/src/botan/src/fuzzer/pkcs1.cpp

Source
/*
* (C) 2015,2016 Jack Lloyd
*
* Botan is released under the Simplified BSD License (see license.txt)
*/

#include "fuzzers.h"

#include <botan/hex.h>
#include <botan/internal/eme_pkcs.h>

namespace {

std::vector<uint8_t> simple_pkcs1_unpad(const uint8_t in[], size_t len) {
   if(len < 10) {
      throw Botan::Decoding_Error("bad len");
   }

   if(in[0] != 0 || in[1] != 2) {
      throw Botan::Decoding_Error("bad header field");
   }

   for(size_t i = 2; i < len; ++i) {
      if(in[i] == 0) {
         if(i < 10) {  // at least 8 padding bytes required
            throw Botan::Decoding_Error("insufficient padding bytes");
         }
         return std::vector<uint8_t>(in + i + 1, in + len);
      }
   }

   throw Botan::Decoding_Error("delim not found");
}

}  // namespace

void fuzz(std::span<const uint8_t> in) {
   static Botan::EME_PKCS1v15 pkcs1;

   std::vector<uint8_t> lib_result;
   std::vector<uint8_t> ref_result;
   bool lib_rejected = false;
   bool ref_rejected = false;

   try {
      lib_result.resize(in.size());
      auto written = (static_cast<Botan::EncryptionPaddingScheme*>(&pkcs1))->unpad(lib_result, in);
      lib_rejected = !written.has_value().as_bool();

      lib_result.resize(written.value_or(0));
   } catch(Botan::Decoding_Error&) {
      lib_rejected = true;
   }

   try {
      ref_result = simple_pkcs1_unpad(in.data(), in.size());
   } catch(Botan::Decoding_Error& e) {
      ref_rejected = true;
   }

   if(lib_rejected == true && ref_rejected == false) {
      FUZZER_WRITE_AND_CRASH("Library rejected input accepted by ref " << Botan::hex_encode(ref_result));
   } else if(ref_rejected == true && lib_rejected == false) {
      FUZZER_WRITE_AND_CRASH("Library accepted input rejected by ref " << Botan::hex_encode(lib_result));
   }
   // otherwise the two implementations agree
}

Line	Count	Source
1		/*
2		* (C) 2015,2016 Jack Lloyd
3		*
4		* Botan is released under the Simplified BSD License (see license.txt)
5		*/
6
7		#include "fuzzers.h"
8
9		#include <botan/hex.h>
10		#include <botan/internal/eme_pkcs.h>
11
12		namespace {
13
14	163	std::vector<uint8_t> simple_pkcs1_unpad(const uint8_t in[], size_t len) {
15	163	if(len < 10) {
16	10	throw Botan::Decoding_Error("bad len");
17	10	}
18
19	153	if(in[0] != 0 \|\| in[1] != 2) {
20	53	throw Botan::Decoding_Error("bad header field");
21	53	}
22
23	38.5k	for(size_t i = 2; i < len; ++i) {
24	38.5k	if(in[i] == 0) {
25	93	if(i < 10) { // at least 8 padding bytes required
26	16	throw Botan::Decoding_Error("insufficient padding bytes");
27	16	}
28	77	return std::vector<uint8_t>(in + i + 1, in + len);
29	93	}
30	38.5k	}
31
32	7	throw Botan::Decoding_Error("delim not found");
33	100	}
34
35		} // namespace
36
37	163	void fuzz(std::span<const uint8_t> in) {
38	163	static Botan::EME_PKCS1v15 pkcs1;
39
40	163	std::vector<uint8_t> lib_result;
41	163	std::vector<uint8_t> ref_result;
42	163	bool lib_rejected = false;
43	163	bool ref_rejected = false;
44
45	163	try {
46	163	lib_result.resize(in.size());
47	163	auto written = (static_cast<Botan::EncryptionPaddingScheme*>(&pkcs1))->unpad(lib_result, in);
48	163	lib_rejected = !written.has_value().as_bool();
49
50	163	lib_result.resize(written.value_or(0));
51	163	} catch(Botan::Decoding_Error&) {
52	0	lib_rejected = true;
53	0	}
54
55	163	try {
56	163	ref_result = simple_pkcs1_unpad(in.data(), in.size());
57	163	} catch(Botan::Decoding_Error& e) {
58	86	ref_rejected = true;
59	86	}
60
61	163	if(lib_rejected == true && ref_rejected == false) {
62	0	FUZZER_WRITE_AND_CRASH("Library rejected input accepted by ref " << Botan::hex_encode(ref_result));
63	163	} else if(ref_rejected == true && lib_rejected == false) {
64	0	FUZZER_WRITE_AND_CRASH("Library accepted input rejected by ref " << Botan::hex_encode(lib_result));
65	0	}
66		// otherwise the two implementations agree
67	163	}

Coverage Report

Created: 2025-10-10 07:09