Google Git
Sign in
flutter / third_party / libtasn1 / 78204593822b4c1a8e0ca87f57c48e5936b0fe2c / . / fuzz / libtasn1_gnutls_der_fuzzer.c
blob: 9816c2de5191854011001de4242a5547725964cd [file] [log] [blame]
/*
* Copyright(c) 2019 Free Software Foundation, Inc.
*
* This file is part of libtasn1.
*
* Libtasn1 is free software: you can redistribute it and/or modify
* it under the terms of the GNU Lesser General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Libtasn1 is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public License
* along with libtasn1. If not, see <https://www.gnu.org/licenses/>.
*
* This fuzzer is testing arbitrary DER input data with GnuTLS's ASN.1 definition (lib/gnutls.asn).
* So, any issues found here likely have a real world impact on every software using libgnutls.
*/
#include <config.h>
#include <assert.h> // assert
#include <stdlib.h> // malloc, free
#include <string.h> // strcmp, memcpy
#include "libtasn1.h"
#include "fuzzer.h"
/*
* This is a ASN.1 definition array used by GnuTLS.
* It is created from lib/gnutls.asn over at the GnuTLS project.
*/
const asn1_static_node gnutls_asn1_tab[] = {
{ "GNUTLS", 536872976, NULL },
{ NULL, 1073741836, NULL },
{ "RSAPublicKey", 1610612741, NULL },
{ "modulus", 1073741827, NULL },
{ "publicExponent", 3, NULL },
{ "RSAPrivateKey", 1610612741, NULL },
{ "version", 1073741827, NULL },
{ "modulus", 1073741827, NULL },
{ "publicExponent", 1073741827, NULL },
{ "privateExponent", 1073741827, NULL },
{ "prime1", 1073741827, NULL },
{ "prime2", 1073741827, NULL },
{ "exponent1", 1073741827, NULL },
{ "exponent2", 1073741827, NULL },
{ "coefficient", 1073741827, NULL },
{ "otherPrimeInfos", 16386, "OtherPrimeInfos"},
{ "ProvableSeed", 1610612741, NULL },
{ "algorithm", 1073741836, NULL },
{ "seed", 7, NULL },
{ "OtherPrimeInfos", 1612709899, NULL },
{ "MAX", 1074266122, "1"},
{ NULL, 2, "OtherPrimeInfo"},
{ "OtherPrimeInfo", 1610612741, NULL },
{ "prime", 1073741827, NULL },
{ "exponent", 1073741827, NULL },
{ "coefficient", 3, NULL },
{ "AlgorithmIdentifier", 1610612741, NULL },
{ "algorithm", 1073741836, NULL },
{ "parameters", 541081613, NULL },
{ "algorithm", 1, NULL },
{ "DigestInfo", 1610612741, NULL },
{ "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"},
{ "digest", 7, NULL },
{ "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"},
{ "DSAPublicKey", 1073741827, NULL },
{ "DSAParameters", 1610612741, NULL },
{ "p", 1073741827, NULL },
{ "q", 1073741827, NULL },
{ "g", 3, NULL },
{ "DSASignatureValue", 1610612741, NULL },
{ "r", 1073741827, NULL },
{ "s", 3, NULL },
{ "DSAPrivateKey", 1610612741, NULL },
{ "version", 1073741827, NULL },
{ "p", 1073741827, NULL },
{ "q", 1073741827, NULL },
{ "g", 1073741827, NULL },
{ "Y", 1073741827, NULL },
{ "priv", 3, NULL },
{ "DHParameter", 1610612741, NULL },
{ "prime", 1073741827, NULL },
{ "base", 1073741827, NULL },
{ "privateValueLength", 16387, NULL },
{ "ECParameters", 1610612754, NULL },
{ "namedCurve", 12, NULL },
{ "ECPrivateKey", 1610612741, NULL },
{ "Version", 1073741827, NULL },
{ "privateKey", 1073741831, NULL },
{ "parameters", 1610637314, "ECParameters"},
{ NULL, 2056, "0"},
{ "publicKey", 536895494, NULL },
{ NULL, 2056, "1"},
{ "PrincipalName", 1610612741, NULL },
{ "name-type", 1610620931, NULL },
{ NULL, 2056, "0"},
{ "name-string", 536879115, NULL },
{ NULL, 1073743880, "1"},
{ NULL, 27, NULL },
{ "KRB5PrincipalName", 1610612741, NULL },
{ "realm", 1610620955, NULL },
{ NULL, 2056, "0"},
{ "principalName", 536879106, "PrincipalName"},
{ NULL, 2056, "1"},
{ "RSAPSSParameters", 1610612741, NULL },
{ "hashAlgorithm", 1610637314, "AlgorithmIdentifier"},
{ NULL, 2056, "0"},
{ "maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"},
{ NULL, 2056, "1"},
{ "saltLength", 1610653699, NULL },
{ NULL, 1073741833, "20"},
{ NULL, 2056, "2"},
{ "trailerField", 536911875, NULL },
{ NULL, 1073741833, "1"},
{ NULL, 2056, "3"},
{ "GOSTParameters", 1610612741, NULL },
{ "publicKeyParamSet", 1073741836, NULL },
{ "digestParamSet", 1073741836, NULL },
{ "encryptionParamSet", 16396, NULL },
{ "GOSTPrivateKey", 1073741831, NULL },
{ "GOSTPrivateKeyOld", 3, NULL },
{ NULL, 0, NULL }
};
int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size)
{
static ASN1_TYPE _gnutls_gnutls_asn = ASN1_TYPE_EMPTY;
static int first = 1;
ASN1_TYPE dn;
int res;
if (size > 10000) // same as max_len = 10000 in .options file
return 0;
if (first) {
first = 0;
// from _gnutls_global_init()
res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL);
assert(res == ASN1_SUCCESS);
}
// from gnutls_dh_params_import_pkcs3()
if ((res = asn1_create_element(_gnutls_gnutls_asn, "GNUTLS.DHParameter", &dn)) == ASN1_SUCCESS) {
// from cert_get_issuer_dn()
res = asn1_der_decoding(&dn, data, size, NULL);
asn1_delete_structure(&dn);
}
// from _gnutls_x509_write_gost_params()
if ((res = asn1_create_element(_gnutls_gnutls_asn, "GNUTLS.GOSTParameters", &dn)) == ASN1_SUCCESS) {
if ((res = asn1_write_value(dn, "digestParamSet", "1.2.643.7.1.1.2.2", 1)) == ASN1_SUCCESS) {
// from cert_get_issuer_dn()
res = asn1_der_decoding(&dn, data, size, NULL);
// from _gnutls_x509_der_encode()
int dersize = 0;
if ((res = asn1_der_coding(dn, "", NULL, &dersize, NULL)) == ASN1_MEM_ERROR) {
void *der = malloc(dersize);
assert(der);
res = asn1_der_coding(dn, "", der, &dersize, NULL);
free(der);
}
}
asn1_delete_structure(&dn);
}
return 0;
}