/src/libtasn1/fuzz/libtasn1_gnutls_der_fuzzer.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright(c) 2019 Free Software Foundation, Inc. |
3 | | * |
4 | | * This file is part of libtasn1. |
5 | | * |
6 | | * Libtasn1 is free software: you can redistribute it and/or modify |
7 | | * it under the terms of the GNU Lesser General Public License as published by |
8 | | * the Free Software Foundation, either version 3 of the License, or |
9 | | * (at your option) any later version. |
10 | | * |
11 | | * Libtasn1 is distributed in the hope that it will be useful, |
12 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
14 | | * GNU Lesser General Public License for more details. |
15 | | * |
16 | | * You should have received a copy of the GNU Lesser General Public License |
17 | | * along with libtasn1. If not, see <https://www.gnu.org/licenses/>. |
18 | | * |
19 | | * This fuzzer is testing arbitrary DER input data with GnuTLS's ASN.1 definition (lib/gnutls.asn). |
20 | | * So, any issues found here likely have a real world impact on every software using libgnutls. |
21 | | */ |
22 | | |
23 | | #include <config.h> |
24 | | |
25 | | #include <assert.h> /* assert */ |
26 | | #include <stdlib.h> /* malloc, free */ |
27 | | #include <string.h> /* strcmp, memcpy */ |
28 | | |
29 | | #include "libtasn1.h" |
30 | | #include "fuzzer.h" |
31 | | |
32 | | /* |
33 | | * This is a ASN.1 definition array used by GnuTLS. |
34 | | * It is created from lib/gnutls.asn over at the GnuTLS project. |
35 | | */ |
36 | | const asn1_static_node gnutls_asn1_tab[] = { |
37 | | {"GNUTLS", 536872976, NULL}, |
38 | | {NULL, 1073741836, NULL}, |
39 | | {"RSAPublicKey", 1610612741, NULL}, |
40 | | {"modulus", 1073741827, NULL}, |
41 | | {"publicExponent", 3, NULL}, |
42 | | {"RSAPrivateKey", 1610612741, NULL}, |
43 | | {"version", 1073741827, NULL}, |
44 | | {"modulus", 1073741827, NULL}, |
45 | | {"publicExponent", 1073741827, NULL}, |
46 | | {"privateExponent", 1073741827, NULL}, |
47 | | {"prime1", 1073741827, NULL}, |
48 | | {"prime2", 1073741827, NULL}, |
49 | | {"exponent1", 1073741827, NULL}, |
50 | | {"exponent2", 1073741827, NULL}, |
51 | | {"coefficient", 1073741827, NULL}, |
52 | | {"otherPrimeInfos", 16386, "OtherPrimeInfos"}, |
53 | | {"ProvableSeed", 1610612741, NULL}, |
54 | | {"algorithm", 1073741836, NULL}, |
55 | | {"seed", 7, NULL}, |
56 | | {"OtherPrimeInfos", 1612709899, NULL}, |
57 | | {"MAX", 1074266122, "1"}, |
58 | | {NULL, 2, "OtherPrimeInfo"}, |
59 | | {"OtherPrimeInfo", 1610612741, NULL}, |
60 | | {"prime", 1073741827, NULL}, |
61 | | {"exponent", 1073741827, NULL}, |
62 | | {"coefficient", 3, NULL}, |
63 | | {"AlgorithmIdentifier", 1610612741, NULL}, |
64 | | {"algorithm", 1073741836, NULL}, |
65 | | {"parameters", 541081613, NULL}, |
66 | | {"algorithm", 1, NULL}, |
67 | | {"DigestInfo", 1610612741, NULL}, |
68 | | {"digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, |
69 | | {"digest", 7, NULL}, |
70 | | {"DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, |
71 | | {"DSAPublicKey", 1073741827, NULL}, |
72 | | {"DSAParameters", 1610612741, NULL}, |
73 | | {"p", 1073741827, NULL}, |
74 | | {"q", 1073741827, NULL}, |
75 | | {"g", 3, NULL}, |
76 | | {"DSASignatureValue", 1610612741, NULL}, |
77 | | {"r", 1073741827, NULL}, |
78 | | {"s", 3, NULL}, |
79 | | {"DSAPrivateKey", 1610612741, NULL}, |
80 | | {"version", 1073741827, NULL}, |
81 | | {"p", 1073741827, NULL}, |
82 | | {"q", 1073741827, NULL}, |
83 | | {"g", 1073741827, NULL}, |
84 | | {"Y", 1073741827, NULL}, |
85 | | {"priv", 3, NULL}, |
86 | | {"DHParameter", 1610612741, NULL}, |
87 | | {"prime", 1073741827, NULL}, |
88 | | {"base", 1073741827, NULL}, |
89 | | {"privateValueLength", 16387, NULL}, |
