diff --git a/.gitignore b/.gitignore index 17450f14c1b..89350529989 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,12 @@ libcrypto-build/* libcrypto-root/* tests/unit/*_test +tests/fuzz/fuzz-*.log bin/s2nc bin/s2nd +util-linux-* +Python-* +clang-* +fuzz_dependencies/* +.travis/prlimit +.travis/.libs/* diff --git a/.travis.yml b/.travis.yml index 93c6fdd77e5..07ab7b0397c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,13 @@ sudo: true +language: c + +addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-6 + - g++-6 os: - osx @@ -8,15 +17,29 @@ compiler: - gcc - clang +before_install: + # Install GCC 6 if on OSX + - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi + - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew tap homebrew/versions ; fi + - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install gcc6 ; fi + # Set GCC 6 as Default on both Ubuntu and OSX + - alias gcc=$(which gcc-6) + # Install latest version of clang, clang++, and llvm-symbolizer and add them to beginning of PATH. Needed for fuzzing. + - (.travis/install_clang.sh `pwd`/clang-download `pwd`/clang-latest $TRAVIS_OS_NAME) && export PATH=`pwd`/clang-latest/bin:$PATH install: + # Download and Install LibFuzzer + - .travis/install_libFuzzer.sh `pwd`/fuzz_dependencies/libFuzzer-download `pwd`/fuzz_dependencies $TRAVIS_OS_NAME + # Download and Install Openssl - .travis/install_openssl.sh `pwd`/libcrypto-build `pwd`/libcrypto-root $TRAVIS_OS_NAME > /dev/null # Install python linked with our compiled Openssl for integration tests - - sudo .travis/install_python.sh `pwd`/libcrypto-root > /dev/null + - sudo "PATH=$PATH" .travis/install_python.sh `pwd`/libcrypto-root > /dev/null # Install prlimit to set the memlock limit to unlimited for this process - - (test "$TRAVIS_OS_NAME" = "linux" && sudo .travis/install_prlimit.sh $PWD/.travis > /dev/null && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true + - (test "$TRAVIS_OS_NAME" = "linux" && sudo "PATH=$PATH" .travis/install_prlimit.sh $PWD/.travis > /dev/null && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true - mkdir -p .travis/checker && .travis/install_scan-build.sh .travis/checker && export PATH=$PATH:.travis/checker/bin + script: - (test "$TRAVIS_OS_NAME" = "linux" && make -j8) || true # Build and run unit tests with scan-build for osx. scan-build bundle isn't available for linux - (test "$TRAVIS_OS_NAME" = "osx" && scan-build --status-bugs -o /tmp/scan-build make -j8; STATUS=$?; test $STATUS -ne 0 && cat /tmp/scan-build/*/*; exit $STATUS) || true - make integration + - make clean && make fuzz diff --git a/.travis/install_clang.sh b/.travis/install_clang.sh new file mode 100755 index 00000000000..94ba5f88314 --- /dev/null +++ b/.travis/install_clang.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +set -e + +usage() { + echo "install_clang.sh download_dir install_dir travis_platform" + exit 1 +} + +if [ "$#" -ne "3" ]; then + usage +fi + +CLANG_DOWNLOAD_DIR=$1 +CLANG_INSTALL_DIR=$2 +PLATFORM=$3 + +mkdir -p $CLANG_DOWNLOAD_DIR +cd $CLANG_DOWNLOAD_DIR + +if [ "$PLATFORM" == "linux" ]; then + # The Certificate used by chromium.googlesource.com is not in the default CA + # list supported by git/curl on Ubuntu, but the certificate is in the + # ca-certificates.crt file in Ubuntu, so set this env variable so that it is + # picked up by git. + export SSL_CERT_FILE=/usr/lib/ssl/certs/ca-certificates.crt +fi + +GIT_CURL_VERBOSE=1 +echo "Downloading Clang..." +git clone https://chromium.googlesource.com/chromium/src/tools/clang + +echo "Updating Clang..." +$CLANG_DOWNLOAD_DIR/clang/scripts/update.py + +# "third_party" directory is created above $CLANG_DOWNLOAD_DIR after running +# update, move it into $CLANG_DOWNLOAD_DIR once update is complete. +mv ../third_party $CLANG_DOWNLOAD_DIR + +echo "Installed Clang Version: " +$CLANG_DOWNLOAD_DIR/third_party/llvm-build/Release+Asserts/bin/clang --version + +ln -s $CLANG_DOWNLOAD_DIR/third_party/llvm-build/Release+Asserts/ $CLANG_INSTALL_DIR + diff --git a/.travis/install_libFuzzer.sh b/.travis/install_libFuzzer.sh new file mode 100755 index 00000000000..6e3f91a30ae --- /dev/null +++ b/.travis/install_libFuzzer.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# +set -e + +usage() { + echo "install_libFuzzer.sh download_dir install_dir travis_platform" + exit 1 +} + +if [ "$#" -ne "3" ]; then + usage +fi + +LIBFUZZER_DOWNLOAD_DIR=$1 +LIBFUZZER_INSTALL_DIR=$2 +PLATFORM=$3 + +mkdir -p $LIBFUZZER_DOWNLOAD_DIR +cd $LIBFUZZER_DOWNLOAD_DIR + +git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer + +echo "Compiling LibFuzzer..." +clang++ -c -g -v -O2 -lstdc++ -std=c++11 Fuzzer/*.cpp -IFuzzer +ar ruv libFuzzer.a Fuzzer*.o + +echo "Copying libFuzzer.a to $LIBFUZZER_INSTALL_DIR" +cp libFuzzer.a $LIBFUZZER_INSTALL_DIR diff --git a/.travis/install_prlimit.sh b/.travis/install_prlimit.sh index e8d9d74aaf7..b2297287cec 100755 --- a/.travis/install_prlimit.sh +++ b/.travis/install_prlimit.sh @@ -22,7 +22,7 @@ pushd $PWD wget https://www.kernel.org/pub/linux/utils/util-linux/v2.25/util-linux-2.25.2.tar.gz tar -xzvf util-linux-2.25.2.tar.gz cd util-linux-2.25.2 -./configure ADJTIME_PATH=/var/lib/hwclock/adjtime --disable-chfn-chsh --disable-login --disable-nologin --disable-su --disable-setpriv --disable-runuser --disable-pylibmount --disable-static --without-python --without-systemd --without-systemdsystemunitdir --without-ncurses +./configure ADJTIME_PATH=/var/lib/hwclock/adjtime --disable-chfn-chsh --disable-login --disable-nologin --disable-su --disable-setpriv --disable-runuser --disable-pylibmount --disable-static --without-python --without-systemd --without-systemdsystemunitdir --without-ncurses || cat config.log # only compile prlimit make prlimit diff --git a/Makefile b/Makefile index 2316ef80531..ebcc6153ee1 100644 --- a/Makefile +++ b/Makefile @@ -53,6 +53,23 @@ bin: libs integration: bin $(MAKE) -C tests integration + +.PHONY : fuzz +ifeq ($(shell uname),Linux) +fuzz : fuzz-linux +else +fuzz : fuzz-osx +endif + +.PHONY : fuzz-osx +fuzz-osx : + @echo "\033[33;1mSKIPPED\033[0m Fuzzing is not supported on \"$$(uname -mprs)\" at this time." + +.PHONY : fuzz-linux +fuzz-linux : export S2N_UNSAFE_FUZZING_MODE = 1 +fuzz-linux : bin + $(MAKE) -C tests fuzz + .PHONY : indent indent: $(MAKE) -C tests indentsource diff --git a/s2n.mk b/s2n.mk index 25d4adb3ae4..c031ec5aa20 100644 --- a/s2n.mk +++ b/s2n.mk @@ -31,11 +31,26 @@ SOURCES = $(wildcard *.c *.h) CRUFT = $(wildcard *.c~ *.h~ *.c.BAK *.h.BAK *.o *.a *.so *.dylib) INDENT = $(shell (if indent --version 2>&1 | grep GNU > /dev/null; then echo indent ; elif gindent --version 2>&1 | grep GNU > /dev/null; then echo gindent; else echo true ; fi )) -CFLAGS = -pedantic -Wall -Werror -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ - -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings -Wstack-protector -fPIC \ - -std=c99 -D_POSIX_C_SOURCE=200112L -fstack-protector-all -O2 -I$(LIBCRYPTO_ROOT)/include/ \ - -I../api/ -I../ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wformat-security \ - -D_FORTIFY_SOURCE=2 +DEFAULT_CFLAGS = -pedantic -Wall -Werror -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ + -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings -Wstack-protector -fPIC \ + -std=c99 -D_POSIX_C_SOURCE=200112L -fstack-protector-all -O2 -I$(LIBCRYPTO_ROOT)/include/ \ + -I../api/ -I../ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wformat-security \ + -D_FORTIFY_SOURCE=2 + +CFLAGS = ${DEFAULT_CFLAGS} + +DEBUG_CFLAGS = -g3 -ggdb -fno-omit-frame-pointer -fno-optimize-sibling-calls + +FUZZ_CFLAGS = -fsanitize-coverage=edge,trace-cmp -fsanitize=address,undefined,leak + +ifeq ($(S2N_UNSAFE_FUZZING_MODE),1) + # Override compiler to clang if fuzzing, since gcc does not support as many sanitizer flags as clang + CC=clang + + # Turn on debugging and fuzzing flags when S2N_UNSAFE_FUZZING_MODE is enabled to give detailed stack traces in case + # an error occurs while fuzzing. + CFLAGS = ${DEFAULT_CFLAGS} ${DEBUG_FLAGS} ${FUZZ_CFLAGS} +endif INDENTOPTS = -npro -kr -i4 -ts4 -nut -sob -l180 -ss -ncs -cp1 diff --git a/tests/Makefile b/tests/Makefile index 72d6a871ee0..d4489871122 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -30,9 +30,14 @@ all: integration: ${MAKE} -C integration +.PHONY : fuzz +fuzz: + ${MAKE} -C fuzz + include ../s2n.mk .PHONY : clean clean: ${MAKE} -C testlib decruft ${MAKE} -C unit decruft + ${MAKE} -C fuzz decruft diff --git a/tests/fuzz/LD_PRELOAD/Makefile b/tests/fuzz/LD_PRELOAD/Makefile new file mode 100644 index 00000000000..4b659e4923b --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/Makefile @@ -0,0 +1,31 @@ +# +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +SRCS=$(wildcard *.c) +OVERRIDES=$(SRCS:.c=) + +.PHONY : all +all : $(OVERRIDES) + +include ../../../s2n.mk + +CRUFT += $(wildcard *.so) + +LD_PRELOAD_CFLAGS = -Wno-unreachable-code -O0 -I$(LIBCRYPTO_ROOT)/include/ -I../../../ -I../../../api/ + +$(OVERRIDES):: + # Don't include Sanitizer/Fuzz compiler flags since when the LD_PRELOAD shared object is Preloaded, the Sanitizer init + # functions won't have been loaded yet, causing undefined symbol errors. + ${CC} ${DEFAULT_CFLAGS} ${DEBUG_CFLAGS} ${LD_PRELOAD_CFLAGS} -shared -fPIC $@.c -o $@.so -ldl diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c new file mode 100644 index 00000000000..454a69f177a --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/global_overrides.c @@ -0,0 +1,66 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#define _GNU_SOURCE + +#include +#include + +#include "crypto/s2n_drbg.h" + +#include "stuffer/s2n_stuffer.h" + +#include "utils/s2n_safety.h" +#include "utils/s2n_random.h" + +int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { + + /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. + * This function should generate non-zero values since this function may be called repeatedly at startup