Commit ad27713b authored by Nikos Mavrogiannopoulos's avatar Nikos Mavrogiannopoulos Committed by Nikos Mavrogiannopoulos

fuzz: added fuzzer for certificate verification

This also adds a reproducer for CVE-2019-3829.

Resolves: #694Signed-off-by: Nikos Mavrogiannopoulos's avatarNikos Mavrogiannopoulos <nmav@redhat.com>
parent 9043c8c2
......@@ -9,6 +9,7 @@ LDADD = ../gl/libgnu.la ../lib/libgnutls.la \
$(LIBS)
FUZZERS = \
gnutls_x509_verify_fuzzer$(EXEEXT) \
gnutls_base64_decoder_fuzzer$(EXEEXT) \
gnutls_base64_encoder_fuzzer$(EXEEXT) \
gnutls_client_fuzzer$(EXEEXT) \
......@@ -31,6 +32,7 @@ FUZZERS = \
check_PROGRAMS = $(FUZZERS)
gnutls_x509_verify_fuzzer_SOURCES = gnutls_x509_verify_fuzzer.c main.c fuzzer.h
gnutls_base64_decoder_fuzzer_SOURCES = gnutls_base64_decoder_fuzzer.c main.c fuzzer.h
gnutls_base64_encoder_fuzzer_SOURCES = gnutls_base64_encoder_fuzzer.c main.c fuzzer.h
gnutls_client_fuzzer_SOURCES = gnutls_client_fuzzer.c main.c fuzzer.h mem.h certs.h
......
This diff is collapsed.
......@@ -65,7 +65,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem
data/openssl-keyid.p7b data/openssl-keyid.p7b.out data/openssl.p12 \
data/x509-v1-with-sid.pem data/x509-v1-with-iid.pem data/x509-v3-with-fractional-time.pem \
templates/template-long-dns.tmpl templates/template-long-serial.tmpl \
data/key-rsa-pss-raw.pem data/key-rsa-pss.pem \
data/key-rsa-pss-raw.pem data/key-rsa-pss.pem data/cve-2019-3829.pem \
data/long-dns.pem data/template-long-dns-crq.pem data/chain-with-critical-on-root.pem \
data/chain-with-critical-on-intermediate.pem data/chain-with-critical-on-endcert.pem \
templates/crit-extensions.tmpl data/crit-extensions.pem data/x509-with-zero-version.pem \
......
-----BEGIN CERTIFICATE-----
MIIFbjCCBFagAwIBAgIQPBKFvactgik351RXZ5opvTANBgkqhkiG9w0BAQUFADCB
tDELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2Ug
YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMl
VmVyaVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTAeFw0xMjA4MTcw
MDAwMDBaFw0xNTA5MDkyMzU5NTlaMIGxMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
Q2FsaWZvcm5pYTETMBEGA1UEBxMKTWVubG8gUGFyazEbMBkGA1UEChQSUk9CTE9Y
IENvcnBvcmF0aW9uMT4wPAYDVQQLEzVEaWdpdGFsIElEIENsYXNzIDMgLSBNaWNy
b3NvZnQgU29mdHdhcmUgVmFsaWRhdGlvbiB2MjEbMBkGA1UEAxQSUk9CTE9YIENv
cnBvcmF0aW9uMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9Vg9Z0ee
4Tg3pwyw9CcQCINfJEWLhhvrB88pcnyMKxbB7v3qwwfi9VhL0fRM/AusgONWrQuW
2gftlw9ZtQMAWRkLvPHM3hXz5ch1XpvTmNqPQrSGfn9te7T9018ORa+WVuUCKzhL
xMSxG+VEpSRZsSdhq/chwA3fqhdUdq7fdxo6H3v/RV8bDUz1vRow+ygtAMneh8/x
kvnnyGZrW7BzJH6odOq4ASbx08czrKzqxnnoiFDmPuBTjv5wCLz0yHboHRQ/aC25
GKXNioEVAGY/nWxVetFgJG8SwiIBR9C4KHaUqLHpPDU40WW7jGvybDaEGWXBQfTr
e1Dj/B3JY6SGhwIDAQABo4IBezCCAXcwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC
B4AwQAYDVR0fBDkwNzA1oDOgMYYvaHR0cDovL2NzYzMtMjAxMC1jcmwudmVyaXNp
Z24uY29tL0NTQzMtMjAxMC5jcmwwRAYDVR0gBD0wOzA5BgtghkgBhvhFAQcXAzAq
MCgGCCsGAQUFBwIBFhybdHRwczovL3d3dy52ZXJpc2lnbi5jb20vcnBhMBMGA1Ud
JQQMMAoGCCsGAQUFBwMDMHEGCCsGAQVLBwEBBGUwYzAkBggrBgEFBQcwAYYYaHR0
cDovL29jc3AudmVyaXNpZ24uY29tMDsGCCsGAQUFBzAChi9odHRwOi8vY3NjMy0y
MDEwLWFpYS52ZXJpc2lnbnhjb20vQ1NDMy0yMDEwLmNlcjAfBgNVHSMEGDAWgFBt
48zqeyb0S8mOj9fwBSbv49KnnTARBglgIEgBhvhCAQEEBAMCBBAwFgYKKwYBBAGC
NwIBGwQIMAYBAQABAf8wDQYJKoZIhvcNAQEFBQADggEBeCwxl3jzuZqItKl531TN
