[pycryptodome] Initial integration (#4317)

* initial commit

* update build script, build failing

* add necessary environment variable definitions

* build working

* programmatically get system bits

* add md5 fuzzer

* fix style

* add fuzzers for two more hash functions

* testing dynamic includes

* build working

* clean up build script

* style fixes

4 files changed, 143 insertions, 0 deletions

diff --git a/projects/pycryptodome/Dockerfile b/projects/pycryptodome/Dockerfile
new file mode 100644
index 000000000..58ab57c49
--- /dev/null
+++ b/projects/pycryptodome/Dockerfile
@@ -0,0 +1,21 @@
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+FROM gcr.io/oss-fuzz-base/base-builder
+RUN apt-get update && apt-get install -y make autoconf automake libtool
+RUN git clone --depth 1 https://github.com/Legrandin/pycryptodome.git
+WORKDIR pycryptodome
+COPY build.sh *_fuzzer.cc $SRC/
diff --git a/projects/pycryptodome/build.sh b/projects/pycryptodome/build.sh
new file mode 100755
index 000000000..ca97063ab
--- /dev/null
+++ b/projects/pycryptodome/build.sh
@@ -0,0 +1,48 @@
+#!/bin/bash -eu
+# Copyright 2020 Google Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+################################################################################
+
+PCD_INTERNALS=(src/*.c src/libtom/*.c)
+PCD_FLAGS=(
+  "-I $SRC/pycryptodome/src"
+  "-I $SRC/pycryptodome/src/libtom"
+  "-D HAVE_STDINT_H"
+  "-D HAVE_MEMALIGN"
+  "-D HAVE_INTRIN_H"
+  "-D SYS_BITS=$(getconf LONG_BIT)"
+  "-maes -msse2 -mpclmul"
+)
+
+$CC $CFLAGS \
+    ${PCD_FLAGS[@]} \
+    -c "${PCD_INTERNALS//'blake2.c'/}"
+ar -qc $WORK/libpycryptodome.a  *.o
+
+PCD_HASH_OPTIONS=(
+  "-D HASHTYPE=md2 -D FNAME=MD2.c -D DIGEST_SIZE=16 -o $OUT/md2_fuzzer"
+  "-D HASHTYPE=md4 -D FNAME=MD4.c -D DIGEST_SIZE=16 -o $OUT/md4_fuzzer"
+  "-D HASHTYPE=MD5 -D FNAME=MD5.c -o $OUT/md5_fuzzer"
+  "-D HASHTYPE=ripemd160 -D FNAME=RIPEMD160.c -D DIGEST_SIZE=RIPEMD160_DIGEST_SIZE -o $OUT/ripemd160_fuzzer"
+  "-D HASHTYPE=SHA224 -D FNAME=SHA224.c -D DIGEST_THIRD_PARAM -o $OUT/sha224_fuzzer"
+  "-D HASHTYPE=SHA256 -D FNAME=SHA256.c -D DIGEST_THIRD_PARAM -o $OUT/sha256_fuzzer"
+  "-D HASHTYPE=SHA384 -D FNAME=SHA384.c -D DIGEST_THIRD_PARAM -o $OUT/sha384_fuzzer"
+)
+
+for ((i = 0; i < ${#PCD_HASH_OPTIONS[@]}; i++)); do
+  $CXX $CXXFLAGS ${PCD_FLAGS[@]} \
+      $SRC/pcd_hash_fuzzer.cc ${PCD_HASH_OPTIONS[i]} \
+      $LIB_FUZZING_ENGINE $WORK/libpycryptodome.a
+done
diff --git a/projects/pycryptodome/pcd_hash_fuzzer.cc b/projects/pycryptodome/pcd_hash_fuzzer.cc
new file mode 100644
index 000000000..681f83445
--- /dev/null
+++ b/projects/pycryptodome/pcd_hash_fuzzer.cc
@@ -0,0 +1,71 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include "common.h"
+#include <fuzzer/FuzzedDataProvider.h>
+
+#ifndef HASHTYPE
+#error Macro HASHTYPE must be defined.
+#endif
+
+#ifndef FNAME
+#error Macro FNAME must be defined.
+#endif
+
+#define CONCAT_TYPE(x) _PASTE2(HASHTYPE, x)
+
+#define init CONCAT_TYPE(_init)
+#define update CONCAT_TYPE(_update)
+#define digest CONCAT_TYPE(_digest)
+#define destroy CONCAT_TYPE(_destroy)
+
+#define STR(x) #x
+#define INCLUDE(x) STR(x)
+
+#include INCLUDE(FNAME)
+
+#ifndef DIGEST_SIZE
+#error Macro DIGEST_SIZE must be defined.
+#endif
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
+
+  if (!size)
+    return 0;
+
+  FuzzedDataProvider stream(data, size);
+  hash_state *hs;
+  if (init(&hs))
+    return 0;
+
+  while (stream.remaining_bytes()) {
+    size_t num_bytes = stream.ConsumeIntegral<size_t>();
+    std::vector<uint8_t> buffer = stream.ConsumeBytes<uint8_t>(num_bytes);
+
+    if (update(hs, buffer.data(), buffer.size()))
+      goto error;
+  }
+
+  uint8_t result[DIGEST_SIZE];
+
+#ifndef DIGEST_THIRD_PARAM
+  digest(hs, result);
+#else
+  digest(hs, result, DIGEST_SIZE);
+#endif
+
+error:
+  destroy(hs);
+  return 0;
+}
diff --git a/projects/pycryptodome/project.yaml b/projects/pycryptodome/project.yaml
new file mode 100644
index 000000000..f8c1bb46f
--- /dev/null
+++ b/projects/pycryptodome/project.yaml
@@ -0,0 +1,3 @@
+homepage: "https://www.pycryptodome.org/"
+language: c
+primary_contact: "helderijs@gmail.com"