until a + * non-zero value is generated. + */ + GUARD(s2n_get_urandom_data(blob)); + drbg->bytes_used += blob->size; + return 0; +} + +int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, int wfd, uint32_t len) +{ + /* Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip + * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read. + */ + if(wfd == -1){ + stuffer->read_cursor += len; + return len; + } + + /* Otherwise, call the original s2n_stuffer_send_to_fd() */ + typedef int (*orig_s2n_stuffer_send_to_fd_func_type)(struct s2n_stuffer *stuffer, int wfd, uint32_t len); + orig_s2n_stuffer_send_to_fd_func_type orig_s2n_stuffer_send_to_fd; + orig_s2n_stuffer_send_to_fd = (orig_s2n_stuffer_send_to_fd_func_type) dlsym(RTLD_NEXT, "s2n_stuffer_send_to_fd"); + return orig_s2n_stuffer_send_to_fd(stuffer, wfd, len); +} + +int s2n_get_urandom_data(struct s2n_blob *blob){ + + /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. + * This function should generate non-zero values since this function may be called repeatedly at startup until a + * non-zero value is generated. + */ + for(int i=0; i < blob->size; i++){ + blob->data[i] = 4; /* Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ */ + } + return 0; +} diff --git a/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c b/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c new file mode 100644 index 00000000000..f77b0b3b246 --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c @@ -0,0 +1,24 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include "utils/s2n_blob.h" + +int s2n_free(struct s2n_blob *b) +{ + /* This will cause large amounts of memory leaks. This should be caught by LibFuzzer as a negative fuzz test to + * ensure that LibFuzzer will catch these memory leaks. + */ + return 0; +} diff --git a/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c b/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c new file mode 100644 index 00000000000..afc477b98cb --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c @@ -0,0 +1,63 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#define _GNU_SOURCE +#include +#include +#include + +#include "crypto/s2n_rsa.h" +#include "error/s2n_errno.h" +#include "tls/s2n_connection.h" +#include "utils/s2n_safety.h" + +time_t time (time_t *__timer) +{ + /* Always assume the time is zero when fuzzing the server, this is to ensure that Fuzz tests are deterministic and + * don't depend on the time the test was run. + */ + return 0; +} + + +int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) +{ + /* Always assume that the RSA_verify function passes */ + return 1; +} + +int s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, uint32_t len) +{ + /* Allow all signatures checked with s2n_constant_time_equals to always pass verification even if they are invalid + * in order to aid code coverage with server fuzz test. + */ + return !0; +} + +int s2n_rsa_client_key_recv(struct s2n_connection *conn) +{ + /* Perform the original function */ + typedef int (*orig_s2n_rsa_client_key_recv_func_type)(struct s2n_connection *conn); + orig_s2n_rsa_client_key_recv_func_type orig_s2n_rsa_client_key_recv; + orig_s2n_rsa_client_key_recv = (orig_s2n_rsa_client_key_recv_func_type) dlsym(RTLD_NEXT, "s2n_rsa_client_key_recv"); + int original_return_code = orig_s2n_rsa_client_key_recv(conn); + + /* Then, overwrite the RSA Failed flag to false before returning, this will help fuzzing code coverage. */ + conn->handshake.rsa_failed = 0; + + return original_return_code; +} + diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile new file mode 100644 index 00000000000..b31389c9fb0 --- /dev/null +++ b/tests/fuzz/Makefile @@ -0,0 +1,52 @@ +# +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +SRCS=$(wildcard *.c) +OBJS=$(SRCS:.c=.o) +TESTS=$(SRCS:.c=) +CRYPTO_LDFLAGS = -L$(LIBCRYPTO_ROOT)/lib + +.PHONY : all +all : ld-preload +all : $(TESTS) + +include ../../s2n.mk + +CRUFT += $(wildcard *_test) $(wildcard fuzz-*.log) $(wildcard *_test_output.txt) $(wildcard LD_PRELOAD/*.so) +LIBS += -lm + +CFLAGS += -Wno-unreachable-code -O0 -I$(LIBCRYPTO_ROOT)/include/ -I../../ -I../../api/ +LDFLAGS += ../../fuzz_dependencies/libFuzzer.a -lstdc++ -L../../lib/ ${CRYPTO_LDFLAGS} -L../testlib/ -ls2n ${LIBS} ${CRYPTO_LIBS} + +DYLD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$DYLD_LIBRARY_PATH" +LD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$LD_LIBRARY_PATH" + +FUZZ_TIMEOUT_SEC=120 + +ld-preload : + ${MAKE} -C LD_PRELOAD + +$(TESTS):: + @${CC} ${CFLAGS} $@.c -o $@ ${LDFLAGS} > /dev/null + @( \ + export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}; \ + export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}; \ + export LIBCRYPTO_ROOT=${LIBCRYPTO_ROOT}; \ + ./runFuzzTest.sh $@ ${FUZZ_TIMEOUT_SEC}; \ + ) + +.PHONY : clean +clean: + ${MAKE} -C LD_PRELOAD decruft \ No newline at end of file diff --git a/tests/fuzz/Readme.md b/tests/fuzz/Readme.md new file mode 100644 index 00000000000..634aea011a1 --- /dev/null +++ b/tests/fuzz/Readme.md @@ -0,0 +1,38 @@ +#Fuzz Tests +Every test in this directory will be run as a Fuzz test for several minutes during builds. To run all fuzz tests simply run `make fuzz` from the top `s2n` directory to compile s2n with the proper flags and run the fuzz tests. + +####Each Fuzz Test should conform to the following rules: +1. End in either `*_test.c` or `*_negative_test.c`. + 1. If the test ends with `*_test.c`, it is expected to pass fuzzing and return 0 (hereafter referred to as a "Positive test") + 2. If the test ends with `*_negative_test.c` the test is expected to fail in some way or return a non-zero integer (hereafter referred to as a "Negative test"). +2. Strive to be deterministic (Eg. shouldn't depend on the time or on the output of a RNG). Each test should either always pass if a Positive Test, or always fail if a Negative Test. +3. If a Positive Fuzz test, it should have a non-empty corpus directory with inputs that have a relatively high branch coverage. +4. Have a function `int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)` that will pass `buf` to one of s2n's API's +5. Optionally, if initialization is required, have a function `int LLVMFuzzerInitialize(const uint8_t *buf, size_t len)` that will perform any initialization that will be run only once at startup. + +##Fuzz Test Directory Structure +For a test with name `$TEST_NAME`, its files should be layed out with the following structure: + +**Required:** The actual Fuzz test to run: +> `s2n/tests/fuzz/${TEST_NAME}.c` + +**Required:** The Corpus directory with inputs that provide good branch coverage: +> `s2n/tests/fuzz/corpus/${TEST_NAME}/*` + +**Optional:** Any `LD_PRELOAD` function overrides: +> `s2n/tests/fuzz/LD_PRELOAD/${TEST_NAME}_overrides.c` + +#Corpus +A Corpus is a directory of "interesting" inputs that result in a good branch/code coverage. These inputs will be permuted in random ways and checked to see if this permutation results in greater branch coverage or in a failure (Segfault, Memory Leak, Buffer Overflow, Non-zero return code, etc). If the permutation results in greater branch coverage, then it will be added to the Corpus directory. If a Memory leak or a Crash is detected, that file will **not** be added to the corpus for that test, and will instead be written to the current directory (`s2n/tests/fuzz/crash-*` or `s2n/tests/fuzz/leak-*`). These files will be automatically deleted for any Negative Fuzz tests that are expected to crash or leak memory so as to not clutter the directory. + +#LD_PRELOAD +The `LD_PRELOAD` directory contains function overrides for each Fuzz test that will be used **instead** of the original functions defined elsewhere. These function overrides will only be used during fuzz tests, and will not effect the rest of the s2n codebase when not fuzzing. Using `LD_PRELOAD` instead of C Preprocessor `#ifdef`'s is preferable in the following ways: + +1. Using the C Preprocessor requires the use of fuzz only compiler flags and `#ifdef`'s that end up cluttering the original s2n codebase and increases developer cognative load when developing other features for s2n. Using `LD_PRELOAD` helps keep s2n's code clean, and reduces developer cognative load when working with the core codebase. +2. `LD_PRELOAD` provides better flexibility than `#ifdef`'s in that it allows different Fuzz tests to efficiently have different function overrides for the same functions. +3. It is possible to override functions that are outside of s2n's codebase. + +Each Fuzz test will have up to two `LD_PRELOAD` function override files used: + +1. A test specific `${TEST_NAME}_overrides.c` file that contains overrides specific to that test. +2. `global_overrides.c` file that contains overrides that will be used in every fuzz test. \ No newline at end of file diff --git a/tests/fuzz/corpus/s2n_memory_leak_negative_test/b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b b/tests/fuzz/corpus/s2n_memory_leak_negative_test/b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b new file mode 100644 index 00000000000..cd634cd5615 Binary files /dev/null and b/tests/fuzz/corpus/s2n_memory_leak_negative_test/b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b differ diff --git a/tests/fuzz/corpus/s2n_memory_leak_negative_test/f1e74c60defd6659c6083e314b92d32995eb7cd9 b/tests/fuzz/corpus/s2n_memory_leak_negative_test/f1e74c60defd6659c6083e314b92d32995eb7cd9 new file mode 100644 index 00000000000..82452323a79 Binary files /dev/null and b/tests/fuzz/corpus/s2n_memory_leak_negative_test/f1e74c60defd6659c6083e314b92d32995eb7cd9 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/085edd8102e76d226fc7f769d6fab63e194a19d1 b/tests/fuzz/corpus/s2n_server_fuzz_test/085edd8102e76d226fc7f769d6fab63e194a19d1 new file mode 100644 index 00000000000..2c55be0739e Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/085edd8102e76d226fc7f769d6fab63e194a19d1 