TCCx3yoOfpZnGd7acfLyfeX8xDy7wakiOyC1nxv1FL7+H//Mku+F3Ne/A0HmnHx0
sD9F1fYxweF8ubSoRqwUCXSMB4YZuwRAfUILon6YvyHU1kgPYwr0bsYu28l0liQY
YC7ALFbwO2ecxOYgg38mho+XRRXPd/PtOfmZ23yeKvrD0Hm499jC1OloFX+8G4ly
mz9Y8aoDBzkEYcXWn3Rz1p6EQJnWJzI/jSxMKIuI2/Ge+oIFZpEGK3Hec3sYqLs4
EUOfWI4bNm1W+eU0E2bwuWmjddgTdOWHaYm7jMlCzkZw9qg2/IE2fTu7P7UuNOvw
av0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIF4jCCBMqgAwIBAgIQJ1P4Bv6RNzIvW0CfHDGHXDANBgkqhkiG9w0BAQUFADCB
yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJp
U2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxW
ZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0
aG9yaXR5IC0gRzUwHhcNMTAwMjA4MDAwMDAwWhcNMjAwMjA3MjM1OTU5WjCBtDEL
MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZW
ZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQg
aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykxMDEuMCwGA1UEAxMlVmVy
aVNpZ24gQ2xhc3MgMyBDb2RlIFNpZ25pbmcgMjAxMCBDQTCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAPUjS16l14q7MunUV/fv5Mcmfq0ZmP6onX2U9jZr
ENd1gTB/BGh/yyt1Hs0dCIzfaZSnN6Oce4DgmeHuN01fzjsU7obU0PUnNbwlCzin
jGOdF6MIpauw+81qYoJM1SHaG9nx44Q7iipPhVuQAU/Jp3YQfycDfL6ufn3B3fkF
vBtInGnnwKQ8PEEAPt+W5cXklHHWVQHHACZKQDy1oSapDKdtgI6QJXvPvz8c6y+W
+uWHd8a1VrJ6O1QwUxvfYjT/HtH0WpMoheVMF05+W/2kk5l/383vpHXv7xX2R+f4
GXLYLjQaprSnTH69u08MPVfxMNamNo7WgHbXGS6lzX40LYkCAwEAAaOCAdYwggHS
MBIGA1UdEwEB/wQIMAYBAf8CAQAwcAYDVR0gBGkwZzBlBgtghkgBhvhFAQcXAzBW
MCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy52ZXJpc2lnbi5jb20vY3BzMCoGCCsG
AQUFBwICMB4aHGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9ycGEwDgYDVR0PAQH/
BAQDAgEGMG0GCCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8w
BwYFKw4DAhoEFI/l0xqGrI2Oa8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZl
cmlzaWduLmNvbS92c2xvZ28uZ2lmMDQGA1UdHwQtMCswKaAnoCWGI2h0dHA6Ly9j
cmwudmVyaXNpZ24uY29tL3BjYTMtZzUuY3JsMCgGA1UdEQQhMB+kHTAbMRkwFwYD
VQQDExBWZXJpU2lnbk1QS0ktMi04MB0GA1UdDgQWBBTPmanqeyb0S8mOj9fwBSbv
49KnnTArBgNVHSUEJDAiBggrBgEFBQcDAgYIKwYBBQUHAwMGDCqGOgABg4+JDQEB
ATAfBgNVHSMEGDAWgBR/02Wnwt3su/AwCfNDOfoCrzMxMzANBgkqhkiG9w0BAQUF
AAOCAQEAW46f07q+qa8aPmWBt8Fk9qJ460yABjqsIm6MK7xdhX/AjxAqysStliQB
aP9ltdEULCql2kmWr+nU/3GckwlKamH0S9HLtl8p/GgR5XL/Rg82KZlDnrPZrEeT
e+/E62aGp9aJVD6Umw2R8NIjasANN85G35WupGXGGL+kaXM/6IXQSH0o7/NfsAG0
dbTRU0v0b/aki2a273g5xYgrZzIa70DAlPa30ouEoCZvikvF2NxU7uJKVqq8cuWT
5j+23m1seyVbAexvKWS38y4j9h+uES3GurnrCGCxLRsrnr6FdAodLipSkRgg18my
l4SPFiwyyhgSqsUgWcr7bTcy48WjhA==
-----END CERTIFICATE-----
......@@ -29,6 +29,10 @@ if ! test -z "${VALGRIND}"; then
VALGRIND="${LIBTOOL:-libtool} --mode=execute ${VALGRIND}"
fi
if ! test -x "${CERTTOOL}"; then
exit 77
fi
#check whether a different PKCS #1 signature than the advertized in certificate is tolerated
${VALGRIND} "${CERTTOOL}" -e --infile "${srcdir}/data/invalid-sig.pem"
rc=$?
......@@ -75,7 +79,17 @@ rc=$?
# We're done.
if test "${rc}" = "0"; then
echo "Verification of invalid signature (4) failed"
echo "Verification of invalid signature (5) failed"
exit ${rc}
fi
#this was causing a double free; verify that we receive the expected error code
${VALGRIND} "${CERTTOOL}" --verify-chain --infile "${srcdir}/data/cve-2019-3829.pem"
rc=$?
# We're done.
if test "${rc}" != "1"; then
echo "Verification of invalid signature (6) failed"
exit ${rc}
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment