| /* |
| * Copyright(c) 2019 Free Software Foundation, Inc. |
| * |
| * This file is part of libtasn1. |
| * |
| * Libtasn1 is free software: you can redistribute it and/or modify |
| * it under the terms of the GNU Lesser General Public License as published by |
| * the Free Software Foundation, either version 3 of the License, or |
| * (at your option) any later version. |
| * |
| * Libtasn1 is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| * GNU Lesser General Public License for more details. |
| * |
| * You should have received a copy of the GNU Lesser General Public License |
| * along with libtasn1. If not, see <https://www.gnu.org/licenses/>. |
| * |
| * This fuzzer is testing arbitrary DER input data with GnuTLS's ASN.1 definition (lib/gnutls.asn). |
| * So, any issues found here likely have a real world impact on every software using libgnutls. |
| */ |
| |
| #include <config.h> |
| |
| #include <assert.h> // assert |
| #include <stdlib.h> // malloc, free |
| #include <string.h> // strcmp, memcpy |
| |
| #include "libtasn1.h" |
| #include "fuzzer.h" |
| |
| /* |
| * This is a ASN.1 definition array used by GnuTLS. |
| * It is created from lib/gnutls.asn over at the GnuTLS project. |
| */ |
| const asn1_static_node gnutls_asn1_tab[] = { |
| { "GNUTLS", 536872976, NULL }, |
| { NULL, 1073741836, NULL }, |
| { "RSAPublicKey", 1610612741, NULL }, |
| { "modulus", 1073741827, NULL }, |
| { "publicExponent", 3, NULL }, |
| { "RSAPrivateKey", 1610612741, NULL }, |
| { "version", 1073741827, NULL }, |
| { "modulus", 1073741827, NULL }, |
| { "publicExponent", 1073741827, NULL }, |
| { "privateExponent", 1073741827, NULL }, |
| { "prime1", 1073741827, NULL }, |
| { "prime2", 1073741827, NULL }, |
| { "exponent1", 1073741827, NULL }, |
| { "exponent2", 1073741827, NULL }, |
| { "coefficient", 1073741827, NULL }, |
| { "otherPrimeInfos", 16386, "OtherPrimeInfos"}, |
| { "ProvableSeed", 1610612741, NULL }, |
| { "algorithm", 1073741836, NULL }, |
| { "seed", 7, NULL }, |
| { "OtherPrimeInfos", 1612709899, NULL }, |
| { "MAX", 1074266122, "1"}, |
| { NULL, 2, "OtherPrimeInfo"}, |
| { "OtherPrimeInfo", 1610612741, NULL }, |
| { "prime", 1073741827, NULL }, |
| { "exponent", 1073741827, NULL }, |
| { "coefficient", 3, NULL }, |
| { "AlgorithmIdentifier", 1610612741, NULL }, |
| { "algorithm", 1073741836, NULL }, |
| { "parameters", 541081613, NULL }, |
| { "algorithm", 1, NULL }, |
| { "DigestInfo", 1610612741, NULL }, |
| { "digestAlgorithm", 1073741826, "DigestAlgorithmIdentifier"}, |
| { "digest", 7, NULL }, |
| { "DigestAlgorithmIdentifier", 1073741826, "AlgorithmIdentifier"}, |
| { "DSAPublicKey", 1073741827, NULL }, |
| { "DSAParameters", 1610612741, NULL }, |
| { "p", 1073741827, NULL }, |
| { "q", 1073741827, NULL }, |
| { "g", 3, NULL }, |
| { "DSASignatureValue", 1610612741, NULL }, |
| { "r", 1073741827, NULL }, |
| { "s", 3, NULL }, |
| { "DSAPrivateKey", 1610612741, NULL }, |
| { "version", 1073741827, NULL }, |
| { "p", 1073741827, NULL }, |
| { "q", 1073741827, NULL }, |
