summaryrefslogtreecommitdiff
path: root/fuzz
Commit message (Collapse)AuthorAgeFilesLines
* tests: use ": ${FOO=BAR}" syntax for default handling in shell scriptsDaiki Ueno2020-09-251-1/+1
| | | | Signed-off-by: Daiki Ueno <ueno@gnu.org>
* handshake: reject no_renegotiation alert if handshake is incompletetmp-renegotiationDaiki Ueno2020-09-032-0/+0
| | | | | | | | | | | | | | If the initial handshake is incomplete and the server sends a no_renegotiation alert, the client should treat it as a fatal error even if its level is warning. Otherwise the same handshake state (e.g., DHE parameters) are reused in the next gnutls_handshake call, if it is called in the loop idiom: do { ret = gnutls_handshake(session); } while (ret < 0 && gnutls_error_is_fatal(ret) == 0); Signed-off-by: Daiki Ueno <ueno@gnu.org>
* oss-fuzz: return build error if fuzzers have failed to buildDmitry Baryshkov2020-03-221-1/+1
| | | | | | | Instead of silently ignoring build errors and running fewer fuzzers, exit on the first build error. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* oss-fuzz: use CC rather than CXX to compile fuzzersDmitry Baryshkov2020-03-221-2/+3
| | | | | | | | | | | | clang++ will choke on several fuzzer sources because C++ is stricter than C wrt. type conversion: gnutls_base64_decoder_fuzzer.c:26:63: error: non-constant-expression cannot be narrowed from type 'size_t' (aka 'unsigned long') to 'unsigned int' in initializer list [-Wc++11-narrowing] gnutls_datum_t raw = {.data = (unsigned char *)data, .size = size}; Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* fuzz: Update README.md for clang-9 [skip ci]Tim Rühsen2020-03-221-4/+6
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* lib/x509: use common routine for parsing data versionDmitry Baryshkov2020-03-121-0/+0
| | | | | | | | | | OSS Fuzzer noted an issue in parsing (incorrect) CRL files with zero-length version field. Certificate parser does not have this issue, while CRL and OCSP Request and Response parsers shows this problem. To remove code duplication extract common function and use it from all four parsers. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* Merge branch 'fix-crq-ext' into 'master'Dmitry Baryshkov2020-03-111-0/+0
|\ | | | | | | | | x509: drop endless loop in print_extensions See merge request gnutls/gnutls!1205
| * x509: drop endless loop in print_extensionsDmitry Baryshkov2020-03-101-0/+0
| | | | | | | | | | | | | | | | | | | | If crq is malformed in extensions part, print_extensions() might loop endlessly because gnutls_x509_crq_get_extension_info would return unhandled GNUTLS_ASN1_DER_ERROR looping over extension index, rather than bailing out. Fix this by handling this error code properly. Found thanks to oss-fuzz. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | Merge branch 'fix-issuer-sign-tool' into 'master'Dmitry Baryshkov2020-03-101-0/+0
|\ \ | |/ |/| | | | | lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool() See merge request gnutls/gnutls!1203
| * lib/x509/output.c: remove occasioinal memory leak in print_issuer_sign_tool()Dmitry Baryshkov2020-03-071-0/+0
| | | | | | | | | | | | | | Remove memory leak in error handling in print_issuer_sign_tool() by moving asn1_delete_structure to the end of the function. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* | fuzz: add simple x509 certificate requests and revocation lists fuzzersDmitry Baryshkov2020-03-0920-0/+106
|/ | | | | | | | | Add x509 certificate requests and certificate revocation lists fuzzers. Use data from tests/cert-tests as a starting seed for the corpora. Fixes #903 Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* pkcs12: do not go try calculating pbkdf2 with 0 iterationsDmitry Baryshkov2020-01-281-0/+0
| | | | | | | Nettle will abort on a call to pbkdf2 if iterations is 0. Add check to GnuTLS PKCS12 GOST code to check that iter is not 0. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* fuzz: fixed Ed448 fuzzer tracesNikos Mavrogiannopoulos2020-01-254-2/+2
| | | | | | | | | The fuzzer files for ed448 were the reverse for client and server. Enhanced the fuzzer tools to run a single fuzzer, and added more clear documentation on how to generate and manually test the fuzzer outputs. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* README-adding-traces.md: updated with more precise informationNikos Mavrogiannopoulos2020-01-251-0/+17
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzzers: added ed448 keysNikos Mavrogiannopoulos2020-01-256-14/+103
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzzers: when provided with a parameter they will run on a single fileNikos Mavrogiannopoulos2020-01-251-25/+39
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* Merge branch 'tmp-ed448' into 'master'Daiki Ueno2020-01-244-0/+0
|\ | | | | | | | | algorithms: implement X448 key exchange and Ed448 signature scheme See merge request gnutls/gnutls!984
| * fuzz: import key, certificate, and traces using Ed448tmp-ed448Daiki Ueno2020-01-234-0/+0
| | | | | | | | Signed-off-by: Daiki Ueno <dueno@redhat.com>
* | fuzz in gost pkcs7/8/12 filesDmitry Baryshkov2020-01-2037-0/+0
