diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt index 0ef6dc5a..42695d27 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/SignatureUtils.kt @@ -8,6 +8,7 @@ import java.io.IOException import java.io.InputStream import java.util.* import openpgp.plusSeconds +import org.bouncycastle.bcpg.UnsupportedPacketVersionException import org.bouncycastle.bcpg.sig.KeyExpirationTime import org.bouncycastle.openpgp.* import org.bouncycastle.openpgp.api.OpenPGPImplementation @@ -151,37 +152,46 @@ class SignatureUtils { */ @JvmStatic fun readSignatures(inputStream: InputStream, maxIterations: Int): List { - val signatures = mutableListOf() - val pgpIn = ArmorUtils.getDecoderStream(inputStream) - val objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(pgpIn) + try { + val signatures = mutableListOf() + val pgpIn = ArmorUtils.getDecoderStream(inputStream) + val objectFactory = OpenPGPImplementation.getInstance().pgpObjectFactory(pgpIn) - var i = 0 - var nextObject: Any? = null - while (i++ < maxIterations && - objectFactory.nextObject().also { nextObject = it } != null) { - // Since signatures are indistinguishable from randomness, there is no point in - // having them compressed, - // except for an attacker who is trying to exploit flaws in the decompression - // algorithm. - // Therefore, we ignore compressed data packets without attempting decompression. - if (nextObject is PGPCompressedData) { - // getInputStream() does not do decompression, contrary to getDataStream(). - Streams.drain( - (nextObject as PGPCompressedData) - .inputStream) // Skip packet without decompressing + var i = 0 + var nextObject: Any? = null + while (i++ < maxIterations && + objectFactory.nextObject().also { nextObject = it } != null) { + // Since signatures are indistinguishable from randomness, there is no point in + // having them compressed, + // except for an attacker who is trying to exploit flaws in the decompression + // algorithm. + // Therefore, we ignore compressed data packets without attempting decompression. + if (nextObject is PGPCompressedData) { + // getInputStream() does not do decompression, contrary to getDataStream(). + Streams.drain( + (nextObject as PGPCompressedData) + .inputStream + ) // Skip packet without decompressing + } + + if (nextObject is PGPSignatureList) { + signatures.addAll(nextObject as PGPSignatureList) + } + + if (nextObject is PGPSignature) { + signatures.add(nextObject as PGPSignature) + } } - if (nextObject is PGPSignatureList) { - signatures.addAll(nextObject as PGPSignatureList) - } - - if (nextObject is PGPSignature) { - signatures.add(nextObject as PGPSignature) - } + pgpIn.close() + return signatures.toList() + } catch (e: UnsupportedPacketVersionException) { + throw PGPException("Unsupported packet version encountered.", e) + } catch (e: ClassCastException) { + throw PGPException("Unexpected packet encountered.", e) + } catch (e: IllegalArgumentException) { + throw PGPException("Malformed packet encountered.", e) } - - pgpIn.close() - return signatures.toList() } /** diff --git a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/DetachedVerifyImpl.kt b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/DetachedVerifyImpl.kt index d9837def..96ff195e 100644 --- a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/DetachedVerifyImpl.kt +++ b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/DetachedVerifyImpl.kt @@ -28,8 +28,12 @@ class DetachedVerifyImpl(private val api: PGPainless) : DetachedVerify { override fun data(data: InputStream): List { try { - val verificationStream = api.processMessage().onInputStream(data).withOptions(options) - + val verificationStream = + try { + api.processMessage().onInputStream(data).withOptions(options) + } catch (e: RuntimeException) { + throw SOPGPException.BadData(e) + } Streams.drain(verificationStream) verificationStream.close() diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/AsciiArmorFuzzTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/AsciiArmorFuzzTest.java index bedeee9e..c58090b9 100644 --- a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/AsciiArmorFuzzTest.java +++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/AsciiArmorFuzzTest.