aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/extra_tests/fuzzers/GNUmakefile31
-rw-r--r--src/extra_tests/fuzzers/jigs/ber_decode.cpp24
-rw-r--r--src/extra_tests/fuzzers/jigs/tls_client.cpp13
-rw-r--r--src/extra_tests/fuzzers/jigs/tls_server.cpp13
-rw-r--r--src/extra_tests/fuzzers/readme.txt8
-rwxr-xr-xsrc/extra_tests/fuzzers/setup.sh22
6 files changed, 57 insertions, 54 deletions
diff --git a/src/extra_tests/fuzzers/GNUmakefile b/src/extra_tests/fuzzers/GNUmakefile
index a086f8f1a..3ebe64be7 100644
--- a/src/extra_tests/fuzzers/GNUmakefile
+++ b/src/extra_tests/fuzzers/GNUmakefile
@@ -12,17 +12,19 @@ LIBFUZZER_LIBS=llvm-build/libbotan-1.11.a libFuzzer.a
AFL_LIBS=afl-build/libbotan-1.11.a
#AFL_CXX=AFL_USE_ASAN=1 afl-g++ -m32
-AFL_CXX=afl-clang-fast++
+AFL_CXX=afl-g++
+AFL_CXX_TYPE=gcc
CLANG_CXX=clang++
LIBFUZZER_PROGS=$(patsubst %,bin/llvm_fuzz_%,$(FUZZERS))
AFL_PROGS=$(patsubst %,bin/afl_fuzz_%,$(FUZZERS))
-all: afl_progs libfuzzer_progs
+all:
+ @echo "make afl for AFL, llvm for libFuzzer"
-afl_progs: $(AFL_PROGS)
+afl: dirs afl-build $(AFL_PROGS)
-libfuzzer_progs: $(LIBFUZZER_PROGS)
+llvm: dirs llvm-build $(LIBFUZZER_PROGS)
bin/llvm_fuzz_%: jigs/%.cpp $(LIBFUZZER_LIBS)
$(CLANG_CXX) $(LIBFUZZER_FLAGS) -DUSE_LLVM_FUZZER $< $(LIBFUZZER_LIBS) -o $@
@@ -30,8 +32,21 @@ bin/llvm_fuzz_%: jigs/%.cpp $(LIBFUZZER_LIBS)
bin/afl_fuzz_%: jigs/%.cpp $(AFL_LIBS)
$(AFL_CXX) $(AFL_FLAGS) $< $(AFL_LIBS) -o $@
-# libFuzzer default is max_len 64 this sets 140 but allows override via args=
+dirs:
+ mkdir -p bin
+ mkdir -p output
+ mkdir -p corpus
+
+afl-build:
+ ../../../configure.py $(CFG_FLAGS) --with-build-dir=afl-build --cc=$(AFL_CXX_TYPE) --cc-bin=$(AFL_CXX)
+ make -f afl-build/Makefile afl-build/libbotan-1.11.a -j8
+
+llvm-build:
+ ../../../configure.py $(CFG_FLAGS) --with-build-dir=llvm-build --cc=clang --cc-bin=$(CLANG_CXX) --cc-abi-flags="$(CLANG_SAN_FLAGS)"
+ make -f llvm-build/Makefile llvm-build/libbotan-1.11.a -j8
+
+# libFuzzer default is max_len 64 this sets 140 but allows override via args=
run_llvm_%: bin/llvm_fuzz_%
$(eval FUZZER = $(subst bin/llvm_fuzz_,,$<))
mkdir -p output/$(FUZZER)/llvm/queue
@@ -55,6 +70,12 @@ cmin_%: bin/afl_fuzz_%
clean:
rm -f $(LIBFUZZER_PROGS) $(AFL_PROGS)
+clean_builds:
+ rm -rf afl-build llvm-build
+
+libFuzzer:
+ svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer libFuzzer
+
libFuzzer.a: libFuzzer
cd libFuzzer && clang -c -g -O2 -std=c++11 *.cpp
ar cr libFuzzer.a libFuzzer/*.o
diff --git a/src/extra_tests/fuzzers/jigs/ber_decode.cpp b/src/extra_tests/fuzzers/jigs/ber_decode.cpp
new file mode 100644
index 000000000..0f5cc9f20
--- /dev/null
+++ b/src/extra_tests/fuzzers/jigs/ber_decode.cpp
@@ -0,0 +1,24 @@
+/*
+* (C) 2016 Jack Lloyd
+*
+* Botan is released under the Simplified BSD License (see license.txt)
+*/
+#include "driver.h"
+
+#include <botan/ber_dec.h>
+
+void fuzz(const uint8_t in[], size_t len)
+ {
+ try
+ {
+ DataSource_Memory input(in, len);
+ BER_Decoder dec(input);
+
+ while(dec.more_items())
+ {
+ BER_Object obj;
+ dec.get_next(obj);
+ }
+ }
+ catch(Botan::Exception& e) { }
+ }
diff --git a/src/extra_tests/fuzzers/jigs/tls_client.cpp b/src/extra_tests/fuzzers/jigs/tls_client.cpp
