diff options
| author | Jack Lloyd <[email protected]> | 2016-12-08 19:23:18 -0500 |
|---|---|---|
| committer | Jack Lloyd <[email protected]> | 2016-12-08 19:23:18 -0500 |
| commit | 59a71779ad7c644fcaefd3582ea244f1ff60349a (patch) | |
| tree | 3354cf95d4d239ad602f3c6fbdf719bca89ae0db /src/extra_tests/fuzzers/jigs/pkcs1.cpp | |
| parent | 41e7cade5889d238ca695806451db227b9792cd9 (diff) | |
Fix off by one in PKCS #1 v1.5 decryption decoding
When the code was changed in b8966d0f89e, the offset was not changed,
so it would reject ciphertexts with exactly 8 bytes of random padding
(the required minimum).
Found by pkcs1 fuzzer which also had problems due to not having been
updated at the same time.
Add a test suite for decoding of PK decryption padding to cover the
problem cases.
Diffstat (limited to 'src/extra_tests/fuzzers/jigs/pkcs1.cpp')
| -rw-r--r-- | src/extra_tests/fuzzers/jigs/pkcs1.cpp | 33 |
1 files changed, 21 insertions, 12 deletions
diff --git a/src/extra_tests/fuzzers/jigs/pkcs1.cpp b/src/extra_tests/fuzzers/jigs/pkcs1.cpp index 889308f0e..8a16d17e5 100644 --- a/src/extra_tests/fuzzers/jigs/pkcs1.cpp +++ b/src/extra_tests/fuzzers/jigs/pkcs1.cpp @@ -13,14 +13,14 @@ secure_vector<byte> simple_pkcs1_unpad(const byte in[], size_t len) if(len < 10) throw Botan::Decoding_Error("bad len"); - if(in[0] != 2) - throw Botan::Decoding_Error("bad field"); + if(in[0] != 0 || in[1] != 2) + throw Botan::Decoding_Error("bad header field"); - for(size_t i = 1; i < len; ++i) + for(size_t i = 2; i < len; ++i) { if(in[i] == 0) { - if(i < 9) + if(i < 10) // at least 8 padding bytes required throw Botan::Decoding_Error("insufficient padding bytes"); return secure_vector<byte>(in + i + 1, in + len); } @@ -42,9 +42,9 @@ void fuzz(const uint8_t in[], size_t len) secure_vector<byte> decoded = ((EME*)&pkcs1)->unpad(valid_mask, in, len); if(valid_mask == 0) - lib_rejected = false; - else if(valid_mask == 0xFF) lib_rejected = true; + else if(valid_mask == 0xFF) + lib_rejected = false; else abort(); } @@ -54,15 +54,24 @@ void fuzz(const uint8_t in[], size_t len) { ref_result = simple_pkcs1_unpad(in, len); } - catch(Botan::Decoding_Error&) { ref_rejected = true; } + catch(Botan::Decoding_Error& e) { ref_rejected = true; /*printf("%s\n", e.what());*/ } - FUZZER_ASSERT_EQUAL(lib_rejected, ref_rejected); + if(lib_rejected == ref_rejected) + { + return; // ok, they agree + } - if(lib_result != ref_result) + // otherwise: incorrect result, log info and crash + if(lib_rejected == true && ref_rejected == false) + { + std::cerr << "Library rejected input accepted by ref\n"; + std::cerr << "Ref decoded " << hex_encode(ref_result) << "\n"; + } + else if(ref_rejected == true && lib_rejected == false) { - std::cerr << hex_encode(lib_result) << " != ref \n" - << hex_encode(ref_result) << std::endl; - abort(); + std::cerr << "Library accepted input reject by ref\n"; + std::cerr << "Lib decoded " << hex_encode(lib_result) << "\n"; } + abort(); } |