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/08a9f57ff501d000dfd310016c990b3915732fe2 b/tests/fuzz/corpus/s2n_server_fuzz_test/08a9f57ff501d000dfd310016c990b3915732fe2 new file mode 100644 index 00000000000..2f5a9b99f98 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/08a9f57ff501d000dfd310016c990b3915732fe2 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/0a0a53ae68431d5082ae2bfb73280024bb4cf0ef b/tests/fuzz/corpus/s2n_server_fuzz_test/0a0a53ae68431d5082ae2bfb73280024bb4cf0ef new file mode 100644 index 00000000000..02af1be8c92 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/0a0a53ae68431d5082ae2bfb73280024bb4cf0ef differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/114c49065df4fbc59b87967b9c033a5adddcc120 b/tests/fuzz/corpus/s2n_server_fuzz_test/114c49065df4fbc59b87967b9c033a5adddcc120 new file mode 100644 index 00000000000..17f96781cf3 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/114c49065df4fbc59b87967b9c033a5adddcc120 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/145a2cd6bd7bc4e49a007b8f05639486f63f8e10 b/tests/fuzz/corpus/s2n_server_fuzz_test/145a2cd6bd7bc4e49a007b8f05639486f63f8e10 new file mode 100644 index 00000000000..492f4e8187a Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/145a2cd6bd7bc4e49a007b8f05639486f63f8e10 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1580393af362244c05fd8b2a6dc3f9519ad8f293 b/tests/fuzz/corpus/s2n_server_fuzz_test/1580393af362244c05fd8b2a6dc3f9519ad8f293 new file mode 100644 index 00000000000..aeee6b02131 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/1580393af362244c05fd8b2a6dc3f9519ad8f293 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/158533ce4b780caac8b24754372299ede326e039 b/tests/fuzz/corpus/s2n_server_fuzz_test/158533ce4b780caac8b24754372299ede326e039 new file mode 100644 index 00000000000..ed97bc43c14 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/158533ce4b780caac8b24754372299ede326e039 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/15afa9bfcb4bb36506b4038c84229fa796b4faad b/tests/fuzz/corpus/s2n_server_fuzz_test/15afa9bfcb4bb36506b4038c84229fa796b4faad new file mode 100644 index 00000000000..3bde5eeb0b0 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/15afa9bfcb4bb36506b4038c84229fa796b4faad differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/15c694d215dcdbbcf73cc8b5ec794dee76229e5b b/tests/fuzz/corpus/s2n_server_fuzz_test/15c694d215dcdbbcf73cc8b5ec794dee76229e5b new file mode 100644 index 00000000000..d326ca84ef5 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/15c694d215dcdbbcf73cc8b5ec794dee76229e5b differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/164dfc541acdc855d32d2aba082fa990cbcf1200 b/tests/fuzz/corpus/s2n_server_fuzz_test/164dfc541acdc855d32d2aba082fa990cbcf1200 new file mode 100644 index 00000000000..0b8bbb4b4c2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/164dfc541acdc855d32d2aba082fa990cbcf1200 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/16a07fdd88575feb38f68940ff15d8a059f2c604 b/tests/fuzz/corpus/s2n_server_fuzz_test/16a07fdd88575feb38f68940ff15d8a059f2c604 new file mode 100644 index 00000000000..8807fecac25 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/16a07fdd88575feb38f68940ff15d8a059f2c604 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 b/tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 new file mode 100644 index 00000000000..10cc57bbedc --- /dev/null +++ b/tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/18fa3ab3981df40ef7ceab3755f59ffb24a29159 b/tests/fuzz/corpus/s2n_server_fuzz_test/18fa3ab3981df40ef7ceab3755f59ffb24a29159 new file mode 100644 index 00000000000..745a000ec42 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/18fa3ab3981df40ef7ceab3755f59ffb24a29159 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1a5d211db0094d382164b37fb9b2f8a25bddb256 b/tests/fuzz/corpus/s2n_server_fuzz_test/1a5d211db0094d382164b37fb9b2f8a25bddb256 new file mode 100644 index 00000000000..0d77d35ad05 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/1a5d211db0094d382164b37fb9b2f8a25bddb256 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1afc372496ca56c3aaed4a68bfefa685a4b5a026 b/tests/fuzz/corpus/s2n_server_fuzz_test/1afc372496ca56c3aaed4a68bfefa685a4b5a026 new file mode 100644 index 00000000000..4a09bec6aa2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/1afc372496ca56c3aaed4a68bfefa685a4b5a026 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1dcf56d389ce92cbcc623f5a10664618f96329c2 b/tests/fuzz/corpus/s2n_server_fuzz_test/1dcf56d389ce92cbcc623f5a10664618f96329c2 new file mode 100644 index 00000000000..379200eab04 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/1dcf56d389ce92cbcc623f5a10664618f96329c2 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 b/tests/fuzz/corpus/s2n_server_fuzz_test/1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 new file mode 100644 index 00000000000..1809b57479e Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1f31efcd0cf25cf1db0ac07110de5a5611a4500a b/tests/fuzz/corpus/s2n_server_fuzz_test/1f31efcd0cf25cf1db0ac07110de5a5611a4500a new file mode 100644 index 00000000000..b66697016ff Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/1f31efcd0cf25cf1db0ac07110de5a5611a4500a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/210771f1c9a0f2b0949c93325684d52359aa4ef6 b/tests/fuzz/corpus/s2n_server_fuzz_test/210771f1c9a0f2b0949c93325684d52359aa4ef6 new file mode 100644 index 00000000000..862275f8802 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/210771f1c9a0f2b0949c93325684d52359aa4ef6 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e b/tests/fuzz/corpus/s2n_server_fuzz_test/2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e new file mode 100644 index 00000000000..d3c23e55311 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/24882c4c1d2e557c51037e9f95b0b651d6f50fbd b/tests/fuzz/corpus/s2n_server_fuzz_test/24882c4c1d2e557c51037e9f95b0b651d6f50fbd new file mode 100644 index 00000000000..a941ceb5703 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/24882c4c1d2e557c51037e9f95b0b651d6f50fbd differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/28381a65cd76b56f45ef906304d0ea8c144245f3 b/tests/fuzz/corpus/s2n_server_fuzz_test/28381a65cd76b56f45ef906304d0ea8c144245f3 new file mode 100644 index 00000000000..1c0cb373437 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/28381a65cd76b56f45ef906304d0ea8c144245f3 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2959063570c1fc09070bf8247c00d94f11cc3b3b b/tests/fuzz/corpus/s2n_server_fuzz_test/2959063570c1fc09070bf8247c00d94f11cc3b3b new file mode 100644 index 00000000000..34523242614 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2959063570c1fc09070bf8247c00d94f11cc3b3b differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/29cdc112a148667115c380b425770b8757cb322e b/tests/fuzz/corpus/s2n_server_fuzz_test/29cdc112a148667115c380b425770b8757cb322e new file mode 100644 index 00000000000..44c20d1a9d8 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/29cdc112a148667115c380b425770b8757cb322e differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2a181af9e7926e43c2289470521a1df281282186 b/tests/fuzz/corpus/s2n_server_fuzz_test/2a181af9e7926e43c2289470521a1df281282186 new file mode 100644 index 00000000000..082472a6805 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2a181af9e7926e43c2289470521a1df281282186 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2afa0046f8d883fc21596aeba53ef90f1190e7e7 b/tests/fuzz/corpus/s2n_server_fuzz_test/2afa0046f8d883fc21596aeba53ef90f1190e7e7 new file mode 100644 index 00000000000..0da5847f336 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2afa0046f8d883fc21596aeba53ef90f1190e7e7 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2b4334095259766e9111876062796f55f3a54099 b/tests/fuzz/corpus/s2n_server_fuzz_test/2b4334095259766e9111876062796f55f3a54099 new file mode 100644 index 00000000000..2c17a12148e Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2b4334095259766e9111876062796f55f3a54099 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2ca70f86f778776fcad42f526d8851b885e0ac59 b/tests/fuzz/corpus/s2n_server_fuzz_test/2ca70f86f778776fcad42f526d8851b885e0ac59 new file mode 100644 index 00000000000..2cda813159e Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2ca70f86f778776fcad42f526d8851b885e0ac59 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2d3642e406148a17752b126408469565e50ef78a b/tests/fuzz/corpus/s2n_server_fuzz_test/2d3642e406148a17752b126408469565e50ef78a new file mode 100644 index 00000000000..ea155cdc8f3 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/2d3642e406148a17752b126408469565e50ef78a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/31d17054d6ccd7705db17105401be7fe1daddbd5 b/tests/fuzz/corpus/s2n_server_fuzz_test/31d17054d6ccd7705db17105401be7fe1daddbd5 new file mode 100644 index 00000000000..42b83854332 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/31d17054d6ccd7705db17105401be7fe1daddbd5 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/32b6dc7f99a5a3ab9e4acb21c01131062b2ab5ae b/tests/fuzz/corpus/s2n_server_fuzz_test/32b6dc7f99a5a3ab9e4acb21c01131062b2ab5ae new file mode 100644 index 00000000000..85a42f10e3f Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/32b6dc7f99a5a3ab9e4acb21c01131062b2ab5ae differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3412f14050514dbad2db7120b3b7f10136083dfc b/tests/fuzz/corpus/s2n_server_fuzz_test/3412f14050514dbad2db7120b3b7f10136083dfc new file mode 100644 index 00000000000..2937cd0a2cb Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/3412f14050514dbad2db7120b3b7f10136083dfc differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/39015981182276600a84828a3aa96e64dcc73401 b/tests/fuzz/corpus/s2n_server_fuzz_test/39015981182276600a84828a3aa96e64dcc73401 new file mode 100644 index 00000000000..0dd27695838 