|/ | | | | | | Add several examples of PKCS#7/#8/#12 files using GOST keys, ciphers and digest functions. Signed-off-by: Dmitry Baryshkov <dbaryshkov@gmail.com>
* Merge branch 'tmp-check-dup-extensions' into 'master'Nikos Mavrogiannopoulos2020-01-091-0/+7
|\ | | | | | | | | | | | | x509: reject certificates having duplicate extensions Closes #887 See merge request gnutls/gnutls!1145
| * fuzz: import certificate with and without sanity checksNikos Mavrogiannopoulos2020-01-031-0/+7
| | | | | | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* | Fix '-Werror=unused-const-variable=' in fuzz/Tim Rühsen2020-01-032-0/+14
|/ | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Sync with fuzzers from OSS-FuzzTim Rühsen2019-12-18832-1500/+0
| | | | | | | Only lots of corpora removed (by merge step). Not sure why. But there are several new UBs detected. Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Amend fuzz scripts and README for clang-8Tim Rühsen2019-12-182-6/+7
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Add fuzz corpora for gnutls_ext_raw_parse_fuzzerTim Rühsen2019-12-184-0/+0
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* fuzzer: added fuzzer for gnutls_ext_raw_parse()Nikos Mavrogiannopoulos2019-12-1832-23/+77
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Added initial corpora for rawpk client and server fuzzers.Tom Vrancken2019-09-022-0/+0
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Implemented server rawpk fuzzer.Tom Vrancken2019-09-022-0/+106
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* Implemented client rawpk fuzzer.Tom Vrancken2019-09-023-0/+175
| | | | Signed-off-by: Tom Vrancken <dev@tomvrancken.nl>
* encode_ber_digest_info: added sanity checkNikos Mavrogiannopoulos2019-07-081-0/+0
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=15665 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* fuzz: improvements in gnutls_x509_verify_fuzzer [ci skip]Nikos Mavrogiannopoulos2019-03-29431-4/+68
| | | | | | | Added a larger set of corpus (generated with afl-fuzz), and made sure that the fuzzer application crashes if verification succeeds. Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: added fuzzer for certificate verificationNikos Mavrogiannopoulos2019-03-275-0/+204
| | | | | | | | This also adds a reproducer for CVE-2019-3829. Resolves: #694 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Use https:// for arbitrary files #1Tim Rühsen2019-03-1315-15/+15
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Use https:// for www.gnu.org and www.example.comTim Rühsen2019-03-131-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* .gitlab-ci.yml: added thread sanitizer runtmp-false-start-clarificationsNikos Mavrogiannopoulos2019-03-021-1/+0
| | | | | | | This checks for unsafe uses of variables in our included threaded tests. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fetch OSS-Fuzz corpora much faster [skip ci]tmp-fetch-fuzz-corpora-fasterTim Rühsen2019-02-053-9/+35
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* Fix OSS-Fuzz buildtmp-fix-ossfuzzTim Rühsen2018-12-291-1/+1
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
* fuzz: updated traces for final TLS1.3 versionNikos Mavrogiannopoulos2018-08-206-0/+0
| | | | | | Resolves #359 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: updated traces for latest TLS1.3 draftNikos Mavrogiannopoulos2018-07-277-0/+26
| | | | | | Relates #359 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Fix test code for -WerrorTim Rühsen2018-06-211-0/+4
|
* Remove oss-fuzz copora from tarballTim Rühsen2018-06-202-11/+38
| | | | | | The size of the corpora is huge and not needed for normal builds. This patch also fixes test run issues on Windows.
* fuzzer: added fresh TLS1.3 server traceNikos Mavrogiannopoulos2018-05-051-0/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: corrected TLS1.3 enablement [ci skip]Nikos Mavrogiannopoulos2018-04-225-4/+7
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tls13/finished: addressed memory leak in receiving finished packetNikos Mavrogiannopoulos2018-04-171-0/+0
| | | | | | | Issue found using oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7518 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* ext/psk_ke_modes: corrected data accessNikos Mavrogiannopoulos2018-04-071-0/+0
| | | | | | | | | That also improves the if-checks. Issue and reproducer discovered via oss-fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=7470 Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: added client and server traces for TLS 1.3 draft-26 [ci skip]Nikos Mavrogiannopoulos2018-04-076-0/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@gnutls.org>
* fuzz: added PSK traces with TLS1.3Nikos Mavrogiannopoulos2018-04-066-2/+2
| | | | | | Relates: #359 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* tests: moved invalid-cert reproducer into fuzz/ reproducersNikos Mavrogiannopoulos2018-03-191-0/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Improve fuzzer coverage report creationTim Rühsen2018-03-043-14/+22
|
* Update oss-fuzz corporaTim Rühsen2018-02-272919-272/+3247
| | | | Signed-off-by: Tim Rühsen <tim.ruehsen@gmx.de>
View Lorry Controller Status