From 2b4fe1ddfcbf9378a0fcc5fe666b8c0d764a4065 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 11 Jul 2016 12:42:32 -0700 Subject: [PATCH 01/14] Adding "fuzz" target to run Fuzz Tests with LibFuzzer --- .travis.yml | 23 ++ .travis/install_clang.sh | 57 +++++ .travis/install_libFuzzer.sh | 40 ++++ Makefile | 5 + crypto/s2n_drbg.c | 11 + crypto/s2n_rsa.c | 6 + s2n.mk | 10 + stuffer/s2n_stuffer_file.c | 10 + tests/Makefile | 5 + tests/fuzz/Makefile | 55 +++++ .../085edd8102e76d226fc7f769d6fab63e194a19d1 | Bin 0 -> 452 bytes .../08a9f57ff501d000dfd310016c990b3915732fe2 | Bin 0 -> 222 bytes .../0a0a53ae68431d5082ae2bfb73280024bb4cf0ef | Bin 0 -> 214 bytes .../114c49065df4fbc59b87967b9c033a5adddcc120 | Bin 0 -> 415 bytes .../145a2cd6bd7bc4e49a007b8f05639486f63f8e10 | Bin 0 -> 312 bytes .../1580393af362244c05fd8b2a6dc3f9519ad8f293 | Bin 0 -> 453 bytes .../158533ce4b780caac8b24754372299ede326e039 | Bin 0 -> 219 bytes .../15afa9bfcb4bb36506b4038c84229fa796b4faad | Bin 0 -> 211 bytes .../15c694d215dcdbbcf73cc8b5ec794dee76229e5b | Bin 0 -> 220 bytes .../164dfc541acdc855d32d2aba082fa990cbcf1200 | Bin 0 -> 454 bytes .../16a07fdd88575feb38f68940ff15d8a059f2c604 | Bin 0 -> 224 bytes .../18662fde269a89420c9dbdbda1ff4f39f5bd13e4 | 1 + .../18fa3ab3981df40ef7ceab3755f59ffb24a29159 | Bin 0 -> 535 bytes .../1a5d211db0094d382164b37fb9b2f8a25bddb256 | Bin 0 -> 226 bytes .../1afc372496ca56c3aaed4a68bfefa685a4b5a026 | Bin 0 -> 97 bytes .../1dcf56d389ce92cbcc623f5a10664618f96329c2 | Bin 0 -> 443 bytes .../1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 | Bin 0 -> 454 bytes .../1f31efcd0cf25cf1db0ac07110de5a5611a4500a | Bin 0 -> 412 bytes .../210771f1c9a0f2b0949c93325684d52359aa4ef6 | Bin 0 -> 453 bytes .../2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e | Bin 0 -> 454 bytes .../24882c4c1d2e557c51037e9f95b0b651d6f50fbd | Bin 0 -> 412 bytes .../28381a65cd76b56f45ef906304d0ea8c144245f3 | Bin 0 -> 455 bytes .../2959063570c1fc09070bf8247c00d94f11cc3b3b | Bin 0 -> 535 bytes .../29cdc112a148667115c380b425770b8757cb322e | Bin 0 -> 453 bytes .../2a181af9e7926e43c2289470521a1df281282186 | Bin 0 -> 609 bytes .../2afa0046f8d883fc21596aeba53ef90f1190e7e7 | Bin 0 -> 222 bytes .../2b4334095259766e9111876062796f55f3a54099 | Bin 0 -> 631 bytes .../2ca70f86f778776fcad42f526d8851b885e0ac59 | Bin 0 -> 107 bytes .../2d3642e406148a17752b126408469565e50ef78a | Bin 0 -> 210 bytes .../31d17054d6ccd7705db17105401be7fe1daddbd5 | Bin 0 -> 220 bytes .../32b6dc7f99a5a3ab9e4acb21c01131062b2ab5ae | Bin 0 -> 1164 bytes .../3412f14050514dbad2db7120b3b7f10136083dfc | Bin 0 -> 93 bytes .../39015981182276600a84828a3aa96e64dcc73401 | Bin 0 -> 221 bytes .../3901ec4dd6f25bd0da8480f6408311529b773e8e | Bin 0 -> 454 bytes .../3a62581d9a9850e003cabfd82586c50567b4ade0 | Bin 0 -> 223 bytes .../3e69b24a7ca126f2f092ab0d35edc479e43d171a | Bin 0 -> 221 bytes .../3e75357e7fe85f9debe233d91edc0a3e12da5972 | Bin 0 -> 94 bytes .../40ddee1f0672cc1be05b58ff43c7315ed94c2d26 | Bin 0 -> 222 bytes .../44e81111440abcaccb160983ed58637ad464f1d3 | Bin 0 -> 844 bytes .../49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 | Bin 0 -> 452 bytes .../4b40f233209efb5220af3f855f00d090742e8785 | Bin 0 -> 453 bytes .../4f744a4f4d8f67722b65fa56bd452615e61503d4 | Bin 0 -> 313 bytes .../5069b09b581b90512138290fcdc3800434825eed | Bin 0 -> 223 bytes .../50ec08ecb15f18fb87246bf27b30f067ffe7102f | Bin 0 -> 453 bytes .../55b41c2f2f3109a1b923aa0e29c6adb747c09bd2 | Bin 0 -> 453 bytes .../58080a322d37e7d8cb9fa7585be92689a971ffd6 | Bin 0 -> 155 bytes .../5955b76f7f4660fd3115b2979b2edb58244a1c3e | Bin 0 -> 412 bytes .../5fb2b0135286c9974ab66124d80984b696a1d755 | Bin 0 -> 221 bytes .../607ca566813a9fd8120c259b7d63327d2200bf9d | Bin 0 -> 453 bytes .../63a5669c9b391eac4033ef6a934d3591d21bb4c7 | Bin 0 -> 211 bytes .../644b6fef1226887b4ff2a5010af50ddda5ed1619 | Bin 0 -> 535 bytes .../66f0eb93fa2c97424483383b47370e4aecb01dee | Bin 0 -> 94 bytes .../695f0706193d20bc9c62bdeef11503997bfe1aad | Bin 0 -> 1184 bytes .../6cd78a8da79f922be614c8e87c33fa891f0fb8b0 | Bin 0 -> 636 bytes .../748090ea78474233c097f9d39e17afe0e1979ec1 | Bin 0 -> 95 bytes .../7616c8758af20ae270fd54aa628d92ae050b3cea | Bin 0 -> 453 bytes .../76969a70a995caeed6a406134a98cf544abe65da | Bin 0 -> 220 bytes .../76c906a0cd3e8e02576887f3f7f4a417f6bc94b9 | Bin 0 -> 221 bytes .../7dfa5648d47a09a88133b099fd992ddd3e9d787d | Bin 0 -> 220 bytes .../7ff26dd574e66a7f3425f1aa68717beb16a6943a | Bin 0 -> 2413 bytes .../805166c2b28e5d425df63a53b394449c632a2a54 | Bin 0 -> 209 bytes .../846e7d9db260a828911d6ef7393f31b57573d6da | Bin 0 -> 453 bytes .../8872d99b57e00b49b197cef8fba49c8ebf47a295 | Bin 0 -> 210 bytes .../8afa334a539552d9f17ae0437ca6d91fcb77ee5d | Bin 0 -> 221 bytes .../8ca2436810fe0784bd2bed2fb8fd21bd5f92d28d | Bin 0 -> 94 bytes .../8e01b98bfcec4abd3e12df9e6a92e297343bdd4c | Bin 0 -> 103 bytes .../8e529b3d4336d7703615a0f66904d3f5d6998430 | Bin 0 -> 417 bytes .../8f07a5e72a2a78455fdd055331c141cb32d85d22 | Bin 0 -> 224 bytes .../9106016f2d4548f4e250896d32ac7293f40bd5c3 | Bin 0 -> 535 bytes .../91712f3c255bf33b5723ee85563e1ea8eadabaef | Bin 0 -> 103 bytes .../91fcd5ff0bffb032addf798314aca80737b37c4c | Bin 0 -> 346 bytes .../930df04e0442a4137a134933e1f347bf662f1130 | Bin 0 -> 1070 bytes .../956793ab6bd4799d31aa882d3f65f380e12d2532 | Bin 0 -> 453 bytes .../9aac37c30521cf43803b938f56798f913ec56d60 | Bin 0 -> 292 bytes .../9dc4c3b376c301cd9262afd074db506c35db4112 | Bin 0 -> 225 bytes .../9f75d7ee3a7688f6cb54a40827ade2d7118fd6d3 | Bin 0 -> 349 bytes .../9fee6cc591d539529c4e799e12cbad9a8a5f12ce | Bin 0 -> 453 bytes .../a17fd449bc026a1d650c6c0f18519e407a77a95c | Bin 0 -> 107 bytes .../a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 | Bin 0 -> 124 bytes .../a51ae5a15789422b618fa986efc45d21703ba550 | Bin 0 -> 220 bytes .../a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb | Bin 0 -> 453 bytes .../a8049730ee6ce2666eea3219f18d1a379bbeee1c | Bin 0 -> 219 bytes .../aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a | Bin 0 -> 663 bytes .../ab18230cd0c28198e13e70212cd29b496385f2ba | Bin 0 -> 535 bytes .../afeac1756d23c16841369d957a721a89a78d954a | Bin 0 -> 453 bytes .../b14081b4a943667906a36cdf3781b33dd48f4dc7 | Bin 0 -> 220 bytes .../b1551a4704c717bf39fb2f578a6824364d907598 | Bin 0 -> 453 bytes .../b182f6030636315a90398ac5268701805b6838e9 | Bin 0 -> 452 bytes .../b5814144c287aebb5374baf62a365cded523bc28 | Bin 0 -> 221 bytes .../b5f1d98618a3b39ad203f9340e4788e817ad4b35 | Bin 0 -> 452 bytes .../b70a453e74f113e3edb6757d887508637215c14a | Bin 0 -> 455 bytes .../b8a638fb7ebf8922dc6d51f2ec370d30b09af827 | Bin 0 -> 453 bytes .../b9aa15db2228c37e98dded3ecfd5a438a9b5139f | Bin 0 -> 125 bytes .../bab49e3d52d9f835030bc8dac20cbd05a092ed0f | Bin 0 -> 454 bytes .../bb80164c0ecb30f33a56be6b511653ba20f79991 | Bin 0 -> 455 bytes .../bb96baf87a2efac350177031cc0497c576404203 | Bin 0 -> 412 bytes .../bda40475161a4662b771ede0239274d40494bdb1 | Bin 0 -> 346 bytes .../bdd6b65c3c1fa6fad481d987387674130487152d | Bin 0 -> 866 bytes .../c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 | Bin 0 -> 222 bytes .../c8a01e8f8bdefc4f38a650dbd2fc822d18f0d9d9 | Bin 0 -> 844 bytes .../ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 | Bin 0 -> 417 bytes .../cdf427bf37d3c11e18eb2b28bb88f517a0bf3cc9 | Bin 0 -> 453 bytes .../ce83b77db7986c3739ec27a937d3f2695c83408c | Bin 0 -> 221 bytes .../d0a93a75cf7cd5d96775ebc7c0b653c61cd1a239 | Bin 0 -> 637 bytes .../d1a54d255fc2b7b84050623e799b34aaf287df0f | Bin 0 -> 417 bytes .../d3ecb2272881147baf41e391bc1a6be7aeab425b | Bin 0 -> 413 bytes .../d633828268bb55f1fe1489e8b325d7f0440e0f14 | Bin 0 -> 291 bytes .../d7dbef8179a35fc403f6cac3608621f490c18f28 | Bin 0 -> 211 bytes .../d82129804de6c7e0b81378dd6f1c646d45df4653 | Bin 0 -> 125 bytes .../d955a22ac20ea4459034b048db1a3c8701409b39 | Bin 0 -> 221 bytes .../d979650293c99d4b605dcead678f9157fd2caebf | Bin 0 -> 454 bytes .../db9a582acf91d7f8b781edbfc7c98dece48a0689 | Bin 0 -> 535 bytes .../dc7db5fc8987403ce783de2fcc62c7c632cc02aa | Bin 0 -> 1164 bytes .../dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d | Bin 0 -> 221 bytes .../e24bad17acaddb087a7891c47e072dbe303ddf6b | Bin 0 -> 221 bytes .../e34259d6efff6bd0728f9f91dad6ad19874c2dec | Bin 0 -> 226 bytes .../e36ee1b11ea79c464b59933a84603a606fbbb4a9 | Bin 0 -> 453 bytes .../e8b68243802fec3b109bb45b6af0af31105c1410 | Bin 0 -> 453 bytes .../ec5057bba09c1c4bed44db1dec1f8505ccfdd2aa | Bin 0 -> 457 bytes .../ee65a759f424fc3da1dcf5252f22828a53c82dbd | Bin 0 -> 453 bytes .../f133c494d11986cb0e6c31d1c25dd14e32d909bd | Bin 0 -> 454 bytes .../f58609987e7b504586533b5dc9840dab51162621 | Bin 0 -> 452 bytes .../f6791ccef08992b0485104355c5c990f7e4b8569 | Bin 0 -> 95 bytes .../f8a7aa9aa8e58d4482e622754d4a4dece9dcee91 | Bin 0 -> 505 bytes .../fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 | Bin 0 -> 313 bytes .../fe6db486a2728716972649fd012cb628a9a5e4f5 | Bin 0 -> 221 bytes tests/fuzz/s2n_server_fuzz_test.c | 203 ++++++++++++++++++ tls/s2n_client_hello.c | 6 + tls/s2n_client_key_exchange.c | 6 + tls/s2n_server_hello.c | 6 + utils/s2n_random.c | 10 + utils/s2n_safety.c | 7 + 142 files changed, 461 insertions(+) create mode 100755 .travis/install_clang.sh create mode 100755 .travis/install_libFuzzer.sh create mode 100644 tests/fuzz/Makefile create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/085edd8102e76d226fc7f769d6fab63e194a19d1 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/08a9f57ff501d000dfd310016c990b3915732fe2 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/0a0a53ae68431d5082ae2bfb73280024bb4cf0ef create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/114c49065df4fbc59b87967b9c033a5adddcc120 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/145a2cd6bd7bc4e49a007b8f05639486f63f8e10 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/1580393af362244c05fd8b2a6dc3f9519ad8f293 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/158533ce4b780caac8b24754372299ede326e039 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/15afa9bfcb4bb36506b4038c84229fa796b4faad create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/15c694d215dcdbbcf73cc8b5ec794dee76229e5b create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/164dfc541acdc855d32d2aba082fa990cbcf1200 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/16a07fdd88575feb38f68940ff15d8a059f2c604 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/18fa3ab3981df40ef7ceab3755f59ffb24a29159 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/1a5d211db0094d382164b37fb9b2f8a25bddb256 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/1afc372496ca56c3aaed4a68bfefa685a4b5a026 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/1dcf56d389ce92cbcc623f5a10664618f96329c2 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/1f31efcd0cf25cf1db0ac07110de5a5611a4500a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/210771f1c9a0f2b0949c93325684d52359aa4ef6 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/24882c4c1d2e557c51037e9f95b0b651d6f50fbd create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/28381a65cd76b56f45ef906304d0ea8c144245f3 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2959063570c1fc09070bf8247c00d94f11cc3b3b create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/29cdc112a148667115c380b425770b8757cb322e create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2a181af9e7926e43c2289470521a1df281282186 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2afa0046f8d883fc21596aeba53ef90f1190e7e7 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2b4334095259766e9111876062796f55f3a54099 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2ca70f86f778776fcad42f526d8851b885e0ac59 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/2d3642e406148a17752b126408469565e50ef78a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/31d17054d6ccd7705db17105401be7fe1daddbd5 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/32b6dc7f99a5a3ab9e4acb21c01131062b2ab5ae create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/3412f14050514dbad2db7120b3b7f10136083dfc create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/39015981182276600a84828a3aa96e64dcc73401 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/3901ec4dd6f25bd0da8480f6408311529b773e8e create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/3a62581d9a9850e003cabfd82586c50567b4ade0 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/3e69b24a7ca126f2f092ab0d35edc479e43d171a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/3e75357e7fe85f9debe233d91edc0a3e12da5972 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/40ddee1f0672cc1be05b58ff43c7315ed94c2d26 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/44e81111440abcaccb160983ed58637ad464f1d3 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/4b40f233209efb5220af3f855f00d090742e8785 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/4f744a4f4d8f67722b65fa56bd452615e61503d4 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/5069b09b581b90512138290fcdc3800434825eed create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/50ec08ecb15f18fb87246bf27b30f067ffe7102f create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/55b41c2f2f3109a1b923aa0e29c6adb747c09bd2 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/58080a322d37e7d8cb9fa7585be92689a971ffd6 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/5955b76f7f4660fd3115b2979b2edb58244a1c3e create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/5fb2b0135286c9974ab66124d80984b696a1d755 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/607ca566813a9fd8120c259b7d63327d2200bf9d create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/63a5669c9b391eac4033ef6a934d3591d21bb4c7 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/644b6fef1226887b4ff2a5010af50ddda5ed1619 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/66f0eb93fa2c97424483383b47370e4aecb01dee create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/695f0706193d20bc9c62bdeef11503997bfe1aad create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/6cd78a8da79f922be614c8e87c33fa891f0fb8b0 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/748090ea78474233c097f9d39e17afe0e1979ec1 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/7616c8758af20ae270fd54aa628d92ae050b3cea create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/76969a70a995caeed6a406134a98cf544abe65da create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/76c906a0cd3e8e02576887f3f7f4a417f6bc94b9 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/7dfa5648d47a09a88133b099fd992ddd3e9d787d create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/7ff26dd574e66a7f3425f1aa68717beb16a6943a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/805166c2b28e5d425df63a53b394449c632a2a54 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/846e7d9db260a828911d6ef7393f31b57573d6da create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/8872d99b57e00b49b197cef8fba49c8ebf47a295 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/8afa334a539552d9f17ae0437ca6d91fcb77ee5d create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/8ca2436810fe0784bd2bed2fb8fd21bd5f92d28d create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/8e01b98bfcec4abd3e12df9e6a92e297343bdd4c create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/8e529b3d4336d7703615a0f66904d3f5d6998430 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/8f07a5e72a2a78455fdd055331c141cb32d85d22 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/9106016f2d4548f4e250896d32ac7293f40bd5c3 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/91712f3c255bf33b5723ee85563e1ea8eadabaef create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/91fcd5ff0bffb032addf798314aca80737b37c4c create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/930df04e0442a4137a134933e1f347bf662f1130 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/956793ab6bd4799d31aa882d3f65f380e12d2532 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/9aac37c30521cf43803b938f56798f913ec56d60 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/9dc4c3b376c301cd9262afd074db506c35db4112 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/9f75d7ee3a7688f6cb54a40827ade2d7118fd6d3 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/9fee6cc591d539529c4e799e12cbad9a8a5f12ce create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/a17fd449bc026a1d650c6c0f18519e407a77a95c create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/a51ae5a15789422b618fa986efc45d21703ba550 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/a8049730ee6ce2666eea3219f18d1a379bbeee1c create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/ab18230cd0c28198e13e70212cd29b496385f2ba create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/afeac1756d23c16841369d957a721a89a78d954a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b14081b4a943667906a36cdf3781b33dd48f4dc7 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b1551a4704c717bf39fb2f578a6824364d907598 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b182f6030636315a90398ac5268701805b6838e9 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b5814144c287aebb5374baf62a365cded523bc28 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b5f1d98618a3b39ad203f9340e4788e817ad4b35 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b70a453e74f113e3edb6757d887508637215c14a create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b8a638fb7ebf8922dc6d51f2ec370d30b09af827 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/b9aa15db2228c37e98dded3ecfd5a438a9b5139f create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/bab49e3d52d9f835030bc8dac20cbd05a092ed0f create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/bb80164c0ecb30f33a56be6b511653ba20f79991 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/bb96baf87a2efac350177031cc0497c576404203 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/bda40475161a4662b771ede0239274d40494bdb1 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/bdd6b65c3c1fa6fad481d987387674130487152d create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/c8a01e8f8bdefc4f38a650dbd2fc822d18f0d9d9 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/cdf427bf37d3c11e18eb2b28bb88f517a0bf3cc9 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/ce83b77db7986c3739ec27a937d3f2695c83408c create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d0a93a75cf7cd5d96775ebc7c0b653c61cd1a239 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d1a54d255fc2b7b84050623e799b34aaf287df0f create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d3ecb2272881147baf41e391bc1a6be7aeab425b create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d633828268bb55f1fe1489e8b325d7f0440e0f14 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d7dbef8179a35fc403f6cac3608621f490c18f28 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d82129804de6c7e0b81378dd6f1c646d45df4653 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d955a22ac20ea4459034b048db1a3c8701409b39 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/d979650293c99d4b605dcead678f9157fd2caebf create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/db9a582acf91d7f8b781edbfc7c98dece48a0689 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/dc7db5fc8987403ce783de2fcc62c7c632cc02aa create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/e24bad17acaddb087a7891c47e072dbe303ddf6b create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/e34259d6efff6bd0728f9f91dad6ad19874c2dec create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/e36ee1b11ea79c464b59933a84603a606fbbb4a9 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/e8b68243802fec3b109bb45b6af0af31105c1410 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/ec5057bba09c1c4bed44db1dec1f8505ccfdd2aa create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/ee65a759f424fc3da1dcf5252f22828a53c82dbd create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/f133c494d11986cb0e6c31d1c25dd14e32d909bd create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/f58609987e7b504586533b5dc9840dab51162621 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/f6791ccef08992b0485104355c5c990f7e4b8569 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/f8a7aa9aa8e58d4482e622754d4a4dece9dcee91 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 create mode 100644 tests/fuzz/corpus/s2n_server_fuzz_test/fe6db486a2728716972649fd012cb628a9a5e4f5 create mode 100644 tests/fuzz/s2n_server_fuzz_test.c diff --git a/.travis.yml b/.travis.yml index 93c6fdd77e5..93ed28ea234 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,4 +1,13 @@ sudo: true +language: c + +addons: + apt: + sources: + - ubuntu-toolchain-r-test + packages: + - gcc-6 + - g++-6 os: - osx @@ -8,7 +17,20 @@ compiler: - gcc - clang +before_install: + # Install GCC 6 if on OSX + - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew update ; fi + - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew tap homebrew/versions ; fi + - if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then brew install gcc6 ; fi + # Set GCC 6 as Default on both Ubuntu and OSX + - alias gcc=$(which gcc-6) + # Install latest version of clang, clang++, and llvm-symbolizer and add them to beginning of PATH. Needed for fuzzing. + - (.travis/install_clang.sh `pwd`/clang-download `pwd`/clang-latest $TRAVIS_OS_NAME) && export PATH=`pwd`/clang-latest/bin:$PATH + install: + # Download and Install LibFuzzer + - .travis/install_libFuzzer.sh `pwd`/fuzz_dependencies/libFuzzer-download `pwd`/fuzz_dependencies $TRAVIS_OS_NAME + # Download and Install Openssl - .travis/install_openssl.sh `pwd`/libcrypto-build `pwd`/libcrypto-root $TRAVIS_OS_NAME > /dev/null # Install python linked with our compiled Openssl for integration tests - sudo .travis/install_python.sh `pwd`/libcrypto-root > /dev/null @@ -20,3 +42,4 @@ script: # Build and run unit tests with scan-build for osx. scan-build bundle isn't available for linux - (test "$TRAVIS_OS_NAME" = "osx" && scan-build --status-bugs -o /tmp/scan-build make -j8; STATUS=$?; test $STATUS -ne 0 && cat /tmp/scan-build/*/*; exit $STATUS) || true - make integration + - make clean && make fuzz diff --git a/.travis/install_clang.sh b/.travis/install_clang.sh new file mode 100755 index 00000000000..94ba5f88314 --- /dev/null +++ b/.travis/install_clang.sh @@ -0,0 +1,57 @@ +#!/bin/bash +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +set -e + +usage() { + echo "install_clang.sh download_dir install_dir travis_platform" + exit 1 +} + +if [ "$#" -ne "3" ]; then + usage +fi + +CLANG_DOWNLOAD_DIR=$1 +CLANG_INSTALL_DIR=$2 +PLATFORM=$3 + +mkdir -p $CLANG_DOWNLOAD_DIR +cd $CLANG_DOWNLOAD_DIR + +if [ "$PLATFORM" == "linux" ]; then + # The Certificate used by chromium.googlesource.com is not in the default CA + # list supported by git/curl on Ubuntu, but the certificate is in the + # ca-certificates.crt file in Ubuntu, so set this env variable so that it is + # picked up by git. + export SSL_CERT_FILE=/usr/lib/ssl/certs/ca-certificates.crt +fi + +GIT_CURL_VERBOSE=1 +echo "Downloading Clang..." +git clone https://chromium.googlesource.com/chromium/src/tools/clang + +echo "Updating Clang..." +$CLANG_DOWNLOAD_DIR/clang/scripts/update.py + +# "third_party" directory is created above $CLANG_DOWNLOAD_DIR after running +# update, move it into $CLANG_DOWNLOAD_DIR once update is complete. +mv ../third_party $CLANG_DOWNLOAD_DIR + +echo "Installed Clang Version: " +$CLANG_DOWNLOAD_DIR/third_party/llvm-build/Release+Asserts/bin/clang --version + +ln -s $CLANG_DOWNLOAD_DIR/third_party/llvm-build/Release+Asserts/ $CLANG_INSTALL_DIR + diff --git a/.travis/install_libFuzzer.sh b/.travis/install_libFuzzer.sh new file mode 100755 index 00000000000..6e3f91a30ae --- /dev/null +++ b/.travis/install_libFuzzer.sh @@ -0,0 +1,40 @@ +#!/bin/bash +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# +set -e + +usage() { + echo "install_libFuzzer.sh download_dir install_dir travis_platform" + exit 1 +} + +if [ "$#" -ne "3" ]; then + usage +fi + +LIBFUZZER_DOWNLOAD_DIR=$1 +LIBFUZZER_INSTALL_DIR=$2 +PLATFORM=$3 + +mkdir -p $LIBFUZZER_DOWNLOAD_DIR +cd $LIBFUZZER_DOWNLOAD_DIR + +git clone https://chromium.googlesource.com/chromium/llvm-project/llvm/lib/Fuzzer + +echo "Compiling LibFuzzer..." +clang++ -c -g -v -O2 -lstdc++ -std=c++11 Fuzzer/*.cpp -IFuzzer +ar ruv libFuzzer.a Fuzzer*.o + +echo "Copying libFuzzer.a to $LIBFUZZER_INSTALL_DIR" +cp libFuzzer.a $LIBFUZZER_INSTALL_DIR diff --git a/Makefile b/Makefile index 2316ef80531..f36bea39de1 100644 --- a/Makefile +++ b/Makefile @@ -53,6 +53,11 @@ bin: libs integration: bin $(MAKE) -C tests integration +.PHONY : fuzz +fuzz : export S2N_UNSAFE_FUZZING_MODE = 1 +fuzz : bin + $(MAKE) -C tests fuzz + .PHONY : indent indent: $(MAKE) -C tests indentsource diff --git a/crypto/s2n_drbg.c b/crypto/s2n_drbg.c index f0c9f0bcb58..1958b5635fd 100644 --- a/crypto/s2n_drbg.c +++ b/crypto/s2n_drbg.c @@ -142,6 +142,17 @@ int s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personalization int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { + /* If S2N_UNSAFE_FUZZING_MODE is enabled, then generate fake random numbers in order to ensure that fuzz tests are + * deterministic and repeatable. Should return non-zero values since this function may be called repeatedly at + * startup until a non-zero value is returned. */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + for(int i=0; i < blob->size; i++){ + blob->data[i] = 4; // Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ + } + drbg->bytes_used += blob->size; + return 0; + #endif + uint8_t all_zeros[32] = { 0 }; struct s2n_blob zeros = {.data = all_zeros, .size = sizeof(all_zeros) }; if (blob->size > S2N_DRBG_GENERATE_LIMIT) { diff --git a/crypto/s2n_rsa.c b/crypto/s2n_rsa.c index 049011336a3..d57890f1fc4 100644 --- a/crypto/s2n_rsa.c +++ b/crypto/s2n_rsa.c @@ -156,6 +156,12 @@ int s2n_rsa_verify(struct s2n_rsa_public_key *key, struct s2n_hash_state *digest GUARD(s2n_hash_digest(digest, digest_out, digest_length)); if (RSA_verify(type, digest_out, digest_length, signature->data, signature->size, key->rsa) == 0) { + /* If S2N_UNSAFE_FUZZING_MODE is enabled, don't return S2N_ERR_VERIFY_SIGNATURE. This will assume all RSA + * signatures pass verification and will aid with branch coverage for fuzz tests */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + return 0; + #endif + S2N_ERROR(S2N_ERR_VERIFY_SIGNATURE); } diff --git a/s2n.mk b/s2n.mk index 25d4adb3ae4..b9a5868b520 100644 --- a/s2n.mk +++ b/s2n.mk @@ -37,6 +37,16 @@ CFLAGS = -pedantic -Wall -Werror -Wimplicit -Wunused -Wcomment -Wchar-subscripts -I../api/ -I../ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wformat-security \ -D_FORTIFY_SOURCE=2 +ifeq ($(S2N_UNSAFE_FUZZING_MODE),1) + # Override compiler to clang if fuzzing, since gcc does not support as many sanitizer flags as clang + CC=clang + + # Turn on debugging flags when S2N_UNSAFE_FUZZING_MODE is enabled to give detailed stack traces in case an error + # occurs while fuzzing. + CFLAGS += -DS2N_UNSAFE_FUZZING_MODE -g3 -ggdb -fno-omit-frame-pointer -fno-optimize-sibling-calls \ + -fsanitize-coverage=edge,trace-cmp -fsanitize=address,undefined,leak +endif + INDENTOPTS = -npro -kr -i4 -ts4 -nut -sob -l180 -ss -ncs -cp1 .PHONY : indentsource diff --git a/stuffer/s2n_stuffer_file.c b/stuffer/s2n_stuffer_file.c index 9f3108fb58c..2bc2b75d48d 100644 --- a/stuffer/s2n_stuffer_file.c +++ b/stuffer/s2n_stuffer_file.c @@ -54,6 +54,16 @@ int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, int rfd, uint32_t len) int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, int wfd, uint32_t len) { + /* If S2N_UNSAFE_FUZZING_MODE is enabled, check if the file descriptor is -1 (which is invalid), and if so, skip + * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read. + */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + if(wfd == -1){ + stuffer->read_cursor += len; + return len; + } + #endif + /* Make sure we even have the data */ GUARD(s2n_stuffer_skip_read(stuffer, len)); diff --git a/tests/Makefile b/tests/Makefile index 72d6a871ee0..d4489871122 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -30,9 +30,14 @@ all: integration: ${MAKE} -C integration +.PHONY : fuzz +fuzz: + ${MAKE} -C fuzz + include ../s2n.mk .PHONY : clean clean: ${MAKE} -C testlib decruft ${MAKE} -C unit decruft + ${MAKE} -C fuzz decruft diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile new file mode 100644 index 00000000000..fc6acf73983 --- /dev/null +++ b/tests/fuzz/Makefile @@ -0,0 +1,55 @@ +# +# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +SRCS=$(wildcard *.c) +OBJS=$(SRCS:.c=.o) +TESTS=$(SRCS:.c=) +CRYPTO_LDFLAGS = -L$(LIBCRYPTO_ROOT)/lib + +.PHONY : all +all: $(TESTS) + +include ../../s2n.mk + +CRUFT += $(wildcard *_test) $(wildcard fuzz-*.log) $(wildcard *_test_output.txt) +LIBS += -lm + +CFLAGS += -Wno-unreachable-code -O0 -I$(LIBCRYPTO_ROOT)/include/ -I../../ -I../../api/ +LDFLAGS += ../../fuzz_dependencies/libFuzzer.a -lstdc++ -L../../lib/ ${CRYPTO_LDFLAGS} -L../testlib/ -ls2n ${LIBS} ${CRYPTO_LIBS} +ASAN_OPTIONS= symbolize=1 +LSAN_OPTIONS= log_threads=1 +UBSAN_OPTIONS= print_stacktrace=1 +FUZZ_TIMEOUT_SEC= 120 +LIBFUZZER_ARGS = -timeout=1 -max_len=4096 -use_traces=1 -print_final_stats=1 -jobs=32 -workers=32 \ + -max_total_time=${FUZZ_TIMEOUT_SEC} + +$(TESTS):: + @${CC} ${CFLAGS} $@.c -o $@ ${LDFLAGS} > /dev/null + @printf "Running %-40s for %5d sec... " $@ ${FUZZ_TIMEOUT_SEC} + @( \ + DYLD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$DYLD_LIBRARY_PATH" \ + LD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$LD_LIBRARY_PATH" \ + ASAN_OPTIONS=${ASAN_OPTIONS} \ + LSAN_OPTIONS=${LSAN_OPTIONS} \ + UBSAN_OPTIONS=${UBSAN_OPTIONS} \ + ./$@ ${LIBFUZZER_ARGS} ./corpus/$@ > $@_output.txt 2>&1 \ + || (echo "\033[31;1mFAILED\033[0m\n"; sleep 2s; cat $@_output.txt; exit -1;) \ + ) + @( \ + printf "\033[32;1mPASSED\033[0m %12d tests, %8d branches covered\n" \ + `grep -o "stat::number_of_executed_units: [0-9]*" $@_output.txt | awk '{test_count += $$2} END {print test_count}'` \ + `grep -o "cov: [0-9]*" $@_output.txt | awk '{print $$2}' | sort | tail -1` \ + ) + diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/085edd8102e76d226fc7f769d6fab63e194a19d1 b/tests/fuzz/corpus/s2n_server_fuzz_test/085edd8102e76d226fc7f769d6fab63e194a19d1 new file mode 100644 index 0000000000000000000000000000000000000000..2c55be0739ea9f289c6680de9b66cd140f98c516 GIT binary patch literal 452 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe zmliZ6Sr~vJnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3t*kyaCG_-1!Mo0;F^`e{A|H YeVjo-wuz|`M0F}#&bN~PV literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/08a9f57ff501d000dfd310016c990b3915732fe2 b/tests/fuzz/corpus/s2n_server_fuzz_test/08a9f57ff501d000dfd310016c990b3915732fe2 new file mode 100644 index 0000000000000000000000000000000000000000..2f5a9b99f986f612bb1107f8ee157efec189093d GIT binary patch literal 222 zcmWe*W@d1~vu;263PWHv^C>1~lDG04T!X z z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8fr$YKSeOnlFbFVkGO)817o=3`ivdkf0xF0D zo35hOylg42nSGSs0j@7#Ua@egjPd U0WJnMpqMy=1Oqn%Py&q$0QdSZ{{R30 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/114c49065df4fbc59b87967b9c033a5adddcc120 b/tests/fuzz/corpus/s2n_server_fuzz_test/114c49065df4fbc59b87967b9c033a5adddcc120 new file mode 100644 index 0000000000000000000000000000000000000000..17f96781cf38f6dff36b15d8d23bd54e0243bb4c GIT binary patch literal 415 zcmV;Q0bu?X0|NkA0RRA10|8fcxhKV8zrOKexy-)EcRe)DBbO%=wW*7)V=DcX9!&rM z6u>Vqz!ShHz!Ja|0Gt3k051Rv0RR9P0000400II5015yGz%Kw702lxZ00IGk76StT z1`q%N0s#Pm!}XqXP|jpu{a=a&tBdONwoCrL5;GH{-Pp!~I6;Of-LemnQtL|b9&hG% zNvn^2dGu{rre+KjZ#-?&H2Z-)MQ37w4t;-AIsw0GF8$EzJlE+kIpv?iCWqr}SM)pMhjPbs&e_2R8tP;^^+Bk-`*Fl# zmlTSALU0Ihf}NT2y!n~0-po3rA~gk{?f8;EGDf3__9TM7n7u z@Bwvop#vfea~NzG^clE-nk5)`8JL(D8MqkO7+4s@fqZTTAXki;nZZqffg#J0MQ!<< zuh*|yAYW?A_BC5kr8B%2E>0r(ocKdEce~J%QppWWolf{XtTce&Wir2 T0v-&XwzK31OFEubb^HYYT0~`E literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1580393af362244c05fd8b2a6dc3f9519ad8f293 b/tests/fuzz/corpus/s2n_server_fuzz_test/1580393af362244c05fd8b2a6dc3f9519ad8f293 new file mode 100644 index 0000000000000000000000000000000000000000..aeee6b021310acdf014bb13bef86c6cea2f426c2 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+ctjtftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe z7XvgTSr~vJnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tKv6d2t3X_{i44Wx86e{A|H TeH;|p`UebFF8M# kfs28Sfd$h_2B2XQa67?@7{q}h;@m)jn}LY|=n_T-02@R%egFUf literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/15afa9bfcb4bb36506b4038c84229fa796b4faad b/tests/fuzz/corpus/s2n_server_fuzz_test/15afa9bfcb4bb36506b4038c84229fa796b4faad new file mode 100644 index 0000000000000000000000000000000000000000..3bde5eeb0b03d122280ba06f15a799cbd5f29d6b GIT binary patch literal 211 zcmWe*W@boZWMD{QW)3giSsy)PxxsUN`C8FzdrdW=xjRxawp;9M$?5#}yYx2$gUA8> z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8frWvIkwJiglYyPBxFDrcUkqq)5>PG_JSI1#GnW<8)!Hy11lqt3j|yY QY(V?O86+6ELAIiC0r@jAS^xk5 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/15c694d215dcdbbcf73cc8b5ec794dee76229e5b b/tests/fuzz/corpus/s2n_server_fuzz_test/15c694d215dcdbbcf73cc8b5ec794dee76229e5b new file mode 100644 index 0000000000000000000000000000000000000000..d326ca84ef5f5432a96ced2a9d04ca1e27cbd642 GIT binary patch literal 220 zcmWe*W@d1~lDGfPuluk;VPh-Hda4r(BR{($1az<<~dWzs>eJVwT$~ z9p}G4m*sm?H+*f<+=T0vn^j&($1bznP+yjo&K$U9!H+{{qZ$t7Jr@BQ#mERUP=f&q m6f)K@`)&X2%qQxev3k=fon?~Kv;+6&C&=e~d7R&I@(Tc>{5+EY literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/164dfc541acdc855d32d2aba082fa990cbcf1200 b/tests/fuzz/corpus/s2n_server_fuzz_test/164dfc541acdc855d32d2aba082fa990cbcf1200 new file mode 100644 index 0000000000000000000000000000000000000000..0b8bbb4b4c2e02912e3c4a0357091f71a57743ce GIT binary patch literal 454 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iylP+K5rVDZ4JH~o2DpagF*u-ticLaffZPOH#WHQ6Ql-6>1zJi W^i}#eD7f_x7$CU_dvF7lGXMagpo|p& literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/16a07fdd88575feb38f68940ff15d8a059f2c604 b/tests/fuzz/corpus/s2n_server_fuzz_test/16a07fdd88575feb38f68940ff15d8a059f2c604 new file mode 100644 index 0000000000000000000000000000000000000000..8807fecac25d6af1e667678a5fa2944f129429f1 GIT binary patch literal 224 zcmWe*W@d=Jxu@E=l<7F_>_TTlK@NJ+{Yiq40m4-%=L2R>ru{I zeQZ_|t5iUzd&XBzdrpI15uj0wj35I+KqDPUYGdvvDthdt{( T{yh6}Y_`3-gVl6-*`hE2crr*_ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 b/tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 new file mode 100644 index 00000000000..10cc57bbedc --- /dev/null +++ b/tests/fuzz/corpus/s2n_server_fuzz_test/18662fde269a89420c9dbdbda1ff4f39f5bd13e4 @@ -0,0 +1 @@ + \ No newline at end of file diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/18fa3ab3981df40ef7ceab3755f59ffb24a29159 b/tests/fuzz/corpus/s2n_server_fuzz_test/18fa3ab3981df40ef7ceab3755f59ffb24a29159 new file mode 100644 index 0000000000000000000000000000000000000000..745a000ec4250d5a5b4ebf744a4495c952b8cb28 GIT binary patch literal 535 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~vvp2?lW%25tr*R}5&nn*akt zmLrSW@;P6xU$x4;xWa?IPVDrvS1+cyOpNzcxh#XcQwO$UqGSDDcysH_LtZ?($7RTN~HguJ2vZKUKiv z({`5pU`a=@1Nx-+OBj#O;2vXP5C?jdfX9gU8OSe4K_AnW)4aFpUF^nrTd&IYzt3Fl wqWPxV*lp)gHRdMlK@apITF^sXh$qY#kOEEB@fTC$dPW;)$T2{J?le#w0OH-V-v9sr literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1a5d211db0094d382164b37fb9b2f8a25bddb256 b/tests/fuzz/corpus/s2n_server_fuzz_test/1a5d211db0094d382164b37fb9b2f8a25bddb256 new file mode 100644 index 0000000000000000000000000000000000000000..0d77d35ad053868b65c6638d9fb7c6774833b8a5 GIT binary patch literal 226 zcmWeTpurHy$iNWF%p6|2Q$40Fr+IJHyV#BMwqBL(f1kP9Me|L!vD?n0YRpXx3?c_K z4j3E|KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~wo|f{B}ffq_w+L5!K1!A*dH z!O4}yVEz&R4K=RXR;5bk_eB5Z?`V6N{?Kus4MVOg27#JBrW@-S9PX}U#E$l*2e&wei|tlgt`lCj7%>wN6fdu57umNGDi zJkUR2a6tHg`T?N>A`EjFY#6KdKw0TG5d3^ok<3|v6HV$948=td|anQ=fL#SDF{hDb2*GO#c(F)=b|F|Ywy z2lT}mBpA3EfC3=%-2@mIoE%xyme2Wm{i;>&#T6dxbz-NVO?&miZSu12`IjHJtMnW@ z)m?qyc+f@F@7GfvMs_1iGykDCl0&+hi$QBI- zDDcysH_LtZ?($7RTN~HguJ0w}j#n?H;dBSW&H#j+2lTPpxuSonfXAopEcwBbj;E0w N0F_X6`~{H%G5`Qwok#!x literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 b/tests/fuzz/corpus/s2n_server_fuzz_test/1e1be1dd68242ea4b7f52ddc31a2ebb97ad83e51 new file mode 100644 index 0000000000000000000000000000000000000000..1809b57479e785f73b41d779c2cca27a34cacb4d GIT binary patch literal 454 zcmWe*W@dVZCXdoj4kW~(}wV06s=wy`yms?Vw)fD6x%$@nqhA)9t zcdvZXRgI{vB@7G<=|Ie|6#=y%1_8J3&6wq5hkXW8toS&PjmzbMam7k}XSYE7`oXaeh z&&*`Uxs3Tv=}RX*wv1qOG1g46&hUCkex VzDgel1-JeI19UfG1UFDQ0|0|`ig5q{ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/1f31efcd0cf25cf1db0ac07110de5a5611a4500a b/tests/fuzz/corpus/s2n_server_fuzz_test/1f31efcd0cf25cf1db0ac07110de5a5611a4500a new file mode 100644 index 0000000000000000000000000000000000000000..b66697016ffabb08896b2e5155b8d64b2d854305 GIT binary patch literal 412 zcmV;N0b~9a0|NkA0RRA10|QrexhKV8zrOKexy-)EcRe)DBbO%=wW*7)V=DcX9!&rM z6u>XQFu)VQC%_WG6abt6JOD2M3IPBB7yu0b1ONg80RRdB2EZ=>7XTOl3jhKE02TuS z0R|8N0RjO4g2VNmb5PD?U;ST-1*?nd^tMa>z7jJNqutoXfjB{iDc!OUky7hQ@g8sH zcS);{eR=e4S*B(T6mL9j(=_{mJw<0?fDV0sR5}5_YA*fI>OITlc9Ie1Ji*#yk4Hv? zr&;Y*_ldE-{GaQuYl| z$?h~5pBOW`(TK~D)9V!P=sD$|!X}5~Y*+L<ujZPUPZ>L0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe z7XvgTSr~vJnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tKv6d2t32~q>3bTxl$`YL@K R6x#X+43J!eJ+y(!82}n#i?{#) literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e b/tests/fuzz/corpus/s2n_server_fuzz_test/2251f2fa721ce7abef7f3dff2c189ddd4f1ec07e new file mode 100644 index 0000000000000000000000000000000000000000..d3c23e55311da124f0d824487b2e045f95b604b4 GIT binary patch literal 454 zcmWe*W@dVZCXdoj4kW~(}wV06s=wy`yms?Vw)fD6x%$-^G&xS97 zRd=s^($%P~B^nG24Cz43u;m@&w{5q!9G@a|lmG6~nIHD7_xSVd$FbS=?haPd*`Uxs3Tv=}RX*wv1qOG1g46&hUCkex VzDgel1-JeI19T^01UFDQ0|2_rioO5< literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/24882c4c1d2e557c51037e9f95b0b651d6f50fbd b/tests/fuzz/corpus/s2n_server_fuzz_test/24882c4c1d2e557c51037e9f95b0b651d6f50fbd new file mode 100644 index 0000000000000000000000000000000000000000..a941ceb5703e69db69df8c78ee1def544e1ff09b GIT binary patch literal 412 zcmV;N0b~9a0|NkA0RRA10|QrexhKV8zrOKexy-)EcRe)DBbO%=wW*7)V=DcX9!(ek z6u>XQFu)VQC%_WG6abt6JOD2M3IPBB7yu0b1ONg80RRdB2EZ=>7XTOl3jhKE02TuS z0R|8N0RjO4g2VNmb5PD?U;ST-1*?nd^tMa>z7jJNqutoXfjB{iDc!OUky7hQ@g8sH zcS);{eR=e4S*B(T6mL9j(=_{lJw<0?fDV0sR5}5_YA*fI>OITlc9Ie1Ji*#yk4Hv? zr&;Y*_ldE-{GaQuYl| z$?h~5pBOW`(TK~D)9V!P=sD$|!X}5~Y*+L<ujZPUPZ>vF6^RYRpXx3?c_K z4j3K~KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~wo|94Nxg0OX1RO?MMuU~qC| zF_?eEe?yI{wpFRp`90CU`8(PkrvL17|7$3G%D}NnfF*D4&?rVmpn;4GKvp@>)?%=eRT5loNqtsRkY6x&X4yX*z64g? zz4A#{qqdf4FfcHr12MyvcZ}b*-P&?|iqK8|yGLh!DA}{#wmqJO{$$#WpT9btUTV8+191NIvOgA~wTK#*9TTAZJox-Ky{u_`|=vAkF>IhR>1 zpP5Sw8k8&yDZsEyvtK#m*Djwo4b8Te-;GUE6tY3VffU$a1*>2R4DS2{sR2^Dnm;yu Ul|Bv%Z~X%XNKV2Y-azFH0Bxg<&Hw-a literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2959063570c1fc09070bf8247c00d94f11cc3b3b b/tests/fuzz/corpus/s2n_server_fuzz_test/2959063570c1fc09070bf8247c00d94f11cc3b3b new file mode 100644 index 0000000000000000000000000000000000000000..3452324261435380695d8ef6376fb1ddce9082e1 GIT binary patch literal 535 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~w2^oP~j#0mu~tn(oHHAduzA zqPBd_*XviUaxbp%V6PK9{p{6?X>OC3bTswCBxo-@UthQ_$AN^|tGKSM*O6@c6Wy zB|liwQS5*|DgF}1<1@I&SQx~CenWUnfPn$iW5oLm(k-dpu9cH_LQS7rO( zXRdb9eA8|0w)3bOa})NU2YL}L=%Fse6J`uZfu`#Ci>YxvqYX6V7@$FS8Ym6`;Q6!O literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/29cdc112a148667115c380b425770b8757cb322e b/tests/fuzz/corpus/s2n_server_fuzz_test/29cdc112a148667115c380b425770b8757cb322e new file mode 100644 index 0000000000000000000000000000000000000000..44c20d1a9d8d3572b7ef6b2c2de817a62d00f11c GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf$X&B6O4g?$Mba_N@2#^X$j5+4k-ZR@3EWi^3Sc z?*w{I|9}ya-#}hF0<^`9ftLsDH3kMLptpb^u{^anKQ~n`F*mU)KQFPoST8x3SuCHK zivb#vEDXSqOtW7(2e)-1!Mo1Eh2{e{A|H TeH;|p`Ueb-DQvxffS> zu-A#5e)j6cG`Gpiy60bh+^*7d>{NI4f#X3JRli?Pc^KIp)IPuQR^j=blNQej&{1(~ zZ%gUCUz;Mr%*@CLa)bs06!>Y+o8`WHcloBEt&I@RK)sCO7cH<~4(P*t1NMlU09IE` zd-VdzRqJin_pazibsM%Yg1L9`oG_4crwVv{+Rl;>cQpeZXM?N&1u?`?!Ps3zFsvkj VfrS!Q2lRn)1qm$2)2g800szrX({KO) literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2afa0046f8d883fc21596aeba53ef90f1190e7e7 b/tests/fuzz/corpus/s2n_server_fuzz_test/2afa0046f8d883fc21596aeba53ef90f1190e7e7 new file mode 100644 index 0000000000000000000000000000000000000000..0da5847f3362debfd3eda1eb29e69ee2a4e513dc GIT binary patch literal 222 zcmWe*W@dOAIv~O@r@@9npMeXgS%QI=frWvIiIIVofq@Ok6bA}%GXVKwK;zv67#N%! zSq$bM@!wG6s%=%Obbe3tZ~l(9hv`52-2WO1pE7W45@5-j`}m`n;qL2!xn8b(J<55j zkIhPAl?v!|&-lt|&uP#r0yK(|5oDkS0|P@k5HoCf$M|jAtu4o=2;JnrdvxZ9J?lOG SJo|BMw!OQ9)pU8;qA&oKDo4lw literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2b4334095259766e9111876062796f55f3a54099 b/tests/fuzz/corpus/s2n_server_fuzz_test/2b4334095259766e9111876062796f55f3a54099 new file mode 100644 index 0000000000000000000000000000000000000000..2c17a12148e0d7c388353969ed74d5bd80e3e8c4 GIT binary patch literal 631 zcmWe*W@dx>yowpPL=bOU=TT= zf56~?@B#G$LI*?`<}lbW=reEuHA^t?GO#c(F)=c5F|ZxbXAlR9a5Dh8V$95pYyu37 zKxWh7uk(rn&ZWfvjqhSz-TmszHt&D?gp7q3-@S3H(ZaD!^X?}8i9xTuKFZ}kEB9R8 zUt9SlH*i@Rk4U~v?q!qT4Ysc7Nez6p^&wV_`?K`^UU+4D`f1rD!DluHZzcD;yR|Hj zd>i(7cPd}RxBRHi!u4C;8E#q6^(E@b*5(B^cWwUvkXe3jbJ%p&n!RP~j_4V7JPZ29 z8+h`aiNt&f<6Rd!PEWl2TIBr;%ct`XskJ}O3IAgKxV`9j$+?>c*`!{jSbcR|vFCT; zk)-J&U3E?c90g5tXMWoAbLRScXRMYenX=A*`(u*5k=x>qZz@0^Gn4~^q!=8YDhV#P zq&}-D*e{qnv+SP@UjnP{UiqY}QCmwGzwczg8J=eF@MK`nlmZ4OgJ@!TYH@yUs$ODl zVim{^P@IKA;!Iu5YJ2|IHPRcO{a#d9yGQRNW07gr`KR~F6z?nr+VMa?KQFPoST8w0 z7Zg1VEC)=R_RZKYmV5a?*&EJ9(*?W!?g^6a;rJIfu}cJKG9x3%d<_OD;CT*-@LEKS zGoVK~F!DiBF3t^#_c!ZWI%=J^%QM*L>M|{V`Z73Kfr%kkvqyOX*M=v+gur;?Gs95; DZ-wbO literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2ca70f86f778776fcad42f526d8851b885e0ac59 b/tests/fuzz/corpus/s2n_server_fuzz_test/2ca70f86f778776fcad42f526d8851b885e0ac59 new file mode 100644 index 0000000000000000000000000000000000000000..2cda813159e6e0793bffdf450bd1f5111d925966 GIT binary patch literal 107 zcmWe*W@boZWMD{QW)3giSsy)PxxsUN`C8Fzdrdu|xjRxawp;9M$?5#}yYx2$gUA8> z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8frWvIiIG8ofs=uqt+*hiQs0Pyi-8R&JY9l; Jftvv+2LQ2R8TSAH literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/2d3642e406148a17752b126408469565e50ef78a b/tests/fuzz/corpus/s2n_server_fuzz_test/2d3642e406148a17752b126408469565e50ef78a new file mode 100644 index 0000000000000000000000000000000000000000..ea155cdc8f3039287ecd5be683c6f92c1c4b11bf GIT binary patch literal 210 zcmX@k%*>F+$iR@q%p6|2vp#ypa)amk^0lJb_L^!!b9ba z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8frWvIiIG8ofs>(+t+*hiQeO;cauQH74s5c@ zqvm}pHPyeI*(cC#-p_rSE&Onq-y=uaS{LOaCY&Z4F(|@~W@TUnng#+~3~WH_#2F+Q KxEX+UqHzH?GB0ib literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/31d17054d6ccd7705db17105401be7fe1daddbd5 b/tests/fuzz/corpus/s2n_server_fuzz_test/31d17054d6ccd7705db17105401be7fe1daddbd5 new file mode 100644 index 0000000000000000000000000000000000000000..42b8385433247b822bdac45c82bfe08c0fc2979d GIT binary patch literal 220 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiQ@23`pU76t|eCMHG(E(SIrTbx0Hftvxy6$6^?Ccwbp zqF=l3lB%sl8 zK%+}{syu4mw^H-vmoxhWy3PB!PqT#|E(58E1gZ!Ht58p~UpeE~E}u6I&9;``jZIS& zvJLM1)Ybg4>8tc{9F_w$O91U=0ou*Tz{S7@;)=5{a5Dh8Ak*C#7zDB$S=5%#`Fj1T zRqn+V9_)2ur=PugG0koAvhMkpAGfRY96QxreE{JUMxbNWk0$Ql_c3YbnSCe9ZB5Q8 zPgfV-y0Uv+vew_Ja=!SS!hmoJFkr=jt^qlv0cbiSn*akN&{a)`zs@TTIF}OtH@=H? zb@!_;+r0nn6EYTFeD}t&MhnL_&AXfUCkDOt`Y4zGtlV>Te{JQL+{k5VJR8E9r1fSU)yp`PV?$)wA@@?4T-Kl&L-}0k63)gRX zXSiiO*O#a#$Ad1ae!rgbFtU4V^8%Z@HvfOfFa)*FZ@g7_e({_D9Tm6swv^8MwJ9RN zP-A2S1&0O$6!>Y+o8`WHcloBEt&Qt#*Y~dIpDN(-X*)}Pu%x3H(3>Pgp)eu^=>wCH z-y=uaS{LOaCP^ME~@@tXzFD#$V zKcv?FI4Asz_2c%U<0a>A9%Pexm16bPamAkBg-4R6i*(gF6>tk`FNH YgHw>I<1ePh^^7*qWW)eXN2h_}0Qd-*dH?_b literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3412f14050514dbad2db7120b3b7f10136083dfc b/tests/fuzz/corpus/s2n_server_fuzz_test/3412f14050514dbad2db7120b3b7f10136083dfc new file mode 100644 index 0000000000000000000000000000000000000000..2937cd0a2cbd33f2ac2b1af14294e9cc16acdb1b GIT binary patch literal 93 zcmWe*W{6~DUIL0L|t9YYJ2|IHPRcO{a#d9yGQRNW067D`KR~F6z?nrTJk_YKQFPoST8w0 rmw}6cje!NlP79Eo3_!yqK$e2-1S?_?2Z~sWa|20k1||leQy3WltO__J literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3901ec4dd6f25bd0da8480f6408311529b773e8e b/tests/fuzz/corpus/s2n_server_fuzz_test/3901ec4dd6f25bd0da8480f6408311529b773e8e new file mode 100644 index 0000000000000000000000000000000000000000..8ee3a2eaf93d62ab7c937e98a707c2ecc07eb3cc GIT binary patch literal 454 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy;n8v}zB&|g51Se{y(pPQOAIv~O@r@@9npMeXgS%QI=frWvIiIIVofs26+$QB2RaWen~#DM0z2{14? zIkFhcKjOck##P&@RO$Sl=->PuZ4c9b_PPHx6h39(*d)M`H}~;JF~i;019QDx`FfP| zRv(*{#3~ig>7MbG)1K3yR|IGjBO}N_4F(2=bRcHf@{aM_wp&|{PZ7GwfA{Fj4|~>o T{CW1{*lc@u2dnAwvPEG4veie@ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/3e69b24a7ca126f2f092ab0d35edc479e43d171a b/tests/fuzz/corpus/s2n_server_fuzz_test/3e69b24a7ca126f2f092ab0d35edc479e43d171a new file mode 100644 index 0000000000000000000000000000000000000000..f0cfd61353c1b64d72a75bec8a8ce47870468290 GIT binary patch literal 221 zcmWe*W@dp>EjFxA_w#j z7yz;Q0igpT409N481xyqfO;huco|q2n3xzDxER=gEODR+Hvd*A0Jee{rvLx| literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/40ddee1f0672cc1be05b58ff43c7315ed94c2d26 b/tests/fuzz/corpus/s2n_server_fuzz_test/40ddee1f0672cc1be05b58ff43c7315ed94c2d26 new file mode 100644 index 0000000000000000000000000000000000000000..b5cf175c334592028f713ae214e972754eb4a3bb GIT binary patch literal 222 zcmWe*W@d;UIv~O@hrxzHpMeXgS%QI=frWvIiIIVefepwK2a0er0J&m7)7=CZ7@Qng z4CWv4-%#VKZB?pteoypo{*JbX=|B72{~8LPGH`4XV9A^N_@kKN?(2cMUaovS%6Y4g z%}QdG3g~pt_{wR|Y0xVIG>VZ?%o<2(FfcHr12MyvcZ}b*-P&?|iqK8|yGLh!*t6c_ T&$A!LX4|_vSWTCgEeZnwU6V&_ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/44e81111440abcaccb160983ed58637ad464f1d3 b/tests/fuzz/corpus/s2n_server_fuzz_test/44e81111440abcaccb160983ed58637ad464f1d3 new file mode 100644 index 0000000000000000000000000000000000000000..f9e54e15a2d253914f76bd5dea0d9c77a017c345 GIT binary patch literal 844 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx$o#4BZB z5ILZKz~F%J0rdky2Sga=FxW8YGjK72jKCv>>D|9$3a7tJ@_ z#%?>0sxdb)Fi0@)GO#c(F)=c5F|Ywy;taTqg{h^X(Qs!-FmN*fodoivn*alYlOv1T z@;P6xU$x4;xWa?IPVDrvS1+cyOaIR;Jm{k8_veTfkI0^*@olgZAI2qX4iVIRI^^F)1Y*<<|0;M`=K!6h; Glnnq#sr@DZ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 b/tests/fuzz/corpus/s2n_server_fuzz_test/49fb92a55cfe870cb6c54d7e26f2375fd0c8ba26 new file mode 100644 index 0000000000000000000000000000000000000000..90fd0d7580b0ca553495eb6eb0a9e067b4154a20 GIT binary patch literal 452 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iyR literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/4b40f233209efb5220af3f855f00d090742e8785 b/tests/fuzz/corpus/s2n_server_fuzz_test/4b40f233209efb5220af3f855f00d090742e8785 new file mode 100644 index 0000000000000000000000000000000000000000..ce166131df21b44a2998afcd00e7b64bf672590b GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf$X&B6O4g?$Mba_N@2#^X$j5+4k-ZR@3EWi^3Sc z?*w{I|9}ya-#}hF0<^`9ftLsDH3kMLptpb^u{^anKQ~n`F*mU)KQFPoST8x3SuCHK zivb#vEDXSqOtW7(&fPo>) zkwtC!oUhlfTIF6`;lW-fcKX??7t`D(FYBIv`Ek2S&#_b8)d!9TT~z&kJ>_9!cToHM z##@Ew7taaMQ2`kNb{{j?eKBo0&3mif#crIp^{Q1~vu;263PWHv^C>1~lDGfPsMt zDCp$K@>xgSMs()erYPCGr|T0=#Tz+&+MFf+!0+we868rS{ofsvTpd5Vhr4*jfgCmF zcRKz*i%!XXTI$kzDZs&vDQL0?&@@IykeM1l^T6O=X|+cEf5k>wp@e=ulYNuc{=CN^ Q>-btN&LA#~>lQ-`03q2$O#lD@ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/50ec08ecb15f18fb87246bf27b30f067ffe7102f b/tests/fuzz/corpus/s2n_server_fuzz_test/50ec08ecb15f18fb87246bf27b30f067ffe7102f new file mode 100644 index 0000000000000000000000000000000000000000..0d790d14854e09db09a002f6c9558495f8ce4334 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe z7XvgTSvY_pnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tI#geow&^An^7NaL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+ctjtftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe z7XvgTSr~vJnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tKv6d2t32~q>3bTxl$`YL@K R6x#X+43J!eJ+y(!82~2Xi^u=~ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/58080a322d37e7d8cb9fa7585be92689a971ffd6 b/tests/fuzz/corpus/s2n_server_fuzz_test/58080a322d37e7d8cb9fa7585be92689a971ffd6 new file mode 100644 index 0000000000000000000000000000000000000000..a4005344d8487bcaf975f1872a279c8c78b0a673 GIT binary patch literal 155 zcmZqBW@Kh&U}j)okY`|EeW8|}WaFacQGa`hi2JI~3ctKn3)j|Iv3`;85(6q_ z6abS9NMsWdy8+DB0F(Q`XQFu)VQC%_WG6abt6JOD2M3IPBB7yu0b1ONg80RRdB1^@&A|Nj^O3jhKE02TuS z0R|8N0RjO4g2VNmb5PD?U;ST-1*?nd^tMa>z7jJNqutoXfjB{iDc!OUky7hQ@g8sH zcS);{eR=e4S*B(T6mL9j(=_{mJw<0?fDV0sR5}5_YA*fI>OITlc9Ie1Ji*#yk4Hv? zr&;Y*_ldE-{GaQuYl| z$?h~5pBOW`(TK~D)9V!P=sD$|!X}5~Y*+L<ujZPUPZ>lP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c^( z7#t8jpngE;fC$4J1{(%_eg-a}W(fvf1{MY;CPoG>1~wo|94Nxg0OX1RO?MMuU~qC| zQCmLe>-DQvxffS>u-A#5e)j6cG`Gpiy60bh+^*7d>{NI4f#X3JRli?Pc^KIp)IPuQ zR^j=bi{}LBsJOMarF7n}O%VZ_#mERUQG)>r{IuuIa^JnXd{fZY#`U)Adsp;NRrL6@ Ooh3h5(($ya<1YaElT9T6 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/607ca566813a9fd8120c259b7d63327d2200bf9d b/tests/fuzz/corpus/s2n_server_fuzz_test/607ca566813a9fd8120c259b7d63327d2200bf9d new file mode 100644 index 0000000000000000000000000000000000000000..db461151a1ea10fac1fb1d153261c9009eeb3b9e GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy z-wE`b{sAK-zk$4V1n4(223{Vp*BBV2fZhUv#PZbQ{M=N%#N5QH{Jg~SV!h;CX0d!` zE(T~wvM>NcGR=PFj91zJi^i}#e SD75tt7$CU_duRidGXMaM&Wua| literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/63a5669c9b391eac4033ef6a934d3591d21bb4c7 b/tests/fuzz/corpus/s2n_server_fuzz_test/63a5669c9b391eac4033ef6a934d3591d21bb4c7 new file mode 100644 index 0000000000000000000000000000000000000000..da30d0f4ff5a01b489e36714c9cd450011cd3517 GIT binary patch literal 211 zcmWeTpwE!T$iR@q%pAUR`Hbk&dV}Zs^0lJb_L^!!b9baqF=l3lB%sl8 zK%+}{syu4mw^H-vmoxhWy3PB!PqT#|F7tcjC|m2IT*L%1+7QEN1|tSVpwTQqqZt`k Z8GZvz0|71uHlUa|g9HON15g5u3jpZnGVTBX literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/644b6fef1226887b4ff2a5010af50ddda5ed1619 b/tests/fuzz/corpus/s2n_server_fuzz_test/644b6fef1226887b4ff2a5010af50ddda5ed1619 new file mode 100644 index 0000000000000000000000000000000000000000..aab720e97ba443549f89171f0739d7a3d7d941ac GIT binary patch literal 535 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~w2^oP~j#0mu~tn(oHHAduzA zqPBd_*XviUaxbp%V6PK9{p{6?X>OC3bVZCXdoj4kW~(}wHWMVl?0btQlHfnyQ~Z>H~H@#o%vzUdXGQPejJ-^@9tnVU0${*3~U25 zJZls0u;2msEP#gP0eyH_Hh{c-i;;m%fQg~$@Yi|80q0WU|HgN*uI_&IWt;cEeL}{< zi|^hz)@b3_rg?W0f6!~Mk8=6X$~{;2*H(VXja-(-Ba&~Ed)ef7qpfRtQUhOYeTWs~ z{w%$}7hc((ep)t3@R`lQTgm8v$-%htK*8FoAi`o<{{+VgYf`g>=rmMEFA z&VT!3lD(1J;*M`BP5Wl-7t6hTpzIANa>!y!sVE}Aab^_S@6 z%D~I`eJ3z_^$!>!B_B{`IRZ=?X7Ieiz{>;9H4F?=z#IbviRG!q`MIfjiMfeY`FV-u z#d^uP%wqY>Tw2gf%EAEjdYb*p8MeQ6H8lIYvHWgqnxc@67B(OSzgGFYX=t_uDloY7 z6Ql-6>1zJi^i}#8a>8T7$jQigjR8v@!c6#kf~0#m{>4q~5@BXwf#y;MXmJ2C01SAZ zgY!o%8-p&Wgm|;ArK8qqyS#m_F4OX-K;OR%PFBd()cgT1IC_*PFmP>na^v$+0A=@& Ay8r+H literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/6cd78a8da79f922be614c8e87c33fa891f0fb8b0 b/tests/fuzz/corpus/s2n_server_fuzz_test/6cd78a8da79f922be614c8e87c33fa891f0fb8b0 new file mode 100644 index 0000000000000000000000000000000000000000..75c50d29db04696f5a902c21bd7194c3e950bc5c GIT binary patch literal 636 zcmWe*W@d=gWMp7qU}g+2-Kl;wasR%LNjuN%J5g?Ha!z@=y71QL-RqLI{!W$iWnd6F zpnt&NfbaqJ140Kx80Ik8Fz7RI0X0i7urjbPFflPQa51nQ&}R?_if}V9F*b-XGc(>| zWMC6uVrV-2bzX76xs>?7@m;K|yI+0T=KXJ^xEsAT>i6i z&(;04m0xlrm!FX>zba_z*k!zV#T;WOYiT6SGK30mQ50TW^?dXa=*J< z%ks##VUKsG@TO7fl!J`unrb{jZ_$DFeqQ z0hYYEk3WhT?!F$F>*dPVqnx+;*sLU0sen%RjIW&boCdujK=T+GL8fW|!zvvVU|ZfX ze%p3y%ke2fH~H@#o%vzUdXGQPejJ-^@9to=CrG-7<6qpwE@XY6lmrAk&!@}F7KPQm iS=Z80>$F|oK3A7%`O}xd$qKoeJ<1cfHaxlU`6vLwclkR2 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/748090ea78474233c097f9d39e17afe0e1979ec1 b/tests/fuzz/corpus/s2n_server_fuzz_test/748090ea78474233c097f9d39e17afe0e1979ec1 new file mode 100644 index 0000000000000000000000000000000000000000..b1211fecf4aabf49a8259cab1a644a347e2b3c1d GIT binary patch literal 95 zcmWe*W@dl*2e&wei|tlgt`lCj7%>-^JuWr}wWXfTL8 w&}T?LAbddmfY1RGhB*v24EhXQK;04yybLT1OiYXnTnubLmN-y^n*qoL0IWS2RsaA1 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/7616c8758af20ae270fd54aa628d92ae050b3cea b/tests/fuzz/corpus/s2n_server_fuzz_test/7616c8758af20ae270fd54aa628d92ae050b3cea new file mode 100644 index 0000000000000000000000000000000000000000..33d99b1d8f0785887f6d847f7698e3ac187bac96 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAMf--N+_19|NT&=xZWULLU57#O60-U5Qe^3>w|+*G~9+{CKt SRr)w6wDk`d5Daagas~hvFpIVT literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/76969a70a995caeed6a406134a98cf544abe65da b/tests/fuzz/corpus/s2n_server_fuzz_test/76969a70a995caeed6a406134a98cf544abe65da new file mode 100644 index 0000000000000000000000000000000000000000..f3e7e8c8e30bdc4b29a8c878527d1fb314509d1b GIT binary patch literal 220 zcmWe*W@dOAIv~O@r@@9npMeXgS%QI=frWvIiIIVefepwK2a0er0J&m7)7=CZ7@Qng z4CWv4-%#VKZB?pteoypo{*JbX=|B72{~8LPGH`4XV9A^N_@kKN?(2cMUaovS%6Y4g z%}QdG3g~pt_{wR|Y0xVIG>VZCWS|BE14B9xGj4gu_-)&*Eyt$_-Q>S}bmoUW>plKF Q`*FL0CL5Ern?C+FgUrg z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iyGHBgVF0}`NFo3L literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/7dfa5648d47a09a88133b099fd992ddd3e9d787d b/tests/fuzz/corpus/s2n_server_fuzz_test/7dfa5648d47a09a88133b099fd992ddd3e9d787d new file mode 100644 index 0000000000000000000000000000000000000000..c2ee3fdaebee7d945f118664206c5b23cb75fb08 GIT binary patch literal 220 zcmWe*W@fNvWMBwoW)3gish(!Pa>lP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n2M&lZ z954_*pngCI$eP1o!=TT=1=K6Sz{|kG(8R>Zz{S7@WQhYsxEX+4F`(gY0t^gJjx1`+ z=X||>)hhSm3J>-=vD439y_n`Ud0F@T%a7YtdXAmqu0C))=%VWP>nRT-yMx;2H{L2d zzjN`N038*#_O_JH`?V<|K(iPbK_+T2K!Kn3yjkwMcb9Jp+S<6@c75-P{;2{UpSH8) M2TMAhR(1RZ0Q+!F1poj5 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/7ff26dd574e66a7f3425f1aa68717beb16a6943a b/tests/fuzz/corpus/s2n_server_fuzz_test/7ff26dd574e66a7f3425f1aa68717beb16a6943a new file mode 100644 index 0000000000000000000000000000000000000000..d8277a1e462cc1a66509fea7e64095b0d8b50d42 GIT binary patch literal 2413 zcmajhTWHT=9LMqBZ~vK@3ES+DWacz8kwa^;(yUAvg+z`Qm_rUZ&&;rd3&aItNK4xV zb|tiBX|=XoQMizh!xiO})WXyIbMq;Qi&vk%dw$RV`F)?~`6W9MM=5a>*CZ0zA;vxU z4BIgm=VC9G<0Y)cE}V|5u>|YzFxKN@Jdc`ZF!?I3!Ub4?nlpvmX09U_VLyC>gYYI+ zV*_^La7@QXxCVdXaa@lvZbZFx0r@#bSc#ga#d5RdEX$eX4xDItyyZ!ji!G~5dbY3C z$66j~*?&v@(X)j%W|U>EQ)AMoM|j1u_DJ;&R^M!Sise$vmn}D1?qfOG@(jymmen_{ zVH$O~`3ww3XF@GibW-K=ZmuwL!OB%aTC77MR*L`QRh&1 zs*1{WY(kyPZRGv<8`WXGyZZl@`dZY@Z6J5x3Dh@4T{=ZYCq#Em_gCj!PgO8RC%K%Q zjyfj~$*=JP*5fC9jQLg>LDuf?CeOw%*oj4W05ef<fC*u*+o?aj?#f7N%Jxx}ZO35X-1U1hK@;NL+z590ZJe-5-e-Bx=V=8$xYQOG~ zcc8kloZNy(u@dj0-cDa6t@b;0t>h$m8GglXoP`(hC4NKgS04EW>O9ntbFt3;T20oO zZzikHx*fGt?xVij8mSo`Q13$Rwf6KEl`VJ(pWstW#zt&H%`k@i1J&CJ6 z$GzB#>bZ7d1r`0S_PUjdI;kDeY0 z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8frWvQL4bjift{_mAf-}Y3}|i=P%4g@xpb$> zqvm}pHD7)?vrnMgyr26tTlnEJzekR;wJyp<2lSaR4EBN=Y{Z}lHkpZuk%5(gl@Z7V X0xkwNpl#v|5)9l7KnW;U6UqeuqZKhK literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/846e7d9db260a828911d6ef7393f31b57573d6da b/tests/fuzz/corpus/s2n_server_fuzz_test/846e7d9db260a828911d6ef7393f31b57573d6da new file mode 100644 index 0000000000000000000000000000000000000000..cbc1d2a18f818b08618e32a039112bf394a57916 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4VLunTR^{g z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8frWvI=>UTO11AGJTX8{3rM?)@OAIv~O@hrxzHpMeXgS%QI=frWvIiIIVefepwK2a0er0J&n!Obl)U3=B?= zEC%zB_;09j)wU{CI=?6SH-AUl!}Onh?tcx1PZ>Bi39#hNef&|(aQF4VTrXF?9_75% z$7Ut5N(FSfXME+f=QQXQ0UE`~CCYS literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/8e01b98bfcec4abd3e12df9e6a92e297343bdd4c b/tests/fuzz/corpus/s2n_server_fuzz_test/8e01b98bfcec4abd3e12df9e6a92e297343bdd4c new file mode 100644 index 0000000000000000000000000000000000000000..55fafea4b89f3f8989cfcafb237092d6e0168328 GIT binary patch literal 103 zcmWeTpwEz$&cG1I%p6|2Q{_?fzLlCUzns}8&~4t&eVQ%&aGBpDN7-5zXQFu)VQC%_WG6abt6JOD2M3IPBB7ytkO1ONg80RRdB2EZ=>7vlgJ01E&D0e}_* z0|5pQ009C40D{Byo^w#nWMBPXiUq5S>h!it{=O136QckC#(_9NhAG{$50O&qO7R|V z=66Y}k9~RcZCR#f3>0rXZPPUSfjvcMVt@{Pe^fdFziKZ1(CR(Q<#v)0<~+gLV~xD?iWCC_0099O0|Njk00000000004Cj69u7rqvLbo43Z7l+)<>^ynAZ;m( LBajNPL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iylP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~w2^oP~j#0mu~tn(ijRz>ww0 zqPBd_*XviUaxbp%V6PK9{p{6?X>OC3bTswCBxo-@UthQ_$AN^|tGKSM*O6@c6Wy zB|liwQS5*|DgF}1<1@I&SQx~Cek0&9;(Z443sTU>wBHnSijF438J%O2tmFZXZS&F~gbzM? z0|p0#52zmyIv~O@hrxzHpMeXgS&@O4frWvIiIIVoffdLH0xkwNppZC&1Oqn%P#gg3 Ca27QH literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/91fcd5ff0bffb032addf798314aca80737b37c4c b/tests/fuzz/corpus/s2n_server_fuzz_test/91fcd5ff0bffb032addf798314aca80737b37c4c new file mode 100644 index 0000000000000000000000000000000000000000..256fe0e9cd845f3335c1b7c312b4e8c52a9eff13 GIT binary patch literal 346 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy%PpzTY6|uX=FTkpXTz7ks=HS{ z>1x#05)B3hhIAli*z%6?+qPRw`q7waYG=c4-^0MD>y=>Px# literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/930df04e0442a4137a134933e1f347bf662f1130 b/tests/fuzz/corpus/s2n_server_fuzz_test/930df04e0442a4137a134933e1f347bf662f1130 new file mode 100644 index 0000000000000000000000000000000000000000..542c863d75531e74b8fe9750df53fcadc9de93b4 GIT binary patch literal 1070 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~w2^oP~j#0mu~tn(oHHAduzA zqPBd_*XviUaxbp%V6PK9{p{6?X>OC3bR2B-ayiRulHb4op*M zi5(hLuv97nj5kI`l-OfHN~TEZnt0z*<`z}QUrdeb8Ew|%bQD|#Bm*%3a}a_REEz26 Mcv=;N9Dn@+04J(vp8x;= literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/956793ab6bd4799d31aa882d3f65f380e12d2532 b/tests/fuzz/corpus/s2n_server_fuzz_test/956793ab6bd4799d31aa882d3f65f380e12d2532 new file mode 100644 index 0000000000000000000000000000000000000000..11a70dd0f24326477213cdb32592f671107b4f3d GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe zmliZ6Sr~vJnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tKv6d2t32~q>3bTxl$`YL@K R6x#X+43J!eJ+y(!82~Oji{bzP literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9aac37c30521cf43803b938f56798f913ec56d60 b/tests/fuzz/corpus/s2n_server_fuzz_test/9aac37c30521cf43803b938f56798f913ec56d60 new file mode 100644 index 0000000000000000000000000000000000000000..a067c6847319adf39d3260e1f9341e54c213773a GIT binary patch literal 292 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iyGuGAP?wc^}wwy$EOJ0OAIv~O@r@@9npMeXgS%QI=frWvIiIIVofs26+D8j-Z4ix2P01Al#ZEzD{ zU~qC|F_?eEe?yI{wpFRp`90CU`8(PkrvL17|7$3G%D}NnfF*D4&?rVmkbxQu3=HW&%&_GhnIAi^+*!G=Mff$IoRvk?O?0}BHa6OhRu#UKVWG7`uP1skaz)0We`x9VN& z#(7(>%J#p{T=#TSn}pR{wQX+`+8ummn&b7 za^C7=vyxb)0y^C@zH-`g8uW?)jbda383+Oz=|E!3JH~I@Zf!X}Md&6!1H;{;Gp#@D zS?}@Z*^gth?cE)$rb{p|q=_b$rxxeurs^f;CRXL=C6>z<%NB*{CFkcdpt%(Qa3W`^ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/9fee6cc591d539529c4e799e12cbad9a8a5f12ce b/tests/fuzz/corpus/s2n_server_fuzz_test/9fee6cc591d539529c4e799e12cbad9a8a5f12ce new file mode 100644 index 0000000000000000000000000000000000000000..fe373b1f44b0b9e0e05abc17b956b160db994d93 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4Vgz+(h83Qj5*lP?7Qb2D3L1KAoaei*9USe)yReoM#d9hw{F0)uZ zGnW=LBv}}MA(>{sa>lP+K5rVDZ7shWo2Dpag8~C7sKE+W!4w$W`3X`3q;xfZZ2BsF S92DC62Mmy0ggvx@${7H`ZH&bL literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a17fd449bc026a1d650c6c0f18519e407a77a95c b/tests/fuzz/corpus/s2n_server_fuzz_test/a17fd449bc026a1d650c6c0f18519e407a77a95c new file mode 100644 index 0000000000000000000000000000000000000000..74806b6489f6d76902ed6aa01c10ae3659be8103 GIT binary patch literal 107 zcmWe*W@boZWMD{QW)3giSsy)PxxsUN`C8FzdrdW=xjRxawp;9M$?5#}yYx2$gUA8> z0|p0#52zmyIv~O@hrxzHpMeXgS(Sm8frWvIiIG8ofs=uqt+*hiQs0Pyi-8R&EY2Xo Jz|8=Z0|2T@8E*gp literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 b/tests/fuzz/corpus/s2n_server_fuzz_test/a3ee57d5703b76d18e57a5d6a7640aa5f82442f8 new file mode 100644 index 0000000000000000000000000000000000000000..4f1a4eae47dfbba31accdf3bf34002a3520b1dde GIT binary patch literal 124 zcmWe*W@ad7WMC*}W)3gisgmGwOX{nIAi^+*!G=Mff$IoRvl#;~0}BHa6OhRu#UR1JAeva7TAZJos+X9XSe2ib YSYE7`oS)0U#lQwsCk|A>%>Yyk0Ggp5-v9sr literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a51ae5a15789422b618fa986efc45d21703ba550 b/tests/fuzz/corpus/s2n_server_fuzz_test/a51ae5a15789422b618fa986efc45d21703ba550 new file mode 100644 index 0000000000000000000000000000000000000000..55b1062228c35f8f13755d07962449160baf2ba7 GIT binary patch literal 220 zcmWe*W@fNvWMBwoW)3gish(!Pa>lP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c^( z7#t8jpngE;fC$4J1{(%_1}>mp2?kyU76v9JMg}ehHXutJD8kJEaB^f( zTR!LO^{ZC77gu<&*NL5e_Ugqnx5>-8=U;x@uF`YtRCo1(<3Sfyzh6&z7}*`vKELr+ z;rX45=LG1exV5*Xbl$H`5doUT$Otk~g8>TswCBxo-@UthQ_$AN^|tGKSM*O6@c6Wy NB|liw@wBSrF96weO$7h| literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb b/tests/fuzz/corpus/s2n_server_fuzz_test/a6511c6ef66c8a98d28843cb6e7c13c0e38bb7bb new file mode 100644 index 0000000000000000000000000000000000000000..8558142cdcae355369853c21a33fc1e0c0edd364 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe zmliZ6Sr~vJnP$IohV8Fi4b47pEWaC@rYK~C0s|?iK?;7Y@_EzHYztIiaOWpT4Up2+ Y{ITh)^l?yV>mM*cauN2>1}bL&04q?7;s5{u literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/a8049730ee6ce2666eea3219f18d1a379bbeee1c b/tests/fuzz/corpus/s2n_server_fuzz_test/a8049730ee6ce2666eea3219f18d1a379bbeee1c new file mode 100644 index 0000000000000000000000000000000000000000..13468d419a1d226975c63fa39829f0022ea1e205 GIT binary patch literal 219 zcmWe*W@boZWMD{QW)81Se9D3cFffQ5&_7^sK=^?A0igpT409N481xyqfSOeqco|q2 tn3xzD1Q<9O*x8B;QY!V07`PbNfWqPo5)9l7Ksj-sRg8)tGF6ct002+q8gu{v literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a b/tests/fuzz/corpus/s2n_server_fuzz_test/aa6b67ae4cbab0484c49fa7a0bd7ec0244a2ad0a new file mode 100644 index 0000000000000000000000000000000000000000..ac3b46136ed279d2b5a7ed32b5e82f41cf143a07 GIT binary patch literal 663 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtFdaUui(eB(M|eqh~BPc&;yBE1GSu zsU|dcM@q(ai=8bwo&SE9{sx7b{s99dlVPEz3Jx_!1_1`n;{4oHy~Nzas{Fjf@?yPY z26ndMf|N>qkUhD~V)@Km4A59&VF1Qbn*GWdzjpb&X=t{!{BCTTqL2+zh!l-r1*^ac zl7P;PV`eVhsq(0K-%8DwU(W0k=r-@?KFt<>xXka7qin5lP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~w2^oP~j#0mu~tn(oHHAduzA zqPBd_*XviUaxbp%V6PK9{p{6?X>OC3b$Otk}g8>TswCBxo-@UthQ_$AN^|tGKSM*O6@c6Wy zB|liwQS5*|DgF}1<1@I&SQx~CenWUnfPn$iW5oLm(k-dpu9cH_LQS7rO( zXRdb9eA8|0w)3bOa})NU2YL}L=%Frzg_#Ium@yy)nyTY3rpEP*Hqek`fCk-Zpf~{H CXS3e` literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/afeac1756d23c16841369d957a721a89a78d954a b/tests/fuzz/corpus/s2n_server_fuzz_test/afeac1756d23c16841369d957a721a89a78d954a new file mode 100644 index 0000000000000000000000000000000000000000..40d3257de6579e780a920465d97a7f655efcd257 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iyVs2tpeqLgEv0id6vsgYe z7XvgTSr~vJnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tKv6d2t32~q>3bTxl$`YL@K R6x#X+43J!eJ+y(!82}kni?;v( literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b14081b4a943667906a36cdf3781b33dd48f4dc7 b/tests/fuzz/corpus/s2n_server_fuzz_test/b14081b4a943667906a36cdf3781b33dd48f4dc7 new file mode 100644 index 0000000000000000000000000000000000000000..05c5982fb24610b465e1ca8f43a208c0f0498633 GIT binary patch literal 220 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~wo|94Nxg0OX1RO?MMuV90W0 zQCmLe>-DQvxffS>u-A#5e)j6cG`Gpiy60bh+^*7d>{NI4f#X3JRli?Pc^KIp)IPuQ zR^j=@a{_c!+}hhxI`7w}hyaaZWCR(g!2kt*+Vf_)@7`U$DQIisdfWBAEBdDjczoK< Nk{>MTcv{u*7XZ-tOu+yE literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b1551a4704c717bf39fb2f578a6824364d907598 b/tests/fuzz/corpus/s2n_server_fuzz_test/b1551a4704c717bf39fb2f578a6824364d907598 new file mode 100644 index 0000000000000000000000000000000000000000..8a7b230eda900aade3b744e19ca177f9947188ae GIT binary patch literal 453 zcmWe*W@dVZCXdoj4kW~(}wHWMVl?0btQlHfnzxd?k`1C=uX0107>FaQ7m literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b182f6030636315a90398ac5268701805b6838e9 b/tests/fuzz/corpus/s2n_server_fuzz_test/b182f6030636315a90398ac5268701805b6838e9 new file mode 100644 index 0000000000000000000000000000000000000000..07da416ffd5b1849b4723ecf237d0aaba38c2a8e GIT binary patch literal 452 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy;UIv~O@hrxzHpMi^!fkA?Smw|an-geRXV>X`Zs?^+r#vqeeQn^g-;ncHVLrg&3*h)%y9Shz+5j^z8>Yg z)yHNfNdVZCXdoj4kW~(}wHWMVl?0btQlHfn%-hkx|?)(HP0aCh}KQ?`p YKF**ZazOup0g{8Dfz5~-*g)kB0BV|xuK)l5 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b70a453e74f113e3edb6757d887508637215c14a b/tests/fuzz/corpus/s2n_server_fuzz_test/b70a453e74f113e3edb6757d887508637215c14a new file mode 100644 index 0000000000000000000000000000000000000000..27aeaee06e82abcea301a19f109b8176c7a73a25 GIT binary patch literal 455 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%+EAV@4vEzZwPU6+`fSe2ibSYE7`oXaeh z&&;I-4N4Y<6ku4U*{_`OYnRWPhGtvK@5ZJn3fZ9GKniTIf>kgD26ujf)Bq`6%^#b- UN*@P>xBdYGBqw1HZ=iAp0KJ-xWB>pF literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/b8a638fb7ebf8922dc6d51f2ec370d30b09af827 b/tests/fuzz/corpus/s2n_server_fuzz_test/b8a638fb7ebf8922dc6d51f2ec370d30b09af827 new file mode 100644 index 0000000000000000000000000000000000000000..6893f6f14085af49bde0824f36ed69c7612b0b3d GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4VnIAi^+*!G=Mff$IoRvl#;~0}BHa6OhRu#UR1JkS3Z~o?4uro2r+Xn^={f Zmsnn`mzL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av$fnEtftG$7KJf> z-wE`bKFn{LV9$a4b_8gR83Qj5*l!FBQb2zJL1KAoaei*9USe)yReoM#d9hw{F0)uZ zGZzCiDAidQc9y2uublB~m(QDqW?Ree#-=F>*`Uxs3Tv=}RWJnxcYcD@04ZI~ADg~P R9|r}u{s9Am!3|W-004jsi^~82 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bb80164c0ecb30f33a56be6b511653ba20f79991 b/tests/fuzz/corpus/s2n_server_fuzz_test/bb80164c0ecb30f33a56be6b511653ba20f79991 new file mode 100644 index 0000000000000000000000000000000000000000..64f401513b20e1f59b279ccef30c1e267381f725 GIT binary patch literal 455 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAL&za0TuW5&SC1NIvOgA~wTK#*9TTAZJos+X9XSe2ibSYE7`oXaeh&&*`Uxs3Tv=}RWJnxcYcD@04ZI~ADg~P9|r}u S{s9AYC!qzm78?UlJp%wL_lzC@ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bb96baf87a2efac350177031cc0497c576404203 b/tests/fuzz/corpus/s2n_server_fuzz_test/bb96baf87a2efac350177031cc0497c576404203 new file mode 100644 index 0000000000000000000000000000000000000000..42a85eb0b55e79364e681fe224af35ddf6ca99ce GIT binary patch literal 412 zcmV;N0b~9a0|NkA0RTW%0|QrexhKV8zrOKexy-)EcRe)DBbO%=wW*7)V=DcX9!&rM z6u>XQFu)VQC%_WG6abt6JOD2M3IPBB7yu0b1ONg80RRdB1^@&A7XTOl3jhKE02TuS z0R|8N0RjO4g2VNmb5PD?U;ST-1*?nd^tMa>z7jJNqutoXfjB{iDc!OUky7hQ@g8sH zcS);{eR=e4S*B(T6mL9j(=_{mJw<0?fDV0sR5}5_YA*fI>OITlc9Ie1Ji*#yk4Hv? zr&;Y*_ldE-{GaQuYl| z$?h~5pBOW`(TK~D)9V!P=sD$|!X}5~Y*+L<ujZPUPZ>L0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy%PpzTY6|uX=FTkpXTz7ks=HS{ z>1x#05)B3hhIAli*z%6?+qPRw`q7waYG=c4-^0M3VI=l}o! literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/bdd6b65c3c1fa6fad481d987387674130487152d b/tests/fuzz/corpus/s2n_server_fuzz_test/bdd6b65c3c1fa6fad481d987387674130487152d new file mode 100644 index 0000000000000000000000000000000000000000..7535eb271b146849d2005ae4553409d47d89321f GIT binary patch literal 866 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAL&za0TuW5&SC1NIvOgA~wTK#*7t@)t1F9H60gG;#mFk4Zbv>^o6zYjRF` zy1MYzmEG%-wf;_(^96;P{s9AYlL>?xBbxvNBQOA)4u73j9B?ir{%?F2>+0@TU$%Mw z+b3i!y!h^oV~rM$ZJKvC@lOnT?e$SE|5>@`>i*iwFS(J+(s)GjZE`Q0{BE>$O;2jz ztE~^QV%(pl_xHjp+tW|WCJ8>XIe06%-`%ZcdF0!$$GcPcBEIEEbr!DQ^3HI}daf@~ zPqsEMu(@mV|A)--dz-_iv)1e_Tj!!@*zqjr8*kvrcP0|^C5(4n>^ME~@@tXzFD#$V zKcv?FI4Asz_2c%U<0a>A9%Pexm16bPamAkBg-4R6i*(gF6>tdl literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 b/tests/fuzz/corpus/s2n_server_fuzz_test/c48c6eb4c5186e19bf1cc308fd7acd2255ccf997 new file mode 100644 index 0000000000000000000000000000000000000000..ca979a4a1304893ac5a6088ade6ae2467ad30a77 GIT binary patch literal 222 zcmWe*W@d1~wo|94Nxg0OX1RO?MMu00JjR zmd`rsHlj1%Hbu$iJzbx0D&EZL)8;Jk2Yzq&&ghVu?EmhV11J4&lP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx$oP^F=S zl`=4h9MC^ta6tHg`T?N>A`EjFY#8(zxEMi3;E@731ZsLrTTb)ds&}y)=WV?z+y6du zwTtGPZezEdN7a~{7#JiNco|q2n3xzDxER=gEO7>0#=_Ln&}g_bBpA3EfKCE=(oKMY z!O4+DZTXz9*RNXTUR>e9UMF_?*{c`R+$JyUo`3l<(8)mM?J7OTPIXrwI39FS_51ad zhmqYu?eiON6`tR@cus(hid%bIO6UFB6cM0_jNri20D2S*fcE%l&zt4Gdw2P!psgS) z(}01O1df{eXoeZf4W8@E*NSG_YpMy&-I0>9-C}1;PUpYhrN4n8)wteveea6?sRACK zwzK31OFEv$j4f5iU%&`sU{FN~YIW-R5gdgAr1?~s_C6J0;ACKDD=tW>)Hh;4uwiM< O2$bre0Rc{YP&NR?&ixAj literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 b/tests/fuzz/corpus/s2n_server_fuzz_test/ca9b9d0bb6fe2f7b785da0d484c03f72dd8ff395 new file mode 100644 index 0000000000000000000000000000000000000000..aab78be52c63e2bfd681f2f21b9b6dc14b9a953c GIT binary patch literal 417 zcmV;S0bc$V0|NkA0RRA10|QrexhKV8zrOKexxUQEcRe)DBbO%=wW*7)V=DcX9!&rM z6u>7iz!ShHz!Jb#0Gt3k051Rv0RR9P00jU900II5015yGz%Kw702lxZ00IGk76StT z+5rFt5CQ;#!}XqXP|jpu{a=a&tBdONwoCrL5;GH{-Pp!~I8s6DvfU|$4@&VKZ{~MN ztB-wo^le$DW(*W>JOBUy0BzGW`++@0XJUX3eScIs0l#W4{m|+?%jI^G5#~I>+GCGL zMuewX?N;NvWe!;OZ(50Que9zlvxD?iWCC_0099O0|Njk00000000004Cj69t|*9oLbo43Z7l+)<>^ynAZ;m( LBajNPL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe z7XvgTSvY_pnP$Io#;;vIZyK6yEx#L^rYK~C0s|?i!3tKv6d2t32~q>3bTxl$`YL@K R6x#X+43J!eJ+y(!82}yOi@*Q? literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ce83b77db7986c3739ec27a937d3f2695c83408c b/tests/fuzz/corpus/s2n_server_fuzz_test/ce83b77db7986c3739ec27a937d3f2695c83408c new file mode 100644 index 0000000000000000000000000000000000000000..cff347803a40041e975ba3a47e674093e0fa17f0 GIT binary patch literal 221 zcmWe*W@dOAau8vd(_q7(&%g!LEWyCbAi}`J#LU3Oz{bGBAPyAaW?*7u5CfX-Ccwbp z| zWMC6uVrV-2bzX76xs>?7@m;K|yI+0T=KXJ^xEsAT>i6i z&(;04m0xlrm!FX>zba_z*k!zV#T;WOYiT6SGK30mQ50TW^?dXa=*J< z%ks##VUKsG@s<5< zJDvr7;|)Cd&O~Cqgz>J69j7N=el7C;h2_)vht%31=Y)T;e%xMkyyV=?gKSc-Qmno@ zuGsUt@JP~hk*+$Y0*->FxidfQ`8jj_y)#xzl+0M?zx^@E-pFln$2XOxeKYopNG8d2iLb*p2hHUX|^CpSjva^G&z0+s>nE%uS%s)xZ(Dyok^R zvS6Xh05aW8fPuluk;P#C5&sP}uG&_mO6T`P|K{&#dzijxx?tDepMCCs4TVn`I5r8e zAJ<+SHC=oJB)$H)jWRRb7U>7WqX@{aM_ zwp&|{PZ7GwfA{Fj4|~>o{CW1{*lc@u2dh0n(mfpi;wE;X>H}$G;CVh>UbZN#_RYGM fj#{Vf^7gs9Ov|6X3{FWXQFu)VQC%_WG6abt6JOD2M3IPBB7ytkO1ONg80RRdB2EZ=>7vlgJ01E&D0e}_* z0|5pQ009C40D{Byo^w#nWMBPXiUq5S>h!it{=O136QckC#(_9NhAG{$50O&qO7R|V z=66Y}k9~RcZCR#f3>0rXZPPUSfjvcMVt@{Pe^fdFziKZ1(CR(Q<#v)0<~+gLV~xD?iWCC_0099O0|Njk00000000004Cj69u7rqvLbo43Z7l+)<>^ynAZ;m( LBajNP(l literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d3ecb2272881147baf41e391bc1a6be7aeab425b b/tests/fuzz/corpus/s2n_server_fuzz_test/d3ecb2272881147baf41e391bc1a6be7aeab425b new file mode 100644 index 0000000000000000000000000000000000000000..e7c45d20cfe834a673c0348058754143dcc7f670 GIT binary patch literal 413 zcmV;O0b>3Z0|NkA0RRA10|8fcxhKV8zrOKexy-)EcRe)DBbO%=wW*7)V=DcX9!&rM z6u>Vqz!ShHz!Jb#0Gt3k051Rv0RR9P00jU900II5015yGz%Kw702lxZ00IGk76StT z+5rFt5CQ;#!}XqXP|jpu{a=a&tBdONwoCrL5;GH{-Pp!~I8s6DvfU|$4@&VKZ{~MN ztB-wo^le$DW(*W>JZ;l7`++@0XJUX3eScIs0l#W4{m|+?%jI^G5#~I>+GCGLMuewX z?N;NvWe!;OZ(50Que9zlvxD?iWCC_0099O0|Njk00000000004Cj69t|*9oLbo43Z7l+)<>^ynAZ;m(BajNP HTOfA+cmH55K&;MgRmD8TnpjQNF6eGwyB*z|2+`sQ*(#|vcPL$i4oCC{hFfcHr12MyvcZ}b* zDNk1y-nz1TU9#5SsdBy`_v;@pfVdy%`U4^`_utxbe2UOb{<}wKe%Q0#qF=l3lB%sl8 zK%+}{syu4mw^H-vmoxhWy3PB!PqT#|F7tcjC|m2IT*L%1+7R7nMg}7WMWE3vK%*HM aSQ&l;O#=Zg1~#CWID-TOHv>=tjSB$&Uo#W{ literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d82129804de6c7e0b81378dd6f1c646d45df4653 b/tests/fuzz/corpus/s2n_server_fuzz_test/d82129804de6c7e0b81378dd6f1c646d45df4653 new file mode 100644 index 0000000000000000000000000000000000000000..16935b663d2777334b077c38587d89906156afb9 GIT binary patch literal 125 zcmWe*W@ad7WMC*}W)3gisgmGwOX{nIAi^+*!G=Mff$IoRvl#;~0}BHa6OhRu#UKGB84}A=i}Q0+^%8RvtMc;_ X%Zv4r^K%)v7}$Uc#eqt=8Gxz*t?VAl literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d955a22ac20ea4459034b048db1a3c8701409b39 b/tests/fuzz/corpus/s2n_server_fuzz_test/d955a22ac20ea4459034b048db1a3c8701409b39 new file mode 100644 index 0000000000000000000000000000000000000000..bfe2fe57ece9563c988f0f6046118548181c2451 GIT binary patch literal 221 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy86U literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/d979650293c99d4b605dcead678f9157fd2caebf b/tests/fuzz/corpus/s2n_server_fuzz_test/d979650293c99d4b605dcead678f9157fd2caebf new file mode 100644 index 0000000000000000000000000000000000000000..08c5bbba9d2c3b22c9e11a262bea52cc63aaafad GIT binary patch literal 454 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAL&za0TuW5&SC1NIvOgA~wTK#*9TTAZJos+X9XSe2ibSYE7`oXaeh&&*`Uxs3Tv=}RWJnxcYcD@04ZI~ADg~P9|r}u P{s9AYCt(CPP&oqtpCXI& literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/db9a582acf91d7f8b781edbfc7c98dece48a0689 b/tests/fuzz/corpus/s2n_server_fuzz_test/db9a582acf91d7f8b781edbfc7c98dece48a0689 new file mode 100644 index 0000000000000000000000000000000000000000..da6a570a778211757ce9d018ff8e5c279fc213b6 GIT binary patch literal 535 zcmWe*W@dlP+K5rVDZ7shWo2Dpa8{GM+tNCNoSLx#n3?c{g z4;UN}KA?U;=zs{r90nT(eFiR|W(fvf1{MY;CPoG>1~w2^oP~j#0mu~tn(oHHAduzA zqPBd_*XviUaxbp%V6PK9{p{6?X>OC3bTswCBxo-@UthQ_$AN^|tGKSM*O6@c6Wy zB|lhE(oyVyJ`RsrVDp$T9qF=l3lB%sl8 zK%+}{syu4mw^H-vmoxhWy3PB!PqT#|E(58E1gZ!Ht58p~UpeE~E}u6I&9;``jZIS& zvJLM1)Ybg4>8tc{9F_w$O91U=0ou*Tz{S7@;)=5{a5Dh8Ak*C#7zDB$S=5%#`Fj1T zRqn+V9_)2ur=PugG0koAvhMkpAGfRY96QxreE{JUMxbNWk0$Ql_c3YbnSCe9ZB5Q8 zPgfV-y0Uv+vew_Ja=!SS!hmoJFkr=jt^qlv0cbiSn*akN&{a)`zs@TTIF}OtH@=H? zb@!_;+r0nn6EYTFeD}t&MhnL_&AXfUCkDOt`Y4zGtlV>Te{JQL+{k5VJR8E9r1fSU)yp`PV?$)wA@@?4T-Kl&L-}0k63)gRX zXSiiO*O#a#$Ad1ae!rgbFtU4V^8%Z@HvfOfFa)*FZ@g7_e({_D9Tm6swv^8MwJ9RN zP-A2S1&0O$6!>Y+o8`WHcloBEt&Qt#*Y~dIpDN(-X*)}Pu%x3H(3>Pgp)eu^=>wCH z-y=uaS{LOaCP^ME~@@tXzFD#$V zKcv?FI4Asz_2c%U<0a>A9%Pexm16bPamAkBg-4R6i*(gF6>tk`FNH YgHw>I<1ePh^^7*qWW)eXN2h_}02wBkx&QzG literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d b/tests/fuzz/corpus/s2n_server_fuzz_test/dec7a9a6db79482d3dd6d4097dbbba741a2e7e9d new file mode 100644 index 0000000000000000000000000000000000000000..f6d63e896853658f3f77e5c33952786a8dce74b3 GIT binary patch literal 221 zcmWe*W@d1~wo|94Nxg0OX1RO?MMu00JjR zmd`rsHlj1%Hbu$iJzbx0D&EZL)8;Jk2Yzq&&ghVu?EmhV11J4&sa*?azA*vW~CS N;tb-#xNb4D001jqMkoLP literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e24bad17acaddb087a7891c47e072dbe303ddf6b b/tests/fuzz/corpus/s2n_server_fuzz_test/e24bad17acaddb087a7891c47e072dbe303ddf6b new file mode 100644 index 0000000000000000000000000000000000000000..7dd7614892292e1494f05de24edd3816ea5f25a4 GIT binary patch literal 221 zcmWe*W@dOAIv~O@hrxzHpMeXgS%QI=frWvIiIIVefepwK2a0er0J&n!Obl)U3=B?= zEC%zB_;09j)wU{CI=?6SH-AUl!}Onh?tcx1PZ>Bi39#hNef&|(aQF4VTrXF?9_75% z$7Ut5N(FSfXME+f=QQXQ0XmeCQ4C0GFfcHr12MyvcZ}b*-P&?|iqK8|yGLh!*t6c_ T&$A!LX4|_vSWTCgEeZnwFabwP literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e34259d6efff6bd0728f9f91dad6ad19874c2dec b/tests/fuzz/corpus/s2n_server_fuzz_test/e34259d6efff6bd0728f9f91dad6ad19874c2dec new file mode 100644 index 0000000000000000000000000000000000000000..62f35b662f5a126fc2a5606294d82309edcef5fe GIT binary patch literal 226 zcmWe*W@dOAIv~O@r@@9npMeXgS%N{9fq{XAfr*Kcft7)afek3e!XOS5=Vky3i2?0! z6JTI)a%3@>f5d-7jjOg*snYp9(ZBgS+8(C=>~sHXD16Gmu}Od>Z|>udVurh~2j+UY z^7Sa^tv)s@iB&3~(>>!Wr#+`ZuL#g6Mn;f<8bBM-JH~I@Zf!X}Md&8~-J>%< W>{;*e=h=^Av+dm-tftG$76Aa!zekM# literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/e36ee1b11ea79c464b59933a84603a606fbbb4a9 b/tests/fuzz/corpus/s2n_server_fuzz_test/e36ee1b11ea79c464b59933a84603a606fbbb4a9 new file mode 100644 index 0000000000000000000000000000000000000000..a26f9ba7507dc4c9cd4b82821953b113404e47d9 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%L0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4VL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAK-zk$4V1ZayH11}HQYYYrhKyLv-VtHzDer~E>Vs2tpeqLgEv0id6vsgYe z7XvgTSvY_pnP$Io#;;vIZyK6yEx#L^TBRsti!n1WpoBJ1P0Ea4t6+)@?))?bDg#ow Ynm;yul|Bv%as2}ZNUp*j;y~pL01`ZmTL1t6 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/ee65a759f424fc3da1dcf5252f22828a53c82dbd b/tests/fuzz/corpus/s2n_server_fuzz_test/ee65a759f424fc3da1dcf5252f22828a53c82dbd new file mode 100644 index 0000000000000000000000000000000000000000..4006a9c31c12b64e7ef03cd42b2e1d72a30a16f9 GIT binary patch literal 453 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iy-JH~I@Zf!X}Md&8~-J>%<>{;*e=h=^Av+dm-tftG$7KJf> z-wE`b{sAMf--N+_19|NT&=xZWULLU57#O60-U5Qe^3>w|+*G~9+{CKt WRr)w6wDk`d;0|peNN59L0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iylP+K5rVDZ4JH~o2DpagF*u-ticLaffZPOH#WHQ6Ql-6>1zJi W^i}#eD7f_xm?F6ddvF7lGXMahUW^(5 literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/f58609987e7b504586533b5dc9840dab51162621 b/tests/fuzz/corpus/s2n_server_fuzz_test/f58609987e7b504586533b5dc9840dab51162621 new file mode 100644 index 0000000000000000000000000000000000000000..9ab464a69b780490cd29d892e948beb642b01a08 GIT binary patch literal 452 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iyzxd?k;1C=uX0Ih?Ij{pDw literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/f6791ccef08992b0485104355c5c990f7e4b8569 b/tests/fuzz/corpus/s2n_server_fuzz_test/f6791ccef08992b0485104355c5c990f7e4b8569 new file mode 100644 index 0000000000000000000000000000000000000000..226174addd2edb9f752482ed96fdbb71fd62df53 GIT binary patch literal 95 zcmWe*W@d%J#p{Taw>3GZJY8LQ>q^CS$y$G>%K0)dh#b&AU~oYAfcgQU10oD_7;G5y8MuH3 zN-*#;urM$&F*0y5umM@(KoM>RAXki;nUPI^ff2}TI{bBBalpBh_`mU8tgE|Uec9&y zZ=aB{@Z!5S4mDahwrSqo#6L0Uwbw_v{AcB!tNUv!zvMS1^1IR2H9e_; zueLtKigACI-rozaY)?Nen$$!} zJ=xm4z~-*a{~t2T?`;m7&RVm#Y@LgqVaKzeZ@hsg-){onZj+dOfd5}%&Rf^SD#}#{i7amEPF49%!RKQWtG>FulqYa; NZ+LR!^HET!0|1iV$VmVI literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 b/tests/fuzz/corpus/s2n_server_fuzz_test/fdbf96ed72cd4582c16ea9727ca5a6e7d76f85c7 new file mode 100644 index 0000000000000000000000000000000000000000..c66e8c7a1c97e0f5d0b44ac4ab26db8ceef70309 GIT binary patch literal 313 zcmWeTpwAG=$iNWF%p6|2Q$5Xo<&0mueBLxP+gg4%Hce5;Hn{UsSM$fFuhPdE7(@=} zA22u|d_etx&;b#KISe)o`V3q^%@Pc}3=B+6j0{{1Yz!<6;y?jz1|V0AnVG>&fPo>) zkwtC!oUhlfTIF6`;lW-fcKX??7t`D(FYBIv`Ek2S&#_b8)d!9TT~z&kJ>_9!cToHM z##@Ew7taaMQ2`l&>D|9$3a7tJ@_#%?>0sxdcVcOTGyVE3`0 zJJ7AYEv55*ZHfrc21Z7ZJsJ!!;HN!rmizAA<(q=GGBvJev{~P~qJOG@2g9fBEcwBb Kj;B=}e*pkaC}v9l literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_server_fuzz_test/fe6db486a2728716972649fd012cb628a9a5e4f5 b/tests/fuzz/corpus/s2n_server_fuzz_test/fe6db486a2728716972649fd012cb628a9a5e4f5 new file mode 100644 index 0000000000000000000000000000000000000000..e56842b06f46e47b2d7d5aa809b700fb34233efc GIT binary patch literal 221 zcmWe*W@dL0CL5Ern?C+FgQ7~ z7|cK7zoEue+p1LQ{GRCF{2gr%(|`84|1}goW#HH(z>+uj@kcSk-PZ$iyGHBgVF0`ZNFM+I literal 0 HcmV?d00001 diff --git a/tests/fuzz/s2n_server_fuzz_test.c b/tests/fuzz/s2n_server_fuzz_test.c new file mode 100644 index 00000000000..194c831a59f --- /dev/null +++ b/tests/fuzz/s2n_server_fuzz_test.c @@ -0,0 +1,203 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "api/s2n.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_cipher_suites.h" +#include "tls/s2n_config.h" +#include "tls/s2n_connection.h" +#include "tls/s2n_crypto.h" +#include "tls/s2n_tls.h" +#include "tls/s2n_tls_parameters.h" +#include "utils/s2n_safety.h" +#include "s2n_test.h" + +static char certificate_chain[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICrTCCAZUCAn3VMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMME3MyblRlc3RJ\n" + "bnRlcm1lZGlhdGUwIBcNMTYwMzMwMTg1NzQzWhgPMjExNjAzMDYxODU3NDNaMBgx\n" + "FjAUBgNVBAMMDXMyblRlc3RTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n" + "ggEKAoIBAQDRw6AuYXAeRT0YuptCfJjRB/EDJyyGXnv+8TV2H1WJWhMLk8qND27r\n" + "79A6EjbVmJaOV9qrokVqpDmXS712Z3BDprJ+1LFMymm3A+AFuK/skeGy0skik+Tg\n" + "MmFT5XBVvmsw4uB1S9uUqktHauXgjhFPPsfvk4ewL4LulVEN2TEeI1Odj4CaMxAO\n" + "Iuowm8wI2OHVzRHlrRmyJ9hYGuHHQ2TaTGIjr3WpAFuXi9pHGGMYa0uXAVPmgjdE\n" + "XZ8t46u/ZKQ9W1uJkZEVKhcijT7G2VBrsBUq0CDiL+TDaGfthnBzUc9zt4fx/S/3\n" + "qulC2WbKI3xrasQyjrsHTAJ75Md3rK09AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB\n" + "AHHkXNA9BtgAebZC2zriW4hRfeIkJMOwvfKBXHTuY5iCLD1otis6AZljcCKXM6O9\n" + "489eHBC4T6mJwVsXhH+/ccEKqNRD2bUfQgOij32PsteV1eOHfHIFqdJmnBVb8tYa\n" + "jxUvy7UQvXrPqaHbODrHe+7f7r1YCzerujiP5SSHphY3GQq88KemfFczp/4GnYas\n" + "sE50OYe7DQcB4zvnxmAXp51JIN4ooktUU9oKIM5y2cgEWdmJzeqPANYxf0ZIPlTg\n" + "ETknKw1Dzf8wlK5mFbbG4LPQh1mkDVcwQV3ogG6kGMRa7neH+6SFkNpAKuPCoje4\n" + "NAE+WQ5ve1wk7nIRTQwDAF4=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDKTCCAhGgAwIBAgICVxYwDQYJKoZIhvcNAQEFBQAwFjEUMBIGA1UEAwwLczJu\n" + "VGVzdFJvb3QwIBcNMTYwMzMwMTg1NzA5WhgPMjExNjAzMDYxODU3MDlaMB4xHDAa\n" + "BgNVBAMME3MyblRlc3RJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "DwAwggEKAoIBAQDM/i3eclxYcvedPCEnVe6A/HYsYPeP1qKBZQhbpuuX061jFZKw\n" + "lecb0eau1PORLbcsYK40u3xUzoA5u6Q0ebDuqPbqSJkCazsh66cu9STl8ubbk7oI\n" + "8LJjUJFhhy2Jmm9krXhPyRscU+CXOCZ2G1GhBqTI8cgMYhEVHwb3qy1EHg6G3n4W\n" + "AjV+cKQcbUytq8DRmVe0bNJxDOX8ivzfAp3lUIwub+JfpxrWIUhb3iVGj5CauI98\n" + "bNFHTWwYp7tviIIi21Q+L3nExCyE4yTUP/mebBZ62JnbvsWSs3r3//Am5d8G3WdY\n" + "BXsERoDoLBvHnqlO/oo4ppGCRI7GkDroACi/AgMBAAGjdzB1MAwGA1UdEwQFMAMB\n" + "Af8wHQYDVR0OBBYEFGqUKVWVlL03sHuOggFACdlHckPBMEYGA1UdIwQ/MD2AFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwToRqkGDAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdIIJ\n" + "ANDUkH+UYdz1MA0GCSqGSIb3DQEBBQUAA4IBAQA3O3S9VT0EC1yG4xyNNUZ7+CzF\n" + "uFA6uiO38ygcN5Nz1oNPy2eQer7vYmrHtqN6gS/o1Ag5F8bLRCqeuZTsOG80O29H\n" + "kNhs5xYprdU82AqcaWwEd0kDrhC5rEvs6fj1J0NKmmhbovYxuDboj0a7If7HEqX0\n" + "NizyU3M3JONPZgadchZ+F5DosatF1Bpt/gsQRy383IogQ0/FS+juHCCc4VIUemuk\n" + "YY1J8o5XdrGWrPBBiudTWqCobe+N541b+YLWbajT5UKzvSqJmcqpPTniJGc9eZxc\n" + "z3cCNd3cKa9bK51stEnQSlA7PQXYs3K+TD3EmSn/G2x6Hmfr7lrpbIhEaD+y\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDATCCAemgAwIBAgIJANDUkH+UYdz1MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV\n" + "BAMMC3MyblRlc3RSb290MCAXDTE2MDMzMDE4NTYzOVoYDzIxMTYwMzA2MTg1NjM5\n" + "WjAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + "ADCCAQoCggEBAMY5532000oaeed7Jmo3ssx1723ZDLpn3WGz6FxpWM0zsKA/YvdD\n" + "7J6qXDvfxU6dZlmsCS+bSNAqpARKmKsBEDPTsdLmrN1V1clOxvKm6GvU1eloRTw6\n" + "xukEUXJ+uxrQMLYvSJBiCBVGI+UYNCK5c6guNMRYBCGdk5/iayjmK0Nxz1918Cx9\n" + "z4va8HPAgYIz0ogOdYB21O9FQGPdH1mYqRzljcSsZ7EFo1P8HJr8oKK76ZeYi2or\n" + "pjzMHGnlufHaul508wQPeFAMa1Tku3HyGZRaieRAck6+QcO2NujXxKNyCBlWON23\n" + "FQTuBjN/CAl74MZtcAM2hVSmpm9t4cWVN5MCAwEAAaNQME4wHQYDVR0OBBYEFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwTMB8GA1UdIwQYMBaAFE2XAbNDryMlBpMNI6Ce927u\n" + "UFwTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAXkVvQdXDmozPix\n" + "uZi1o9cw4Si0syqfJ4sSunrzPbbmw/Qxhth5V7XGrnsQVNxamgnbzpjGhiBF6isM\n" + "ldj33zQYtke+ojOjFlhEvrPo6eW29RkLBEtJadGs2bkMLztJbf+cbH2u6irzr6S4\n" + "3OgVOSuB+zG56ksTnEVmum+C/8tSIAyi3eaoStPcgEU8+3/KMrH7uuenmTOCKdD1\n" + "FvSDHXT9qPgTttVQGXbXzJEr5tGE+Py6yib5uoJ0dJZNtjs7HOQEDk5J0wZaX0DC\n" + "MShYLiN5qLJAk0qwl+js488BJ18M9dg4TxdBYFkwHSzKXSj9TJN77Bb0RZr8LL9T\n" + "r9IyvfU=\n" + "-----END CERTIFICATE-----\n"; + +static char private_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEA0cOgLmFwHkU9GLqbQnyY0QfxAycshl57/vE1dh9ViVoTC5PK\n" + "jQ9u6+/QOhI21ZiWjlfaq6JFaqQ5l0u9dmdwQ6ayftSxTMpptwPgBbiv7JHhstLJ\n" + "IpPk4DJhU+VwVb5rMOLgdUvblKpLR2rl4I4RTz7H75OHsC+C7pVRDdkxHiNTnY+A\n" + "mjMQDiLqMJvMCNjh1c0R5a0ZsifYWBrhx0Nk2kxiI691qQBbl4vaRxhjGGtLlwFT\n" + "5oI3RF2fLeOrv2SkPVtbiZGRFSoXIo0+xtlQa7AVKtAg4i/kw2hn7YZwc1HPc7eH\n" + "8f0v96rpQtlmyiN8a2rEMo67B0wCe+THd6ytPQIDAQABAoIBAF3evYAD+riRI5Y9\n" + "a92FBJ4Gf8R5c2NuRO8B4nrJ6u1ccclsieg2T90lpHlYTVGoxzdL+X91Trs6Ysti\n" + "CZdDEuozXw2DARTsQAK2qTnmPFQRtH7h9UCUDoiGAygYNP0qCa4G2YukNs+Apc9/\n" + "9v9WlEhyP+bmjoI5wM4j4/HekCx7syHuiqJ74//oTzNamT0aWHwgXAUmEYZ/1+nT\n" + "0KInmtmIOFgsWHcojwQ6sZJ3eVvy66EqHLZKQYZa2tx0YjrEJMQi1drg6VV+lLCR\n" + "rEtsoltgdN2G9v3P6KrHXsrCYaaZKhog9B1OSI2Amv3YWZHXppK12+aSy774lUUz\n" + "qVur5cECgYEA7oCOQoRZo76wztS+yDeq173B2gPHKSIrWvaLDkCAPOQPVzJZ4Qc+\n" + "8OEDU6HB9P0MYDsKBxZY85uzWP+dAlsmcL0C86WibOuYERPKQIcAn3KSzFiIxH3R\n" + "OAbaLtSLN3lDAH50PhP9BguiSfBjI6w4Qsr7jlQgdpzG4h4LjvotbWMCgYEA4SdT\n" + "QQJhHiLtBFo91ItRUzhePvUDfV8XvNfAwZj8cY2+oenkK2+bp35xteBV6Gu1cYnd\n" + "V2yFgzMZ/jDvqfUn/8EVAGvEFrLtsUpXeyHhgmVT490RsPxC9xU9jf5LsvZ4zjsj\n" + "CsFZW0JnhKkF6M5wztWtO3yKCilmXSOIFvorTN8CgYEAoK2LKdTwbxhxFWbOgSS/\n" + "vEji6HXTHysd+lJOrHNX8a3Th/MsCiZPiQiOrTE08k/onown3U547uXelf7fUE8I\n" + "PruX2X2lR6wQ7rBeecp56PHPZEvhGD+LTCuRoise/2h6c0K+HXRp6kC8PQPuRoIo\n" + "BRerEeArXr2QX5XOQ6zYHfECgYEAp0L9mDfaSfcMOMWJVVJCEh639PEzrHluOv3U\n" + "1n1+XCU+zy3gMVxyN9W5R7HmYAlT+4q9geq+rJ7T2oAkKxBSrK6VmYB1ZZ968NAX\n" + "eQPMcYAw+AAM2nwsiz2eQtP9DHAJgrtv5teIOEF2gZjHKRHjv+QBE0YLjkz/HIX+\n" + "3YLvk+UCgYAgpAWk4YW4dAcZ8Y04Ke2pjMvEu44hHphOmk6AZl0Xl9tJwxlV8GVx\n" + "o3L4hbjHqyJo3+DZZYM7udMx9axbX9JHYRaLNJpc8UxQZj7d3TehC9Dw9/DzhIy/\n" + "6sml30j/GHvnW5DOlpsdNKDlxoFX+hncXYIjyVTGRNdsSwa4VVm+Xw==\n" + "-----END RSA PRIVATE KEY-----\n"; + +static char dhparams[] = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEAy1+hVWCfNQoPB+NA733IVOONl8fCumiz9zdRRu1hzVa2yvGseUSq\n" + "Bbn6k0FQ7yMED6w5XWQKDC0z2m0FI/BPE3AjUfuPzEYGqTDf9zQZ2Lz4oAN90Sud\n" + "luOoEhYR99cEbCn0T4eBvEf9IUtczXUZ/wj7gzGbGG07dLfT+CmCRJxCjhrosenJ\n" + "gzucyS7jt1bobgU66JKkgMNm7hJY4/nhR5LWTCzZyzYQh2HM2Vk4K5ZqILpj/n0S\n" + "5JYTQ2PVhxP+Uu8+hICs/8VvM72DznjPZzufADipjC7CsQ4S6x/ecZluFtbb+ZTv\n" + "HI5CnYmkAwJ6+FSWGaZQDi8bgerFk9RWwwIBAg==\n" + "-----END DH PARAMETERS-----\n"; + +static int MAX_NEGOTIATION_ATTEMPTS = 10; + +int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) { + GUARD(s2n_init()); + GUARD(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); + return 0; +} + + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + if(len < S2N_TLS_RECORD_HEADER_LENGTH){ + return 0; + } + + /* Set up File Descriptors from client to server*/ + int client_to_server[2]; + GUARD(pipe(client_to_server)); + + for (int i = 0; i < 2; i++) { + GUARD(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK)); + } + + /* Set up Server Config */ + struct s2n_config *server_config; + notnull_check(server_config = s2n_config_new()); + GUARD(s2n_config_add_cert_chain_and_key(server_config, certificate_chain, private_key)); + GUARD(s2n_config_add_dhparams(server_config, dhparams)); + + /* Set up Server Connection */ + struct s2n_connection *server_conn; + notnull_check(server_conn = s2n_connection_new(S2N_SERVER)); + GUARD(s2n_connection_set_read_fd(server_conn, client_to_server[0])); + GUARD(s2n_connection_set_config(server_conn, server_config)); + GUARD(s2n_connection_set_blinding(server_conn, S2N_SELF_SERVICE_BLINDING)); + server_conn->delay = 0; + + /* Set Server write FD to -1, to skip writing data since server out data is never read. */ + GUARD(s2n_connection_set_write_fd(server_conn, -1)); + + /* Set up Client Connection */ + struct s2n_connection *client_conn; + notnull_check(client_conn = s2n_connection_new(S2N_CLIENT)); + GUARD(s2n_connection_set_write_fd(client_conn, client_to_server[1])); + + /* Write data to client out file descriptor so that it is recieved by the server */ + struct s2n_stuffer *client_out = &client_conn->out; + GUARD(s2n_stuffer_write_bytes(client_out, buf, len)); + s2n_blocked_status client_blocked; + GUARD(s2n_flush(client_conn, &client_blocked)); + eq_check(client_blocked, S2N_NOT_BLOCKED); + + /* Let Server receive data and attempt Negotiation */ + int numAttemptedNegotiations = 0; + s2n_blocked_status server_blocked; + do { + s2n_negotiate(server_conn, &server_blocked); + numAttemptedNegotiations += 1; + } while(!server_blocked && numAttemptedNegotiations < MAX_NEGOTIATION_ATTEMPTS); + + /* Clean up */ + GUARD(s2n_connection_wipe(server_conn)); + GUARD(s2n_connection_wipe(client_conn)); + + for (int i = 0; i < 2; i++) { + GUARD(close(client_to_server[i])); + } + + GUARD(s2n_config_free(server_config)); + GUARD(s2n_connection_free(server_conn)); + GUARD(s2n_connection_free(client_conn)); + + return 0; +} diff --git a/tls/s2n_client_hello.c b/tls/s2n_client_hello.c index 58ba9d1542d..bee438c8958 100644 --- a/tls/s2n_client_hello.c +++ b/tls/s2n_client_hello.c @@ -106,6 +106,12 @@ int s2n_client_hello_recv(struct s2n_connection *conn) int s2n_client_hello_send(struct s2n_connection *conn) { uint32_t gmt_unix_time = time(NULL); + + /* If S2N_UNSAFE_FUZZING_MODE is enabled, override the system time to 0 to ensure fuzz tests are deterministic. */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + gmt_unix_time = 0; + #endif + struct s2n_stuffer *out = &conn->handshake.io; struct s2n_stuffer client_random; struct s2n_blob b, r; diff --git a/tls/s2n_client_key_exchange.c b/tls/s2n_client_key_exchange.c index 10693dfabb5..601e360a596 100644 --- a/tls/s2n_client_key_exchange.c +++ b/tls/s2n_client_key_exchange.c @@ -71,6 +71,12 @@ static int s2n_rsa_client_key_recv(struct s2n_connection *conn) /* Set rsa_failed to 1, if it isn't already, if the protocol version isn't what we expect */ conn->handshake.rsa_failed |= !s2n_constant_time_equals(client_protocol_version, pms.data, S2N_TLS_PROTOCOL_VERSION_LEN); + /* If S2N_UNSAFE_FUZZING_MODE is enabled, then always assume that RSA did not fail in order to aid with code + * coverage in fuzz tests. */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + conn->handshake.rsa_failed = 0; + #endif + /* Turn the pre-master secret into a master secret */ GUARD(s2n_prf_master_secret(conn, &pms)); diff --git a/tls/s2n_server_hello.c b/tls/s2n_server_hello.c index 25b5c77da5c..fc8a0b59fc6 100644 --- a/tls/s2n_server_hello.c +++ b/tls/s2n_server_hello.c @@ -111,6 +111,12 @@ int s2n_server_hello_recv(struct s2n_connection *conn) int s2n_server_hello_send(struct s2n_connection *conn) { uint32_t gmt_unix_time = time(NULL); + + /* If S2N_UNSAFE_FUZZING_MODE is enabled, override the system time to 0, to ensure fuzz tests are deterministic. */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + gmt_unix_time = 0; + #endif + struct s2n_stuffer *out = &conn->handshake.io; struct s2n_stuffer server_random; struct s2n_blob b, r; diff --git a/utils/s2n_random.c b/utils/s2n_random.c index 32b51675182..35d9d76a8a6 100644 --- a/utils/s2n_random.c +++ b/utils/s2n_random.c @@ -108,6 +108,16 @@ int s2n_get_private_random_bytes_used(void) int s2n_get_urandom_data(struct s2n_blob *blob) { + /* If S2N_UNSAFE_FUZZING_MODE is enabled, then generate fake random numbers in order to ensure that fuzz tests are + * deterministic and repeatable. Should return non-zero values since this function may be called repeatedly at + * startup until a non-zero value is returned. */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + for(int i=0; i < blob->size; i++){ + blob->data[i] = 4; // Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ + } + return 0; + #endif + uint32_t n = blob->size; uint8_t *data = blob->data; diff --git a/utils/s2n_safety.c b/utils/s2n_safety.c index 45757d7f616..c4e171a39a4 100644 --- a/utils/s2n_safety.c +++ b/utils/s2n_safety.c @@ -39,6 +39,13 @@ pid_t s2n_actual_getpid() int s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, uint32_t len) { + /* If compiled with S2N_UNSAFE_FUZZING_MODE, allow all signatures checked with s2n_constant_time_equals to always + * pass verification even if they are invalid in order to aid code coverage with fuzz tests. + */ + #if defined(S2N_UNSAFE_FUZZING_MODE) + return !0; + #endif + uint8_t xor = 0; for (int i = 0; i < len; i++) { xor |= a[i] ^ b[i]; From 8e3787bd84e9ff2d118c6502bd1c89d46db39ec8 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 11 Jul 2016 15:44:03 -0700 Subject: [PATCH 02/14] Allowing install_prlimit.sh to print error message --- .travis.yml | 3 ++- .travis/install_prlimit.sh | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 93ed28ea234..141b015063c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -35,8 +35,9 @@ install: # Install python linked with our compiled Openssl for integration tests - sudo .travis/install_python.sh `pwd`/libcrypto-root > /dev/null # Install prlimit to set the memlock limit to unlimited for this process - - (test "$TRAVIS_OS_NAME" = "linux" && sudo .travis/install_prlimit.sh $PWD/.travis > /dev/null && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true + - (test "$TRAVIS_OS_NAME" = "linux" && sudo .travis/install_prlimit.sh $PWD/.travis && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true - mkdir -p .travis/checker && .travis/install_scan-build.sh .travis/checker && export PATH=$PATH:.travis/checker/bin + script: - (test "$TRAVIS_OS_NAME" = "linux" && make -j8) || true # Build and run unit tests with scan-build for osx. scan-build bundle isn't available for linux diff --git a/.travis/install_prlimit.sh b/.travis/install_prlimit.sh index e8d9d74aaf7..b2297287cec 100755 --- a/.travis/install_prlimit.sh +++ b/.travis/install_prlimit.sh @@ -22,7 +22,7 @@ pushd $PWD wget https://www.kernel.org/pub/linux/utils/util-linux/v2.25/util-linux-2.25.2.tar.gz tar -xzvf util-linux-2.25.2.tar.gz cd util-linux-2.25.2 -./configure ADJTIME_PATH=/var/lib/hwclock/adjtime --disable-chfn-chsh --disable-login --disable-nologin --disable-su --disable-setpriv --disable-runuser --disable-pylibmount --disable-static --without-python --without-systemd --without-systemdsystemunitdir --without-ncurses +./configure ADJTIME_PATH=/var/lib/hwclock/adjtime --disable-chfn-chsh --disable-login --disable-nologin --disable-su --disable-setpriv --disable-runuser --disable-pylibmount --disable-static --without-python --without-systemd --without-systemdsystemunitdir --without-ncurses || cat config.log # only compile prlimit make prlimit From f83fbfb9f53878f5f86684d079794eaeea1dc57e Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 11 Jul 2016 16:27:22 -0700 Subject: [PATCH 03/14] Add workaround for https://github.com/travis-ci/travis-ci/issues/2607 --- .travis.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.travis.yml b/.travis.yml index 141b015063c..e0ff35a3dd7 100644 --- a/.travis.yml +++ b/.travis.yml @@ -26,7 +26,6 @@ before_install: - alias gcc=$(which gcc-6) # Install latest version of clang, clang++, and llvm-symbolizer and add them to beginning of PATH. Needed for fuzzing. - (.travis/install_clang.sh `pwd`/clang-download `pwd`/clang-latest $TRAVIS_OS_NAME) && export PATH=`pwd`/clang-latest/bin:$PATH - install: # Download and Install LibFuzzer - .travis/install_libFuzzer.sh `pwd`/fuzz_dependencies/libFuzzer-download `pwd`/fuzz_dependencies $TRAVIS_OS_NAME @@ -35,7 +34,7 @@ install: # Install python linked with our compiled Openssl for integration tests - sudo .travis/install_python.sh `pwd`/libcrypto-root > /dev/null # Install prlimit to set the memlock limit to unlimited for this process - - (test "$TRAVIS_OS_NAME" = "linux" && sudo .travis/install_prlimit.sh $PWD/.travis && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true + - (test "$TRAVIS_OS_NAME" = "linux" && sudo "PATH=$PATH" .travis/install_prlimit.sh $PWD/.travis && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true - mkdir -p .travis/checker && .travis/install_scan-build.sh .travis/checker && export PATH=$PATH:.travis/checker/bin script: From 1e93c4225985f84f1d5e6af5c24d482c5b554180 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 11 Jul 2016 17:01:24 -0700 Subject: [PATCH 04/14] Increasing timeout for individual fuzz tests since Travis Build Hardware is much slower than my local desktop --- tests/fuzz/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile index fc6acf73983..a4ddfe9f9ea 100644 --- a/tests/fuzz/Makefile +++ b/tests/fuzz/Makefile @@ -32,7 +32,7 @@ ASAN_OPTIONS= symbolize=1 LSAN_OPTIONS= log_threads=1 UBSAN_OPTIONS= print_stacktrace=1 FUZZ_TIMEOUT_SEC= 120 -LIBFUZZER_ARGS = -timeout=1 -max_len=4096 -use_traces=1 -print_final_stats=1 -jobs=32 -workers=32 \ +LIBFUZZER_ARGS = -timeout=5 -max_len=4096 -use_traces=1 -print_final_stats=1 -jobs=32 -workers=32 \ -max_total_time=${FUZZ_TIMEOUT_SEC} $(TESTS):: From f00c50ef27a9ae0e1a8d22571e5b56753c6ac92f Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Tue, 12 Jul 2016 16:20:00 -0700 Subject: [PATCH 05/14] Skipping Fuzzing on OS X for now. I can't get it working, lots of Clang/LLVM email threads say its unstable, and every other Github project I can find that uses Travis and LibFuzzer skips it on OSX as well --- Makefile | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index f36bea39de1..ebcc6153ee1 100644 --- a/Makefile +++ b/Makefile @@ -53,9 +53,21 @@ bin: libs integration: bin $(MAKE) -C tests integration + .PHONY : fuzz -fuzz : export S2N_UNSAFE_FUZZING_MODE = 1 -fuzz : bin +ifeq ($(shell uname),Linux) +fuzz : fuzz-linux +else +fuzz : fuzz-osx +endif + +.PHONY : fuzz-osx +fuzz-osx : + @echo "\033[33;1mSKIPPED\033[0m Fuzzing is not supported on \"$$(uname -mprs)\" at this time." + +.PHONY : fuzz-linux +fuzz-linux : export S2N_UNSAFE_FUZZING_MODE = 1 +fuzz-linux : bin $(MAKE) -C tests fuzz .PHONY : indent From 6143722ad6adcc165daeac800a23e0128270f427 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Tue, 12 Jul 2016 17:32:51 -0700 Subject: [PATCH 06/14] Add pipe to /dev/null back now that prlimit install script works again --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index e0ff35a3dd7..62d46f08d95 100644 --- a/.travis.yml +++ b/.travis.yml @@ -34,7 +34,7 @@ install: # Install python linked with our compiled Openssl for integration tests - sudo .travis/install_python.sh `pwd`/libcrypto-root > /dev/null # Install prlimit to set the memlock limit to unlimited for this process - - (test "$TRAVIS_OS_NAME" = "linux" && sudo "PATH=$PATH" .travis/install_prlimit.sh $PWD/.travis && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true + - (test "$TRAVIS_OS_NAME" = "linux" && sudo "PATH=$PATH" .travis/install_prlimit.sh $PWD/.travis > /dev/null && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true - mkdir -p .travis/checker && .travis/install_scan-build.sh .travis/checker && export PATH=$PATH:.travis/checker/bin script: From 35970a8ef6e5ff66e2cdca04448d93d04839b1f3 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 18 Jul 2016 10:41:13 -0700 Subject: [PATCH 07/14] Rewriting Fuzz Tests to use LD_PRELOAD function overrides instead of C Preprocessor statements --- crypto/s2n_drbg.c | 11 - crypto/s2n_rsa.c | 6 - s2n.mk | 23 +- stuffer/s2n_stuffer_file.c | 10 - tests/fuzz/LD_PRELOAD/Makefile | 34 +++ tests/fuzz/LD_PRELOAD/global_overrides.c | 59 +++++ .../s2n_memory_leak_negative_test_overrides.c | 23 ++ .../s2n_server_fuzz_test_overrides.c | 61 ++++++ tests/fuzz/Makefile | 43 ++-- tests/fuzz/Readme.md | 38 ++++ .../b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b | Bin 0 -> 4096 bytes .../f1e74c60defd6659c6083e314b92d32995eb7cd9 | Bin 0 -> 4096 bytes tests/fuzz/runFuzzTest.sh | 66 ++++++ tests/fuzz/s2n_memory_leak_negative_test.c | 203 ++++++++++++++++++ tls/s2n_client_hello.c | 6 - tls/s2n_client_key_exchange.c | 6 - tls/s2n_server_hello.c | 6 - utils/s2n_random.c | 10 - utils/s2n_safety.c | 7 - 19 files changed, 518 insertions(+), 94 deletions(-) create mode 100644 tests/fuzz/LD_PRELOAD/Makefile create mode 100644 tests/fuzz/LD_PRELOAD/global_overrides.c create mode 100644 tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c create mode 100644 tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c create mode 100644 tests/fuzz/Readme.md create mode 100644 tests/fuzz/corpus/s2n_memory_leak_negative_test/b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b create mode 100644 tests/fuzz/corpus/s2n_memory_leak_negative_test/f1e74c60defd6659c6083e314b92d32995eb7cd9 create mode 100755 tests/fuzz/runFuzzTest.sh create mode 100644 tests/fuzz/s2n_memory_leak_negative_test.c diff --git a/crypto/s2n_drbg.c b/crypto/s2n_drbg.c index 1958b5635fd..f0c9f0bcb58 100644 --- a/crypto/s2n_drbg.c +++ b/crypto/s2n_drbg.c @@ -142,17 +142,6 @@ int s2n_drbg_instantiate(struct s2n_drbg *drbg, struct s2n_blob *personalization int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { - /* If S2N_UNSAFE_FUZZING_MODE is enabled, then generate fake random numbers in order to ensure that fuzz tests are - * deterministic and repeatable. Should return non-zero values since this function may be called repeatedly at - * startup until a non-zero value is returned. */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - for(int i=0; i < blob->size; i++){ - blob->data[i] = 4; // Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ - } - drbg->bytes_used += blob->size; - return 0; - #endif - uint8_t all_zeros[32] = { 0 }; struct s2n_blob zeros = {.data = all_zeros, .size = sizeof(all_zeros) }; if (blob->size > S2N_DRBG_GENERATE_LIMIT) { diff --git a/crypto/s2n_rsa.c b/crypto/s2n_rsa.c index d57890f1fc4..049011336a3 100644 --- a/crypto/s2n_rsa.c +++ b/crypto/s2n_rsa.c @@ -156,12 +156,6 @@ int s2n_rsa_verify(struct s2n_rsa_public_key *key, struct s2n_hash_state *digest GUARD(s2n_hash_digest(digest, digest_out, digest_length)); if (RSA_verify(type, digest_out, digest_length, signature->data, signature->size, key->rsa) == 0) { - /* If S2N_UNSAFE_FUZZING_MODE is enabled, don't return S2N_ERR_VERIFY_SIGNATURE. This will assume all RSA - * signatures pass verification and will aid with branch coverage for fuzz tests */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - return 0; - #endif - S2N_ERROR(S2N_ERR_VERIFY_SIGNATURE); } diff --git a/s2n.mk b/s2n.mk index b9a5868b520..c031ec5aa20 100644 --- a/s2n.mk +++ b/s2n.mk @@ -31,20 +31,25 @@ SOURCES = $(wildcard *.c *.h) CRUFT = $(wildcard *.c~ *.h~ *.c.BAK *.h.BAK *.o *.a *.so *.dylib) INDENT = $(shell (if indent --version 2>&1 | grep GNU > /dev/null; then echo indent ; elif gindent --version 2>&1 | grep GNU > /dev/null; then echo gindent; else echo true ; fi )) -CFLAGS = -pedantic -Wall -Werror -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ - -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings -Wstack-protector -fPIC \ - -std=c99 -D_POSIX_C_SOURCE=200112L -fstack-protector-all -O2 -I$(LIBCRYPTO_ROOT)/include/ \ - -I../api/ -I../ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wformat-security \ - -D_FORTIFY_SOURCE=2 +DEFAULT_CFLAGS = -pedantic -Wall -Werror -Wimplicit -Wunused -Wcomment -Wchar-subscripts -Wuninitialized \ + -Wshadow -Wcast-qual -Wcast-align -Wwrite-strings -Wstack-protector -fPIC \ + -std=c99 -D_POSIX_C_SOURCE=200112L -fstack-protector-all -O2 -I$(LIBCRYPTO_ROOT)/include/ \ + -I../api/ -I../ -Wno-deprecated-declarations -Wno-unknown-pragmas -Wformat-security \ + -D_FORTIFY_SOURCE=2 + +CFLAGS = ${DEFAULT_CFLAGS} + +DEBUG_CFLAGS = -g3 -ggdb -fno-omit-frame-pointer -fno-optimize-sibling-calls + +FUZZ_CFLAGS = -fsanitize-coverage=edge,trace-cmp -fsanitize=address,undefined,leak ifeq ($(S2N_UNSAFE_FUZZING_MODE),1) # Override compiler to clang if fuzzing, since gcc does not support as many sanitizer flags as clang CC=clang - # Turn on debugging flags when S2N_UNSAFE_FUZZING_MODE is enabled to give detailed stack traces in case an error - # occurs while fuzzing. - CFLAGS += -DS2N_UNSAFE_FUZZING_MODE -g3 -ggdb -fno-omit-frame-pointer -fno-optimize-sibling-calls \ - -fsanitize-coverage=edge,trace-cmp -fsanitize=address,undefined,leak + # Turn on debugging and fuzzing flags when S2N_UNSAFE_FUZZING_MODE is enabled to give detailed stack traces in case + # an error occurs while fuzzing. + CFLAGS = ${DEFAULT_CFLAGS} ${DEBUG_FLAGS} ${FUZZ_CFLAGS} endif INDENTOPTS = -npro -kr -i4 -ts4 -nut -sob -l180 -ss -ncs -cp1 diff --git a/stuffer/s2n_stuffer_file.c b/stuffer/s2n_stuffer_file.c index 2bc2b75d48d..9f3108fb58c 100644 --- a/stuffer/s2n_stuffer_file.c +++ b/stuffer/s2n_stuffer_file.c @@ -54,16 +54,6 @@ int s2n_stuffer_recv_from_fd(struct s2n_stuffer *stuffer, int rfd, uint32_t len) int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, int wfd, uint32_t len) { - /* If S2N_UNSAFE_FUZZING_MODE is enabled, check if the file descriptor is -1 (which is invalid), and if so, skip - * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read. - */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - if(wfd == -1){ - stuffer->read_cursor += len; - return len; - } - #endif - /* Make sure we even have the data */ GUARD(s2n_stuffer_skip_read(stuffer, len)); diff --git a/tests/fuzz/LD_PRELOAD/Makefile b/tests/fuzz/LD_PRELOAD/Makefile new file mode 100644 index 00000000000..ec35898a145 --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/Makefile @@ -0,0 +1,34 @@ +# +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +SRCS=$(wildcard *.c) +#OBJS = $(wildcard ../../../utils/*.o ../../../stuffer/*.o ../../../tls/*.o ../../../iana/*.o ../../../crypto/*.o ../../../error/*.o $(LIBCRYPTO_ROOT)/lib/libcrypto.a) +OBJS=$(SRCS:.c=.o) +OVERRIDES=$(SRCS:.c=) +CRYPTO_LDFLAGS = -L$(LIBCRYPTO_ROOT)/lib + +.PHONY : all +all : $(OVERRIDES) + +include ../../../s2n.mk + +CRUFT += $(wildcard *.so) + +LD_PRELOAD_CFLAGS = -Wno-unreachable-code -O0 -I$(LIBCRYPTO_ROOT)/include/ -I../../../ -I../../../api/ + +$(OVERRIDES):: + # Don't include Sanitizer/Fuzz compiler flags since when the LD_PRELOAD shared object is Preloaded, the Sanitizer init + # functions won't have been loaded yet, causing undefined symbol errors. + ${CC} ${DEFAULT_CFLAGS} ${DEBUG_CFLAGS} ${LD_PRELOAD_CFLAGS} -shared -fPIC $@.c -o $@.so -ldl diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c new file mode 100644 index 00000000000..0e70921ed25 --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/global_overrides.c @@ -0,0 +1,59 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#define _GNU_SOURCE + +#include +#include + +#include "crypto/s2n_drbg.h" +#include "stuffer/s2n_stuffer.h" +#include "utils/s2n_safety.h" +#include "utils/s2n_random.h" + +int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { + // If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. + // This function should return non-zero values since this function may be called repeatedly at startup until a non-zero + // value is returned. + s2n_get_urandom_data(blob); + drbg->bytes_used += blob->size; + return 0; +} + +int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, int wfd, uint32_t len) +{ + // Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip + // writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read. + if(wfd == -1){ + stuffer->read_cursor += len; + return len; + } + + // Otherwise, call the original s2n_stuffer_send_to_fd() + typedef int (*orig_s2n_stuffer_send_to_fd_func_type)(struct s2n_stuffer *stuffer, int wfd, uint32_t len); + orig_s2n_stuffer_send_to_fd_func_type orig_s2n_stuffer_send_to_fd; + orig_s2n_stuffer_send_to_fd = (orig_s2n_stuffer_send_to_fd_func_type) dlsym(RTLD_NEXT, "s2n_stuffer_send_to_fd"); + return orig_s2n_stuffer_send_to_fd(stuffer, wfd, len); +} + +int s2n_get_urandom_data(struct s2n_blob *blob){ + // If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. + // This function should return non-zero values since this function may be called repeatedly at startup until a non-zero + // value is returned. + for(int i=0; i < blob->size; i++){ + blob->data[i] = 4; // Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ + } + return 0; +} diff --git a/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c b/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c new file mode 100644 index 00000000000..bb7b67e6a88 --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c @@ -0,0 +1,23 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include "utils/s2n_blob.h" + +int s2n_free(struct s2n_blob *b) +{ + // This will cause large amounts of memory leaks. This should be caught by LibFuzzer as a negative fuzz test to + // ensure that LibFuzzer will catch these memory leaks. + return 0; +} diff --git a/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c b/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c new file mode 100644 index 00000000000..53954b764a1 --- /dev/null +++ b/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c @@ -0,0 +1,61 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#define _GNU_SOURCE +#include +#include +#include + +#include "crypto/s2n_rsa.h" +#include "error/s2n_errno.h" +#include "tls/s2n_connection.h" +#include "utils/s2n_safety.h" + +time_t time (time_t *__timer) +{ + // Always assume the time is zero when fuzzing the server, this is to ensure that Fuzz tests are deterministic and + // don't depend on the time the test was run. + return 0; +} + + +int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, + const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) +{ + // Always assume that the RSA_verify function passes + return 1; +} + +int s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, uint32_t len) +{ + // Allow all signatures checked with s2n_constant_time_equals to always pass verification even if they are invalid + // in order to aid code coverage with server fuzz test. + return !0; +} + +int s2n_rsa_client_key_recv(struct s2n_connection *conn) +{ + // Perform the original function + typedef int (*orig_s2n_rsa_client_key_recv_func_type)(struct s2n_connection *conn); + orig_s2n_rsa_client_key_recv_func_type orig_s2n_rsa_client_key_recv; + orig_s2n_rsa_client_key_recv = (orig_s2n_rsa_client_key_recv_func_type) dlsym(RTLD_NEXT, "s2n_rsa_client_key_recv"); + int original_return_code = orig_s2n_rsa_client_key_recv(conn); + + // Then, overwrite the RSA Failed flag to false before returning, this will help fuzzing code coverage. + conn->handshake.rsa_failed = 0; + + return original_return_code; +} + diff --git a/tests/fuzz/Makefile b/tests/fuzz/Makefile index a4ddfe9f9ea..b31389c9fb0 100644 --- a/tests/fuzz/Makefile +++ b/tests/fuzz/Makefile @@ -1,5 +1,5 @@ # -# Copyright 2014 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. @@ -19,37 +19,34 @@ TESTS=$(SRCS:.c=) CRYPTO_LDFLAGS = -L$(LIBCRYPTO_ROOT)/lib .PHONY : all -all: $(TESTS) +all : ld-preload +all : $(TESTS) include ../../s2n.mk -CRUFT += $(wildcard *_test) $(wildcard fuzz-*.log) $(wildcard *_test_output.txt) +CRUFT += $(wildcard *_test) $(wildcard fuzz-*.log) $(wildcard *_test_output.txt) $(wildcard LD_PRELOAD/*.so) LIBS += -lm CFLAGS += -Wno-unreachable-code -O0 -I$(LIBCRYPTO_ROOT)/include/ -I../../ -I../../api/ LDFLAGS += ../../fuzz_dependencies/libFuzzer.a -lstdc++ -L../../lib/ ${CRYPTO_LDFLAGS} -L../testlib/ -ls2n ${LIBS} ${CRYPTO_LIBS} -ASAN_OPTIONS= symbolize=1 -LSAN_OPTIONS= log_threads=1 -UBSAN_OPTIONS= print_stacktrace=1 -FUZZ_TIMEOUT_SEC= 120 -LIBFUZZER_ARGS = -timeout=5 -max_len=4096 -use_traces=1 -print_final_stats=1 -jobs=32 -workers=32 \ - -max_total_time=${FUZZ_TIMEOUT_SEC} + +DYLD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$DYLD_LIBRARY_PATH" +LD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$LD_LIBRARY_PATH" + +FUZZ_TIMEOUT_SEC=120 + +ld-preload : + ${MAKE} -C LD_PRELOAD $(TESTS):: - @${CC} ${CFLAGS} $@.c -o $@ ${LDFLAGS} > /dev/null - @printf "Running %-40s for %5d sec... " $@ ${FUZZ_TIMEOUT_SEC} - @( \ - DYLD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$DYLD_LIBRARY_PATH" \ - LD_LIBRARY_PATH="../../lib/:../testlib/:$(LIBCRYPTO_ROOT)/lib:$$LD_LIBRARY_PATH" \ - ASAN_OPTIONS=${ASAN_OPTIONS} \ - LSAN_OPTIONS=${LSAN_OPTIONS} \ - UBSAN_OPTIONS=${UBSAN_OPTIONS} \ - ./$@ ${LIBFUZZER_ARGS} ./corpus/$@ > $@_output.txt 2>&1 \ - || (echo "\033[31;1mFAILED\033[0m\n"; sleep 2s; cat $@_output.txt; exit -1;) \ - ) + @${CC} ${CFLAGS} $@.c -o $@ ${LDFLAGS} > /dev/null @( \ - printf "\033[32;1mPASSED\033[0m %12d tests, %8d branches covered\n" \ - `grep -o "stat::number_of_executed_units: [0-9]*" $@_output.txt | awk '{test_count += $$2} END {print test_count}'` \ - `grep -o "cov: [0-9]*" $@_output.txt | awk '{print $$2}' | sort | tail -1` \ + export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}; \ + export DYLD_LIBRARY_PATH=${DYLD_LIBRARY_PATH}; \ + export LIBCRYPTO_ROOT=${LIBCRYPTO_ROOT}; \ + ./runFuzzTest.sh $@ ${FUZZ_TIMEOUT_SEC}; \ ) +.PHONY : clean +clean: + ${MAKE} -C LD_PRELOAD decruft \ No newline at end of file diff --git a/tests/fuzz/Readme.md b/tests/fuzz/Readme.md new file mode 100644 index 00000000000..634aea011a1 --- /dev/null +++ b/tests/fuzz/Readme.md @@ -0,0 +1,38 @@ +#Fuzz Tests +Every test in this directory will be run as a Fuzz test for several minutes during builds. To run all fuzz tests simply run `make fuzz` from the top `s2n` directory to compile s2n with the proper flags and run the fuzz tests. + +####Each Fuzz Test should conform to the following rules: +1. End in either `*_test.c` or `*_negative_test.c`. + 1. If the test ends with `*_test.c`, it is expected to pass fuzzing and return 0 (hereafter referred to as a "Positive test") + 2. If the test ends with `*_negative_test.c` the test is expected to fail in some way or return a non-zero integer (hereafter referred to as a "Negative test"). +2. Strive to be deterministic (Eg. shouldn't depend on the time or on the output of a RNG). Each test should either always pass if a Positive Test, or always fail if a Negative Test. +3. If a Positive Fuzz test, it should have a non-empty corpus directory with inputs that have a relatively high branch coverage. +4. Have a function `int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)` that will pass `buf` to one of s2n's API's +5. Optionally, if initialization is required, have a function `int LLVMFuzzerInitialize(const uint8_t *buf, size_t len)` that will perform any initialization that will be run only once at startup. + +##Fuzz Test Directory Structure +For a test with name `$TEST_NAME`, its files should be layed out with the following structure: + +**Required:** The actual Fuzz test to run: +> `s2n/tests/fuzz/${TEST_NAME}.c` + +**Required:** The Corpus directory with inputs that provide good branch coverage: +> `s2n/tests/fuzz/corpus/${TEST_NAME}/*` + +**Optional:** Any `LD_PRELOAD` function overrides: +> `s2n/tests/fuzz/LD_PRELOAD/${TEST_NAME}_overrides.c` + +#Corpus +A Corpus is a directory of "interesting" inputs that result in a good branch/code coverage. These inputs will be permuted in random ways and checked to see if this permutation results in greater branch coverage or in a failure (Segfault, Memory Leak, Buffer Overflow, Non-zero return code, etc). If the permutation results in greater branch coverage, then it will be added to the Corpus directory. If a Memory leak or a Crash is detected, that file will **not** be added to the corpus for that test, and will instead be written to the current directory (`s2n/tests/fuzz/crash-*` or `s2n/tests/fuzz/leak-*`). These files will be automatically deleted for any Negative Fuzz tests that are expected to crash or leak memory so as to not clutter the directory. + +#LD_PRELOAD +The `LD_PRELOAD` directory contains function overrides for each Fuzz test that will be used **instead** of the original functions defined elsewhere. These function overrides will only be used during fuzz tests, and will not effect the rest of the s2n codebase when not fuzzing. Using `LD_PRELOAD` instead of C Preprocessor `#ifdef`'s is preferable in the following ways: + +1. Using the C Preprocessor requires the use of fuzz only compiler flags and `#ifdef`'s that end up cluttering the original s2n codebase and increases developer cognative load when developing other features for s2n. Using `LD_PRELOAD` helps keep s2n's code clean, and reduces developer cognative load when working with the core codebase. +2. `LD_PRELOAD` provides better flexibility than `#ifdef`'s in that it allows different Fuzz tests to efficiently have different function overrides for the same functions. +3. It is possible to override functions that are outside of s2n's codebase. + +Each Fuzz test will have up to two `LD_PRELOAD` function override files used: + +1. A test specific `${TEST_NAME}_overrides.c` file that contains overrides specific to that test. +2. `global_overrides.c` file that contains overrides that will be used in every fuzz test. \ No newline at end of file diff --git a/tests/fuzz/corpus/s2n_memory_leak_negative_test/b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b b/tests/fuzz/corpus/s2n_memory_leak_negative_test/b4d62e7c0d64a5fc071ccf372fc6f7b6ce892d2b new file mode 100644 index 0000000000000000000000000000000000000000..cd634cd5615f3939c6526dde007921b9088b8de2 GIT binary patch literal 4096 zcmW+(cYKa#)UL)VwJLUrQ$A<#)h0d1Y6VpzG$fG-tsS(sgw}2mBNS~>LQBv{(b!RH zq_v9LQMF=6imF}eJNf>3fA8x z_f!qHg2tp1A>?Hx#BPjrsvdfNg*5r!z9a=0n^zoTbXjVB8foy>BiK!3xUL{DL_YpT z)*qsIvQK!D9Gr)^c)!7_cQ!EAt6(5Umf^BQtMl#s8GrQXUs&X%PKbx%)Lk2mK@mX! znn+gc(UL$R-^nTqgs3v0FJJgBKWS*bq`t z$WHD5!6?JV+^L%(Gew2`Qlfkb+z5R?-b+?36NC9pevI@(GGl&==n3GPA}gPu>gv5| zuTo;O*-fAow~Q=!W$nAT0MvT6qm}=TgXEt43T(|w3U$bKYDg|*6B@TEZdR=3va;g! zWp(@?;J3MrgJJCTV99?{yKG=1QAY8X*;CqRZ5vvuQ5}xuJz1Dp6r;E2n(#4|q}7(+H31kUI<3>zL~HTOw4#k8ys>4GmF{l=n^>Bjv#3K*1mC@W}1kV;zFnswV4fATkjShy7~84FpMBX z|C6g#uyMOCV>$K{ncbBMHqg}dh<&Mc#G1?BsAN|>k@)$SLk#V{K!X@wBJq9xEq{V2QHR3cb&b$?*k2m1{YUSl`EM&?D zaWwmiY~@8!ICLW_GS*E#B2>rexn`KH0TFIzK?Lo-Mw>{qB*$=Vi#b`0XT|XwJD_)B zwv?P6-AF>64$iao@7s9oC1!_FvZaCd!FS~Z)JD~j!XmwE$_Ea;*A6_XElJykN0rjwt>GE5u9BUD8)zJQQ-zzronG@tD}eDY`pz#V^>gg= zJn*7ihxbYpUM@dPV%RQoIDv|3`AL0ih+ zJlODrZXZEk;T2?w`Fy%jdqS1M|5n%D>a zzLh!uW8EaJ-52kXNg=n=bxzvYUug?So-d9w?IEaUMsFyljqrz5*R0MqYMxHQg!eni z*C1BY1w8rvKf@lJCz-xJ$i1a^QHdzI@Ou}s-VlcJN7H|it=$_tNq5Z_oDO|y5OW-U zC{@%t02kBloApYgBQ^diDfz62@2L@Uxk$1NJr3q`+>t_gA(*22SzS1Q6z8=Du+cwZ9>jN;P z51yDEi?ORPJxx+xxLgey^QuSONjaI>OV|D-n6DS_e_r(t;EUgdr?kW?rQM>yCP!i& z3wh~VK|?cq2+LPY%XxEZL-b$)jGAPru2FYItp4*(o5CwEL)a*b<8@1bW}j`T2`#aR z?mR_By`%POV#V0ix&jY-Y*{V%l~hA0#scJ~FQ&pCOMDOV*_6UUD7`?xh?w(^o_;jo z$oc%iZoNglnzua6N`y*Zt^8F}-S<2J%gqV*+_{*Yo5u38@vIWZFnM~9wd)tbk4?Np zn~tZ%AVEB;Clq;YY>mV2=&&Cv3UmJ05sr0TR|ExU=ld>qGcIm()rLn_$qSSfkgsw6 z?b`y@8l7n#^8JB~)F*D{T$qRK(7gTn9dB6vSQeGmq(rJ`+V#6!T{PhsZs~r!)L_Vc=Y` zzUY~i0sB~)L)GF&vqC*b zAof(YH3^vu#ABVXkUS0HYxmW6dw94$*;WZ+I^KHSYw&BkNBV-iKpr zY~+emoX(BnlCnpoD#*AOl@xxUV*$ay(fO&?ZaVTwuvkvJVRrscTwUh~>mBDroF3RH zE)5T7%@{ysTNuUwvZ6~AFqCHqE?sP6mpDxnV#c!;^T znYK^=_XC^DeCdJMrLs$D(F>QwyQRgh`!u^-bgg|!5#w`DtcwL+yhIYfVaMd%u03?$ z)!Zp_|5)b1hp=M;WcwRbXLjJ}?u2*nANE;>2G1R=1Jh4#7h5hbE(P44KPO)4&(jMS zt}LHjBNrkoS~4qQ-C4n3I}lZo#0F9J%9f4Iv5TXWVr9o8)@*o|!(wi_Y(2m=5r0mB zh#PwLJJ=IXdp*oa7T?hImQfSk9j}XX@Uz%!_k(b0YIr7bGt$1zsnC3`pin_mn8unr%h4Fdr*B(A#>qw7ocRugjOYs@8JMZ{;DYFk5^3tF6eA$gz|B zQn5;h$e7Ai{j@3x_==shH``ZouNKcIhfVv{nC8P6Q*|7(k6JYYsIlQb)o*MStrdoG zS>Zlm$l;w4J;S(Uu^pcF2?eMEO6x#Q5oi?vU-(bnoz~cLs735uyJcJeI)O%N=?OB# zE$WYJ9^-W3p}&)N#V%;zYcbG=PIG#BP5P`%NGIJpaeKQ7^c){ghsr=-Pdr;Gs}jb! z31Q9v;s@>jLY0$OXoyx>8zsFeEWfi zh#k?K3%bHCcFqwgxG=9f2ArB%z`aIN{HBN5wiU{)Z#FkH2;v3S*P~#@^G;~76F&-M*TU_YBHEJ4x?)1wXC3X#5gv0Na(3|& z>)5G|@5r%ru0DRy%u9(ksay7RHSYG>qF|yG;hh_VZ-MB0*w(VH3V5~-FJwULxBxCY zP+$b~!KS4HJ+m%Ga8*v+8yPmpLqtMjgbstXpe-D_Sg09qaN{J+YD0h%7H+;+MKnDu z>dAs6?$BB2dQ+okXT}DpJtyr{E&2}FJT7~FTjBSlMLFsAu}^KxGx#jat4zJ%TX*V0 z9zoYGI5BQk;s;hypg&x=?9`{+Ymg8A`uQj=x7QVG8G&@?aZ1c;y5PuF5%{46%bCr) z(KH$Xmnob|&o`r_4{=tQD}WAvz?==qN{b8q|DlN(bG6E+< zZ`Q6$uLGsSh$Nq_X&a}H=}RnD(By*P4mK>GHcfA{{bq8 BW?29L literal 0 HcmV?d00001 diff --git a/tests/fuzz/corpus/s2n_memory_leak_negative_test/f1e74c60defd6659c6083e314b92d32995eb7cd9 b/tests/fuzz/corpus/s2n_memory_leak_negative_test/f1e74c60defd6659c6083e314b92d32995eb7cd9 new file mode 100644 index 0000000000000000000000000000000000000000..82452323a79b5a17674d7967203fe3195bffac0f GIT binary patch literal 4096 zcmW+(cVN$F6DP4pP=p$-L)}QF5klOdLuiQcQZ-+Dq^P3hO^Kq2)z~3Yp=eQwQBkTz zt=hastQxhq){YV5J@4PY@9%k@yZfwzgBCSG?DpEW+;j4^;pHkBsfMv#HF>rfwQ44^ z$o+6VPT8gURHCi(S9B)5S1qD3*1|_vDjm?K>ymw{%t||QzuhNT@wg0MMI}C3pr|*s z;imC1sZrNUtq9!3pGaTA3JeN%j#vuI0R4=2;!Uy5!Xs2rK%yquFxzUX=Nn<4qm?i0 zE7@u{K?uHsq+)esJ0h$!k}d*o@qWIVNTbFZ^@`?7?U)P)f`%vHBb#5EYd=q*Ik~KA zAF*!*r__4255n*r04g6`hi4M5XSY;V&5^2<0}{Hl!lT3RZWAsv_qgbCi8TW zLNbty8^0S@Tt*w9j>aXDdMt5>h=DQg437h(-X?-pWt^gsg?D8LXvuslX3M|yfVJdo z<7iq4p99G zF8r8C~T)n7KM1o0lN#CC&u`vrhswcO*;2$BqC>Ry(q_9nskT;`LwfYvE`L$&+; z3E{pP00nXd#=kHtyQ(yt%aIWZ#r~53XV;tkf%N zQv{)i%v=Uq?6^?|vR81ADBGcd{DTtsHEQdzR8h?)znH@&1Xo_J4H}=bel}I$Ao&Yr zFx45A#Y;A9PSfHvPw9gj4!9V=&OT{4DwO!P(tk*52n(HyE2JNd>}rd8!L@eX1%B)t z-4CY`S7LeO*V*xKykpWNm#kHpzey3g*T@_`{czU>#kT`sfSMjV3FjYasF#W=0e#Nq zR`@cgDRPh~kkE-uP=)`@f-da%D%l1E*N<(>(KCSc^g7?{yM4|`fAt=`Z zIE_QkJ4L@^*<}gnV_lA{1L?5N3Zw%(svlW77Y03#WBbw9B*$?Hyw+nHzl6=A^A7@x zJzDw#f-8i^JGOZY+upaKP}{BF!ewy1Ab5F-m5+cQ+&cb9GSX4Uq*jd`F-Z+=S%PkDtt;%($Z^@!WCJ|)-<{!tMk9EgVEo8)5Up77HuDIPBl7bG*|w*1%v}JhaPnc)ZLw{qPJfrrmbv7z?l1k@ zW&U*x-R@o|E^@0BQ2ctTd?pdPbry>&`6zXo&rR@~z8kKyv{eyw6GD z-u_v;0k7ofICl7@)2n!99DfzCd&uK|{*axjO&%PC@K7N*bwXRwoTYQ8SQ+MCa}OUwdH}(p@C1*YmuG`rAh?&I)-i zu|E#lc82Hl$Y@PxsvZXU+k_M_5zoxvetyt`a?>q$Fx;7IV^*qcBiR~99m7P-6>rw;)gTi z+5ZhCTvvvIsV%7b+y9y=fwu^&yl?Ut~fAvjL9(lSh|fXGHylh)<|{tY*5TcJ~WjcBjmzs9cVm< zB8Oj02;5ZNqSy`hS3JTQKy7lJl|`;ebW`bb<$X-}6S__*O-JUF%3b`&k|jNp>}HHc z%&rdo)HYo!@4c?swNd-AF1UNSyp%Y(Y_P_oy0jo28EaTjgma!~>|>eIU`wyM= zEkr-G?2o$4Q-U52;4qa6NF{jlD1BU+s>x*L(KTinec`H~^iP*dP{A8DKTg<_5g0oA z+u4`QI}fMJMW%F~L2<`GsTLVEJmr-?=M+$PPn7+YHGUq3&~iKBe{6NiA!*v}h-k#; z>Lt;3i-4U4!>ln?EKVn^*YvCKv%rTCZw!zZ9nz#UlvUVoZHDSE z8L2dr%VgB1gtpWMAL@fl+K4y=Gd4j1IyQ=$do3TGeuDTFq05%grNLH>aB~<#8#o7A;}1%yDhqfw`KSG+d3nKCB<3 zFIjHw+ix)aJY#z*zLJVHPkMPIct)B_ALG;?9YyF?YF!~WjO^F~5|f`iDYDN!@f)}K zJIr=g?TEMersvv5v~2u6crSMO}xO>f_-#3w7hV>_>?{M*8b8Y_tQxghM}TrrbKPX!I+| zDLWA`sSwH~&yxfnyaL2UxN#!MTa--60ksV^#WRSXc_qsoWLuu#?k>;yEpNJR8RV}e z%IUUI^yhb+8Ocihu$`4cl*o^cxWBu^IbwtZ=mUr4kiR|NNu-QX>?HOAyr;B6)`8BU zJkf3?{cI`FB^pM!>ja=E!1QIZ+axWR9&X4Qj5p+g!V z9z5)T+cXLDl2f<$d{vwgyN^G#>J^Q{Mz?E~LeQIzayY+Ye|K}Tcp7H!j5~TDao)d6 z6!UO_%{|XCHO9SZu2bK5-Pg|;K9SJAx##BaudiRM-toau(#!Lo@_ZlDYCGDEc>vb* zrRODlKe`~{c-H|7Yh3!!;1Vvxblf$+VwAOllRFm<{+i!k`zpbdsIv>BM}Dm`djVH- zH?>A7r}QMIjU4sU#F{>c-TXPD>a|i!Ni@WQ6U|Dh1x@ZWg25`JW_mMf7-teEhYEr zH{#-1noYI1xA6%NcC;4>6qwwkWwUdO*S5#@WBTHD?xCFGOVnU0U~EzOY~e_tUgirM z44A8UrpeiGqw%YXy-L@5U^a)GC>&lXpUh(%OB0i4dD17DQf#qiJ)ahV{iT_-`M=Lh zWWJFyh&19^Y-}Cc8_x{it6%eT$5ZL=qi*qia80OP|LFqouU-MAQzlZF(!woA#SX=|@gQ7vu7bXoBS%lUZ_Ddm6#gS&iGGEAyD7Y4OeeciJACA< zb65J46?gu9C#P@>6wrie)Jt&H;`yB%49|VwIXA-|qzLHvoAU7Tm78wY4z_uW?oH1V z+C_NQ$7?)u(=Q3fY_{G(h$OlGl2VdvYU+r_H3sXV=z&sY+<=Dnxb+IKqE`cAe^6^u zJBCBvO%FS0Kk7etbuv^m%MJGVowl0h5xa8e>W`yfx=+E&%Har%dW9Irssr=Rl#wKB z*nCa2%D%=?bRJ(cmTOOpz#4~kfsPhAltpc|#0{Bb8e^%@5-#Bej@I}YF*UYK`4S8A zB)ulRptpDVYyd#u!r{4{4ewDtj!N_7W>RR?z*ijE@pqtc0pC*AL$T~fj7|6wXuYNI EKZ}53;s5{u literal 0 HcmV?d00001 diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh new file mode 100755 index 00000000000..f4c94394af5 --- /dev/null +++ b/tests/fuzz/runFuzzTest.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"). +# You may not use this file except in compliance with the License. +# A copy of the License is located at +# +# http://aws.amazon.com/apache2.0 +# +# or in the "license" file accompanying this file. This file is distributed +# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either +# express or implied. See the License for the specific language governing +# permissions and limitations under the License. +# + +set -e + +usage() { + echo "Usage: runFuzzTest.sh TEST_NAME FUZZ_TIMEOUT_SEC" + exit 1 +} + +if [ "$#" -ne "2" ]; then + usage +fi + +TEST_NAME=$1 +FUZZ_TIMEOUT_SEC=$2 + +if [[ $TEST_NAME == *_negative_test ]]; +then + EXPECTED_TEST_FAILURE=1 +else + EXPECTED_TEST_FAILURE=0 +fi + +ASAN_OPTIONS+="symbolize=1" +LSAN_OPTIONS+="log_threads=1" +UBSAN_OPTIONS+="print_stacktrace=1" +LIBFUZZER_ARGS+="-timeout=5 -max_len=4096 -use_traces=1 -print_final_stats=1 -jobs=32 -workers=32 -max_total_time=${FUZZ_TIMEOUT_SEC}" + +TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so" +GLOBAL_OVERRIDES="${PWD}/LD_PRELOAD/global_overrides.so" + +if [ -e $TEST_SPECIFIC_OVERRIDES ]; +then + export LD_PRELOAD="$TEST_SPECIFIC_OVERRIDES $GLOBAL_OVERRIDES" +else + export LD_PRELOAD="$GLOBAL_OVERRIDES" +fi + +ACTUAL_TEST_FAILURE=0 +printf "Running %-40s for %5d sec... " ${TEST_NAME} ${FUZZ_TIMEOUT_SEC} +./${TEST_NAME} ${LIBFUZZER_ARGS} ./corpus/${TEST_NAME} > ${TEST_NAME}_output.txt 2>&1 || ACTUAL_TEST_FAILURE=1 + +TEST_COUNT=`grep -o "stat::number_of_executed_units: [0-9]*" ${TEST_NAME}_output.txt | awk '{test_count += $2} END {print test_count}'` +BRANCH_COVERAGE=`grep -o "cov: [0-9]*" ${TEST_NAME}_output.txt | awk '{print $2}' | sort | tail -1` + +if [ $ACTUAL_TEST_FAILURE == $EXPECTED_TEST_FAILURE ]; +then + printf "\033[32;1mPASSED\033[0m %12d tests, %8d branches covered\n" $TEST_COUNT $BRANCH_COVERAGE +else + cat ${TEST_NAME}_output.txt + printf "\033[31;1mFAILED\033[0m %12d tests, %8d branches covered\n" $TEST_COUNT $BRANCH_COVERAGE + exit -1 +fi \ No newline at end of file diff --git a/tests/fuzz/s2n_memory_leak_negative_test.c b/tests/fuzz/s2n_memory_leak_negative_test.c new file mode 100644 index 00000000000..194c831a59f --- /dev/null +++ b/tests/fuzz/s2n_memory_leak_negative_test.c @@ -0,0 +1,203 @@ +/* + * Copyright 2016 Amazon.com, Inc. or its affiliates. All Rights Reserved. + * + * Licensed under the Apache License, Version 2.0 (the "License"). + * You may not use this file except in compliance with the License. + * A copy of the License is located at + * + * http://aws.amazon.com/apache2.0 + * + * or in the "license" file accompanying this file. This file is distributed + * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either + * express or implied. See the License for the specific language governing + * permissions and limitations under the License. + */ + +#include +#include +#include +#include +#include +#include +#include + +#include "api/s2n.h" +#include "stuffer/s2n_stuffer.h" +#include "tls/s2n_cipher_suites.h" +#include "tls/s2n_config.h" +#include "tls/s2n_connection.h" +#include "tls/s2n_crypto.h" +#include "tls/s2n_tls.h" +#include "tls/s2n_tls_parameters.h" +#include "utils/s2n_safety.h" +#include "s2n_test.h" + +static char certificate_chain[] = + "-----BEGIN CERTIFICATE-----\n" + "MIICrTCCAZUCAn3VMA0GCSqGSIb3DQEBBQUAMB4xHDAaBgNVBAMME3MyblRlc3RJ\n" + "bnRlcm1lZGlhdGUwIBcNMTYwMzMwMTg1NzQzWhgPMjExNjAzMDYxODU3NDNaMBgx\n" + "FjAUBgNVBAMMDXMyblRlc3RTZXJ2ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw\n" + "ggEKAoIBAQDRw6AuYXAeRT0YuptCfJjRB/EDJyyGXnv+8TV2H1WJWhMLk8qND27r\n" + "79A6EjbVmJaOV9qrokVqpDmXS712Z3BDprJ+1LFMymm3A+AFuK/skeGy0skik+Tg\n" + "MmFT5XBVvmsw4uB1S9uUqktHauXgjhFPPsfvk4ewL4LulVEN2TEeI1Odj4CaMxAO\n" + "Iuowm8wI2OHVzRHlrRmyJ9hYGuHHQ2TaTGIjr3WpAFuXi9pHGGMYa0uXAVPmgjdE\n" + "XZ8t46u/ZKQ9W1uJkZEVKhcijT7G2VBrsBUq0CDiL+TDaGfthnBzUc9zt4fx/S/3\n" + "qulC2WbKI3xrasQyjrsHTAJ75Md3rK09AgMBAAEwDQYJKoZIhvcNAQEFBQADggEB\n" + "AHHkXNA9BtgAebZC2zriW4hRfeIkJMOwvfKBXHTuY5iCLD1otis6AZljcCKXM6O9\n" + "489eHBC4T6mJwVsXhH+/ccEKqNRD2bUfQgOij32PsteV1eOHfHIFqdJmnBVb8tYa\n" + "jxUvy7UQvXrPqaHbODrHe+7f7r1YCzerujiP5SSHphY3GQq88KemfFczp/4GnYas\n" + "sE50OYe7DQcB4zvnxmAXp51JIN4ooktUU9oKIM5y2cgEWdmJzeqPANYxf0ZIPlTg\n" + "ETknKw1Dzf8wlK5mFbbG4LPQh1mkDVcwQV3ogG6kGMRa7neH+6SFkNpAKuPCoje4\n" + "NAE+WQ5ve1wk7nIRTQwDAF4=\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDKTCCAhGgAwIBAgICVxYwDQYJKoZIhvcNAQEFBQAwFjEUMBIGA1UEAwwLczJu\n" + "VGVzdFJvb3QwIBcNMTYwMzMwMTg1NzA5WhgPMjExNjAzMDYxODU3MDlaMB4xHDAa\n" + "BgNVBAMME3MyblRlc3RJbnRlcm1lZGlhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB\n" + "DwAwggEKAoIBAQDM/i3eclxYcvedPCEnVe6A/HYsYPeP1qKBZQhbpuuX061jFZKw\n" + "lecb0eau1PORLbcsYK40u3xUzoA5u6Q0ebDuqPbqSJkCazsh66cu9STl8ubbk7oI\n" + "8LJjUJFhhy2Jmm9krXhPyRscU+CXOCZ2G1GhBqTI8cgMYhEVHwb3qy1EHg6G3n4W\n" + "AjV+cKQcbUytq8DRmVe0bNJxDOX8ivzfAp3lUIwub+JfpxrWIUhb3iVGj5CauI98\n" + "bNFHTWwYp7tviIIi21Q+L3nExCyE4yTUP/mebBZ62JnbvsWSs3r3//Am5d8G3WdY\n" + "BXsERoDoLBvHnqlO/oo4ppGCRI7GkDroACi/AgMBAAGjdzB1MAwGA1UdEwQFMAMB\n" + "Af8wHQYDVR0OBBYEFGqUKVWVlL03sHuOggFACdlHckPBMEYGA1UdIwQ/MD2AFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwToRqkGDAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdIIJ\n" + "ANDUkH+UYdz1MA0GCSqGSIb3DQEBBQUAA4IBAQA3O3S9VT0EC1yG4xyNNUZ7+CzF\n" + "uFA6uiO38ygcN5Nz1oNPy2eQer7vYmrHtqN6gS/o1Ag5F8bLRCqeuZTsOG80O29H\n" + "kNhs5xYprdU82AqcaWwEd0kDrhC5rEvs6fj1J0NKmmhbovYxuDboj0a7If7HEqX0\n" + "NizyU3M3JONPZgadchZ+F5DosatF1Bpt/gsQRy383IogQ0/FS+juHCCc4VIUemuk\n" + "YY1J8o5XdrGWrPBBiudTWqCobe+N541b+YLWbajT5UKzvSqJmcqpPTniJGc9eZxc\n" + "z3cCNd3cKa9bK51stEnQSlA7PQXYs3K+TD3EmSn/G2x6Hmfr7lrpbIhEaD+y\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIDATCCAemgAwIBAgIJANDUkH+UYdz1MA0GCSqGSIb3DQEBCwUAMBYxFDASBgNV\n" + "BAMMC3MyblRlc3RSb290MCAXDTE2MDMzMDE4NTYzOVoYDzIxMTYwMzA2MTg1NjM5\n" + "WjAWMRQwEgYDVQQDDAtzMm5UZXN0Um9vdDCCASIwDQYJKoZIhvcNAQEBBQADggEP\n" + "ADCCAQoCggEBAMY5532000oaeed7Jmo3ssx1723ZDLpn3WGz6FxpWM0zsKA/YvdD\n" + "7J6qXDvfxU6dZlmsCS+bSNAqpARKmKsBEDPTsdLmrN1V1clOxvKm6GvU1eloRTw6\n" + "xukEUXJ+uxrQMLYvSJBiCBVGI+UYNCK5c6guNMRYBCGdk5/iayjmK0Nxz1918Cx9\n" + "z4va8HPAgYIz0ogOdYB21O9FQGPdH1mYqRzljcSsZ7EFo1P8HJr8oKK76ZeYi2or\n" + "pjzMHGnlufHaul508wQPeFAMa1Tku3HyGZRaieRAck6+QcO2NujXxKNyCBlWON23\n" + "FQTuBjN/CAl74MZtcAM2hVSmpm9t4cWVN5MCAwEAAaNQME4wHQYDVR0OBBYEFE2X\n" + "AbNDryMlBpMNI6Ce927uUFwTMB8GA1UdIwQYMBaAFE2XAbNDryMlBpMNI6Ce927u\n" + "UFwTMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAXkVvQdXDmozPix\n" + "uZi1o9cw4Si0syqfJ4sSunrzPbbmw/Qxhth5V7XGrnsQVNxamgnbzpjGhiBF6isM\n" + "ldj33zQYtke+ojOjFlhEvrPo6eW29RkLBEtJadGs2bkMLztJbf+cbH2u6irzr6S4\n" + "3OgVOSuB+zG56ksTnEVmum+C/8tSIAyi3eaoStPcgEU8+3/KMrH7uuenmTOCKdD1\n" + "FvSDHXT9qPgTttVQGXbXzJEr5tGE+Py6yib5uoJ0dJZNtjs7HOQEDk5J0wZaX0DC\n" + "MShYLiN5qLJAk0qwl+js488BJ18M9dg4TxdBYFkwHSzKXSj9TJN77Bb0RZr8LL9T\n" + "r9IyvfU=\n" + "-----END CERTIFICATE-----\n"; + +static char private_key[] = + "-----BEGIN RSA PRIVATE KEY-----\n" + "MIIEpAIBAAKCAQEA0cOgLmFwHkU9GLqbQnyY0QfxAycshl57/vE1dh9ViVoTC5PK\n" + "jQ9u6+/QOhI21ZiWjlfaq6JFaqQ5l0u9dmdwQ6ayftSxTMpptwPgBbiv7JHhstLJ\n" + "IpPk4DJhU+VwVb5rMOLgdUvblKpLR2rl4I4RTz7H75OHsC+C7pVRDdkxHiNTnY+A\n" + "mjMQDiLqMJvMCNjh1c0R5a0ZsifYWBrhx0Nk2kxiI691qQBbl4vaRxhjGGtLlwFT\n" + "5oI3RF2fLeOrv2SkPVtbiZGRFSoXIo0+xtlQa7AVKtAg4i/kw2hn7YZwc1HPc7eH\n" + "8f0v96rpQtlmyiN8a2rEMo67B0wCe+THd6ytPQIDAQABAoIBAF3evYAD+riRI5Y9\n" + "a92FBJ4Gf8R5c2NuRO8B4nrJ6u1ccclsieg2T90lpHlYTVGoxzdL+X91Trs6Ysti\n" + "CZdDEuozXw2DARTsQAK2qTnmPFQRtH7h9UCUDoiGAygYNP0qCa4G2YukNs+Apc9/\n" + "9v9WlEhyP+bmjoI5wM4j4/HekCx7syHuiqJ74//oTzNamT0aWHwgXAUmEYZ/1+nT\n" + "0KInmtmIOFgsWHcojwQ6sZJ3eVvy66EqHLZKQYZa2tx0YjrEJMQi1drg6VV+lLCR\n" + "rEtsoltgdN2G9v3P6KrHXsrCYaaZKhog9B1OSI2Amv3YWZHXppK12+aSy774lUUz\n" + "qVur5cECgYEA7oCOQoRZo76wztS+yDeq173B2gPHKSIrWvaLDkCAPOQPVzJZ4Qc+\n" + "8OEDU6HB9P0MYDsKBxZY85uzWP+dAlsmcL0C86WibOuYERPKQIcAn3KSzFiIxH3R\n" + "OAbaLtSLN3lDAH50PhP9BguiSfBjI6w4Qsr7jlQgdpzG4h4LjvotbWMCgYEA4SdT\n" + "QQJhHiLtBFo91ItRUzhePvUDfV8XvNfAwZj8cY2+oenkK2+bp35xteBV6Gu1cYnd\n" + "V2yFgzMZ/jDvqfUn/8EVAGvEFrLtsUpXeyHhgmVT490RsPxC9xU9jf5LsvZ4zjsj\n" + "CsFZW0JnhKkF6M5wztWtO3yKCilmXSOIFvorTN8CgYEAoK2LKdTwbxhxFWbOgSS/\n" + "vEji6HXTHysd+lJOrHNX8a3Th/MsCiZPiQiOrTE08k/onown3U547uXelf7fUE8I\n" + "PruX2X2lR6wQ7rBeecp56PHPZEvhGD+LTCuRoise/2h6c0K+HXRp6kC8PQPuRoIo\n" + "BRerEeArXr2QX5XOQ6zYHfECgYEAp0L9mDfaSfcMOMWJVVJCEh639PEzrHluOv3U\n" + "1n1+XCU+zy3gMVxyN9W5R7HmYAlT+4q9geq+rJ7T2oAkKxBSrK6VmYB1ZZ968NAX\n" + "eQPMcYAw+AAM2nwsiz2eQtP9DHAJgrtv5teIOEF2gZjHKRHjv+QBE0YLjkz/HIX+\n" + "3YLvk+UCgYAgpAWk4YW4dAcZ8Y04Ke2pjMvEu44hHphOmk6AZl0Xl9tJwxlV8GVx\n" + "o3L4hbjHqyJo3+DZZYM7udMx9axbX9JHYRaLNJpc8UxQZj7d3TehC9Dw9/DzhIy/\n" + "6sml30j/GHvnW5DOlpsdNKDlxoFX+hncXYIjyVTGRNdsSwa4VVm+Xw==\n" + "-----END RSA PRIVATE KEY-----\n"; + +static char dhparams[] = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEAy1+hVWCfNQoPB+NA733IVOONl8fCumiz9zdRRu1hzVa2yvGseUSq\n" + "Bbn6k0FQ7yMED6w5XWQKDC0z2m0FI/BPE3AjUfuPzEYGqTDf9zQZ2Lz4oAN90Sud\n" + "luOoEhYR99cEbCn0T4eBvEf9IUtczXUZ/wj7gzGbGG07dLfT+CmCRJxCjhrosenJ\n" + "gzucyS7jt1bobgU66JKkgMNm7hJY4/nhR5LWTCzZyzYQh2HM2Vk4K5ZqILpj/n0S\n" + "5JYTQ2PVhxP+Uu8+hICs/8VvM72DznjPZzufADipjC7CsQ4S6x/ecZluFtbb+ZTv\n" + "HI5CnYmkAwJ6+FSWGaZQDi8bgerFk9RWwwIBAg==\n" + "-----END DH PARAMETERS-----\n"; + +static int MAX_NEGOTIATION_ATTEMPTS = 10; + +int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) { + GUARD(s2n_init()); + GUARD(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); + return 0; +} + + +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { + if(len < S2N_TLS_RECORD_HEADER_LENGTH){ + return 0; + } + + /* Set up File Descriptors from client to server*/ + int client_to_server[2]; + GUARD(pipe(client_to_server)); + + for (int i = 0; i < 2; i++) { + GUARD(fcntl(client_to_server[i], F_SETFL, fcntl(client_to_server[i], F_GETFL) | O_NONBLOCK)); + } + + /* Set up Server Config */ + struct s2n_config *server_config; + notnull_check(server_config = s2n_config_new()); + GUARD(s2n_config_add_cert_chain_and_key(server_config, certificate_chain, private_key)); + GUARD(s2n_config_add_dhparams(server_config, dhparams)); + + /* Set up Server Connection */ + struct s2n_connection *server_conn; + notnull_check(server_conn = s2n_connection_new(S2N_SERVER)); + GUARD(s2n_connection_set_read_fd(server_conn, client_to_server[0])); + GUARD(s2n_connection_set_config(server_conn, server_config)); + GUARD(s2n_connection_set_blinding(server_conn, S2N_SELF_SERVICE_BLINDING)); + server_conn->delay = 0; + + /* Set Server write FD to -1, to skip writing data since server out data is never read. */ + GUARD(s2n_connection_set_write_fd(server_conn, -1)); + + /* Set up Client Connection */ + struct s2n_connection *client_conn; + notnull_check(client_conn = s2n_connection_new(S2N_CLIENT)); + GUARD(s2n_connection_set_write_fd(client_conn, client_to_server[1])); + + /* Write data to client out file descriptor so that it is recieved