Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
f59d0131
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
10
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
f59d0131
编写于
5月 07, 2016
作者:
K
Kurt Roeckx
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Add support for fuzzing with AFL
Reviewed-by:
N
Ben Laurie
<
ben@links.org
>
MR: #2740
上级
255cf605
变更
13
显示空白变更内容
内联
并排
Showing
13 changed file
with
136 addition
and
38 deletion
+136
-38
Configure
Configure
+18
-3
fuzz/README.md
fuzz/README.md
+24
-1
fuzz/asn1.c
fuzz/asn1.c
+1
-1
fuzz/asn1parse.c
fuzz/asn1parse.c
+1
-1
fuzz/bignum.c
fuzz/bignum.c
+1
-1
fuzz/bndiv.c
fuzz/bndiv.c
+1
-1
fuzz/build.info
fuzz/build.info
+33
-24
fuzz/cms.c
fuzz/cms.c
+1
-1
fuzz/conf.c
fuzz/conf.c
+1
-1
fuzz/ct.c
fuzz/ct.c
+1
-1
fuzz/driver.c
fuzz/driver.c
+51
-0
fuzz/fuzzer.h
fuzz/fuzzer.h
+2
-2
fuzz/server.c
fuzz/server.c
+1
-1
未找到文件。
Configure
浏览文件 @
f59d0131
...
...
@@ -301,7 +301,8 @@ my @disablables = (
"
engine
",
"
err
",
"
filenames
",
"
fuzz
",
"
fuzz-libfuzzer
",
"
fuzz-afl
",
"
gost
",
"
heartbeats
",
"
hw(-.+)?
",
...
...
@@ -365,7 +366,8 @@ our %disabled = ( # "what" => "comment"
"
asan
"
=>
"
default
",
"
ec_nistp_64_gcc_128
"
=>
"
default
",
"
egd
"
=>
"
default
",
"
fuzz
"
=>
"
default
",
"
fuzz-libfuzzer
"
=>
"
default
",
"
fuzz-afl
"
=>
"
default
",
"
md2
"
=>
"
default
",
"
rc5
"
=>
"
default
",
"
sctp
"
=>
"
default
",
...
...
@@ -698,6 +700,14 @@ foreach (@argvcopy)
{
$withargs
{
zlib_include
}
=
$
1
;
}
elsif
(
/^--with-fuzzer-lib=(.*)$/
)
{
$withargs
{
fuzzer_lib
}
=
$
1
;
}
elsif
(
/^--with-fuzzer-include=(.*)$/
)
{
$withargs
{
fuzzer_include
}
=
$
1
;
}
elsif
(
/^--with-fipslibdir=(.*)$/
)
{
$config
{
fipslibdir
}
=
"
$1/
";
...
...
@@ -1042,11 +1052,15 @@ if ($disabled{"dynamic-engine"}) {
$config
{
dynamic_engines
}
=
1
;
}
unless
(
$disabled
{
fuzz
})
{
unless
(
$disabled
{
"
fuzz-libfuzzer
"
})
{
push
@
{
$config
{
dirs
}},
"
fuzz
";
$config
{
cflags
}
.=
"
-fsanitize-coverage=edge,indirect-calls
";
}
unless
(
$disabled
{"
fuzz-afl
"})
{
push
@
{
$config
{
dirs
}},
"
fuzz
";
}
unless
(
$disabled
{
asan
})
{
$config
{
cflags
}
.=
"
-fsanitize=address
";
}
...
...
@@ -1379,6 +1393,7 @@ if ($builder eq "unified") {
$template
->
fill_in
(
HASH
=>
{
config
=>
\
%config
,
target
=>
\
%target
,
disabled
=>
\
%disabled
,
withargs
=>
\
%withargs
,
builddir
=>
abs2rel
(
$buildd
,
$blddir
),
sourcedir
=>
abs2rel
(
$sourced
,
$blddir
),
buildtop
=>
abs2rel
(
$blddir
,
$blddir
),
...
...
fuzz/README.md
浏览文件 @
f59d0131
# I Can Haz Fuzz?
LibFuzzer
=========
Or, how to fuzz OpenSSL with
[
libfuzzer
](
llvm.org/docs/LibFuzzer.html
)
.
Starting from a vanilla+OpenSSH server Ubuntu install.
...
...
@@ -32,7 +35,10 @@ https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer):
Configure for fuzzing:
$ CC=clang ./config enable-fuzz enable-asan enable-ubsan no-shared
$ CC=clang ./config enable-fuzz-libfuzzer \
--with-fuzzer-include=../../svn-work/Fuzzer \
--with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
enable-asan enable-ubsan no-shared
$ sudo apt-get install make
$ LDCMD=clang++ make -j
$ fuzz/helper.py <fuzzer> <arguments>
...