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2025 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + package org.pgpainless.sop.fuzzing; import com.code_intelligence.jazzer.api.FuzzedDataProvider; diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/ParseCertFuzzTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/ParseCertFuzzTest.java index b8caebaf..39296126 100644 --- a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/ParseCertFuzzTest.java +++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/ParseCertFuzzTest.java @@ -1,3 +1,7 @@ +// SPDX-FileCopyrightText: 2025 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + package org.pgpainless.sop.fuzzing; import com.code_intelligence.jazzer.api.FuzzedDataProvider; diff --git a/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SignatureFuzzTest.java b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SignatureFuzzTest.java new file mode 100644 index 00000000..7d578824 --- /dev/null +++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/fuzzing/SignatureFuzzTest.java @@ -0,0 +1,96 @@ +// SPDX-FileCopyrightText: 2025 Paul Schaub +// +// SPDX-License-Identifier: Apache-2.0 + +package org.pgpainless.sop.fuzzing; + +import com.code_intelligence.jazzer.api.FuzzedDataProvider; +import com.code_intelligence.jazzer.junit.FuzzTest; +import org.pgpainless.sop.SOPImpl; +import sop.SOP; +import sop.Verification; +import sop.exception.SOPGPException; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.util.List; + +public class SignatureFuzzTest { + + private final SOP sop = new SOPImpl(); + private final byte[] data = "Hello, World!\n".getBytes(StandardCharsets.UTF_8); + + private final String key = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + + "Comment: D7BC FF6B B105 40D9 87F9 CB6E 542D C9F6 FCAE AD63\n" + + "Comment: Alice \n" + + "\n" + + "lFgEaGzu+BYJKwYBBAHaRw8BAQdAlqjB241N44drAJvxa3wx0uRb5bxuVNXrCwPZ\n" + + "yf4Qg+MAAQCpACcGmoOPZISRbMjRzI/0Wf5iIZwp7r9huzLe6NToBRFxtBxBbGlj\n" + + "ZSA8YWxpY2VAcGdwYWlubGVzcy5vcmc+wpUEExYKAEcFgmhs7vgJEFQtyfb8rq1j\n" + + "FiEE17z/a7EFQNmH+ctuVC3J9vyurWMCngECmwEFFgIDAQAECwkIBwUVCgkICwWJ\n" + + "CWYBfwKZAQAA1SMBAIuffSIKKkG73rWInDrfV6G0kCh/uP7Qf3Jh4A+x5BrvAP42\n" + + "KANAmmLmDVsPGWEPEAlCAJFwKZvHzvYsk8dEFNZEDJxYBGhs7vgWCSsGAQQB2kcP\n" + + "AQEHQOPChGD0z51fOsnFswJPNmhzxdhZHuXCxbEJ+/5WhU9QAAEA3i0J/Vbyhj92\n" + + "kd8gsjLUIkbDHGGDb/vfRCgmRAySF1MOL8LAFQQYFgoAfQWCaGzu+AKeAQKbAgUW\n" + + "AgMBAAQLCQgHBRUKCQgLXyAEGRYKAAYFgmhs7vgACgkQIvV9b29BRNSV1AEAtywX\n" + + "h7bdVq0597D0JfASIvo/ksyHsTyf/JRVH6M0Gv0A/RvFJnVRt1EitamD8i2mX2H3\n" + + "yC2lP2t1WzTafT7GzkYMAAoJEFQtyfb8rq1jhRABAIb/GkyCOlU02zfDMd5UHQ4J\n" + + "EpexaSodCvrGcQMA5t2nAPsEPXQOl1AOdJoc/sICsVAi4DvxohelpWJ19ZUy7WYQ\n" + + "CZxdBGhs7vgSCisGAQQBl1UBBQEBB0BeCegzdBr3B6+q3IBjkzNXPfLopNi2d+sL\n" + + "9hcbV9ztDgMBCAcAAP9hFCttDV8qWyven96rQ0WKGfVo1bKp2EZHGUR7tIScWA9P\n" + + "wnUEGBYKAB0Fgmhs7vgCngECmwwFFgIDAQAECwkIBwUVCgkICwAKCRBULcn2/K6t\n" + + "Y7GuAP9Kf1Ec1GJmZ99UHsgiN60os+6adMLj4G2ASiIbNSDvKgD9F/VLFIb/eN7k\n" + + "JQp3E5C15x5pMMKEI/rjwdrKmYH3aAw=\n" + + "=hnEg\n" + + "-----END PGP PRIVATE KEY BLOCK-----"; + private final String cert = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" + + "Comment: D7BC FF6B B105 40D9 87F9 CB6E 542D C9F6 FCAE AD63\n" + + "Comment: Alice \n" + + "\n" + + "mDMEaGzu+BYJKwYBBAHaRw8BAQdAlqjB241N44drAJvxa3wx0uRb5bxuVNXrCwPZ\n" + + "yf4Qg+O0HEFsaWNlIDxhbGljZUBwZ3BhaW5sZXNzLm9yZz7ClQQTFgoARwWCaGzu\n" + + "+AkQVC3J9vyurWMWIQTXvP9rsQVA2Yf5y25ULcn2/K6tYwKeAQKbAQUWAgMBAAQL\n" + + "CQgHBRUKCQgLBYkJZgF/ApkBAADVIwEAi599IgoqQbvetYicOt9XobSQKH+4/tB/\n" + + "cmHgD7HkGu8A/jYoA0CaYuYNWw8ZYQ8QCUIAkXApm8fO9iyTx0QU1kQMuDMEaGzu\n" + + "+BYJKwYBBAHaRw8BAQdA48KEYPTPnV86ycWzAk82aHPF2Fke5cLFsQn7/laFT1DC\n" + + "wBUEGBYKAH0Fgmhs7vgCngECmwIFFgIDAQAECwkIBwUVCgkIC18gBBkWCgAGBYJo\n" + + "bO74AAoJECL1fW9vQUTUldQBALcsF4e23VatOfew9CXwEiL6P5LMh7E8n/yUVR+j\n" + + "NBr9AP0bxSZ1UbdRIrWpg/Itpl9h98gtpT9rdVs02n0+xs5GDAAKCRBULcn2/K6t\n" + + "Y4UQAQCG/xpMgjpVNNs3wzHeVB0OCRKXsWkqHQr6xnEDAObdpwD7BD10DpdQDnSa\n" + + "HP7CArFQIuA78aIXpaVidfWVMu1mEAm4OARobO74EgorBgEEAZdVAQUBAQdAXgno\n" + + "M3Qa9wevqtyAY5MzVz3y6KTYtnfrC/YXG1fc7Q4DAQgHwnUEGBYKAB0Fgmhs7vgC\n" + + "ngECmwwFFgIDAQAECwkIBwUVCgkICwAKCRBULcn2/K6tY7GuAP9Kf1Ec1GJmZ99U\n" + + "HsgiN60os+6adMLj4G2ASiIbNSDvKgD9F/VLFIb/eN7kJQp3E5C15x5pMMKEI/rj\n" + + "wdrKmYH3aAw=\n" + + "=4uX6\n" + + "-----END