index e0fd039c9..c176667d4 100644
--- a/src/extra_tests/fuzzers/jigs/tls_client.cpp
+++ b/src/extra_tests/fuzzers/jigs/tls_client.cpp
@@ -11,19 +11,6 @@
class Fuzzer_TLS_Client_Creds : public Credentials_Manager
{
public:
- void verify_certificate_chain(const std::string& type,
- const std::string& purported_hostname,
- const std::vector<X509_Certificate>& cert_chain) override
- {
- try
- {
- Credentials_Manager::verify_certificate_chain(type,
- purported_hostname,
- cert_chain);
- }
- catch(std::exception& e) {}
- }
-
std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; }
std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; }
SymmetricKey psk(const std::string&, const std::string&, const std::string&) override
diff --git a/src/extra_tests/fuzzers/jigs/tls_server.cpp b/src/extra_tests/fuzzers/jigs/tls_server.cpp
index 510f7f7b7..dea885de3 100644
--- a/src/extra_tests/fuzzers/jigs/tls_server.cpp
+++ b/src/extra_tests/fuzzers/jigs/tls_server.cpp
@@ -72,19 +72,6 @@ class Fuzzer_TLS_Server_Creds : public Credentials_Manager
//m_rsa_key.reset(Botan::PKCS8::load_key(key_in, Botan::system_rng()));
}
- void verify_certificate_chain(const std::string& type,
- const std::string& purported_hostname,
- const std::vector<X509_Certificate>& cert_chain) override
- {
- try
- {
- Credentials_Manager::verify_certificate_chain(type,
- purported_hostname,
- cert_chain);
- }
- catch(std::exception& e) {}
- }
-
std::vector<Botan::X509_Certificate> cert_chain(
const std::vector<std::string>& algos,
const std::string& type,
diff --git a/src/extra_tests/fuzzers/readme.txt b/src/extra_tests/fuzzers/readme.txt
index f10982508..e195b4e70 100644
--- a/src/extra_tests/fuzzers/readme.txt
+++ b/src/extra_tests/fuzzers/readme.txt
@@ -3,7 +3,13 @@ The code in this directory is for testing various message decoders and
math functions using the fuzzers AFL (http://lcamtuf.coredump.cx/afl/)
and libFuzzer (http://llvm.org/docs/LibFuzzer.html).
-Run setup.sh to set up builds for both fuzzers
+To build for AFL, run
+
+ make afl
+
+For libFuzzer
+
+ make llvm
To add a new fuzzer, create a new file in jigs/, include "driver.h",
and implement the function with the signature
diff --git a/src/extra_tests/fuzzers/setup.sh b/src/extra_tests/fuzzers/setup.sh
deleted file mode 100755
index a810d947b..000000000
--- a/src/extra_tests/fuzzers/setup.sh
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-mkdir bin
-mkdir output
-mkdir corpus
-
-CFG_FLAGS="--with-debug-info --unsafe-fuzzer-mode --minimized-build --enable-modules=tls,chacha20poly1305,ocb,ccm,system_rng,auto_rng"
-
-if [ ! -d libFuzzer ]; then
- svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer libFuzzer
-fi
-
-exit
-
-# Just need the static lib, not CLI or tests
-
-../../../configure.py $CFG_FLAGS --with-build-dir=afl-build --cc=clang --cc-bin='afl-clang-fast++'
-make -f afl-build/Makefile afl-build/libbotan-1.11.a -j8
-
-CLANG_COV_FLAGS="-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined"
-../../../configure.py $CFG_FLAGS --with-build-dir=llvm-build --cc=clang "--cc-abi-flags=$CLANG_COV_FLAGS"
-make -f llvm-build/Makefile llvm-build/libbotan-1.11.a -j8