tests: added reproducer applications for psk and srp fuzzerstmp-oss-fuzz-updates

Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>

6 files changed, 471 insertions, 7 deletions

diff --git a/devel/fuzz/README.md b/devel/fuzz/README.md
index 698db2f4ed..575f80e091 100644
--- a/devel/fuzz/README.md
+++ b/devel/fuzz/README.md
@@ -55,13 +55,17 @@ sudo docker run --rm -e ASAN_OPTIONS="detect_leaks=0" -ti -v $FILE:/testcase oss
 For the following tests dropping a file to a subdirectory in tests is
 sufficient:
 
-| Fuzzer                       | Directory                  |
-|:----------------------------:|:--------------------------:|
-|gnutls_client_fuzzer          | tests/client-interesting   |
-|gnutls_server_fuzzer          | tests/server-interesting   |
-|gnutls_pkcs7_parser_fuzzer    | tests/pkcs7-interesting    |
-|gnutls_x509_parser_fuzzer     | tests/certs-interesting    |
-|gnutls_ocsp_resp_parser_fuzzer| tests/ocsp-resp-interesting|
+| Fuzzer                       | Directory                   |
+|:----------------------------:|:---------------------------:|
+|gnutls_client_fuzzer          | tests/client-interesting    |
+|gnutls_server_fuzzer          | tests/server-interesting    |
+|gnutls_psk_client_fuzzer      | tests/psk-client-interesting|
+|gnutls_psk_server_fuzzer      | tests/psk-server-interesting|
+|gnutls_srp_client_fuzzer      | tests/srp-client-interesting|
+|gnutls_srp_server_fuzzer      | tests/srp-server-interesting|
+|gnutls_pkcs7_parser_fuzzer    | tests/pkcs7-interesting     |
+|gnutls_x509_parser_fuzzer     | tests/certs-interesting     |
+|gnutls_ocsp_resp_parser_fuzzer| tests/ocsp-resp-interesting |
 