PGP PUBLIC KEY BLOCK-----"; + + @FuzzTest( + maxDuration = "60s" + ) + public void verifyFuzzedSig(FuzzedDataProvider provider) throws IOException { + byte[] sig = provider.consumeBytes(1024); + if (sig.length == 0) { + return; + } + + try { + List verifs = sop.verify() + .cert(cert.getBytes(StandardCharsets.UTF_8)) + .signatures(sig) + .data(data); + + if (verifs.isEmpty()) { + return; + } + + for (Verification v : verifs) { + System.out.println(v.toString()); + } + } catch (SOPGPException.NoSignature e) { + // ignore + } catch (SOPGPException.BadData e) { + // expected + } + } +} diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-94d4f79102352b762d29a2596cec0a16fb4f6a61 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-94d4f79102352b762d29a2596cec0a16fb4f6a61 new file mode 100644 index 00000000..69e7d806 --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-94d4f79102352b762d29a2596cec0a16fb4f6a61 @@ -0,0 +1 @@ +xjsFwxylML8M9MlS \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-f76fa673913fd9409423d16fc3593596cbf71023 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-f76fa673913fd9409423d16fc3593596cbf71023 new file mode 100644 index 00000000..b3235e56 --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/ParseCertFuzzTestInputs/parseOpenPGPCert/crash-f76fa673913fd9409423d16fc3593596cbf71023 @@ -0,0 +1 @@ +xjx \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-0cf7eacc2a3bac835ac97aa40d8f7735cef966c4 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-0cf7eacc2a3bac835ac97aa40d8f7735cef966c4 new file mode 100644 index 00000000..6cc3e018 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-0cf7eacc2a3bac835ac97aa40d8f7735cef966c4 differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-13384a176fc0bacf13f7a6431bdca5ccc30f8baa b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-13384a176fc0bacf13f7a6431bdca5ccc30f8baa new file mode 100644 index 00000000..7bcd5f16 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-13384a176fc0bacf13f7a6431bdca5ccc30f8baa differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-40a90a6a0d5a51ec600e9ec6b54e7377f072fd3c b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-40a90a6a0d5a51ec600e9ec6b54e7377f072fd3c new file mode 100644 index 00000000..9998542a Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-40a90a6a0d5a51ec600e9ec6b54e7377f072fd3c differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5a8ca84c7d4d9b055f05c55b1f707f223979d387 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5a8ca84c7d4d9b055f05c55b1f707f223979d387 new file mode 100644 index 00000000..54a81dca --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5a8ca84c7d4d9b055f05c55b1f707f223979d387 @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5aed3e11291d53244b523b605011b3b0fd26ba4b b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5aed3e11291d53244b523b605011b3b0fd26ba4b new file mode 100644 index 00000000..69fb1789 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5aed3e11291d53244b523b605011b3b0fd26ba4b differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5f55f2f1999e35e7dc4da488679f149bc38a9ace b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5f55f2f1999e35e7dc4da488679f149bc38a9ace new file mode 100644 index 00000000..cd3eff15 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-5f55f2f1999e35e7dc4da488679f149bc38a9ace differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-6a5368d90575590101c96b99febb74e17388e388 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-6a5368d90575590101c96b99febb74e17388e388 new file mode 100644 index 00000000..3aeda8f0 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-6a5368d90575590101c96b99febb74e17388e388 differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e75de4a2f16140d7f0fc47f1b17c24186cfcdec b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e75de4a2f16140d7f0fc47f1b17c24186cfcdec new file mode 100644 index 00000000..a48fe0da Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e75de4a2f16140d7f0fc47f1b17c24186cfcdec differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e9ebd7736a1e6ee971dc3d328e9e929caaa101b