by the server */ + struct s2n_stuffer *client_out = &client_conn->out; + GUARD(s2n_stuffer_write_bytes(client_out, buf, len)); + s2n_blocked_status client_blocked; + GUARD(s2n_flush(client_conn, &client_blocked)); + eq_check(client_blocked, S2N_NOT_BLOCKED); + + /* Let Server receive data and attempt Negotiation */ + int numAttemptedNegotiations = 0; + s2n_blocked_status server_blocked; + do { + s2n_negotiate(server_conn, &server_blocked); + numAttemptedNegotiations += 1; + } while(!server_blocked && numAttemptedNegotiations < MAX_NEGOTIATION_ATTEMPTS); + + /* Clean up */ + GUARD(s2n_connection_wipe(server_conn)); + GUARD(s2n_connection_wipe(client_conn)); + + for (int i = 0; i < 2; i++) { + GUARD(close(client_to_server[i])); + } + + GUARD(s2n_config_free(server_config)); + GUARD(s2n_connection_free(server_conn)); + GUARD(s2n_connection_free(client_conn)); + + return 0; +} diff --git a/tls/s2n_client_hello.c b/tls/s2n_client_hello.c index bee438c8958..58ba9d1542d 100644 --- a/tls/s2n_client_hello.c +++ b/tls/s2n_client_hello.c @@ -106,12 +106,6 @@ int s2n_client_hello_recv(struct s2n_connection *conn) int s2n_client_hello_send(struct s2n_connection *conn) { uint32_t gmt_unix_time = time(NULL); - - /* If S2N_UNSAFE_FUZZING_MODE is enabled, override the system time to 0 to ensure fuzz tests are deterministic. */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - gmt_unix_time = 0; - #endif - struct s2n_stuffer *out = &conn->handshake.io; struct s2n_stuffer client_random; struct s2n_blob b, r; diff --git a/tls/s2n_client_key_exchange.c b/tls/s2n_client_key_exchange.c index 601e360a596..10693dfabb5 100644 --- a/tls/s2n_client_key_exchange.c +++ b/tls/s2n_client_key_exchange.c @@ -71,12 +71,6 @@ static int s2n_rsa_client_key_recv(struct s2n_connection *conn) /* Set rsa_failed to 1, if it isn't already, if the protocol version isn't what we expect */ conn->handshake.rsa_failed |= !s2n_constant_time_equals(client_protocol_version, pms.data, S2N_TLS_PROTOCOL_VERSION_LEN); - /* If S2N_UNSAFE_FUZZING_MODE is enabled, then always assume that RSA did not fail in order to aid with code - * coverage in fuzz tests. */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - conn->handshake.rsa_failed = 0; - #endif - /* Turn the pre-master secret into a master secret */ GUARD(s2n_prf_master_secret(conn, &pms)); diff --git a/tls/s2n_server_hello.c b/tls/s2n_server_hello.c index fc8a0b59fc6..25b5c77da5c 100644 --- a/tls/s2n_server_hello.c +++ b/tls/s2n_server_hello.c @@ -111,12 +111,6 @@ int s2n_server_hello_recv(struct s2n_connection *conn) int s2n_server_hello_send(struct s2n_connection *conn) { uint32_t gmt_unix_time = time(NULL); - - /* If S2N_UNSAFE_FUZZING_MODE is enabled, override the system time to 0, to ensure fuzz tests are deterministic. */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - gmt_unix_time = 0; - #endif - struct s2n_stuffer *out = &conn->handshake.io; struct s2n_stuffer server_random; struct s2n_blob b, r; diff --git a/utils/s2n_random.c b/utils/s2n_random.c index 35d9d76a8a6..32b51675182 100644 --- a/utils/s2n_random.c +++ b/utils/s2n_random.c @@ -108,16 +108,6 @@ int s2n_get_private_random_bytes_used(void) int s2n_get_urandom_data(struct s2n_blob *blob) { - /* If S2N_UNSAFE_FUZZING_MODE is enabled, then generate fake random numbers in order to ensure that fuzz tests are - * deterministic and repeatable. Should return non-zero values since this function may be called repeatedly at - * startup until a non-zero value is returned. */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - for(int i=0; i < blob->size; i++){ - blob->data[i] = 4; // Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ - } - return 0; - #endif - uint32_t n = blob->size; uint8_t *data = blob->data; diff --git a/utils/s2n_safety.c b/utils/s2n_safety.c index c4e171a39a4..45757d7f616 100644 --- a/utils/s2n_safety.c +++ b/utils/s2n_safety.c @@ -39,13 +39,6 @@ pid_t s2n_actual_getpid() int s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, uint32_t len) { - /* If compiled with S2N_UNSAFE_FUZZING_MODE, allow all signatures checked with s2n_constant_time_equals to always - * pass verification even if they are invalid in order to aid code coverage with fuzz tests. - */ - #if defined(S2N_UNSAFE_FUZZING_MODE) - return !0; - #endif - uint8_t xor = 0; for (int i = 0; i < len; i++) { xor |= a[i] ^ b[i]; From a9755f6fec9916b56860f6e157d8678f3c147df8 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 18 Jul 2016 11:13:52 -0700 Subject: [PATCH 08/14] clean up LD_PRELOAD Makefile --- tests/fuzz/LD_PRELOAD/Makefile | 3 --- 1 file changed, 3 deletions(-) diff --git a/tests/fuzz/LD_PRELOAD/Makefile b/tests/fuzz/LD_PRELOAD/Makefile index ec35898a145..4b659e4923b 100644 --- a/tests/fuzz/LD_PRELOAD/Makefile +++ b/tests/fuzz/LD_PRELOAD/Makefile @@ -14,10 +14,7 @@ # SRCS=$(wildcard *.c) -#OBJS = $(wildcard ../../../utils/*.o ../../../stuffer/*.o ../../../tls/*.o ../../../iana/*.o ../../../crypto/*.o ../../../error/*.o $(LIBCRYPTO_ROOT)/lib/libcrypto.a) -OBJS=$(SRCS:.c=.o) OVERRIDES=$(SRCS:.c=) -CRYPTO_LDFLAGS = -L$(LIBCRYPTO_ROOT)/lib .PHONY : all all : $(OVERRIDES) From 339489912969177d39bc60286f28c41c35746c09 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 18 Jul 2016 11:20:40 -0700 Subject: [PATCH 09/14] moving opening curly brace to its own line, and using snake_case instead of camelCase --- tests/fuzz/s2n_memory_leak_negative_test.c | 12 +++++++----- tests/fuzz/s2n_server_fuzz_test.c | 12 +++++++----- 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/tests/fuzz/s2n_memory_leak_negative_test.c b/tests/fuzz/s2n_memory_leak_negative_test.c index 194c831a59f..1f4b54968b9 100644 --- a/tests/fuzz/s2n_memory_leak_negative_test.c +++ b/tests/fuzz/s2n_memory_leak_negative_test.c @@ -130,14 +130,16 @@ static char dhparams[] = static int MAX_NEGOTIATION_ATTEMPTS = 10; -int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) { +int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) +{ GUARD(s2n_init()); GUARD(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); return 0; } -int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ if(len < S2N_TLS_RECORD_HEADER_LENGTH){ return 0; } @@ -180,12 +182,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { eq_check(client_blocked, S2N_NOT_BLOCKED); /* Let Server receive data and attempt Negotiation */ - int numAttemptedNegotiations = 0; + int num_attempted_negotiations = 0; s2n_blocked_status server_blocked; do { s2n_negotiate(server_conn, &server_blocked); - numAttemptedNegotiations += 1; - } while(!server_blocked && numAttemptedNegotiations < MAX_NEGOTIATION_ATTEMPTS); + num_attempted_negotiations += 1; + } while(!server_blocked && num_attempted_negotiations < MAX_NEGOTIATION_ATTEMPTS); /* Clean up */ GUARD(s2n_connection_wipe(server_conn)); diff --git a/tests/fuzz/s2n_server_fuzz_test.c b/tests/fuzz/s2n_server_fuzz_test.c index 194c831a59f..1f4b54968b9 100644 --- a/tests/fuzz/s2n_server_fuzz_test.c +++ b/tests/fuzz/s2n_server_fuzz_test.c @@ -130,14 +130,16 @@ static char dhparams[] = static int MAX_NEGOTIATION_ATTEMPTS = 10; -int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) { +int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) +{ GUARD(s2n_init()); GUARD(setenv("S2N_ENABLE_CLIENT_MODE", "1", 0)); return 0; } -int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { +int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) +{ if(len < S2N_TLS_RECORD_HEADER_LENGTH){ return 0; } @@ -180,12 +182,12 @@ int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { eq_check(client_blocked, S2N_NOT_BLOCKED); /* Let Server receive data and attempt Negotiation */ - int numAttemptedNegotiations = 0; + int num_attempted_negotiations = 0; s2n_blocked_status server_blocked; do { s2n_negotiate(server_conn, &server_blocked); - numAttemptedNegotiations += 1; - } while(!server_blocked && numAttemptedNegotiations < MAX_NEGOTIATION_ATTEMPTS); + num_attempted_negotiations += 1; + } while(!server_blocked && num_attempted_negotiations < MAX_NEGOTIATION_ATTEMPTS); /* Clean up */ GUARD(s2n_connection_wipe(server_conn)); From 869d7bf87c4ffd497c2a7d40e33eff47e5199725 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 18 Jul 2016 11:30:03 -0700 Subject: [PATCH 10/14] Adding Clean up logic for negative fuzz tests --- tests/fuzz/runFuzzTest.sh | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/tests/fuzz/runFuzzTest.sh b/tests/fuzz/runFuzzTest.sh index f4c94394af5..4c632a9f96b 100755 --- a/tests/fuzz/runFuzzTest.sh +++ b/tests/fuzz/runFuzzTest.sh @@ -43,9 +43,9 @@ TEST_SPECIFIC_OVERRIDES="${PWD}/LD_PRELOAD/${TEST_NAME}_overrides.so" GLOBAL_OVERRIDES="${PWD}/LD_PRELOAD/global_overrides.so" if [ -e $TEST_SPECIFIC_OVERRIDES ]; -then +then export LD_PRELOAD="$TEST_SPECIFIC_OVERRIDES $GLOBAL_OVERRIDES" -else +else export LD_PRELOAD="$GLOBAL_OVERRIDES" fi @@ -58,8 +58,13 @@ BRANCH_COVERAGE=`grep -o "cov: [0-9]*" ${TEST_NAME}_output.txt | awk '{print $2} if [ $ACTUAL_TEST_FAILURE == $EXPECTED_TEST_FAILURE ]; then + if [ $EXPECTED_TEST_FAILURE == 1 ]; + then + # Clean up LibFuzzer corpus files if the test is negative. + rm -f leak-* crash-* + fi printf "\033[32;1mPASSED\033[0m %12d tests, %8d branches covered\n" $TEST_COUNT $BRANCH_COVERAGE -else +else cat ${TEST_NAME}_output.txt printf "\033[31;1mFAILED\033[0m %12d tests, %8d branches covered\n" $TEST_COUNT $BRANCH_COVERAGE exit -1 From 60c7aafaf397f8d2074b7a663cd6349b142959ba Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Mon, 18 Jul 2016 11:39:00 -0700 Subject: [PATCH 11/14] Updating .gitignore --- .gitignore | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.gitignore b/.gitignore index 17450f14c1b..89350529989 100644 --- a/.gitignore +++ b/.gitignore @@ -6,5 +6,12 @@ libcrypto-build/* libcrypto-root/* tests/unit/*_test +tests/fuzz/fuzz-*.log bin/s2nc bin/s2nd +util-linux-* +Python-* +clang-* +fuzz_dependencies/* +.travis/prlimit +.travis/.libs/* From f0f5105620b5a6d71281aedcf081ccebc9afac53 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Tue, 19 Jul 2016 12:28:25 -0700 Subject: [PATCH 12/14] Fixing Comment style and spacing --- tests/fuzz/LD_PRELOAD/global_overrides.c | 27 ++++++++++++------- .../s2n_server_fuzz_test_overrides.c | 16 ++++++----- tests/fuzz/s2n_memory_leak_negative_test.c | 3 +-- tests/fuzz/s2n_server_fuzz_test.c | 3 +-- 4 files changed, 28 insertions(+), 21 deletions(-) diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c index 0e70921ed25..085e78d1e74 100644 --- a/tests/fuzz/LD_PRELOAD/global_overrides.c +++ b/tests/fuzz/LD_PRELOAD/global_overrides.c @@ -19,14 +19,18 @@ #include #include "crypto/s2n_drbg.h" + #include "stuffer/s2n_stuffer.h" + #include "utils/s2n_safety.h" #include "utils/s2n_random.h" int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { - // If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. - // This function should return non-zero values since this function may be called repeatedly at startup until a non-zero - // value is returned. + + /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. + * This function should generate non-zero values since this function may be called repeatedly at startup until a + * non-zero value is generated. + */ s2n_get_urandom_data(blob); drbg->bytes_used += blob->size; return 0; @@ -34,14 +38,15 @@ int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, int wfd, uint32_t len) { - // Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip - // writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read. + /* Override the original s2n_stuffer_send_to_fd to check if the write file descriptor is -1, and if so, skip + * writing anything. This is to speed up fuzz tests that write unnecessary data that is never actually read. + */ if(wfd == -1){ stuffer->read_cursor += len; return len; } - // Otherwise, call the original s2n_stuffer_send_to_fd() + /* Otherwise, call the original s2n_stuffer_send_to_fd() */ typedef int (*orig_s2n_stuffer_send_to_fd_func_type)(struct s2n_stuffer *stuffer, int wfd, uint32_t len); orig_s2n_stuffer_send_to_fd_func_type orig_s2n_stuffer_send_to_fd; orig_s2n_stuffer_send_to_fd = (orig_s2n_stuffer_send_to_fd_func_type) dlsym(RTLD_NEXT, "s2n_stuffer_send_to_fd"); @@ -49,11 +54,13 @@ int s2n_stuffer_send_to_fd(struct s2n_stuffer *stuffer, int wfd, uint32_t len) } int s2n_get_urandom_data(struct s2n_blob *blob){ - // If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. - // This function should return non-zero values since this function may be called repeatedly at startup until a non-zero - // value is returned. + + /* If fuzzing, only generate "fake" random numbers in order to ensure that fuzz tests are deterministic and repeatable. + * This function should generate non-zero values since this function may be called repeatedly at startup until a + * non-zero value is generated. + */ for(int i=0; i < blob->size; i++){ - blob->data[i] = 4; // Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ + blob->data[i] = 4; /* Fake RNG. Chosen by fair dice roll. https://xkcd.com/221/ */ } return 0; } diff --git a/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c b/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c index 53954b764a1..afc477b98cb 100644 --- a/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c +++ b/tests/fuzz/LD_PRELOAD/s2n_server_fuzz_test_overrides.c @@ -25,8 +25,9 @@ time_t time (time_t *__timer) { - // Always assume the time is zero when fuzzing the server, this is to ensure that Fuzz tests are deterministic and - // don't depend on the time the test was run. + /* Always assume the time is zero when fuzzing the server, this is to ensure that Fuzz tests are deterministic and + * don't depend on the time the test was run. + */ return 0; } @@ -34,26 +35,27 @@ time_t time (time_t *__timer) int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, const unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { - // Always assume that the RSA_verify function passes + /* Always assume that the RSA_verify function passes */ return 1; } int s2n_constant_time_equals(const uint8_t *a, const uint8_t *b, uint32_t len) { - // Allow all signatures checked with s2n_constant_time_equals to always pass verification even if they are invalid - // in order to aid code coverage with server fuzz test. + /* Allow all signatures checked with s2n_constant_time_equals to always pass verification even if they are invalid + * in order to aid code coverage with server fuzz test. + */ return !0; } int s2n_rsa_client_key_recv(struct s2n_connection *conn) { - // Perform the original function + /* Perform the original function */ typedef int (*orig_s2n_rsa_client_key_recv_func_type)(struct s2n_connection *conn); orig_s2n_rsa_client_key_recv_func_type orig_s2n_rsa_client_key_recv; orig_s2n_rsa_client_key_recv = (orig_s2n_rsa_client_key_recv_func_type) dlsym(RTLD_NEXT, "s2n_rsa_client_key_recv"); int original_return_code = orig_s2n_rsa_client_key_recv(conn); - // Then, overwrite the RSA Failed flag to false before returning, this will help fuzzing code coverage. + /* Then, overwrite the RSA Failed flag to false before returning, this will help fuzzing code coverage. */ conn->handshake.rsa_failed = 0; return original_return_code; diff --git a/tests/fuzz/s2n_memory_leak_negative_test.c b/tests/fuzz/s2n_memory_leak_negative_test.c index 1f4b54968b9..ff61a1117e9 100644 --- a/tests/fuzz/s2n_memory_leak_negative_test.c +++ b/tests/fuzz/s2n_memory_leak_negative_test.c @@ -137,14 +137,13 @@ int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) return 0; } - int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { if(len < S2N_TLS_RECORD_HEADER_LENGTH){ return 0; } - /* Set up File Descriptors from client to server*/ + /* Set up File Descriptors from client to server */ int client_to_server[2]; GUARD(pipe(client_to_server)); diff --git a/tests/fuzz/s2n_server_fuzz_test.c b/tests/fuzz/s2n_server_fuzz_test.c index 1f4b54968b9..ff61a1117e9 100644 --- a/tests/fuzz/s2n_server_fuzz_test.c +++ b/tests/fuzz/s2n_server_fuzz_test.c @@ -137,14 +137,13 @@ int LLVMFuzzerInitialize(const uint8_t *buf, size_t len) return 0; } - int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len) { if(len < S2N_TLS_RECORD_HEADER_LENGTH){ return 0; } - /* Set up File Descriptors from client to server*/ + /* Set up File Descriptors from client to server */ int client_to_server[2]; GUARD(pipe(client_to_server)); From 1cc787cb0f62b4eb33379fd1b507c3e273764e3a Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Tue, 26 Jul 2016 14:24:21 -0700 Subject: [PATCH 13/14] Passing PATH env variable to sudo --- .travis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 62d46f08d95..07ab7b0397c 100644 --- a/.travis.yml +++ b/.travis.yml @@ -32,7 +32,7 @@ install: # Download and Install Openssl - .travis/install_openssl.sh `pwd`/libcrypto-build `pwd`/libcrypto-root $TRAVIS_OS_NAME > /dev/null # Install python linked with our compiled Openssl for integration tests - - sudo .travis/install_python.sh `pwd`/libcrypto-root > /dev/null + - sudo "PATH=$PATH" .travis/install_python.sh `pwd`/libcrypto-root > /dev/null # Install prlimit to set the memlock limit to unlimited for this process - (test "$TRAVIS_OS_NAME" = "linux" && sudo "PATH=$PATH" .travis/install_prlimit.sh $PWD/.travis > /dev/null && sudo .travis/prlimit --pid "$$" --memlock=unlimited:unlimited) || true - mkdir -p .travis/checker && .travis/install_scan-build.sh .travis/checker && export PATH=$PATH:.travis/checker/bin From 881177f421481e3c76945da6093a65e5deebd051 Mon Sep 17 00:00:00 2001 From: Alex Weibel Date: Wed, 27 Jul 2016 20:10:51 -0700 Subject: [PATCH 14/14] adding missing GUARD to global_overrides LD_PRELOAD and fixing C++ style comment to C style. --- tests/fuzz/LD_PRELOAD/global_overrides.c | 2 +- .../LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/fuzz/LD_PRELOAD/global_overrides.c b/tests/fuzz/LD_PRELOAD/global_overrides.c index 085e78d1e74..454a69f177a 100644 --- a/tests/fuzz/LD_PRELOAD/global_overrides.c +++ b/tests/fuzz/LD_PRELOAD/global_overrides.c @@ -31,7 +31,7 @@ int s2n_drbg_generate(struct s2n_drbg *drbg, struct s2n_blob *blob) { * This function should generate non-zero values since this function may be called repeatedly at startup until a * non-zero value is generated. */ - s2n_get_urandom_data(blob); + GUARD(s2n_get_urandom_data(blob)); drbg->bytes_used += blob->size; return 0; } diff --git a/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c b/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c index bb7b67e6a88..f77b0b3b246 100644 --- a/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c +++ b/tests/fuzz/LD_PRELOAD/s2n_memory_leak_negative_test_overrides.c @@ -17,7 +17,8 @@ int s2n_free(struct s2n_blob *b) { - // This will cause large amounts of memory leaks. This should be caught by LibFuzzer as a negative fuzz test to - // ensure that LibFuzzer will catch these memory leaks. + /* This will cause large amounts of memory leaks. This should be caught by LibFuzzer as a negative fuzz test to + * ensure that LibFuzzer will catch these memory leaks. + */ return 0; }