Add fuzz test for PKCS7_verify

fuzz/CMakeLists.txt

@@ -29,6 +29,7 @@ fuzzer(ocsp)
 fuzzer(ocsp_http)
 fuzzer(ocsp_parse_url)
 fuzzer(pkcs12)
+fuzzer(pkcs7_verify)
 fuzzer(pkcs8)
 fuzzer(pkcs8_v2)
 fuzzer(privkey)

fuzz/pkcs7_verify.cc

@@ -0,0 +1,85 @@
+// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+// SPDX-License-Identifier: Apache-2.0 OR ISC
+
+#include <cstdint>
+#include <cstring>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+#include <openssl/pkcs7.h>
+#include <openssl/rsa.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+
+const char *amazon_ca_cert = "-----BEGIN CERTIFICATE-----"
+  "MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwF\n"
+  "ADA5MQswCQYDVQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6\n"
+  "b24gUm9vdCBDQSAyMB4XDTE1MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTEL\n"
+  "MAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZMBcGA1UEAxMQQW1hem9uIFJv\n"
+  "b3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK2Wny2cSkxK\n"
+  "gXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4kHbZ\n"
+  "W0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg\n"
+  "1dKmSYXpN+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K\n"
+  "8nu+NQWpEjTj82R0Yiw9AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r\n"
+  "2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvdfLC6HM783k81ds8P+HgfajZRRidhW+me\n"
+  "z/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAExkv8LV/SasrlX6avvDXbR\n"
+  "8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSSbtqDT6Zj\n"
+  "mUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz\n"
+  "7Mt0Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6\n"
+  "+XUyo05f7O0oYtlNc/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI\n"
+  "0u1ufm8/0i2BWSlmy5A5lREedCf+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMB\n"
+  "Af8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSwDPBMMPQFWAJI/TPlUq9LhONm\n"
+  "UjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oAA7CXDpO8Wqj2\n"
+  "LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY\n"
+  "+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kS\n"
+  "k5Nrp+gvU5LEYFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl\n"
+  "7uxMMne0nxrpS10gxdr9HIcWxkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygm\n"
+  "btmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQgj9sAq+uEjonljYE1x2igGOpm/Hl\n"
+  "urR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbWaQbLU8uz/mtBzUF+\n"
+  "fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoVYh63\n"
+  "n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE\n"
+  "76KlXIx3KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H\n"
+  "9jVlpNMKVv/1F2Rs76giJUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT\n"
+  "4PsJYGw=\n"
+  "-----END CERTIFICATE-----\n";
+
+OPENSSL_BEGIN_ALLOW_DEPRECATED
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) {
+  BIO* bio_amazon = nullptr;
+  X509* amazon_cert = nullptr;
+  X509_STORE* store = nullptr;
+  STACK_OF(X509)* certs = nullptr;
+  PKCS7* pkcs7(d2i_PKCS7(nullptr, &buf, len));
+  if (!pkcs7) {
+    goto end;
+  }
+  bio_amazon = BIO_new_mem_buf(amazon_ca_cert, strlen(amazon_ca_cert));
+  if (!bio_amazon) {
+    goto end;
+  }
+  amazon_cert =
+      PEM_read_bio_X509(bio_amazon, nullptr, nullptr, nullptr);
+  store = X509_STORE_new();
+  if (!store) {
+    goto end;
+  }
+  if (!X509_STORE_add_cert(store, X509_dup(amazon_cert))) {
+    goto end;
+  }
+  certs = sk_X509_new_null();
+  if (!sk_X509_unshift(certs, amazon_cert)) {
+    goto end;
+  }
+  amazon_cert = nullptr;
+
+  PKCS7_verify(pkcs7, certs, store, nullptr, nullptr, 0);
+
+end:
+  BIO_free(bio_amazon);
+  X509_free(amazon_cert);
+  X509_STORE_free(store);
+  sk_X509_free(certs);
+  PKCS7_free(pkcs7);
+  return 0;
+}
+OPENSSL_END_ALLOW_DEPRECATED