...
@@ -45,3 +51,20 @@ If you get a crash, you should find a corresponding input file in
`fuzz/corpora/<fuzzer>-crash/`
. You can reproduce the crash with
$ fuzz/<fuzzer> <crashfile>
AFL
===
Configure for fuzzing:
$ sudo apt-get install afl-clang
$ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
$ make
Run one of the fuzzers:
$ afl-fuzz fuzz/<fuzzer> -i fuzz/corpora/<fuzzer> -o fuzz/corpora/<fuzzer>/out <fuzzer> <arguments>
Where
`<fuzzer>`
is one of the executables in
`fuzz/`
. Most fuzzers do not
need any command line arguments, but, for example,
`asn1`
needs the name of a
data type.
fuzz/asn1.c
浏览文件 @
f59d0131
...
...
@@ -60,7 +60,7 @@ static const ASN1_ITEM *item_type[] = {
NULL
};
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
for
(
int
n
=
0
;
item_type
[
n
]
!=
NULL
;
++
n
)
{
const
uint8_t
*
b
=
buf
;
ASN1_VALUE
*
o
=
ASN1_item_d2i
(
NULL
,
&
b
,
len
,
item_type
[
n
]);
...
...
fuzz/asn1parse.c
浏览文件 @
f59d0131
...
...
@@ -18,7 +18,7 @@
#include <openssl/x509v3.h>
#include "fuzzer.h"
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
static
BIO
*
bio_out
;
if
(
bio_out
==
NULL
)
...
...
fuzz/bignum.c
浏览文件 @
f59d0131
...
...
@@ -17,7 +17,7 @@
#include <openssl/bn.h>
#include "fuzzer.h"
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
success
=
0
;
static
BN_CTX
*
ctx
;
static
BN_MONT_CTX
*
mont
;
...
...
fuzz/bndiv.c
浏览文件 @
f59d0131
...
...
@@ -17,7 +17,7 @@
#include <openssl/bn.h>
#include "fuzzer.h"
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
success
=
0
;
static
BN_CTX
*
ctx
;
static
BIGNUM
*
b1
;
...
...
fuzz/build.info
浏览文件 @
f59d0131
{- use File::Spec::Functions;
our $ex_inc = $withargs{fuzzer_include} &&
(file_name_is_absolute($withargs{fuzzer_include}) ?
$withargs{fuzzer_include} : catdir(updir(), $withargs{fuzzer_include}));
our $ex_lib = $withargs{fuzzer_lib} &&
(file_name_is_absolute($withargs{fuzzer_lib}) ?
$withargs{fuzzer_lib} : catfile(updir(), $withargs{fuzzer_lib}));
""
-}
PROGRAMS=asn1 asn1parse bignum bndiv cms conf ct server
SOURCE[asn1]=asn1.c
INCLUDE[asn1]=../include
../../../svn-work/Fuzzer
DEPEND[asn1]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[asn1]=asn1.c
driver.c
INCLUDE[asn1]=../include
{- $ex_inc -}
DEPEND[asn1]=../libcrypto
{- $ex_lib -}
SOURCE[asn1parse]=asn1parse.c
INCLUDE[asn1parse]=../include
../../../svn-work/Fuzzer
DEPEND[asn1parse]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[asn1parse]=asn1parse.c
driver.c
INCLUDE[asn1parse]=../include
{- $ex_inc -}
DEPEND[asn1parse]=../libcrypto
{- $ex_lib -}
SOURCE[bignum]=bignum.c
INCLUDE[bignum]=../include
../../../svn-work/Fuzzer
DEPEND[bignum]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[bignum]=bignum.c
driver.c
INCLUDE[bignum]=../include
{- $ex_inc -}
DEPEND[bignum]=../libcrypto
{- $ex_lib -}
SOURCE[bndiv]=bndiv.c
INCLUDE[bndiv]=../include
../../../svn-work/Fuzzer
DEPEND[bndiv]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[bndiv]=bndiv.c
driver.c
INCLUDE[bndiv]=../include
{- $ex_inc -}
DEPEND[bndiv]=../libcrypto
{- $ex_lib -}
SOURCE[cms]=cms.c
INCLUDE[cms]=../include
../../../svn-work/Fuzzer
DEPEND[cms]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[cms]=cms.c
driver.c
INCLUDE[cms]=../include
{- $ex_inc -}
DEPEND[cms]=../libcrypto
{- $ex_lib -}
SOURCE[conf]=conf.c
INCLUDE[conf]=../include
../../../svn-work/Fuzzer
DEPEND[conf]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[conf]=conf.c
driver.c
INCLUDE[conf]=../include
{- $ex_inc -}
DEPEND[conf]=../libcrypto
{- $ex_lib -}
SOURCE[ct]=ct.c
INCLUDE[ct]=../include
../../../svn-work/Fuzzer
DEPEND[ct]=../libcrypto
../../../svn-work/Fuzzer/libFuzzer
SOURCE[ct]=ct.c
driver.c
INCLUDE[ct]=../include
{- $ex_inc -}
DEPEND[ct]=../libcrypto
{- $ex_lib -}
SOURCE[server]=server.c
INCLUDE[server]=../include
../../../svn-work/Fuzzer
DEPEND[server]=../libcrypto ../libssl
../../../svn-work/Fuzzer/libFuzzer
SOURCE[server]=server.c
driver.c
INCLUDE[server]=../include
{- $ex_inc -}
DEPEND[server]=../libcrypto ../libssl
{- $ex_lib -}
fuzz/cms.c
浏览文件 @
f59d0131
...
