gnutls: ASSERT: nettle_mpz_sizeinbase_256_u(x) <= length
This is a mirror of: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2132
The reproducer is attached to this bug.
valgrind output of tests/client
:
client: bignum.c:120: nettle_mpz_get_str_256: Assertion `nettle_mpz_sizeinbase_256_u(x) <= length' failed.
==5464==
==5464== Process terminating with default action of signal 6 (SIGABRT): dumping core
==5464== at 0x66D491F: raise (raise.c:58)
==5464== by 0x66D6519: abort (abort.c:89)
==5464== by 0x66CCDA6: __assert_fail_base (assert.c:92)
==5464== by 0x66CCE51: __assert_fail (assert.c:101)
==5464== by 0x5FA6760: nettle_mpz_get_str_256 (bignum.c:120)
==5464== by 0x4F3F6AF: nettle_pss_verify_mgf1 (pss.c:151)
==5464== by 0x4F3FB40: rsa_pss_sha384_verify_digest (rsa-pss-sha512-verify.c:55)
==5464== by 0x4F39078: _rsa_pss_verify_digest (pk.c:798)
==5464== by 0x4F39078: _wrap_nettle_pk_verify (pk.c:950)
==5464== by 0x4E98817: _pkcs1_rsa_verify_sig (pubkey.c:1915)
==5464== by 0x4E9AFD7: pubkey_verify_data (pubkey.c:2041)
==5464== by 0x4E9B319: gnutls_pubkey_verify_data2 (pubkey.c:1659)
==5464== by 0x4E8B5FA: _gnutls_handshake_verify_data12 (tls-sig.c:303)
==5464== by 0x4E8B5FA: _gnutls_handshake_verify_data (tls-sig.c:339)
Edited by Nikos Mavrogiannopoulos