| { "g", 1073741827, NULL }, |
| { "Y", 1073741827, NULL }, |
| { "priv", 3, NULL }, |
| { "DHParameter", 1610612741, NULL }, |
| { "prime", 1073741827, NULL }, |
| { "base", 1073741827, NULL }, |
| { "privateValueLength", 16387, NULL }, |
| { "ECParameters", 1610612754, NULL }, |
| { "namedCurve", 12, NULL }, |
| { "ECPrivateKey", 1610612741, NULL }, |
| { "Version", 1073741827, NULL }, |
| { "privateKey", 1073741831, NULL }, |
| { "parameters", 1610637314, "ECParameters"}, |
| { NULL, 2056, "0"}, |
| { "publicKey", 536895494, NULL }, |
| { NULL, 2056, "1"}, |
| { "PrincipalName", 1610612741, NULL }, |
| { "name-type", 1610620931, NULL }, |
| { NULL, 2056, "0"}, |
| { "name-string", 536879115, NULL }, |
| { NULL, 1073743880, "1"}, |
| { NULL, 27, NULL }, |
| { "KRB5PrincipalName", 1610612741, NULL }, |
| { "realm", 1610620955, NULL }, |
| { NULL, 2056, "0"}, |
| { "principalName", 536879106, "PrincipalName"}, |
| { NULL, 2056, "1"}, |
| { "RSAPSSParameters", 1610612741, NULL }, |
| { "hashAlgorithm", 1610637314, "AlgorithmIdentifier"}, |
| { NULL, 2056, "0"}, |
| { "maskGenAlgorithm", 1610637314, "AlgorithmIdentifier"}, |
| { NULL, 2056, "1"}, |
| { "saltLength", 1610653699, NULL }, |
| { NULL, 1073741833, "20"}, |
| { NULL, 2056, "2"}, |
| { "trailerField", 536911875, NULL }, |
| { NULL, 1073741833, "1"}, |
| { NULL, 2056, "3"}, |
| { "GOSTParameters", 1610612741, NULL }, |
| { "publicKeyParamSet", 1073741836, NULL }, |
| { "digestParamSet", 1073741836, NULL }, |
| { "encryptionParamSet", 16396, NULL }, |
| { "GOSTPrivateKey", 1073741831, NULL }, |
| { "GOSTPrivateKeyOld", 3, NULL }, |
| { NULL, 0, NULL } |
| }; |
| |
| int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) |
| { |
| static asn1_node _gnutls_gnutls_asn = NULL; |
| static int first = 1; |
| asn1_node dn; |
| int res; |
| |
| if (size > 10000) // same as max_len = 10000 in .options file |
| return 0; |
| |
| if (first) { |
| first = 0; |
| |
| // from _gnutls_global_init() |
| res = asn1_array2tree(gnutls_asn1_tab, &_gnutls_gnutls_asn, NULL); |
| assert(res == ASN1_SUCCESS); |
| } |
| |
| // from gnutls_dh_params_import_pkcs3() |
| if ((res = asn1_create_element(_gnutls_gnutls_asn, "GNUTLS.DHParameter", &dn)) == ASN1_SUCCESS) { |
| // from cert_get_issuer_dn() |
| res = asn1_der_decoding(&dn, data, size, NULL); |
| asn1_delete_structure(&dn); |
| } |
| |
| // from _gnutls_x509_write_gost_params() |
| if ((res = asn1_create_element(_gnutls_gnutls_asn, "GNUTLS.GOSTParameters", &dn)) == ASN1_SUCCESS) { |
| if ((res = asn1_write_value(dn, "digestParamSet", "1.2.643.7.1.1.2.2", 1)) == ASN1_SUCCESS) { |
| // from cert_get_issuer_dn() |
| res = asn1_der_decoding(&dn, data, size, NULL); |
| |
| // from _gnutls_x509_der_encode() |
| int dersize = 0; |
| if ((res = asn1_der_coding(dn, "", NULL, &dersize, NULL)) == ASN1_MEM_ERROR) { |
| void *der = malloc(dersize); |
| assert(der); |
| res = asn1_der_coding(dn, "", der, &dersize, NULL); |
| free(der); |
| } |
| } |
| |
| asn1_delete_structure(&dn); |
| } |
| |
| return 0; |
| } |