 The following require modifying a test case. Mappings are shown in the
 table below.
@@ -71,3 +75,10 @@ table below.
 |gnutls_dn_parser_fuzzer          |tests/x509-dn-decode.c                                    |
 |gnutls_pkcs8_key_parser_fuzzer   |tests/key-tests/pkcs8-invalid,tests/key-tests/pkcs8-decode|
 |gnutls_private_key_parser_fuzzer |tests/key-tests/key-invalid                               |
+
+
+# Missing fuzzers
+
+ * TLS resumption
+ * TLS rehandshake
+ * Fuzzying past finished message processing
diff --git a/tests/Makefile.am b/tests/Makefile.am
index a3d48252ed..1a5f9bea03 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -96,6 +96,7 @@ ctests = mini-record-2 simple gc set_pkcs12_cred cert certuniqueid tls-neg-ext-k
 	 tls10-server-kx-neg tls11-server-kx-neg tls12-server-kx-neg ssl30-server-kx-neg \
 	 tls12-cipher-neg tls11-cipher-neg tls10-cipher-neg ssl30-cipher-neg \
 	 crq_apis init_roundtrip pkcs12_s2k_pem dn2 mini-eagain	tls-rehandshake-cert-3 \
+	 psk-server psk-client srp-server srp-client \
 	 nul-in-x509-names x509_altname pkcs12_encode mini-x509	ocsp-resp \
 	 tls-rehandshake-cert rng-fork mini-eagain-dtls resume-dtls \
 	 x509cert x509cert-tl infoaccess mini-dtls-hello-verify sign-verify-ed25519-rfc8080 \
diff --git a/tests/psk-client.c b/tests/psk-client.c
new file mode 100644
index 0000000000..3622f7207f
--- /dev/null
+++ b/tests/psk-client.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright 2016 Alex Gaynor, Google Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Alex Gaynor
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <limits.h>
+#include <dirent.h>
+
+#include "utils.h"
+
+#define true 1
+
+/* This program will load certificates from CERT_DIR and try to print
+ * them. If CERT_DIR/certname.err is available, it should contain the
+ * error code that gnutls_x509_crt_import() should return.
+ */
+
+#define CERT_DIR "psk-client-interesting"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static int getnext(DIR **dirp, gnutls_datum_t *der)
+{
+	struct dirent *d;
+	char path[256];
+	char cert_dir[256];
+	const char *src;
+	int ret;
+
+	src = getenv("srcdir");
+	if (src == NULL)
+		src = ".";
+
+	snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR);
+
+	if (*dirp == NULL) {
+		*dirp = opendir(cert_dir);
+		if (*dirp == NULL)
+			return -1;
+	}
+
+	do {
+		d = readdir(*dirp);
+		if (d != NULL
+#ifdef _DIRENT_HAVE_D_TYPE
+			&& d->d_type == DT_REG
+#endif
+			) {
+			if (strstr(d->d_name, ".raw") == 0)
+				continue;
+			snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name);
+
+			success("Loading %s\n", path);
+			ret = gnutls_load_file(path, der);
+			if (ret < 0) {
+				return -1;
+			}
+
+			return 0;
+		}
+	} while(d != NULL);
+
+	closedir(*dirp);
+	return -1; /* finished */
+}
+
+#include "../devel/fuzz/gnutls_psk_client_fuzzer.cc"
+
+void doit(void)
+{
+	int ret;
+	gnutls_datum_t raw;
+	DIR *dirp = NULL;
+
+	ret = global_init();
+	if (ret < 0)
+		fail("init %d\n", ret);
+
+	while (getnext(&dirp, &raw)==0) {
+		LLVMFuzzerTestOneInput(raw.data, raw.size);
+		gnutls_free(raw.data);
+		raw.data = NULL;
+		raw.size = 0;
+	}
+
+	gnutls_global_deinit();
+}
diff --git a/tests/psk-server.c b/tests/psk-server.c
new file mode 100644
index 0000000000..375a629c27
--- /dev/null
+++ b/tests/psk-server.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright 2016 Alex Gaynor, Google Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Alex Gaynor
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <limits.h>
+#include <dirent.h>
+
+#include "utils.h"
+
+#define true 1
+
+/* This program will load certificates from CERT_DIR and try to print
+ * them. If CERT_DIR/certname.err is available, it should contain the
+ * error code that gnutls_x509_crt_import() should return.
+ */
+
+#define CERT_DIR "psk-server-interesting"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static int getnext(DIR **dirp, gnutls_datum_t *der)
+{
+	struct dirent *d;
+	char path[256];
+	char cert_dir[256];
+	const char *src;
+	int ret;
+
+	src = getenv("srcdir");
+	if (src == NULL)
+		src = ".";
+
+	snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR);
+
+	if (*dirp == NULL) {
+		*dirp = opendir(cert_dir);
+		if (*dirp == NULL)
+			return -1;
+	}
+
+	do {
+		d = readdir(*dirp);
+		if (d != NULL
+#ifdef _DIRENT_HAVE_D_TYPE
+			&& d->d_type == DT_REG
+#endif
+			) {
+			if (strstr(d->d_name, ".raw") == 0)
+				continue;
+			snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name);
+
+			success("Loading %s\n", path);
+			ret = gnutls_load_file(path, der);
+			if (ret < 0) {
+				return -1;
+			}