90 | | {"ECParameters", 1610612754, NULL}, |
91 | | {"namedCurve", 12, NULL}, |
92 | | {"ECPrivateKey", 1610612741, NULL}, |
93 | | {"Version", 1073741827, NULL}, |
94 | | {"privateKey", 1073741831, NULL}, |
95 | | {"parameters", 1610637314, "ECParameters"}, |
96 | | {NULL, 2056, "0"}, |
97 | | {"publicKey", 536895494, NULL}, |
98 | | {NULL, 2056, "1"}, |
99 | | {"PrincipalName", 1610612741, NULL}, |
100 | | {"name-type", 1610620931, NULL}, |
101 | | {NULL, 2056, "0"}, |
102 | | {"name-string", 536879115, NULL}, |
103 | | {NULL, 1073743880, "1"}, |
104 | | {NULL, 27, NULL}, |
105 | | {"KRB5PrincipalName", 1610612741, NULL}, |
106 | | {"realm", 1610620955, NULL}, |
107 | | {NULL, 2056, "0"}, |
108 | | {"principalName", 536879106, "PrincipalName"}, |
109 | | {NULL, 2056, "1"}, |
110 | | {"RSAPSSParameters", 1610612741, NULL}, |
111 | | {"hashAlgorithm", 1610637314, "AlgorithmIdentifier"}, |
112 | | {NULL, 2056, "0"}, |
113 | | {"maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"}, |
114 | | {NULL, 2056, "1"}, |
115 | | {"saltLength", 1610653699, NULL}, |
116 | | {NULL, 1073741833, "20"}, |
117 | | {NULL, 2056, "2"}, |
118 | | {"trailerField", 536911875, NULL}, |
119 | | {NULL, 1073741833, "1"}, |
120 | | {NULL, 2056, "3"}, |
121 | | {"GOSTParameters", 1610612741, NULL}, |
122 | | {"publicKeyParamSet", 1073741836, NULL}, |
123 | | {"digestParamSet", 1073741836, NULL}, |
124 | | {"encryptionParamSet", 16396, NULL}, |
125 | | {"GOSTPrivateKey", 1073741831, NULL}, |
126 | | {"GOSTPrivateKeyOld", 3, NULL}, |
127 | | {NULL, 0, NULL} |
128 | | }; |
129 | | |
130 | | int |
131 | | LLVMFuzzerTestOneInput (const uint8_t *data, size_t size) |
132 | 1.38k | { |
133 | 1.38k | static asn1_node _gnutls_gnutls_asn = NULL; |
134 | 1.38k | static int first = 1; |
135 | 1.38k | asn1_node dn; |
136 | 1.38k | int res; |
137 | | |
138 | 1.38k | if (size > 10000) /* same as max_len = 10000 in .options file */ |
139 | 7 | return 0; |
140 | | |
141 | 1.37k | if (first) |
142 | 1 | { |
143 | 1 | first = 0; |
144 | | |
145 | | /* from _gnutls_global_init() */ |
146 | 1 | res = asn1_array2tree (gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); |
147 | 1 | assert (res == ASN1_SUCCESS); |
148 | 1 | } |
149 | | |
150 | | /* from gnutls_dh_params_import_pkcs3() */ |
151 | 1.37k | if ((res = |
152 | 1.37k | asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.DHParameter", |
153 | 1.37k | &dn)) == ASN1_SUCCESS) |
154 | 1.37k | { |
155 | | /* from cert_get_issuer_dn() */ |
156 | 1.37k | res = asn1_der_decoding (&dn, data, size, NULL); |
157 | 1.37k | asn1_delete_structure (&dn); |
158 | 1.37k | } |
159 | | |
160 | | /* from _gnutls_x509_write_gost_params() */ |
161 | 1.37k | if ((res = |
162 | 1.37k | asn1_create_element (_gnutls_gnutls_asn, "GNUTLS.GOSTParameters", |
163 | 1.37k | &dn)) == ASN1_SUCCESS) |
164 | 1.37k | { |
165 | 1.37k | if ((res = |
166 | 1.37k | asn1_write_value (dn, "digestParamSet", "1.2.643.7.1.1.2.2", |
167 | 1.37k | 1)) == ASN1_SUCCESS) |
168 | 1.37k | { |
169 | 1.37k | int dersize; |
170 | | |
171 | | /* from cert_get_issuer_dn() */ |
172 | 1.37k | res = asn1_der_decoding (&dn, data, size, NULL); |
173 | | |
174 | | /* from _gnutls_x509_der_encode() */ |
175 | 1.37k | dersize = 0; |
176 | 1.37k | if ((res = |
177 | 1.37k | asn1_der_coding (dn, "", NULL, &dersize, |
178 | 1.37k | NULL)) == ASN1_MEM_ERROR) |
179 | 146 | { |
180 | 146 | void *der = malloc (dersize); |
181 | 146 | assert (der); |
182 | 146 | res = asn1_der_coding (dn, "", der, &dersize, NULL); |
183 | 146 | free (der); |
184 | 146 | } |
185 | 1.37k | } |
186 | | |
187 | 1.37k | asn1_delete_structure (&dn); |
188 | 1.37k | } |
189 | | |
190 | 1.37k | return 0; |
191 | 1.37k | } |