b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e9ebd7736a1e6ee971dc3d328e9e929caaa101b new file mode 100644 index 00000000..b73187c0 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-9e9ebd7736a1e6ee971dc3d328e9e929caaa101b differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a398e552b9fe8bcb6d6c2cac6fb6e564762c87f9 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a398e552b9fe8bcb6d6c2cac6fb6e564762c87f9 new file mode 100644 index 00000000..e2c1cca5 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a398e552b9fe8bcb6d6c2cac6fb6e564762c87f9 differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a4dc44449d64decbb5459f8572b54af63a4eb4f8 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a4dc44449d64decbb5459f8572b54af63a4eb4f8 new file mode 100644 index 00000000..249abd49 --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-a4dc44449d64decbb5459f8572b54af63a4eb4f8 @@ -0,0 +1 @@ +00000000000000000000000000000000000000000000000000000000000000 \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-bea7acca1916ad2e8fcc55c6c22372fa8db47f10 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-bea7acca1916ad2e8fcc55c6c22372fa8db47f10 new file mode 100644 index 00000000..720df3d5 --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-bea7acca1916ad2e8fcc55c6c22372fa8db47f10 @@ -0,0 +1 @@ +‡ \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c000a51366616d33f9df61c9260fba450f9e2e7c b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c000a51366616d33f9df61c9260fba450f9e2e7c new file mode 100644 index 00000000..ec5fd422 --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c000a51366616d33f9df61c9260fba450f9e2e7c @@ -0,0 +1 @@ +· \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c4a0ed88c991d1482b6eb0301f6a48005a711def b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c4a0ed88c991d1482b6eb0301f6a48005a711def new file mode 100644 index 00000000..3b24f599 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c4a0ed88c991d1482b6eb0301f6a48005a711def differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c71f29422931ea494827e83f146ff3caed79129f b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c71f29422931ea494827e83f146ff3caed79129f new file mode 100644 index 00000000..9221390a Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-c71f29422931ea494827e83f146ff3caed79129f differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-ce933ff5f8546a54ac5d85df62509dc8c6faf74e b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-ce933ff5f8546a54ac5d85df62509dc8c6faf74e new file mode 100644 index 00000000..62d83b0b Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-ce933ff5f8546a54ac5d85df62509dc8c6faf74e differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-dae649c2d3128fa2e70857e1d4598566ec669192 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-dae649c2d3128fa2e70857e1d4598566ec669192 new file mode 100644 index 00000000..8ae172b4 Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-dae649c2d3128fa2e70857e1d4598566ec669192 differ diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-f03f6f5bb897abe1c95a7058ebfb101855207798 b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-f03f6f5bb897abe1c95a7058ebfb101855207798 new file mode 100644 index 00000000..13972478 --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/crash-f03f6f5bb897abe1c95a7058ebfb101855207798 @@ -0,0 +1 @@ +——————————————————————————————————# \ No newline at end of file diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.asc b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.asc new file mode 100644 index 00000000..c250b6cc --- /dev/null +++ b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.asc @@ -0,0 +1,7 @@ +-----BEGIN PGP SIGNATURE----- + +wnUEABYKACcFgmhs7vgJECL1fW9vQUTUFiEELgSiuyj9W99u41BmIvV9b29BRNQA +ALkiAQDRulwayys9tufqrCg+AGCTyBp0SZT9PBOiCk2iZSb4zgEAvc3R88D3LI0C +kmchJW/WW7JGsmrwO4EZIBu1alzkggk= +=w4js +-----END PGP SIGNATURE----- diff --git a/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.bin b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.bin new file mode 100644 index 00000000..fb7ee5ce Binary files /dev/null and b/pgpainless-sop/src/test/resources/org/pgpainless/sop/fuzzing/SignatureFuzzTestInputs/verifyFuzzedSig/sig.bin differ