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/39015981182276600a84828a3aa96e64dcc73401 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3901ec4dd6f25bd0da8480f6408311529b773e8e b/tests/fuzz/corpus/s2n_server_fuzz_test/3901ec4dd6f25bd0da8480f6408311529b773e8e new file mode 100644 index 00000000000..8ee3a2eaf93 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/3901ec4dd6f25bd0da8480f6408311529b773e8e differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3a62581d9a9850e003cabfd82586c50567b4ade0 b/tests/fuzz/corpus/s2n_server_fuzz_test/3a62581d9a9850e003cabfd82586c50567b4ade0 new file mode 100644 index 00000000000..6d784e498c3 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/3a62581d9a9850e003cabfd82586c50567b4ade0 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3e69b24a7ca126f2f092ab0d35edc479e43d171a b/tests/fuzz/corpus/s2n_server_fuzz_test/3e69b24a7ca126f2f092ab0d35edc479e43d171a new file mode 100644 index 00000000000..f0cfd61353c Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/3e69b24a7ca126f2f092ab0d35edc479e43d171a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3e75357e7fe85f9debe233d91edc0a3e12da5972 b/tests/fuzz/corpus/s2n_server_fuzz_test/3e75357e7fe85f9debe233d91edc0a3e12da5972 new file mode 100644 index 00000000000..468ebc5ad7c Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/3e75357e7fe85f9debe233d91edc0a3e12da5972 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/40ddee1f0672cc1be05b58ff43c7315ed94c2d26 b/tests/fuzz/corpus/s2n_server_fuzz_test/40ddee1f0672cc1be05b58ff43c7315ed94c2d26 new file mode 100644 index 00000000000..b5cf175c334 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/40ddee1f0672cc1be05b58ff43c7315ed94c2d26 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/44e81111440abcaccb160983ed58637ad464f1d3 b/tests/fuzz/corpus/s2n_server_fuzz_test/44e81111440abcaccb160983ed58637ad464f1d3 new file mode 100644 index 00000000000..f9e54e15a2d Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/44e81111440abcaccb160983ed58637ad464f1d3 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 b/tests/fuzz/corpus/s2n_server_fuzz_test/49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 new file mode 100644 index 00000000000..90fd0d7580b Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/4b40f233209efb5220af3f855f00d090742e8785 b/tests/fuzz/corpus/s2n_server_fuzz_test/4b40f233209efb5220af3f855f00d090742e8785 new file mode 100644 index 00000000000..ce166131df2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/4b40f233209efb5220af3f855f00d090742e8785 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/4f744a4f4d8f67722b65fa56bd452615e61503d4 b/tests/fuzz/corpus/s2n_server_fuzz_test/4f744a4f4d8f67722b65fa56bd452615e61503d4 new file mode 100644 index 00000000000..debe65be84a Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/4f744a4f4d8f67722b65fa56bd452615e61503d4 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/5069b09b581b90512138290fcdc3800434825eed b/tests/fuzz/corpus/s2n_server_fuzz_test/5069b09b581b90512138290fcdc3800434825eed new file mode 100644 index 00000000000..e5964b84cb5 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/5069b09b581b90512138290fcdc3800434825eed differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/50ec08ecb15f18fb87246bf27b30f067ffe7102f b/tests/fuzz/corpus/s2n_server_fuzz_test/50ec08ecb15f18fb87246bf27b30f067ffe7102f new file mode 100644 index 00000000000..0d790d14854 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/50ec08ecb15f18fb87246bf27b30f067ffe7102f differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/55b41c2f2f3109a1b923aa0e29c6adb747c09bd2 b/tests/fuzz/corpus/s2n_server_fuzz_test/55b41c2f2f3109a1b923aa0e29c6adb747c09bd2 new file mode 100644 index 00000000000..b78a551031d Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/55b41c2f2f3109a1b923aa0e29c6adb747c09bd2 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/58080a322d37e7d8cb9fa7585be92689a971ffd6 b/tests/fuzz/corpus/s2n_server_fuzz_test/58080a322d37e7d8cb9fa7585be92689a971ffd6 new file mode 100644 index 00000000000..a4005344d84 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/58080a322d37e7d8cb9fa7585be92689a971ffd6 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/5955b76f7f4660fd3115b2979b2edb58244a1c3e b/tests/fuzz/corpus/s2n_server_fuzz_test/5955b76f7f4660fd3115b2979b2edb58244a1c3e new file mode 100644 index 00000000000..d8be9ebaa5d Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/5955b76f7f4660fd3115b2979b2edb58244a1c3e differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/5fb2b0135286c9974ab66124d80984b696a1d755 b/tests/fuzz/corpus/s2n_server_fuzz_test/5fb2b0135286c9974ab66124d80984b696a1d755 new file mode 100644 index 00000000000..1fc676bd1f2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/5fb2b0135286c9974ab66124d80984b696a1d755 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/607ca566813a9fd8120c259b7d63327d2200bf9d b/tests/fuzz/corpus/s2n_server_fuzz_test/607ca566813a9fd8120c259b7d63327d2200bf9d new file mode 100644 index 00000000000..db461151a1e Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/607ca566813a9fd8120c259b7d63327d2200bf9d differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/63a5669c9b391eac4033ef6a934d3591d21bb4c7 b/tests/fuzz/corpus/s2n_server_fuzz_test/63a5669c9b391eac4033ef6a934d3591d21bb4c7 new file mode 100644 index 00000000000..da30d0f4ff5 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/63a5669c9b391eac4033ef6a934d3591d21bb4c7 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/644b6fef1226887b4ff2a5010af50ddda5ed1619 b/tests/fuzz/corpus/s2n_server_fuzz_test/644b6fef1226887b4ff2a5010af50ddda5ed1619 new file mode 100644 index 00000000000..aab720e97ba Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/644b6fef1226887b4ff2a5010af50ddda5ed1619 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/66f0eb93fa2c97424483383b47370e4aecb01dee b/tests/fuzz/corpus/s2n_server_fuzz_test/66f0eb93fa2c97424483383b47370e4aecb01dee new file mode 100644 index 00000000000..362ecd15ba7 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/66f0eb93fa2c97424483383b47370e4aecb01dee differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/695f0706193d20bc9c62bdeef11503997bfe1aad b/tests/fuzz/corpus/s2n_server_fuzz_test/695f0706193d20bc9c62bdeef11503997bfe1aad new file mode 100644 index 00000000000..3a1b8230a3b Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/695f0706193d20bc9c62bdeef11503997bfe1aad differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/6cd78a8da79f922be614c8e87c33fa891f0fb8b0 b/tests/fuzz/corpus/s2n_server_fuzz_test/6cd78a8da79f922be614c8e87c33fa891f0fb8b0 new file mode 100644 index 00000000000..75c50d29db0 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/6cd78a8da79f922be614c8e87c33fa891f0fb8b0 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/748090ea78474233c097f9d39e17afe0e1979ec1 b/tests/fuzz/corpus/s2n_server_fuzz_test/748090ea78474233c097f9d39e17afe0e1979ec1 new file mode 100644 index 00000000000..b1211fecf4a Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/748090ea78474233c097f9d39e17afe0e1979ec1 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/7616c8758af20ae270fd54aa628d92ae050b3cea b/tests/fuzz/corpus/s2n_server_fuzz_test/7616c8758af20ae270fd54aa628d92ae050b3cea new file mode 100644 index 00000000000..33d99b1d8f0 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/7616c8758af20ae270fd54aa628d92ae050b3cea differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/76969a70a995caeed6a406134a98cf544abe65da b/tests/fuzz/corpus/s2n_server_fuzz_test/76969a70a995caeed6a406134a98cf544abe65da new file mode 100644 index 00000000000..f3e7e8c8e30 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/76969a70a995caeed6a406134a98cf544abe65da differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/76c906a0cd3e8e02576887f3f7f4a417f6bc94b9 b/tests/fuzz/corpus/s2n_server_fuzz_test/76c906a0cd3e8e02576887f3f7f4a417f6bc94b9 new file mode 100644 index 00000000000..26d55bf1f79 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/76c906a0cd3e8e02576887f3f7f4a417f6bc94b9 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/7dfa5648d47a09a88133b099fd992ddd3e9d787d b/tests/fuzz/corpus/s2n_server_fuzz_test/7dfa5648d47a09a88133b099fd992ddd3e9d787d new file mode 100644 index 00000000000..c2ee3fdaebe Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/7dfa5648d47a09a88133b099fd992ddd3e9d787d differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/7ff26dd574e66a7f3425f1aa68717beb16a6943a b/tests/fuzz/corpus/s2n_server_fuzz_test/7ff26dd574e66a7f3425f1aa68717beb16a6943a new file mode 100644 index 00000000000..d8277a1e462 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/7ff26dd574e66a7f3425f1aa68717beb16a6943a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/805166c2b28e5d425df63a53b394449c632a2a54 b/tests/fuzz/corpus/s2n_server_fuzz_test/805166c2b28e5d425df63a53b394449c632a2a54 new file mode 100644 index 00000000000..df845abe257 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/805166c2b28e5d425df63a53b394449c632a2a54 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/846e7d9db260a828911d6ef7393f31b57573d6da b/tests/fuzz/corpus/s2n_server_fuzz_test/846e7d9db260a828911d6ef7393f31b57573d6da new file mode 100644 index 00000000000..cbc1d2a18f8 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/846e7d9db260a828911d6ef7393f31b57573d6da differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8872d99b57e00b49b197cef8fba49c8ebf47a295 b/tests/fuzz/corpus/s2n_server_fuzz_test/8872d99b57e00b49b197cef8fba49c8ebf47a295 new file mode 100644 index 00000000000..de890186fbb Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/8872d99b57e00b49b197cef8fba49c8ebf47a295 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8afa334a539552d9f17ae0437ca6d91fcb77ee5d b/tests/fuzz/corpus/s2n_server_fuzz_test/8afa334a539552d9f17ae0437ca6d91fcb77ee5d new file mode 100644 index 00000000000..ade5fea76da Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/8afa334a539552d9f17ae0437ca6d91fcb77ee5d differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8ca2436810fe0784bd2bed2fb8fd21bd5f92d28d b/tests/fuzz/corpus/s2n_server_fuzz_test/8ca2436810fe0784bd2bed2fb8fd21bd5f92d28d new file mode 100644 index 00000000000..d524b6b9d0f Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/8ca2436810fe0784bd2bed2fb8fd21bd5f92d28d differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8e01b98bfcec4abd3e12df9e6a92e297343bdd4c b/tests/fuzz/corpus/s2n_server_fuzz_test/8e01b98bfcec4abd3e12df9e6a92e297343bdd4c new file mode 100644 index 00000000000..55fafea4b89 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/8e01b98bfcec4abd3e12df9e6a92e297343bdd4c differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8e529b3d4336d7703615a0f66904d3f5d6998430 b/tests/fuzz/corpus/s2n_server_fuzz_test/8e529b3d4336d7703615a0f66904d3f5d6998430 new file mode 100644 index 00000000000..00b8f52a3d4 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/8e529b3d4336d7703615a0f66904d3f5d6998430 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8f07a5e72a2a78455fdd055331c141cb32d85d22 b/tests/fuzz/corpus/s2n_server_fuzz_test/8f07a5e72a2a78455fdd055331c141cb32d85d22 new file mode 100644 index 00000000000..ddb7b94a55e Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/8f07a5e72a2a78455fdd055331c141cb32d85d22 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9106016f2d4548f4e250896d32ac7293f40bd5c3 b/tests/fuzz/corpus/s2n_server_fuzz_test/9106016f2d4548f4e250896d32ac7293f40bd5c3 new file mode 100644 index 00000000000..f88a50e8482 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/9106016f2d4548f4e250896d32ac7293f40bd5c3 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/91712f3c255bf33b5723ee85563e1ea8eadabaef b/tests/fuzz/corpus/s2n_server_fuzz_test/91712f3c255bf33b5723ee85563e1ea8eadabaef new file mode 100644 index 00000000000..7ea4ed1d47d Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/91712f3c255bf33b5723ee85563e1ea8eadabaef differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/91fcd5ff0bffb032addf798314aca80737b37c4c b/tests/fuzz/corpus/s2n_server_fuzz_test/91fcd5ff0bffb032addf798314aca80737b37c4c new file mode 100644 index 00000000000..256fe0e9cd8 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/91fcd5ff0bffb032addf798314aca80737b37c4c differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/930df04e0442a4137a134933e1f347bf662f1130 b/tests/fuzz/corpus/s2n_server_fuzz_test/930df04e0442a4137a134933e1f347bf662f1130 new file mode 100644 index 00000000000..542c863d755 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/930df04e0442a4137a134933e1f347bf662f1130 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/956793ab6bd4799d31aa882d3f65f380e12d2532 b/tests/fuzz/corpus/s2n_server_fuzz_test/956793ab6bd4799d31aa882d3f65f380e12d2532 new file mode 100644 index 00000000000..11a70dd0f24 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/956793ab6bd4799d31aa882d3f65f380e12d2532 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9aac37c30521cf43803b938f56798f913ec56d60 b/tests/fuzz/corpus/s2n_server_fuzz_test/9aac37c30521cf43803b938f56798f913ec56d60 new file mode 100644 index 00000000000..a067c684731 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/9aac37c30521cf43803b938f56798f913ec56d60 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9dc4c3b376c301cd9262afd074db506c35db4112 b/tests/fuzz/corpus/s2n_server_fuzz_test/9dc4c3b376c301cd9262afd074db506c35db4112 new file mode 100644 index 00000000000..c54b27fa996 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/9dc4c3b376c301cd9262afd074db506c35db4112 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9f75d7ee3a7688f6cb54a40827ade2d7118fd6d3 b/tests/fuzz/corpus/s2n_server_fuzz_test/9f75d7ee3a7688f6cb54a40827ade2d7118fd6d3 new file mode 100644 index 00000000000..6da523ae368 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/9f75d7ee3a7688f6cb54a40827ade2d7118fd6d3 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9fee6cc591d539529c4e799e12cbad9a8a5f12ce b/tests/fuzz/corpus/s2n_server_fuzz_test/9fee6cc591d539529c4e799e12cbad9a8a5f12ce new file mode 100644 index 00000000000..fe373b1f44b Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/9fee6cc591d539529c4e799e12cbad9a8a5f12ce differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a17fd449bc026a1d650c6c0f18519e407a77a95c b/tests/fuzz/corpus/s2n_server_fuzz_test/a17fd449bc026a1d650c6c0f18519e407a77a95c new file mode 100644 index 00000000000..74806b6489f Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/a17fd449bc026a1d650c6c0f18519e407a77a95c differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 b/tests/fuzz/corpus/s2n_server_fuzz_test/a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 new file mode 100644 index 00000000000..4f1a4eae47d Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a51ae5a15789422b618fa986efc45d21703ba550 b/tests/fuzz/corpus/s2n_server_fuzz_test/a51ae5a15789422b618fa986efc45d21703ba550 new file mode 100644 index 00000000000..55b1062228c Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/a51ae5a15789422b618fa986efc45d21703ba550 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb b/tests/fuzz/corpus/s2n_server_fuzz_test/a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb new file mode 100644 index 00000000000..8558142cdca Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a8049730ee6ce2666eea3219f18d1a379bbeee1c b/tests/fuzz/corpus/s2n_server_fuzz_test/a8049730ee6ce2666eea3219f18d1a379bbeee1c new file mode 100644 index 00000000000..13468d419a1 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/a8049730ee6ce2666eea3219f18d1a379bbeee1c differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a b/tests/fuzz/corpus/s2n_server_fuzz_test/aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a new file mode 100644 index 00000000000..ac3b46136ed Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ab18230cd0c28198e13e70212cd29b496385f2ba b/tests/fuzz/corpus/s2n_server_fuzz_test/ab18230cd0c28198e13e70212cd29b496385f2ba new file mode 100644 index 00000000000..6429e4c1235 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/ab18230cd0c28198e13e70212cd29b496385f2ba differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/afeac1756d23c16841369d957a721a89a78d954a b/tests/fuzz/corpus/s2n_server_fuzz_test/afeac1756d23c16841369d957a721a89a78d954a new file mode 100644 index 00000000000..40d3257de65 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/afeac1756d23c16841369d957a721a89a78d954a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b14081b4a943667906a36cdf3781b33dd48f4dc7 b/tests/fuzz/corpus/s2n_server_fuzz_test/b14081b4a943667906a36cdf3781b33dd48f4dc7 new file mode 100644 index 00000000000..05c5982fb24 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b14081b4a943667906a36cdf3781b33dd48f4dc7 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b1551a4704c717bf39fb2f578a6824364d907598 b/tests/fuzz/corpus/s2n_server_fuzz_test/b1551a4704c717bf39fb2f578a6824364d907598 new file mode 100644 index 00000000000..8a7b230eda9 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b1551a4704c717bf39fb2f578a6824364d907598 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b182f6030636315a90398ac5268701805b6838e9 b/tests/fuzz/corpus/s2n_server_fuzz_test/b182f6030636315a90398ac5268701805b6838e9 new file mode 100644 index 00000000000..07da416ffd5 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b182f6030636315a90398ac5268701805b6838e9 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b5814144c287aebb5374baf62a365cded523bc28 b/tests/fuzz/corpus/s2n_server_fuzz_test/b5814144c287aebb5374baf62a365cded523bc28 new file mode 100644 index 00000000000..ad122a2174c Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b5814144c287aebb5374baf62a365cded523bc28 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b5f1d98618a3b39ad203f9340e4788e817ad4b35 b/tests/fuzz/corpus/s2n_server_fuzz_test/b5f1d98618a3b39ad203f9340e4788e817ad4b35 new file mode 100644 index 00000000000..de928a5e802 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b5f1d98618a3b39ad203f9340e4788e817ad4b35 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b70a453e74f113e3edb6757d887508637215c14a b/tests/fuzz/corpus/s2n_server_fuzz_test/b70a453e74f113e3edb6757d887508637215c14a new file mode 100644 index 00000000000..27aeaee06e8 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b70a453e74f113e3edb6757d887508637215c14a differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b8a638fb7ebf8922dc6d51f2ec370d30b09af827 b/tests/fuzz/corpus/s2n_server_fuzz_test/b8a638fb7ebf8922dc6d51f2ec370d30b09af827 new file mode 100644 index 00000000000..6893f6f1408 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b8a638fb7ebf8922dc6d51f2ec370d30b09af827 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b9aa15db2228c37e98dded3ecfd5a438a9b5139f b/tests/fuzz/corpus/s2n_server_fuzz_test/b9aa15db2228c37e98dded3ecfd5a438a9b5139f new file mode 100644 index 00000000000..06c346a4d01 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/b9aa15db2228c37e98dded3ecfd5a438a9b5139f differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bab49e3d52d9f835030bc8dac20cbd05a092ed0f b/tests/fuzz/corpus/s2n_server_fuzz_test/bab49e3d52d9f835030bc8dac20cbd05a092ed0f new file mode 100644 index 00000000000..d0ed34773d2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/bab49e3d52d9f835030bc8dac20cbd05a092ed0f differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bb80164c0ecb30f33a56be6b511653ba20f79991 b/tests/fuzz/corpus/s2n_server_fuzz_test/bb80164c0ecb30f33a56be6b511653ba20f79991 new file mode 100644 index 00000000000..64f401513b2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/bb80164c0ecb30f33a56be6b511653ba20f79991 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bb96baf87a2efac350177031cc0497c576404203 b/tests/fuzz/corpus/s2n_server_fuzz_test/bb96baf87a2efac350177031cc0497c576404203 new file mode 100644 index 00000000000..42a85eb0b55 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/bb96baf87a2efac350177031cc0497c576404203 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bda40475161a4662b771ede0239274d40494bdb1 b/tests/fuzz/corpus/s2n_server_fuzz_test/bda40475161a4662b771ede0239274d40494bdb1 new file mode 100644 index 00000000000..b01ac62b4bb Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/bda40475161a4662b771ede0239274d40494bdb1 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bdd6b65c3c1fa6fad481d987387674130487152d b/tests/fuzz/corpus/s2n_server_fuzz_test/bdd6b65c3c1fa6fad481d987387674130487152d new file mode 100644 index 00000000000..7535eb271b1 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/bdd6b65c3c1fa6fad481d987387674130487152d differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 b/tests/fuzz/corpus/s2n_server_fuzz_test/c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 new file mode 100644 index 00000000000..ca979a4a130 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/c8a01e8f8bdefc4f38a650dbd2fc822d18f0d9d9 b/tests/fuzz/corpus/s2n_server_fuzz_test/c8a01e8f8bdefc4f38a650dbd2fc822d18f0d9d9 new file mode 100644 index 00000000000..dd85ad092e0 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/c8a01e8f8bdefc4f38a650dbd2fc822d18f0d9d9 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 b/tests/fuzz/corpus/s2n_server_fuzz_test/ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 new file mode 100644 index 00000000000..aab78be52c6 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/cdf427bf37d3c11e18eb2b28bb88f517a0bf3cc9 b/tests/fuzz/corpus/s2n_server_fuzz_test/cdf427bf37d3c11e18eb2b28bb88f517a0bf3cc9 new file mode 100644 index 00000000000..6d89f5e81d6 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/cdf427bf37d3c11e18eb2b28bb88f517a0bf3cc9 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ce83b77db7986c3739ec27a937d3f2695c83408c b/tests/fuzz/corpus/s2n_server_fuzz_test/ce83b77db7986c3739ec27a937d3f2695c83408c new file mode 100644 index 00000000000..cff347803a4 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/ce83b77db7986c3739ec27a937d3f2695c83408c differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d0a93a75cf7cd5d96775ebc7c0b653c61cd1a239 b/tests/fuzz/corpus/s2n_server_fuzz_test/d0a93a75cf7cd5d96775ebc7c0b653c61cd1a239 new file mode 100644 index 00000000000..6c059d84323 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d0a93a75cf7cd5d96775ebc7c0b653c61cd1a239 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d1a54d255fc2b7b84050623e799b34aaf287df0f b/tests/fuzz/corpus/s2n_server_fuzz_test/d1a54d255fc2b7b84050623e799b34aaf287df0f new file mode 100644 index 00000000000..545cd0c8188 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d1a54d255fc2b7b84050623e799b34aaf287df0f differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d3ecb2272881147baf41e391bc1a6be7aeab425b b/tests/fuzz/corpus/s2n_server_fuzz_test/d3ecb2272881147baf41e391bc1a6be7aeab425b new file mode 100644 index 00000000000..e7c45d20cfe Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d3ecb2272881147baf41e391bc1a6be7aeab425b differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d633828268bb55f1fe1489e8b325d7f0440e0f14 b/tests/fuzz/corpus/s2n_server_fuzz_test/d633828268bb55f1fe1489e8b325d7f0440e0f14 new file mode 100644 index 00000000000..9c4857c7416 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d633828268bb55f1fe1489e8b325d7f0440e0f14 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d7dbef8179a35fc403f6cac3608621f490c18f28 b/tests/fuzz/corpus/s2n_server_fuzz_test/d7dbef8179a35fc403f6cac3608621f490c18f28 new file mode 100644 index 00000000000..ab0c2ad7543 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d7dbef8179a35fc403f6cac3608621f490c18f28 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d82129804de6c7e0b81378dd6f1c646d45df4653 b/tests/fuzz/corpus/s2n_server_fuzz_test/d82129804de6c7e0b81378dd6f1c646d45df4653 new file mode 100644 index 00000000000..16935b663d2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d82129804de6c7e0b81378dd6f1c646d45df4653 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d955a22ac20ea4459034b048db1a3c8701409b39 b/tests/fuzz/corpus/s2n_server_fuzz_test/d955a22ac20ea4459034b048db1a3c8701409b39 new file mode 100644 index 00000000000..bfe2fe57ece Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d955a22ac20ea4459034b048db1a3c8701409b39 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d979650293c99d4b605dcead678f9157fd2caebf b/tests/fuzz/corpus/s2n_server_fuzz_test/d979650293c99d4b605dcead678f9157fd2caebf new file mode 100644 index 00000000000..08c5bbba9d2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/d979650293c99d4b605dcead678f9157fd2caebf differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/db9a582acf91d7f8b781edbfc7c98dece48a0689 b/tests/fuzz/corpus/s2n_server_fuzz_test/db9a582acf91d7f8b781edbfc7c98dece48a0689 new file mode 100644 index 00000000000..da6a570a778 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/db9a582acf91d7f8b781edbfc7c98dece48a0689 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/dc7db5fc8987403ce783de2fcc62c7c632cc02aa b/tests/fuzz/corpus/s2n_server_fuzz_test/dc7db5fc8987403ce783de2fcc62c7c632cc02aa new file mode 100644 index 00000000000..f340e3cf690 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/dc7db5fc8987403ce783de2fcc62c7c632cc02aa differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d b/tests/fuzz/corpus/s2n_server_fuzz_test/dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d new file mode 100644 index 00000000000..f6d63e89685 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e24bad17acaddb087a7891c47e072dbe303ddf6b b/tests/fuzz/corpus/s2n_server_fuzz_test/e24bad17acaddb087a7891c47e072dbe303ddf6b new file mode 100644 index 00000000000..7dd76148922 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/e24bad17acaddb087a7891c47e072dbe303ddf6b differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e34259d6efff6bd0728f9f91dad6ad19874c2dec b/tests/fuzz/corpus/s2n_server_fuzz_test/e34259d6efff6bd0728f9f91dad6ad19874c2dec new file mode 100644 index 00000000000..62f35b662f5 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/e34259d6efff6bd0728f9f91dad6ad19874c2dec differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e36ee1b11ea79c464b59933a84603a606fbbb4a9 b/tests/fuzz/corpus/s2n_server_fuzz_test/e36ee1b11ea79c464b59933a84603a606fbbb4a9 new file mode 100644 index 00000000000..a26f9ba7507 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/e36ee1b11ea79c464b59933a84603a606fbbb4a9 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e8b68243802fec3b109bb45b6af0af31105c1410 b/tests/fuzz/corpus/s2n_server_fuzz_test/e8b68243802fec3b109bb45b6af0af31105c1410 new file mode 100644 index 00000000000..c24a3ca6e12 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/e8b68243802fec3b109bb45b6af0af31105c1410 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ec5057bba09c1c4bed44db1dec1f8505ccfdd2aa b/tests/fuzz/corpus/s2n_server_fuzz_test/ec5057bba09c1c4bed44db1dec1f8505ccfdd2aa new file mode 100644 index 00000000000..2d30af8f940 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/ec5057bba09c1c4bed44db1dec1f8505ccfdd2aa differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ee65a759f424fc3da1dcf5252f22828a53c82dbd b/tests/fuzz/corpus/s2n_server_fuzz_test/ee65a759f424fc3da1dcf5252f22828a53c82dbd new file mode 100644 index 00000000000..4006a9c31c1 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/ee65a759f424fc3da1dcf5252f22828a53c82dbd differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/f133c494d11986cb0e6c31d1c25dd14e32d909bd b/tests/fuzz/corpus/s2n_server_fuzz_test/f133c494d11986cb0e6c31d1c25dd14e32d909bd new file mode 100644 index 00000000000..a9eb001f9b0 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/f133c494d11986cb0e6c31d1c25dd14e32d909bd differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/f58609987e7b504586533b5dc9840dab51162621 b/tests/fuzz/corpus/s2n_server_fuzz_test/f58609987e7b504586533b5dc9840dab51162621 new file mode 100644 index 00000000000..9ab464a69b7 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/f58609987e7b504586533b5dc9840dab51162621 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/f6791ccef08992b0485104355c5c990f7e4b8569 b/tests/fuzz/corpus/s2n_server_fuzz_test/f6791ccef08992b0485104355c5c990f7e4b8569 new file mode 100644 index 00000000000..226174addd2 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/f6791ccef08992b0485104355c5c990f7e4b8569 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/f8a7aa9aa8e58d4482e622754d4a4dece9dcee91 b/tests/fuzz/corpus/s2n_server_fuzz_test/f8a7aa9aa8e58d4482e622754d4a4dece9dcee91 new file mode 100644 index 00000000000..fc91d365108 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/f8a7aa9aa8e58d4482e622754d4a4dece9dcee91 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 b/tests/fuzz/corpus/s2n_server_fuzz_test/fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 new file mode 100644 index 00000000000..c66e8c7a1c9 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 differ diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/fe6db486a2728716972649fd012cb628a9a5e4f5 b/tests/fuzz/corpus/s2n_server_fuzz_test/fe6db486a2728716972649fd012cb628a9a5e4f5 new file mode 100644 index 00000000000..e56842b06f4 Binary files /dev/null and b/tests/fuzz/corpus/s2n_server_fuzz_test/fe6db486a2728716972649fd012cb628a9a5e4f5 differ diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh new file mode 100755 index 00000000000..4c632a9f96b --- /dev/null +++ b/tests/fuzz/runFuzzTest.sh @@ -0,0 +1,71 @@ +#!/bin/bash +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +set -e + +usage() { + echo "Usage: runFuzzTest.sh TEST_NAME FUZZ_TIMEOUT_SEC" + exit 1 +} + +if [ "$#" -ne "2" ]; then + usage +fi + +TEST_NAME=$1 +FUZZ_TIMEOUT_SEC=$2 + +if [[ $TEST_NAME == *_negative_test ]]; +then + EXPECTED_TEST_FAILURE=1 +else + EXPECTED_TEST_FAILURE=0 +fi + +ASAN_OPTIONS+="symbolize=1" +LSAN_OPTIONS+="log_threads=1" +UBSAN_OPTIONS+="print_stacktrace=1" +LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -use_traces=1 -print_final_stats=1 -jobs=32 -workers=32 -max_total_time=${FUZZ_TIMEOUT_SEC}" + +TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so" +GLOBAL_OVERRIDES="${PWD}/LD_PRELOAD/global_overrides.so" + +if [ -e $TEST_SPECIFIC_OVERRIDES ]; +then + export LD_PRELOAD="$TEST_SPECIFIC_OVERRIDES $GLOBAL_OVERRIDES" +else + export LD_PRELOAD="$GLOBAL_OVERRIDES" +fi + +ACTUAL_TEST_FAILURE=0 +printf "Running %-40s for %5d sec... " ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} +./${TEST_NAME} ${LIBFUZZER_ARGS} ./corpus/${TEST_NAME} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1 + +TEST_COUNT=`grep -o "stat::number_of_executed_units: [0-9]*" ${TEST_NAME}_output.txt | awk '{test_count += $2} END {print test_count}'` +BRANCH_COVERAGE=`grep -o "cov: [0-9]*" ${TEST_NAME}_output.txt | awk '{print $2}' | sort | tail -1` + +if [ $ACTUAL_TEST_FAILURE == $EXPECTED_TEST_FAILURE ]; +then + if [ $EXPECTED_TEST_FAILURE == 1 ]; + then + # Clean up LibFuzzer corpus files if the test is negative. + rm -f leak-* crash-* + fi + printf "\033[32;1mPASSED\033[0m %12d tests, %8d branches covered\n" $TEST_COUNT $BRANCH_COVERAGE +else + cat ${TEST_NAME}_output.txt + printf "\033[31;1mFAILED\033[0m %12d tests, %8d branches covered\n" $TEST_COUNT $BRANCH_COVERAGE + exit -1 +fi \ No newline at end of file diff --git a/tests/fuzz/s2n_memory_leak_negative_test.c b/tests/fuzz/s2n_memory_leak_negative_test.c new file mode 100644 index 00000000000..ff61a1117e9 --- /dev/null +++ b/tests/fuzz/s2n_memory_leak_negative_test.c @@ -0,0 +1,204 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "api/s2n.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_cipher_suites.h" +#include "tls/s2n_config.h" +#include "tls/s2n_connection.h" +#include "tls/s2n_crypto.h" +#include "tls/s2n_tls.h" +#include "tls/s2n_tls_parameters.h" +#include "utils/s2n_safety.h" +#include "s2n_test.h" + +static char certificate_chain[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICrTCCAZUCAn3VMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMME3MyblRlc3RJ\n" + "bnRlcm1lZGlhdGUwIBcNMTYwMzMwMTg1NzQzWhgPMjExNjAzMDYxODU3NDNaMBgx\n" + "FjAUBgNVBAMMDXMyblRlc3RTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n" + "ggEKAoIBAQDRw6AuYXAeRT0YuptCfJjRB/EDJyyGXnv+8TV2H1WJWhMLk8qND27r\n" + "79A6EjbVmJaOV9qrokVqpDmXS712Z3BDprJ+1LFMymm3A+AFuK/skeGy0skik+Tg\n" + "MmFT5XBVvmsw4uB1S9uUqktHauXgjhFPPsfvk4ewL4LulVEN2TEeI1Odj4CaMxAO\n" + "Iuowm8wI2OHVzRHlrRmyJ9hYGuHHQ2TaTGIjr3WpAFuXi9pHGGMYa0uXAVPmgjdE\n" + "XZ8t46u/ZKQ9W1uJkZEVKhcijT7G2VBrsBUq0CDiL+TDaGfthnBzUc9zt4fx/S/3\n" + "qulC2WbKI3xrasQyjrsHTAJ75Md3rK09AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB\n" + "AHHkXNA9BtgAebZC2zriW4hRfeIkJMOwvfKBXHTuY5iCLD1otis6AZljcCKXM6O9\n" + "489eHBC4T6mJwVsXhH+/ccEKqNRD2bUfQgOij32PsteV1eOHfHIFqdJmnBVb8tYa\n" + "jxUvy7UQvXrPqaHbODrHe+7f7r1YCzerujiP5SSHphY3GQq88KemfFczp/4GnYas\n" + "sE50OYe7DQcB4zvnxmAXp51JIN4ooktUU9oKIM5y2cgEWdmJzeqPANYxf0ZIPlTg\n" + "ETknKw1Dzf8wlK5mFbbG4LPQh1mkDVcwQV3ogG6kGMRa7neH+6SFkNpAKuPCoje4\n" + "NAE+WQ5ve1wk7nIRTQwDAF4=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDKTCCAhGgAwIBAgICVxYwDQYJKoZIhvcNAQEFBQAwFjEUMBIGA1UEAwwLczJu\n" + "VGVzdFJvb3QwIBcNMTYwMzMwMTg1NzA5WhgPMjExNjAzMDYxODU3MDlaMB4xHDAa\n" + "BgNVBAMME3MyblRlc3RJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "DwAwggEKAoIBAQDM/i3eclxYcvedPCEnVe6A/HYsYPeP1qKBZQhbpuuX061jFZKw\n" + "lecb0eau1PORLbcsYK40u3xUzoA5u6Q0ebDuqPbqSJkCazsh66cu9STl8ubbk7oI\n" + "8LJjUJFhhy2Jmm9krXhPyRscU+CXOCZ2G1GhBqTI8cgMYhEVHwb3qy1EHg6G3n4W\n" + "AjV+cKQcbUytq8DRmVe0bNJxDOX8ivzfAp3lUIwub+JfpxrWIUhb3iVGj5CauI98\n" + "bNFHTWwYp7tviIIi21Q+L3nExCyE4yTUP/mebBZ62JnbvsWSs3r3//Am5d8G3WdY\n" + "BXsERoDoLBvHnqlO/oo4ppGCRI7GkDroACi/AgMBAAGjdzB1MAwGA1UdEwQFMAMB\n" + "Af8wHQYDVR0OBBYEFGqUKVWVlL03sHuOggFACdlHckPBMEYGA1UdIwQ/MD2AFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwToRqkGDAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdIIJ\n" + "ANDUkH+UYdz1MA0GCSqGSIb3DQEBBQUAA4IBAQA3O3S9VT0EC1yG4xyNNUZ7+CzF\n" + "uFA6uiO38ygcN5Nz1oNPy2eQer7vYmrHtqN6gS/o1Ag5F8bLRCqeuZTsOG80O29H\n" + "kNhs5xYprdU82AqcaWwEd0kDrhC5rEvs6fj1J0NKmmhbovYxuDboj0a7If7HEqX0\n" + "NizyU3M3JONPZgadchZ+F5DosatF1Bpt/gsQRy383IogQ0/FS+juHCCc4VIUemuk\n" + "YY1J8o5XdrGWrPBBiudTWqCobe+N541b+YLWbajT5UKzvSqJmcqpPTniJGc9eZxc\n" + "z3cCNd3cKa9bK51stEnQSlA7PQXYs3K+TD3EmSn/G2x6Hmfr7lrpbIhEaD+y\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDATCCAemgAwIBAgIJANDUkH+UYdz1MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV\n" + "BAMMC3MyblRlc3RSb290MCAXDTE2MDMzMDE4NTYzOVoYDzIxMTYwMzA2MTg1NjM5\n" + "WjAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + "ADCCAQoCggEBAMY5532000oaeed7Jmo3ssx1723ZDLpn3WGz6FxpWM0zsKA/YvdD\n" + "7J6qXDvfxU6dZlmsCS+bSNAqpARKmKsBEDPTsdLmrN1V1clOxvKm6GvU1eloRTw6\n" + "xukEUXJ+uxrQMLYvSJBiCBVGI+UYNCK5c6guNMRYBCGdk5/iayjmK0Nxz1918Cx9\n" + "z4va8HPAgYIz0ogOdYB21O9FQGPdH1mYqRzljcSsZ7EFo1P8HJr8oKK76ZeYi2or\n" + "pjzMHGnlufHaul508wQPeFAMa1Tku3HyGZRaieRAck6+QcO2NujXxKNyCBlWON23\n" + "FQTuBjN/CAl74MZtcAM2hVSmpm9t4cWVN5MCAwEAAaNQME4wHQYDVR0OBBYEFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwTMB8GA1UdIwQYMBaAFE2XAbNDryMlBpMNI6Ce927u\n" + "UFwTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAXkVvQdXDmozPix\n" + "uZi1o9cw4Si0syqfJ4sSunrzPbbmw/Qxhth5V7XGrnsQVNxamgnbzpjGhiBF6isM\n" + "ldj33zQYtke+ojOjFlhEvrPo6eW29RkLBEtJadGs2bkMLztJbf+cbH2u6irzr6S4\n" + "3OgVOSuB+zG56ksTnEVmum+C/8tSIAyi3eaoStPcgEU8+3/KMrH7uuenmTOCKdD1\n" + "FvSDHXT9qPgTttVQGXbXzJEr5tGE+Py6yib5uoJ0dJZNtjs7HOQEDk5J0wZaX0DC\n" + "MShYLiN5qLJAk0qwl+js488BJ18M9dg4TxdBYFkwHSzKXSj9TJN77Bb0RZr8LL9T\n" + "r9IyvfU=\n" + "-----END CERTIFICATE-----\n"; + +static char private_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEA0cOgLmFwHkU9GLqbQnyY0QfxAycshl57/vE1dh9ViVoTC5PK\n" + "jQ9u6+/QOhI21ZiWjlfaq6JFaqQ5l0u9dmdwQ6ayftSxTMpptwPgBbiv7JHhstLJ\n" + "IpPk4DJhU+VwVb5rMOLgdUvblKpLR2rl4I4RTz7H75OHsC+C7pVRDdkxHiNTnY+A\n" + "mjMQDiLqMJvMCNjh1c0R5a0ZsifYWBrhx0Nk2kxiI691qQBbl4vaRxhjGGtLlwFT\n" + "5oI3RF2fLeOrv2SkPVtbiZGRFSoXIo0+xtlQa7AVKtAg4i/kw2hn7YZwc1HPc7eH\n" + "8f0v96rpQtlmyiN8a2rEMo67B0wCe+THd6ytPQIDAQABAoIBAF3evYAD+riRI5Y9\n" + "a92FBJ4Gf8R5c2NuRO8B4nrJ6u1ccclsieg2T90lpHlYTVGoxzdL+X91Trs6Ysti\n" + "CZdDEuozXw2DARTsQAK2qTnmPFQRtH7h9UCUDoiGAygYNP0qCa4G2YukNs+Apc9/\n" + "9v9WlEhyP+bmjoI5wM4j4/HekCx7syHuiqJ74//oTzNamT0aWHwgXAUmEYZ/1+nT\n" + "0KInmtmIOFgsWHcojwQ6sZJ3eVvy66EqHLZKQYZa2tx0YjrEJMQi1drg6VV+lLCR\n" + "rEtsoltgdN2G9v3P6KrHXsrCYaaZKhog9B1OSI2Amv3YWZHXppK12+aSy774lUUz\n" + "qVur5cECgYEA7oCOQoRZo76wztS+yDeq173B2gPHKSIrWvaLDkCAPOQPVzJZ4Qc+\n" + "8OEDU6HB9P0MYDsKBxZY85uzWP+dAlsmcL0C86WibOuYERPKQIcAn3KSzFiIxH3R\n" + "OAbaLtSLN3lDAH50PhP9BguiSfBjI6w4Qsr7jlQgdpzG4h4LjvotbWMCgYEA4SdT\n" + "QQJhHiLtBFo91ItRUzhePvUDfV8XvNfAwZj8cY2+oenkK2+bp35xteBV6Gu1cYnd\n" + "V2yFgzMZ/jDvqfUn/8EVAGvEFrLtsUpXeyHhgmVT490RsPxC9xU9jf5LsvZ4zjsj\n" + "CsFZW0JnhKkF6M5wztWtO3yKCilmXSOIFvorTN8CgYEAoK2LKdTwbxhxFWbOgSS/\n" + "vEji6HXTHysd+lJOrHNX8a3Th/MsCiZPiQiOrTE08k/onown3U547uXelf7fUE8I\n" + "PruX2X2lR6wQ7rBeecp56PHPZEvhGD+LTCuRoise/2h6c0K+HXRp6kC8PQPuRoIo\n" + "BRerEeArXr2QX5XOQ6zYHfECgYEAp0L9mDfaSfcMOMWJVVJCEh639PEzrHluOv3U\n" + "1n1+XCU+zy3gMVxyN9W5R7HmYAlT+4q9geq+rJ7T2oAkKxBSrK6VmYB1ZZ968NAX\n" + "eQPMcYAw+AAM2nwsiz2eQtP9DHAJgrtv5teIOEF2gZjHKRHjv+QBE0YLjkz/HIX+\n" + "3YLvk+UCgYAgpAWk4YW4dAcZ8Y04Ke2pjMvEu44hHphOmk6AZl0Xl9tJwxlV8GVx\n" + "o3L4hbjHqyJo3+DZZYM7udMx9axbX9JHYRaLNJpc8UxQZj7d3TehC9Dw9/DzhIy/\n" + "6sml30j/GHvnW5DOlpsdNKDlxoFX+hncXYIjyVTGRNdsSwa4VVm+Xw==\n" + "-----END RSA PRIVATE KEY-----\n"; + +static char dhparams[] = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEAy1+hVWCfNQoPB+NA733IVOONl8fCumiz9zdRRu1hzVa2yvGseUSq\n" + "Bbn6k0FQ7yMED6w5XWQKDC0z2m0FI/BPE3AjUfuPzEYGqTDf9zQZ2Lz4oAN90Sud\n" + "luOoEhYR99cEbCn0T4eBvEf9IUtczXUZ/wj7gzGbGG07dLfT+CmCRJxCjhrosenJ\n" + "gzucyS7jt1bobgU66JKkgMNm7hJY4/nhR5LWTCzZyzYQh2HM2Vk4K5ZqILpj/n0S\n" + "5JYTQ2PVhxP+Uu8+hICs/8VvM72DznjPZzufADipjC7CsQ4S6x/ecZluFtbb+ZTv\n" + "HI5CnYmkAwJ6+FSWGaZQDi8bgerFk9RWwwIBAg==\n" + "-----END DH PARAMETERS-----\n"; + +static int MAX_NEGOTIATION_ATTEMPTS = 10; + +int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) +{ + GUARD(s2n_init()); + GUARD(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + if(len < S2N_TLS_RECORD_HEADER_LENGTH){ + return 0; + } + + /* Set up File Descriptors from client to server */ + int client_to_server[2]; + GUARD(pipe(client_to_server)); + + for (int i = 0; i < 2; i++) { + GUARD(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK)); + } + + /* Set up Server Config */ + struct s2n_config *server_config; + notnull_check(server_config = s2n_config_new()); + GUARD(s2n_config_add_cert_chain_and_key(server_config, certificate_chain, private_key)); + GUARD(s2n_config_add_dhparams(server_config, dhparams)); + + /* Set up Server Connection */ + struct s2n_connection *server_conn; + notnull_check(server_conn = s2n_connection_new(S2N_SERVER)); + GUARD(s2n_connection_set_read_fd(server_conn, client_to_server[0])); + GUARD(s2n_connection_set_config(server_conn, server_config)); + GUARD(s2n_connection_set_blinding(server_conn, S2N_SELF_SERVICE_BLINDING)); + server_conn->delay = 0; + + /* Set Server write FD to -1, to skip writing data since server out data is never read. */ + GUARD(s2n_connection_set_write_fd(server_conn, -1)); + + /* Set up Client Connection */ + struct s2n_connection *client_conn; + notnull_check(client_conn = s2n_connection_new(S2N_CLIENT)); + GUARD(s2n_connection_set_write_fd(client_conn, client_to_server[1])); + + /* Write data to client out file descriptor so that it is recieved by the server */ + struct s2n_stuffer *client_out = &client_conn->out; + GUARD(s2n_stuffer_write_bytes(client_out, buf, len)); + s2n_blocked_status client_blocked; + GUARD(s2n_flush(client_conn, &client_blocked)); + eq_check(client_blocked, S2N_NOT_BLOCKED); + + /* Let Server receive data and attempt Negotiation */ + int num_attempted_negotiations = 0; + s2n_blocked_status server_blocked; + do { + s2n_negotiate(server_conn, &server_blocked); + num_attempted_negotiations += 1; + } while(!server_blocked && num_attempted_negotiations < MAX_NEGOTIATION_ATTEMPTS); + + /* Clean up */ + GUARD(s2n_connection_wipe(server_conn)); + GUARD(s2n_connection_wipe(client_conn)); + + for (int i = 0; i < 2; i++) { + GUARD(close(client_to_server[i])); + } + + GUARD(s2n_config_free(server_config)); + GUARD(s2n_connection_free(server_conn)); + GUARD(s2n_connection_free(client_conn)); + + return 0; +} diff --git a/tests/fuzz/s2n_server_fuzz_test.c b/tests/fuzz/s2n_server_fuzz_test.c new file mode 100644 index 00000000000..ff61a1117e9 --- /dev/null +++ b/tests/fuzz/s2n_server_fuzz_test.c @@ -0,0 +1,204 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "api/s2n.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_cipher_suites.h" +#include "tls/s2n_config.h" +#include "tls/s2n_connection.h" +#include "tls/s2n_crypto.h" +#include "tls/s2n_tls.h" +#include "tls/s2n_tls_parameters.h" +#include "utils/s2n_safety.h" +#include "s2n_test.h" + +static char certificate_chain[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICrTCCAZUCAn3VMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMME3MyblRlc3RJ\n" + "bnRlcm1lZGlhdGUwIBcNMTYwMzMwMTg1NzQzWhgPMjExNjAzMDYxODU3NDNaMBgx\n" + "FjAUBgNVBAMMDXMyblRlc3RTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n" + "ggEKAoIBAQDRw6AuYXAeRT0YuptCfJjRB/EDJyyGXnv+8TV2H1WJWhMLk8qND27r\n" + "79A6EjbVmJaOV9qrokVqpDmXS712Z3BDprJ+1LFMymm3A+AFuK/skeGy0skik+Tg\n" + "MmFT5XBVvmsw4uB1S9uUqktHauXgjhFPPsfvk4ewL4LulVEN2TEeI1Odj4CaMxAO\n" + "Iuowm8wI2OHVzRHlrRmyJ9hYGuHHQ2TaTGIjr3WpAFuXi9pHGGMYa0uXAVPmgjdE\n" + "XZ8t46u/ZKQ9W1uJkZEVKhcijT7G2VBrsBUq0CDiL+TDaGfthnBzUc9zt4fx/S/3\n" + "qulC2WbKI3xrasQyjrsHTAJ75Md3rK09AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB\n" + "AHHkXNA9BtgAebZC2zriW4hRfeIkJMOwvfKBXHTuY5iCLD1otis6AZljcCKXM6O9\n" + "489eHBC4T6mJwVsXhH+/ccEKqNRD2bUfQgOij32PsteV1eOHfHIFqdJmnBVb8tYa\n" + "jxUvy7UQvXrPqaHbODrHe+7f7r1YCzerujiP5SSHphY3GQq88KemfFczp/4GnYas\n" + "sE50OYe7DQcB4zvnxmAXp51JIN4ooktUU9oKIM5y2cgEWdmJzeqPANYxf0ZIPlTg\n" + "ETknKw1Dzf8wlK5mFbbG4LPQh1mkDVcwQV3ogG6kGMRa7neH+6SFkNpAKuPCoje4\n" + "NAE+WQ5ve1wk7nIRTQwDAF4=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDKTCCAhGgAwIBAgICVxYwDQYJKoZIhvcNAQEFBQAwFjEUMBIGA1UEAwwLczJu\n" + "VGVzdFJvb3QwIBcNMTYwMzMwMTg1NzA5WhgPMjExNjAzMDYxODU3MDlaMB4xHDAa\n" + "BgNVBAMME3MyblRlc3RJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "DwAwggEKAoIBAQDM/i3eclxYcvedPCEnVe6A/HYsYPeP1qKBZQhbpuuX061jFZKw\n" + "lecb0eau1PORLbcsYK40u3xUzoA5u6Q0ebDuqPbqSJkCazsh66cu9STl8ubbk7oI\n" + "8LJjUJFhhy2Jmm9krXhPyRscU+CXOCZ2G1GhBqTI8cgMYhEVHwb3qy1EHg6G3n4W\n" + "AjV+cKQcbUytq8DRmVe0bNJxDOX8ivzfAp3lUIwub+JfpxrWIUhb3iVGj5CauI98\n" + "bNFHTWwYp7tviIIi21Q+L3nExCyE4yTUP/mebBZ62JnbvsWSs3r3//Am5d8G3WdY\n" + "BXsERoDoLBvHnqlO/oo4ppGCRI7GkDroACi/AgMBAAGjdzB1MAwGA1UdEwQFMAMB\n" + "Af8wHQYDVR0OBBYEFGqUKVWVlL03sHuOggFACdlHckPBMEYGA1UdIwQ/MD2AFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwToRqkGDAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdIIJ\n" + "ANDUkH+UYdz1MA0GCSqGSIb3DQEBBQUAA4IBAQA3O3S9VT0EC1yG4xyNNUZ7+CzF\n" + "uFA6uiO38ygcN5Nz1oNPy2eQer7vYmrHtqN6gS/o1Ag5F8bLRCqeuZTsOG80O29H\n" + "kNhs5xYprdU82AqcaWwEd0kDrhC5rEvs6fj1J0NKmmhbovYxuDboj0a7If7HEqX0\n" + "NizyU3M3JONPZgadchZ+F5DosatF1Bpt/gsQRy383IogQ0/FS+juHCCc4VIUemuk\n" + "YY1J8o5XdrGWrPBBiudTWqCobe+N541b+YLWbajT5UKzvSqJmcqpPTniJGc9eZxc\n" + "z3cCNd3cKa9bK51stEnQSlA7PQXYs3K+TD3EmSn/G2x6Hmfr7lrpbIhEaD+y\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDATCCAemgAwIBAgIJANDUkH+UYdz1MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV\n" + "BAMMC3MyblRlc3RSb290MCAXDTE2MDMzMDE4NTYzOVoYDzIxMTYwMzA2MTg1NjM5\n" + "WjAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + "ADCCAQoCggEBAMY5532000oaeed7Jmo3ssx1723ZDLpn3WGz6FxpWM0zsKA/YvdD\n" + "7J6qXDvfxU6dZlmsCS+bSNAqpARKmKsBEDPTsdLmrN1V1clOxvKm6GvU1eloRTw6\n" + "xukEUXJ+uxrQMLYvSJBiCBVGI+UYNCK5c6guNMRYBCGdk5/iayjmK0Nxz1918Cx9\n" + "z4va8HPAgYIz0ogOdYB21O9FQGPdH1mYqRzljcSsZ7EFo1P8HJr8oKK76ZeYi2or\n" + "pjzMHGnlufHaul508wQPeFAMa1Tku3HyGZRaieRAck6+QcO2NujXxKNyCBlWON23\n" + "FQTuBjN/CAl74MZtcAM2hVSmpm9t4cWVN5MCAwEAAaNQME4wHQYDVR0OBBYEFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwTMB8GA1UdIwQYMBaAFE2XAbNDryMlBpMNI6Ce927u\n" + "UFwTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAXkVvQdXDmozPix\n" + "uZi1o9cw4Si0syqfJ4sSunrzPbbmw/Qxhth5V7XGrnsQVNxamgnbzpjGhiBF6isM\n" + "ldj33zQYtke+ojOjFlhEvrPo6eW29RkLBEtJadGs2bkMLztJbf+cbH2u6irzr6S4\n" + "3OgVOSuB+zG56ksTnEVmum+C/8tSIAyi3eaoStPcgEU8+3/KMrH7uuenmTOCKdD1\n" + "FvSDHXT9qPgTttVQGXbXzJEr5tGE+Py6yib5uoJ0dJZNtjs7HOQEDk5J0wZaX0DC\n" + "MShYLiN5qLJAk0qwl+js488BJ18M9dg4TxdBYFkwHSzKXSj9TJN77Bb0RZr8LL9T\n" + "r9IyvfU=\n" + "-----END CERTIFICATE-----\n"; + +static char private_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEA0cOgLmFwHkU9GLqbQnyY0QfxAycshl57/vE1dh9ViVoTC5PK\n" + "jQ9u6+/QOhI21ZiWjlfaq6JFaqQ5l0u9dmdwQ6ayftSxTMpptwPgBbiv7JHhstLJ\n" + "IpPk4DJhU+VwVb5rMOLgdUvblKpLR2rl4I4RTz7H75OHsC+C7pVRDdkxHiNTnY+A\n" + "mjMQDiLqMJvMCNjh1c0R5a0ZsifYWBrhx0Nk2kxiI691qQBbl4vaRxhjGGtLlwFT\n" + "5oI3RF2fLeOrv2SkPVtbiZGRFSoXIo0+xtlQa7AVKtAg4i/kw2hn7YZwc1HPc7eH\n" + "8f0v96rpQtlmyiN8a2rEMo67B0wCe+THd6ytPQIDAQABAoIBAF3evYAD+riRI5Y9\n" + "a92FBJ4Gf8R5c2NuRO8B4nrJ6u1ccclsieg2T90lpHlYTVGoxzdL+X91Trs6Ysti\n" + "CZdDEuozXw2DARTsQAK2qTnmPFQRtH7h9UCUDoiGAygYNP0qCa4G2YukNs+Apc9/\n" + "9v9WlEhyP+bmjoI5wM4j4/HekCx7syHuiqJ74//oTzNamT0aWHwgXAUmEYZ/1+nT\n" + "0KInmtmIOFgsWHcojwQ6sZJ3eVvy66EqHLZKQYZa2tx0YjrEJMQi1drg6VV+lLCR\n" + "rEtsoltgdN2G9v3P6KrHXsrCYaaZKhog9B1OSI2Amv3YWZHXppK12+aSy774lUUz\n" + "qVur5cECgYEA7oCOQoRZo76wztS+yDeq173B2gPHKSIrWvaLDkCAPOQPVzJZ4Qc+\n" + "8OEDU6HB9P0MYDsKBxZY85uzWP+dAlsmcL0C86WibOuYERPKQIcAn3KSzFiIxH3R\n" + "OAbaLtSLN3lDAH50PhP9BguiSfBjI6w4Qsr7jlQgdpzG4h4LjvotbWMCgYEA4SdT\n" + "QQJhHiLtBFo91ItRUzhePvUDfV8XvNfAwZj8cY2+oenkK2+bp35xteBV6Gu1cYnd\n" + "V2yFgzMZ/jDvqfUn/8EVAGvEFrLtsUpXeyHhgmVT490RsPxC9xU9jf5LsvZ4zjsj\n" + "CsFZW0JnhKkF6M5wztWtO3yKCilmXSOIFvorTN8CgYEAoK2LKdTwbxhxFWbOgSS/\n" + "vEji6HXTHysd+lJOrHNX8a3Th/MsCiZPiQiOrTE08k/onown3U547uXelf7fUE8I\n" + "PruX2X2lR6wQ7rBeecp56PHPZEvhGD+LTCuRoise/2h6c0K+HXRp6kC8PQPuRoIo\n" + "BRerEeArXr2QX5XOQ6zYHfECgYEAp0L9mDfaSfcMOMWJVVJCEh639PEzrHluOv3U\n" + "1n1+XCU+zy3gMVxyN9W5R7HmYAlT+4q9geq+rJ7T2oAkKxBSrK6VmYB1ZZ968NAX\n" + "eQPMcYAw+AAM2nwsiz2eQtP9DHAJgrtv5teIOEF2gZjHKRHjv+QBE0YLjkz/HIX+\n" + "3YLvk+UCgYAgpAWk4YW4dAcZ8Y04Ke2pjMvEu44hHphOmk6AZl0Xl9tJwxlV8GVx\n" + "o3L4hbjHqyJo3+DZZYM7udMx9axbX9JHYRaLNJpc8UxQZj7d3TehC9Dw9/DzhIy/\n" + "6sml30j/GHvnW5DOlpsdNKDlxoFX+hncXYIjyVTGRNdsSwa4VVm+Xw==\n" + "-----END RSA PRIVATE KEY-----\n"; + +static char dhparams[] = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEAy1+hVWCfNQoPB+NA733IVOONl8fCumiz9zdRRu1hzVa2yvGseUSq\n" + "Bbn6k0FQ7yMED6w5XWQKDC0z2m0FI/BPE3AjUfuPzEYGqTDf9zQZ2Lz4oAN90Sud\n" + "luOoEhYR99cEbCn0T4eBvEf9IUtczXUZ/wj7gzGbGG07dLfT+CmCRJxCjhrosenJ\n" + "gzucyS7jt1bobgU66JKkgMNm7hJY4/nhR5LWTCzZyzYQh2HM2Vk4K5ZqILpj/n0S\n" + "5JYTQ2PVhxP+Uu8+hICs/8VvM72DznjPZzufADipjC7CsQ4S6x/ecZluFtbb+ZTv\n" + "HI5CnYmkAwJ6+FSWGaZQDi8bgerFk9RWwwIBAg==\n" + "-----END DH PARAMETERS-----\n"; + +static int MAX_NEGOTIATION_ATTEMPTS = 10; + +int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) +{ + GUARD(s2n_init()); + GUARD(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); + return 0; +} + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ + if(len < S2N_TLS_RECORD_HEADER_LENGTH){ + return 0; + } + + /* Set up File Descriptors from client to server */ + int client_to_server[2]; + GUARD(pipe(client_to_server)); + + for (int i = 0; i < 2; i++) { + GUARD(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK)); + } + + /* Set up Server Config */ + struct s2n_config *server_config; + notnull_check(server_config = s2n_config_new()); + GUARD(s2n_config_add_cert_chain_and_key(server_config, certificate_chain, private_key)); + GUARD(s2n_config_add_dhparams(server_config, dhparams)); + + /* Set up Server Connection */ + struct s2n_connection *server_conn; + notnull_check(server_conn = s2n_connection_new(S2N_SERVER)); + GUARD(s2n_connection_set_read_fd(server_conn, client_to_server[0])); + GUARD(s2n_connection_set_config(server_conn, server_config)); + GUARD(s2n_connection_set_blinding(server_conn, S2N_SELF_SERVICE_BLINDING)); + server_conn->delay = 0; + + /* Set Server write FD to -1, to skip writing data since server out data is never read. */ + GUARD(s2n_connection_set_write_fd(server_conn, -1)); + + /* Set up Client Connection */ + struct s2n_connection *client_conn; + notnull_check(client_conn = s2n_connection_new(S2N_CLIENT)); + GUARD(s2n_connection_set_write_fd(client_conn, client_to_server[1])); + + /* Write data to client out file descriptor so that it is recieved by the server */ + struct s2n_stuffer *client_out = &client_conn->out; + GUARD(s2n_stuffer_write_bytes(client_out, buf, len)); + s2n_blocked_status client_blocked; + GUARD(s2n_flush(client_conn, &client_blocked)); + eq_check(client_blocked, S2N_NOT_BLOCKED); + + /* Let Server receive data and attempt Negotiation */ + int num_attempted_negotiations = 0; + s2n_blocked_status server_blocked; + do { + s2n_negotiate(server_conn, &server_blocked); + num_attempted_negotiations += 1; + } while(!server_blocked && num_attempted_negotiations < MAX_NEGOTIATION_ATTEMPTS); + + /* Clean up */ + GUARD(s2n_connection_wipe(server_conn)); + GUARD(s2n_connection_wipe(client_conn)); + + for (int i = 0; i < 2; i++) { + GUARD(close(client_to_server[i])); + } + + GUARD(s2n_config_free(server_config)); + GUARD(s2n_connection_free(server_conn)); + GUARD(s2n_connection_free(client_conn)); + + return 0; +}