+
+			return 0;
+		}
+	} while(d != NULL);
+
+	closedir(*dirp);
+	return -1; /* finished */
+}
+
+#include "../devel/fuzz/gnutls_psk_server_fuzzer.cc"
+
+void doit(void)
+{
+	int ret;
+	gnutls_datum_t raw;
+	DIR *dirp = NULL;
+
+	ret = global_init();
+	if (ret < 0)
+		fail("init %d\n", ret);
+
+	while (getnext(&dirp, &raw)==0) {
+		LLVMFuzzerTestOneInput(raw.data, raw.size);
+		gnutls_free(raw.data);
+		raw.data = NULL;
+		raw.size = 0;
+	}
+
+	gnutls_global_deinit();
+}
diff --git a/tests/srp-client.c b/tests/srp-client.c
new file mode 100644
index 0000000000..d4a3f6ce2a
--- /dev/null
+++ b/tests/srp-client.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright 2016 Alex Gaynor, Google Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Alex Gaynor
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <limits.h>
+#include <dirent.h>
+
+#include "utils.h"
+
+#define true 1
+
+/* This program will load certificates from CERT_DIR and try to print
+ * them. If CERT_DIR/certname.err is available, it should contain the
+ * error code that gnutls_x509_crt_import() should return.
+ */
+
+#define CERT_DIR "srp-client-interesting"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static int getnext(DIR **dirp, gnutls_datum_t *der)
+{
+	struct dirent *d;
+	char path[256];
+	char cert_dir[256];
+	const char *src;
+	int ret;
+
+	src = getenv("srcdir");
+	if (src == NULL)
+		src = ".";
+
+	snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR);
+
+	if (*dirp == NULL) {
+		*dirp = opendir(cert_dir);
+		if (*dirp == NULL)
+			return -1;
+	}
+
+	do {
+		d = readdir(*dirp);
+		if (d != NULL
+#ifdef _DIRENT_HAVE_D_TYPE
+			&& d->d_type == DT_REG
+#endif
+			) {
+			if (strstr(d->d_name, ".raw") == 0)
+				continue;
+			snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name);
+
+			success("Loading %s\n", path);
+			ret = gnutls_load_file(path, der);
+			if (ret < 0) {
+				return -1;
+			}
+
+			return 0;
+		}
+	} while(d != NULL);
+
+	closedir(*dirp);
+	return -1; /* finished */
+}
+
+#include "../devel/fuzz/gnutls_srp_client_fuzzer.cc"
+
+void doit(void)
+{
+	int ret;
+	gnutls_datum_t raw;
+	DIR *dirp = NULL;
+
+	ret = global_init();
+	if (ret < 0)
+		fail("init %d\n", ret);
+
+	while (getnext(&dirp, &raw)==0) {
+		LLVMFuzzerTestOneInput(raw.data, raw.size);
+		gnutls_free(raw.data);
+		raw.data = NULL;
+		raw.size = 0;
+	}
+
+	gnutls_global_deinit();
+}
diff --git a/tests/srp-server.c b/tests/srp-server.c
new file mode 100644
index 0000000000..90dbce4574
--- /dev/null
+++ b/tests/srp-server.c
@@ -0,0 +1,113 @@
+/*
+ * Copyright (C) 2016 Red Hat, Inc.
+ * Copyright 2016 Alex Gaynor, Google Inc.
+ *
+ * Author: Nikos Mavrogiannopoulos, Alex Gaynor
+ *
+ * This file is part of GnuTLS.
+ *
+ * GnuTLS is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * GnuTLS is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GnuTLS; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <gnutls/gnutls.h>
+#include <gnutls/x509.h>
+#include <stdlib.h>
+#include <stdint.h>
+#include <limits.h>
+#include <dirent.h>
+
+#include "utils.h"
+
+#define true 1
+
+/* This program will load certificates from CERT_DIR and try to print
+ * them. If CERT_DIR/certname.err is available, it should contain the
+ * error code that gnutls_x509_crt_import() should return.
+ */
+
+#define CERT_DIR "srp-server-interesting"
+
+int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size);
+
+static int getnext(DIR **dirp, gnutls_datum_t *der)
+{
+	struct dirent *d;
+	char path[256];
+	char cert_dir[256];
+	const char *src;
+	int ret;
+
+	src = getenv("srcdir");
+	if (src == NULL)
+		src = ".";
+
+	snprintf(cert_dir, sizeof(cert_dir), "%s/%s", src, CERT_DIR);
+
+	if (*dirp == NULL) {
+		*dirp = opendir(cert_dir);
+		if (*dirp == NULL)
+			return -1;
+	}
+
+	do {
+		d = readdir(*dirp);
+		if (d != NULL
+#ifdef _DIRENT_HAVE_D_TYPE
+			&& d->d_type == DT_REG
+#endif
+			) {
+			if (strstr(d->d_name, ".raw") == 0)
+				continue;
+			snprintf(path, sizeof(path), "%s/%s", cert_dir, d->d_name);
+
+			success("Loading %s\n", path);
+			ret = gnutls_load_file(path, der);
+			if (ret < 0) {
+				return -1;
+			}
+
+			return 0;
+		}
+	} while(d != NULL);
+
+	closedir(*dirp);
+	return -1; /* finished */
+}
+
+#include "../devel/fuzz/gnutls_srp_server_fuzzer.cc"
+
+void doit(void)
+{
+	int ret;
+	gnutls_datum_t raw;
+	DIR *dirp = NULL;
+
+	ret = global_init();
+	if (ret < 0)
+		fail("init %d\n", ret);
+
+	while (getnext(&dirp, &raw)==0) {
+		LLVMFuzzerTestOneInput(raw.data, raw.size);
+		gnutls_free(raw.data);
+		raw.data = NULL;
+		raw.size = 0;
+	}
+
+	gnutls_global_deinit();
+}