helper.py b/fuzz/helper.py
index 9185b17228..e1747b8eea 100755
--- a/fuzz/helper.py
+++ b/fuzz/helper.py
@@ -43,7 +43,7 @@ def main():
     _create(FUZZER + "-crash")
     _add(FUZZER + "-seed")

-    cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))]  + sys.argv[2:]
+    cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + ["-use_value_profile=1 "] + ["-entropic=1 "] + ["-max_len=60240" ] + sys.argv[2:]
            + ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
     print(" ".join(cmd))
     subprocess.call(cmd)
diff --git a/fuzz/x509.c b/fuzz/x509.c
index 78061d176a..212f56fbd0 100644
--- a/fuzz/x509.c
+++ b/fuzz/x509.c
@@ -23,6 +23,26 @@ int FuzzerInitialize(int *argc, char ***argv)
     return 1;
 }

+static void test_self_signed(X509 *cert, int use_trusted)
+{
+    STACK_OF(X509) *trusted = sk_X509_new_null();
+    X509_STORE_CTX *ctx = X509_STORE_CTX_new();
+
+    X509_self_signed(cert, 1);
+
+    if (cert != NULL) {
+        if (use_trusted)
+            sk_X509_push(trusted, cert);
+	X509_STORE_CTX_init(ctx, NULL, cert, NULL);
+        X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
+        X509_verify_cert(ctx);
+    }
+
+    X509_STORE_CTX_free(ctx);
+    sk_X509_free(trusted);
+}
+
+
 int FuzzerTestOneInput(const uint8_t *buf, size_t len)
 {
     const unsigned char *p = buf;
@@ -36,6 +56,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
         BIO_free(bio);

         X509_issuer_and_serial_hash(x509);
+        test_self_signed(x509, 1);
+        test_self_signed(x509, 0);

         i2d_X509(x509, &der);
         OPENSSL_free(der);
	diff --git a/fuzz/helper.py b/fuzz/helper.py
	index 9185b17228..e1747b8eea 100755
	--- a/fuzz/helper.py
	+++ b/fuzz/helper.py
	@@ -43,7 +43,7 @@ def main():
	_create(FUZZER + "-crash")
	_add(FUZZER + "-seed")

	- cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + sys.argv[2:]
	+ cmd = ([os.path.abspath(os.path.join(THIS_DIR, FUZZER))] + ["-use_value_profile=1 "] + ["-entropic=1 "] + ["-max_len=60240" ] + sys.argv[2:]
	+ ["-artifact_prefix=" + corpora[1] + "/"] + corpora)
	print(" ".join(cmd))
	subprocess.call(cmd)
	diff --git a/fuzz/x509.c b/fuzz/x509.c
	index 78061d176a..212f56fbd0 100644
	--- a/fuzz/x509.c
	+++ b/fuzz/x509.c
	@@ -23,6 +23,26 @@ int FuzzerInitialize(int argc, char **argv)
	return 1;
	}

	+static void test_self_signed(X509 *cert, int use_trusted)
	+{
	+ STACK_OF(X509) *trusted = sk_X509_new_null();
	+ X509_STORE_CTX *ctx = X509_STORE_CTX_new();
	+
	+ X509_self_signed(cert, 1);
	+
	+ if (cert != NULL) {
	+ if (use_trusted)
	+ sk_X509_push(trusted, cert);
	+ X509_STORE_CTX_init(ctx, NULL, cert, NULL);
	+ X509_STORE_CTX_set0_trusted_stack(ctx, trusted);
	+ X509_verify_cert(ctx);
	+ }
	+
	+ X509_STORE_CTX_free(ctx);
	+ sk_X509_free(trusted);
	+}
	+
	+
	int FuzzerTestOneInput(const uint8_t *buf, size_t len)
	{
	const unsigned char *p = buf;
	@@ -36,6 +56,8 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
	BIO_free(bio);

	X509_issuer_and_serial_hash(x509);
	+ test_self_signed(x509, 1);
	+ test_self_signed(x509, 0);

	i2d_X509(x509, &der);
	OPENSSL_free(der);