Fuzz README and direct compilation

This commit is contained in:
Philippe Antoine 2019-06-04 14:47:58 +02:00
parent 801194b625
commit 8149627b80
2 changed files with 95 additions and 18 deletions

View file

@ -10,29 +10,71 @@ if(ENABLE_ZLIB_SUPPORT)
set(libs ${libs} ${ZLIB_LIBRARIES}) set(libs ${libs} ${ZLIB_LIBRARIES})
endif(ENABLE_ZLIB_SUPPORT) endif(ENABLE_ZLIB_SUPPORT)
add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c) find_library(FUZZINGENGINE_LIB FuzzingEngine)
target_link_libraries(fuzz_x509csr ${libs})
add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c) if(NOT FUZZINGENGINE_LIB)
target_link_libraries(fuzz_x509crl ${libs}) add_executable(fuzz_x509csr fuzz_x509csr.c onefile.c)
target_link_libraries(fuzz_x509csr ${libs})
add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c) add_executable(fuzz_x509crl fuzz_x509crl.c onefile.c)
target_link_libraries(fuzz_x509crt ${libs}) target_link_libraries(fuzz_x509crl ${libs})
add_executable(fuzz_privkey fuzz_privkey.c onefile.c) add_executable(fuzz_x509crt fuzz_x509crt.c onefile.c)
target_link_libraries(fuzz_privkey ${libs}) target_link_libraries(fuzz_x509crt ${libs})
add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c) add_executable(fuzz_privkey fuzz_privkey.c onefile.c)
target_link_libraries(fuzz_pubkey ${libs}) target_link_libraries(fuzz_privkey ${libs})
add_executable(fuzz_client fuzz_client.c common.c onefile.c) add_executable(fuzz_pubkey fuzz_pubkey.c onefile.c)
target_link_libraries(fuzz_client ${libs}) target_link_libraries(fuzz_pubkey ${libs})
add_executable(fuzz_server fuzz_server.c common.c onefile.c) add_executable(fuzz_client fuzz_client.c common.c onefile.c)
target_link_libraries(fuzz_server ${libs}) target_link_libraries(fuzz_client ${libs})
add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c onefile.c) add_executable(fuzz_server fuzz_server.c common.c onefile.c)
target_link_libraries(fuzz_dtlsclient ${libs}) target_link_libraries(fuzz_server ${libs})
add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c onefile.c) add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c onefile.c)
target_link_libraries(fuzz_dtlsserver ${libs}) target_link_libraries(fuzz_dtlsclient ${libs})
add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c onefile.c)
target_link_libraries(fuzz_dtlsserver ${libs})
else()
project(fuzz CXX)
add_executable(fuzz_x509csr fuzz_x509csr.c)
target_link_libraries(fuzz_x509csr ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_x509csr PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_x509crl fuzz_x509crl.c)
target_link_libraries(fuzz_x509crl ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_x509crl PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_x509crt fuzz_x509crt.c)
target_link_libraries(fuzz_x509crt ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_x509crt PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_privkey fuzz_privkey.c)
target_link_libraries(fuzz_privkey ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_privkey PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_pubkey fuzz_pubkey.c)
target_link_libraries(fuzz_pubkey ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_pubkey PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_client fuzz_client.c common.c)
target_link_libraries(fuzz_client ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_client PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_server fuzz_server.c common.c)
target_link_libraries(fuzz_server ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_server PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_dtlsclient fuzz_dtlsclient.c common.c)
target_link_libraries(fuzz_dtlsclient ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_dtlsclient PROPERTIES LINKER_LANGUAGE CXX)
add_executable(fuzz_dtlsserver fuzz_dtlsserver.c common.c)
target_link_libraries(fuzz_dtlsserver ${libs} FuzzingEngine)
SET_TARGET_PROPERTIES(fuzz_dtlsserver PROPERTIES LINKER_LANGUAGE CXX)
endif()

35
tests/fuzz/README.md Normal file
View file

@ -0,0 +1,35 @@
What is it ?
------
This directory contains fuzz targets.
Fuzz targets are simple codes using the library.
They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance).
These targets were meant to be used with oss-fuzz but can be used in other contexts.
This code was contributed by Philippe Antoine ( Catena cyber ).
How to run ?
------
To run the fuzz targets like oss-fuzz :
```
git clone https://github.com/google/oss-fuzz
cd oss-fuzz
python infra/helper.py build_image mbedtls
python infra/helper.py build_fuzzers --sanitizer address mbedtls
python infra/helper.py run_fuzzer mbedtls fuzz_client
```
You can use `undefined` sanitizer as well as `address` sanitizer
And you can run any of the fuzz targets like `fuzz_client`
To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance)
Then you need to compile the code
```
perl scripts/config.pl set MBEDTLS_PLATFORM_TIME_ALT
mkdir build
cd build
cmake ..
make
```
Finally, you can run the targets like `./test/fuzz/fuzz_client`