[gnutls-devel] GnuTLS | certtool: generate, parse, and manipulate X25519 and X448 pubkeys, privkeys, and certificates (!1428)

Read-only notification of GnuTLS library development activities gnutls-devel at lists.gnutls.org
Wed Aug 4 17:52:59 CEST 2021 



Daniel Kahn Gillmor commented:


hm, the UB+ASAN-Werror test run failed with this information:

```
testing 16 bytes from '/builds/dkg/gnutls/fuzz/gnutls_private_key_parser_fuzzer.in/10a5c92fa30ddb6cbb4286d7699b2b7a7e032b17'
common.c:633:2: runtime error: null pointer passed as argument 2, which is declared to never be null
    #0 0x7f0369db2ea4 in _gnutls_x509_decode_string /builds/dkg/gnutls/lib/x509/common.c:633
    #1 0x7f0369db5121 in _gnutls_x509_read_string /builds/dkg/gnutls/lib/x509/common.c:803
    #2 0x7f0369e47024 in _decode_pkcs8_modern_ecdh_key /builds/dkg/gnutls/lib/x509/privkey_pkcs8.c:1159
    #3 0x7f0369e47024 in decode_private_key_info /builds/dkg/gnutls/lib/x509/privkey_pkcs8.c:1518
    #4 0x7f0369e4fd40 in gnutls_x509_privkey_import_pkcs8 /builds/dkg/gnutls/lib/x509/privkey_pkcs8.c:1636
    #5 0x7f0369e3bc87 in gnutls_x509_privkey_import /builds/dkg/gnutls/lib/x509/privkey.c:584
    #6 0x402497 in LLVMFuzzerTestOneInput /builds/dkg/gnutls/fuzz/gnutls_private_key_parser_fuzzer.c:39
    #7 0x402992 in test_single_file /builds/dkg/gnutls/fuzz/main.c:68
    #8 0x402b36 in test_all_from /builds/dkg/gnutls/fuzz/main.c:93
    #9 0x402de6 in main /builds/dkg/gnutls/fuzz/main.c:130
    #10 0x7f03689a5b74 in __libc_start_main (/lib64/libc.so.6+0x27b74)
    #11 0x4022dd in _start (/builds/dkg/gnutls/fuzz/.libs/lt-gnutls_private_key_parser_fuzzer+0x4022dd)

FAIL gnutls_private_key_parser_fuzzer (exit status: 1)
```

That file contains the following 16 octets:

```
00000000  30 0e 02 01 00 30 05 06  03 2b 65 6e 04 02 24 fa  |0....0...+en..$.|
00000010
```

which in ASN1 is:

```
  0  14: SEQUENCE {
  2   1:   INTEGER 0
  5   5:   SEQUENCE {
  7   3:     OBJECT IDENTIFIER curveX25519 (1 3 101 110)
       :     }
 12   2:   OCTET STRING 24 FA
       :   }

0 warnings, 0 errors.
```

So it is related to the subject material in this series.  Not sure how to fix it yet though.

-- 
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/-/merge_requests/1428#note_643275026
You're receiving this email because of your account on gitlab.com.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20210804/2169dd74/attachment.html>

More information about the Gnutls-devel mailing list