diff options
-rw-r--r-- | src/extra_tests/fuzzers/GNUmakefile | 31 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/ber_decode.cpp | 24 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/tls_client.cpp | 13 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/jigs/tls_server.cpp | 13 | ||||
-rw-r--r-- | src/extra_tests/fuzzers/readme.txt | 8 | ||||
-rwxr-xr-x | src/extra_tests/fuzzers/setup.sh | 22 |
6 files changed, 57 insertions, 54 deletions
diff --git a/src/extra_tests/fuzzers/GNUmakefile b/src/extra_tests/fuzzers/GNUmakefile index a086f8f1a..3ebe64be7 100644 --- a/src/extra_tests/fuzzers/GNUmakefile +++ b/src/extra_tests/fuzzers/GNUmakefile @@ -12,17 +12,19 @@ LIBFUZZER_LIBS=llvm-build/libbotan-1.11.a libFuzzer.a AFL_LIBS=afl-build/libbotan-1.11.a #AFL_CXX=AFL_USE_ASAN=1 afl-g++ -m32 -AFL_CXX=afl-clang-fast++ +AFL_CXX=afl-g++ +AFL_CXX_TYPE=gcc CLANG_CXX=clang++ LIBFUZZER_PROGS=$(patsubst %,bin/llvm_fuzz_%,$(FUZZERS)) AFL_PROGS=$(patsubst %,bin/afl_fuzz_%,$(FUZZERS)) -all: afl_progs libfuzzer_progs +all: + @echo "make afl for AFL, llvm for libFuzzer" -afl_progs: $(AFL_PROGS) +afl: dirs afl-build $(AFL_PROGS) -libfuzzer_progs: $(LIBFUZZER_PROGS) +llvm: dirs llvm-build $(LIBFUZZER_PROGS) bin/llvm_fuzz_%: jigs/%.cpp $(LIBFUZZER_LIBS) $(CLANG_CXX) $(LIBFUZZER_FLAGS) -DUSE_LLVM_FUZZER $< $(LIBFUZZER_LIBS) -o $@ @@ -30,8 +32,21 @@ bin/llvm_fuzz_%: jigs/%.cpp $(LIBFUZZER_LIBS) bin/afl_fuzz_%: jigs/%.cpp $(AFL_LIBS) $(AFL_CXX) $(AFL_FLAGS) $< $(AFL_LIBS) -o $@ -# libFuzzer default is max_len 64 this sets 140 but allows override via args= +dirs: + mkdir -p bin + mkdir -p output + mkdir -p corpus + +afl-build: + ../../../configure.py $(CFG_FLAGS) --with-build-dir=afl-build --cc=$(AFL_CXX_TYPE) --cc-bin=$(AFL_CXX) + make -f afl-build/Makefile afl-build/libbotan-1.11.a -j8 + +llvm-build: + ../../../configure.py $(CFG_FLAGS) --with-build-dir=llvm-build --cc=clang --cc-bin=$(CLANG_CXX) --cc-abi-flags="$(CLANG_SAN_FLAGS)" + make -f llvm-build/Makefile llvm-build/libbotan-1.11.a -j8 + +# libFuzzer default is max_len 64 this sets 140 but allows override via args= run_llvm_%: bin/llvm_fuzz_% $(eval FUZZER = $(subst bin/llvm_fuzz_,,$<)) mkdir -p output/$(FUZZER)/llvm/queue @@ -55,6 +70,12 @@ cmin_%: bin/afl_fuzz_% clean: rm -f $(LIBFUZZER_PROGS) $(AFL_PROGS) +clean_builds: + rm -rf afl-build llvm-build + +libFuzzer: + svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer libFuzzer + libFuzzer.a: libFuzzer cd libFuzzer && clang -c -g -O2 -std=c++11 *.cpp ar cr libFuzzer.a libFuzzer/*.o diff --git a/src/extra_tests/fuzzers/jigs/ber_decode.cpp b/src/extra_tests/fuzzers/jigs/ber_decode.cpp new file mode 100644 index 000000000..0f5cc9f20 --- /dev/null +++ b/src/extra_tests/fuzzers/jigs/ber_decode.cpp @@ -0,0 +1,24 @@ +/* +* (C) 2016 Jack Lloyd +* +* Botan is released under the Simplified BSD License (see license.txt) +*/ +#include "driver.h" + +#include <botan/ber_dec.h> + +void fuzz(const uint8_t in[], size_t len) + { + try + { + DataSource_Memory input(in, len); + BER_Decoder dec(input); + + while(dec.more_items()) + { + BER_Object obj; + dec.get_next(obj); + } + } + catch(Botan::Exception& e) { } + } diff --git a/src/extra_tests/fuzzers/jigs/tls_client.cpp b/src/extra_tests/fuzzers/jigs/tls_client.cpp index e0fd039c9..c176667d4 