tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

quickder.cc (2798B)

      1 /* This Source Code Form is subject to the terms of the Mozilla Public
      2 * License, v. 2.0. If a copy of the MPL was not distributed with this
      3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      4 
      5 #include <cstddef>
      6 #include <cstdint>
      7 #include <vector>
      8 
      9 #include "certt.h"
     10 #include "keythi.h"
     11 #include "secdert.h"
     12 #include "secport.h"
     13 
     14 #include "asn1/mutators.h"
     15 #include "base/mutate.h"
     16 
     17 const std::vector<const SEC_ASN1Template *> templates = {
     18    CERT_AttributeTemplate,
     19    CERT_CertExtensionTemplate,
     20    CERT_CertificateRequestTemplate,
     21    CERT_CertificateTemplate,
     22    CERT_CrlTemplate,
     23    CERT_IssuerAndSNTemplate,
     24    CERT_NameTemplate,
     25    CERT_PublicKeyAndChallengeTemplate,
     26    CERT_RDNTemplate,
     27    CERT_SequenceOfCertExtensionTemplate,
     28    CERT_SetOfAttributeTemplate,
     29    CERT_SetOfSignedCrlTemplate,
     30    CERT_SignedCrlTemplate,
     31    CERT_SignedDataTemplate,
     32    CERT_SubjectPublicKeyInfoTemplate,
     33    CERT_TimeChoiceTemplate,
     34    CERT_ValidityTemplate,
     35    SEC_AnyTemplate,
     36    SEC_BitStringTemplate,
     37    SEC_BMPStringTemplate,
     38    SEC_BooleanTemplate,
     39    SEC_CertSequenceTemplate,
     40    SEC_EnumeratedTemplate,
     41    SEC_GeneralizedTimeTemplate,
     42    SEC_IA5StringTemplate,
     43    SEC_IntegerTemplate,
     44    SEC_NullTemplate,
     45    SEC_ObjectIDTemplate,
     46    SEC_OctetStringTemplate,
     47    SEC_PointerToAnyTemplate,
     48    SEC_PointerToEnumeratedTemplate,
     49    SEC_PointerToGeneralizedTimeTemplate,
     50    SEC_PointerToOctetStringTemplate,
     51    SEC_PrintableStringTemplate,
     52    SEC_SetOfAnyTemplate,
     53    SEC_SetOfEnumeratedTemplate,
     54    SEC_SequenceOfAnyTemplate,
     55    SEC_SequenceOfObjectIDTemplate,
     56    SEC_SignedCertificateTemplate,
     57    SEC_SkipTemplate,
     58    SEC_T61StringTemplate,
     59    SEC_UniversalStringTemplate,
     60    SEC_UTCTimeTemplate,
     61    SEC_UTF8StringTemplate,
     62    SEC_VisibleStringTemplate,
     63    SECKEY_DHParamKeyTemplate,
     64    SECKEY_DHPublicKeyTemplate,
     65    SECKEY_DSAPrivateKeyExportTemplate,
     66    SECKEY_DSAPublicKeyTemplate,
     67    SECKEY_PQGParamsTemplate,
     68    SECKEY_PrivateKeyInfoTemplate,
     69    SECKEY_RSAPSSParamsTemplate,
     70    SECKEY_RSAPublicKeyTemplate,
     71    SECOID_AlgorithmIDTemplate};
     72 
     73 extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
     74  static char *dest[2048];
     75 
     76  PORTCheapArenaPool pool;
     77  PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);
     78 
     79  for (auto tpl : templates) {
     80    SECItem buf = {siBuffer, (unsigned char *)data, (unsigned int)size};
     81    (void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);
     82  }
     83 
     84  PORT_DestroyCheapArena(&pool);
     85 
     86  return 0;
     87 }
     88 
     89 extern "C" size_t LLVMFuzzerCustomMutator(uint8_t *data, size_t size,
     90                                          size_t max_size, unsigned int seed) {
     91  return CustomMutate(
     92      Mutators({ASN1Mutators::FlipConstructed, ASN1Mutators::ChangeType}), data,
     93      size, max_size, seed);
     94 }