/src/nss/fuzz/targets/quickder.cc

Source
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#include <cstddef>
#include <cstdint>
#include <vector>

#include "certt.h"
#include "keythi.h"
#include "secdert.h"
#include "secport.h"

#include "asn1/mutators.h"
#include "base/mutate.h"

const std::vector<const SEC_ASN1Template *> templates = {
    CERT_AttributeTemplate,
    CERT_CertExtensionTemplate,
    CERT_CertificateRequestTemplate,
    CERT_CertificateTemplate,
    CERT_CrlTemplate,
    CERT_IssuerAndSNTemplate,
    CERT_NameTemplate,
    CERT_PublicKeyAndChallengeTemplate,
    CERT_RDNTemplate,
    CERT_SequenceOfCertExtensionTemplate,
    CERT_SetOfAttributeTemplate,
    CERT_SetOfSignedCrlTemplate,
    CERT_SignedCrlTemplate,
    CERT_SignedDataTemplate,
    CERT_SubjectPublicKeyInfoTemplate,
    CERT_TimeChoiceTemplate,
    CERT_ValidityTemplate,
    SEC_AnyTemplate,
    SEC_BitStringTemplate,
    SEC_BMPStringTemplate,
    SEC_BooleanTemplate,
    SEC_CertSequenceTemplate,
    SEC_EnumeratedTemplate,
    SEC_GeneralizedTimeTemplate,
    SEC_IA5StringTemplate,
    SEC_IntegerTemplate,
    SEC_NullTemplate,
    SEC_ObjectIDTemplate,
    SEC_OctetStringTemplate,
    SEC_PointerToAnyTemplate,
    SEC_PointerToEnumeratedTemplate,
    SEC_PointerToGeneralizedTimeTemplate,
    SEC_PointerToOctetStringTemplate,
    SEC_PrintableStringTemplate,
    SEC_SetOfAnyTemplate,
    SEC_SetOfEnumeratedTemplate,
    SEC_SequenceOfAnyTemplate,
    SEC_SequenceOfObjectIDTemplate,
    SEC_SignedCertificateTemplate,
    SEC_SkipTemplate,
    SEC_T61StringTemplate,
    SEC_UniversalStringTemplate,
    SEC_UTCTimeTemplate,
    SEC_UTF8StringTemplate,
    SEC_VisibleStringTemplate,
    SECKEY_DHParamKeyTemplate,
    SECKEY_DHPublicKeyTemplate,
    SECKEY_DSAPrivateKeyExportTemplate,
    SECKEY_DSAPublicKeyTemplate,
    SECKEY_PQGParamsTemplate,
    SECKEY_PrivateKeyInfoTemplate,
    SECKEY_RSAPSSParamsTemplate,
    SECKEY_RSAPublicKeyTemplate,
    SECOID_AlgorithmIDTemplate};

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
  static char *dest[2048];

  PORTCheapArenaPool pool;
  PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);

  for (auto tpl : templates) {
    SECItem buf = {siBuffer, (unsigned char *)data, (unsigned int)size};
    (void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);
  }

  PORT_DestroyCheapArena(&pool);

  return 0;
}

extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
                                          size_t max_size, unsigned int seed) {
  return CustomMutate(
      Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
      size, max_size, seed);
}

Line	Count	Source
1		/* This Source Code Form is subject to the terms of the Mozilla Public
2		* License, v. 2.0. If a copy of the MPL was not distributed with this
3		* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
4
5		#include <cstddef>
6		#include <cstdint>
7		#include <vector>
8
9		#include "certt.h"
10		#include "keythi.h"
11		#include "secdert.h"
12		#include "secport.h"
13
14		#include "asn1/mutators.h"
15		#include "base/mutate.h"
16
17		const std::vector<const SEC_ASN1Template *> templates = {
18		CERT_AttributeTemplate,
19		CERT_CertExtensionTemplate,
20		CERT_CertificateRequestTemplate,
21		CERT_CertificateTemplate,
22		CERT_CrlTemplate,
23		CERT_IssuerAndSNTemplate,
24		CERT_NameTemplate,
25		CERT_PublicKeyAndChallengeTemplate,
26		CERT_RDNTemplate,
27		CERT_SequenceOfCertExtensionTemplate,
28		CERT_SetOfAttributeTemplate,
29		CERT_SetOfSignedCrlTemplate,
30		CERT_SignedCrlTemplate,
31		CERT_SignedDataTemplate,
32		CERT_SubjectPublicKeyInfoTemplate,
33		CERT_TimeChoiceTemplate,
34		CERT_ValidityTemplate,
35		SEC_AnyTemplate,
36		SEC_BitStringTemplate,
37		SEC_BMPStringTemplate,
38		SEC_BooleanTemplate,
39		SEC_CertSequenceTemplate,
40		SEC_EnumeratedTemplate,
41		SEC_GeneralizedTimeTemplate,
42		SEC_IA5StringTemplate,
43		SEC_IntegerTemplate,
44		SEC_NullTemplate,
45		SEC_ObjectIDTemplate,
46		SEC_OctetStringTemplate,
47		SEC_PointerToAnyTemplate,
48		SEC_PointerToEnumeratedTemplate,
49		SEC_PointerToGeneralizedTimeTemplate,
50		SEC_PointerToOctetStringTemplate,
51		SEC_PrintableStringTemplate,
52		SEC_SetOfAnyTemplate,
53		SEC_SetOfEnumeratedTemplate,
54		SEC_SequenceOfAnyTemplate,
55		SEC_SequenceOfObjectIDTemplate,
56		SEC_SignedCertificateTemplate,
57		SEC_SkipTemplate,
58		SEC_T61StringTemplate,
59		SEC_UniversalStringTemplate,
60		SEC_UTCTimeTemplate,
61		SEC_UTF8StringTemplate,
62		SEC_VisibleStringTemplate,
63		SECKEY_DHParamKeyTemplate,
64		SECKEY_DHPublicKeyTemplate,
65		SECKEY_DSAPrivateKeyExportTemplate,
66		SECKEY_DSAPublicKeyTemplate,
67		SECKEY_PQGParamsTemplate,
68		SECKEY_PrivateKeyInfoTemplate,
69		SECKEY_RSAPSSParamsTemplate,
70		SECKEY_RSAPublicKeyTemplate,
71		SECOID_AlgorithmIDTemplate};
72
73	3.62k	extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
74	3.62k	static char *dest[2048];
75
76	3.62k	PORTCheapArenaPool pool;
77	3.62k	PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
78
79	187k	for (auto tpl : templates) {
80	187k	SECItem buf = {siBuffer, (unsigned char *)data, (unsigned int)size};
81	187k	(void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);
82	187k	}
83
84	3.62k	PORT_DestroyCheapArena(&pool);
85
86	3.62k	return 0;
87	3.62k	}
88
89		extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
90	0	size_t max_size, unsigned int seed) {
91	0	return CustomMutate(
92	0	Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
93	0	size, max_size, seed);
94	0	}

Coverage Report

Created: 2025-11-19 06:34