diff options
Diffstat (limited to 'fuzz/libtasn1_gnutls_der_fuzzer.c')
| -rw-r--r-- | fuzz/libtasn1_gnutls_der_fuzzer.c | 189 |
1 files changed, 189 insertions, 0 deletions
diff --git a/fuzz/libtasn1_gnutls_der_fuzzer.c b/fuzz/libtasn1_gnutls_der_fuzzer.c new file mode 100644 index 0000000..a5e6b9e --- /dev/null +++ b/fuzz/libtasn1_gnutls_der_fuzzer.c @@ -0,0 +1,189 @@ +/* + * Copyright(c) 2019 Free Software Foundation, Inc. + * + * This file is part of libtasn1. + * + * Libtasn1 is free software: you can redistribute it and/or modify + * it under the terms of the GNU Lesser General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * Libtasn1 is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public License + * along with libtasn1. If not, see <https://www.gnu.org/licenses/>. + * + * This fuzzer is testing arbitrary DER input data with GnuTLS's ASN.1 definition (lib/gnutls.asn). + * So, any issues found here likely have a real world impact on every software using libgnutls. + */ + +#include <config.h> + +#include <assert.h> /* assert */ +#include <stdlib.h> /* malloc, free */ +#include <string.h> /* strcmp, memcpy */ + +#include "libtasn1.h" +#include "fuzzer.h" + +/* + * This is a ASN.1 definition array used by GnuTLS. + * It is created from lib/gnutls.asn over at the GnuTLS project. + */ +const asn1_static_node gnutls_asn1_tab[] = { + {"GNUTLS", 536872976, NULL}, + {NULL, 1073741836, NULL}, + {"RSAPublicKey", 1610612741, NULL}, + {"modulus", 1073741827, NULL}, + {"publicExponent", 3, NULL}, + {"RSAPrivateKey", 1610612741, NULL}, + {"version", 1073741827, NULL}, + {"modulus", 1073741827, NULL}, + {"publicExponent", 1073741827, NULL}, + {"privateExponent", 1073741827, NULL}, + {"prime1", 1073741827, NULL}, + {"prime2", 1073741827, NULL}, + {"exponent1", 1073741827, NULL}, + {"exponent2", 1073741827, NULL}, + {"coefficient", 1073741827, NULL}, + {"otherPrimeInfos", 16386, "OtherPrimeInfos"}, + {"ProvableSeed", 1610612741, NULL}, + {"algorithm", 1073741836, NULL}, + {"seed", 7, NULL}, + {"OtherPrimeInfos", 1612709899, NULL}, + {"MAX", 1074266122, "1"}, + {NULL, 2, "OtherPrimeInfo"}, + {"OtherPrimeInfo", 1610612741, NULL}, + {"prime", 1073741827, NULL}, + {"exponent", 1073741827, NULL}, + {"coefficient", 3, NULL}, + {"AlgorithmIdentifier", 1610612741, NULL}, + {"algorithm", 1073741836, NULL}, + {"parameters", 541081613, NULL}, + {"algorithm", 1, NULL}, + {"DigestInfo", 1610612741, NULL}, + {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, + {"digest", 7, NULL}, + {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, + {"DSAPublicKey", 1073741827, NULL}, + {"DSAParameters", 1610612741, NULL}, + {"p", 1073741827, NULL}, + {"q", 1073741827, NULL}, + {"g", 3, NULL}, + {"DSASignatureValue", 1610612741, NULL}, + {"r", 1073741827, NULL}, + {"s", 3, NULL}, + {"DSAPrivateKey", 1610612741, NULL}, + {"version", 1073741827, NULL}, + {"p", 1073741827, NULL}, + {"q", 1073741827, NULL}, + {"g", 1073741827, NULL}, + {"Y", 1073741827, NULL}, + {"priv", 3, NULL}, + {"DHParameter", 1610612741, NULL}, + {"prime", 1073741827, NULL}, + {"base", 1073741827, NULL}, + {"privateValueLength", 16387, NULL}, + {"ECParameters", 1610612754, NULL}, + {"namedCurve", 12, NULL}, + {"ECPrivateKey", 1610612741, NULL}, + {"Version", 1073741827, NULL}, + {"privateKey", 1073741831, NULL}, + {"parameters", 1610637314, "ECParameters"}, + {NULL, 2056, "0"}, + {"publicKey", 536895494, NULL}, + {NULL, 2056, "1"}, + {"PrincipalName", 1610612741, NULL}, + {"name-type", 1610620931, NULL}, + {NULL, 2056, "0"}, + {"name-string", 536879115, NULL}, + {NULL, 1073743880, "1"}, + {NULL, 27, NULL}, + {"KRB5PrincipalName", 1610612741, NULL}, + {"realm", 1610620955, NULL}, + {NULL, 2056, "0"}, + {"principalName", 536879106, "PrincipalName"}, + {NULL, 2056, "1"}, + {"RSAPSSParameters", 1610612741, NULL}, + {"hashAlgorithm", 1610637314, "AlgorithmIdentifier"}, + {NULL, 2056, "0"}, + {"maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"}, + {NULL, 2056, "1"}, + {"saltLength", 1610653699, NULL}, + {NULL, 1073741833, "20"}, + {NULL, 2056, "2"}, + {"trailerField", 536911875, NULL}, + {NULL, 1073741833, "1"}, + {NULL, 2056, "3"}, + {"GOSTParameters", 1610612741, NULL}, + {"publicKeyParamSet", 1073741836, NULL}, + {"digestParamSet", 1073741836, NULL}, + {"encryptionParamSet", 16396, NULL}, + {"GOSTPrivateKey", 1073741831, NULL}, + {"GOSTPrivateKeyOld", 3, NULL}, + {NULL, 0, NULL} +}; + +int +LLVMFuzzerTestOneInput (const uint8_t * data, size_t size) +{ + static asn1_node _gnutls_gnutls_asn = NULL; + static int first = 1; + asn1_node dn; + int res; + + if (size > 10000) /* same as max_len = 10000 in .options file */ + return 0; + + if (first) + { + first = 0; + + /* from _gnutls_global_init() */ + res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); + assert (res == ASN1_SUCCESS); + } + + /* from gnutls_dh_params_import_pkcs3() */ + if ((res = + asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.DHParameter", + &dn)) == ASN1_SUCCESS) + { + /* from cert_get_issuer_dn() */ + res = asn1_der_decoding (&dn, data, size, NULL); + asn1_delete_structure (&dn); + } + + /* from _gnutls_x509_write_gost_params() */ + if ((res = + asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.GOSTParameters", + &dn)) == ASN1_SUCCESS) + { + if ((res = + asn1_write_value (dn, "digestParamSet", "1.2.643.7.1.1.2.2", + 1)) == ASN1_SUCCESS) + { + /* from cert_get_issuer_dn() */ + res = asn1_der_decoding (&dn, data, size, NULL); + + /* from _gnutls_x509_der_encode() */ + int dersize = 0; + if ((res = + asn1_der_coding (dn, "", NULL, &dersize, + NULL)) == ASN1_MEM_ERROR) + { + void *der = malloc (dersize); + assert (der); + res = asn1_der_coding (dn, "", der, &dersize, NULL); + free (der); + } + } + + asn1_delete_structure (&dn); + } + + return 0; +} |