...
@@ -16,7 +16,7 @@
#include <openssl/cms.h>
#include "fuzzer.h"
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
BIO
*
in
=
BIO_new
(
BIO_s_mem
());
OPENSSL_assert
((
size_t
)
BIO_write
(
in
,
buf
,
len
)
==
len
);
CMS_ContentInfo
*
i
=
d2i_CMS_bio
(
in
,
NULL
);
...
...
fuzz/conf.c
浏览文件 @
f59d0131
...
...
@@ -15,7 +15,7 @@
#include <openssl/conf.h>
#include "fuzzer.h"
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
CONF
*
conf
=
NCONF_new
(
NULL
);
BIO
*
in
=
BIO_new
(
BIO_s_mem
());
long
eline
;
...
...
fuzz/ct.c
浏览文件 @
f59d0131
...
...
@@ -16,7 +16,7 @@
#include <openssl/ct.h>
#include "fuzzer.h"
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
const
uint8_t
**
pp
=
&
buf
;
STACK_OF
(
SCT
)
*
scts
=
d2i_SCT_LIST
(
NULL
,
pp
,
len
);
SCT_LIST_free
(
scts
);
...
...
fuzz/driver.c
0 → 100644
浏览文件 @
f59d0131
/*
* Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL licenses, (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
* or in the file LICENSE in the source distribution.
*/
#include <stdint.h>
#include <unistd.h>
#include <openssl/opensslconf.h>
#include "fuzzer.h"
#ifndef OPENSSL_NO_FUZZ_LIBFUZZER
int
LLVMFuzzerInitialize
(
int
*
argc
,
char
***
argv
)
{
if
(
FuzzerInitialize
)
return
FuzzerInitialize
(
argc
,
argv
);
return
0
;
}
int
LLVMFuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
return
FuzzerTestOneInput
(
buf
,
len
);
}
#elif !defined(OPENSSL_NO_FUZZ_AFL)
#define BUF_SIZE 65536
int
main
(
int
argc
,
char
**
argv
)
{
if
(
FuzzerInitialize
)
FuzzerInitialize
(
&
argc
,
&
argv
);
while
(
__AFL_LOOP
(
10000
))
{
uint8_t
*
buf
=
malloc
(
BUF_SIZE
);
size_t
size
=
read
(
0
,
buf
,
BUF_SIZE
);
FuzzerTestOneInput
(
buf
,
size
);
free
(
buf
);
}
return
0
;
}
#else
#error "Unsupported fuzzer"
#endif
fuzz/fuzzer.h
浏览文件 @
f59d0131
...
...
@@ -8,5 +8,5 @@
* or in the file LICENSE in the source distribution.
*/
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
);
int
LLVM
FuzzerInitialize
(
int
*
argc
,
char
***
argv
);
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
);
__attribute__
((
weak
))
int
FuzzerInitialize
(
int
*
argc
,
char
***
argv
);
fuzz/server.c
浏览文件 @
f59d0131
...
...
@@ -208,7 +208,7 @@ static void Init() {
X509_free
(
cert
);
}
int
LLVM
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
int
FuzzerTestOneInput
(
const
uint8_t
*
buf
,
size_t
len
)
{
if
(
ctx
==
NULL
)
Init
();
// TODO: make this work for OpenSSL. There's a PREDICT define that may do
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录