100644 --- a/src/extra_tests/fuzzers/jigs/tls_client.cpp +++ b/src/extra_tests/fuzzers/jigs/tls_client.cpp @@ -11,19 +11,6 @@ class Fuzzer_TLS_Client_Creds : public Credentials_Manager { public: - void verify_certificate_chain(const std::string& type, - const std::string& purported_hostname, - const std::vector<X509_Certificate>& cert_chain) override - { - try - { - Credentials_Manager::verify_certificate_chain(type, - purported_hostname, - cert_chain); - } - catch(std::exception& e) {} - } - std::string psk_identity_hint(const std::string&, const std::string&) override { return "psk_hint"; } std::string psk_identity(const std::string&, const std::string&, const std::string&) override { return "psk_id"; } SymmetricKey psk(const std::string&, const std::string&, const std::string&) override diff --git a/src/extra_tests/fuzzers/jigs/tls_server.cpp b/src/extra_tests/fuzzers/jigs/tls_server.cpp index 510f7f7b7..dea885de3 100644 --- a/src/extra_tests/fuzzers/jigs/tls_server.cpp +++ b/src/extra_tests/fuzzers/jigs/tls_server.cpp @@ -72,19 +72,6 @@ class Fuzzer_TLS_Server_Creds : public Credentials_Manager //m_rsa_key.reset(Botan::PKCS8::load_key(key_in, Botan::system_rng())); } - void verify_certificate_chain(const std::string& type, - const std::string& purported_hostname, - const std::vector<X509_Certificate>& cert_chain) override - { - try - { - Credentials_Manager::verify_certificate_chain(type, - purported_hostname, - cert_chain); - } - catch(std::exception& e) {} - } - std::vector<Botan::X509_Certificate> cert_chain( const std::vector<std::string>& algos, const std::string& type, diff --git a/src/extra_tests/fuzzers/readme.txt b/src/extra_tests/fuzzers/readme.txt index f10982508..e195b4e70 100644 --- a/src/extra_tests/fuzzers/readme.txt +++ b/src/extra_tests/fuzzers/readme.txt @@ -3,7 +3,13 @@ The code in this directory is for testing various message decoders and math functions using the fuzzers AFL (http://lcamtuf.coredump.cx/afl/) and libFuzzer (http://llvm.org/docs/LibFuzzer.html). -Run setup.sh to set up builds for both fuzzers +To build for AFL, run + + make afl + +For libFuzzer + + make llvm To add a new fuzzer, create a new file in jigs/, include "driver.h", and implement the function with the signature diff --git a/src/extra_tests/fuzzers/setup.sh b/src/extra_tests/fuzzers/setup.sh deleted file mode 100755 index a810d947b..000000000 --- a/src/extra_tests/fuzzers/setup.sh +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -mkdir bin -mkdir output -mkdir corpus - -CFG_FLAGS="--with-debug-info --unsafe-fuzzer-mode --minimized-build --enable-modules=tls,chacha20poly1305,ocb,ccm,system_rng,auto_rng" - -if [ ! -d libFuzzer ]; then - svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer libFuzzer -fi - -exit - -# Just need the static lib, not CLI or tests - -../../../configure.py $CFG_FLAGS --with-build-dir=afl-build --cc=clang --cc-bin='afl-clang-fast++' -make -f afl-build/Makefile afl-build/libbotan-1.11.a -j8 - -CLANG_COV_FLAGS="-fsanitize=address,undefined -fsanitize-coverage=edge,indirect-calls,8bit-counters -fno-sanitize-recover=undefined" -../../../configure.py $CFG_FLAGS --with-build-dir=llvm-build --cc=clang "--cc-abi-flags=$CLANG_COV_FLAGS" -make -f llvm-build/Makefile llvm-build/libbotan-1.11.a -j8 |