diff options
| author | Adam Harrison <adamdharrison@gmail.com> | 2022-11-26 16:20:59 -0500 |
|---|---|---|
| committer | Adam Harrison <adamdharrison@gmail.com> | 2022-11-29 18:39:46 -0500 |
| commit | fc0c4ed9a3103e0e6534311923668879fc8e0875 (patch) | |
| tree | 6e7723c3f45d39f06c243d9c18a3c038da948793 /lib/mbedtls-2.27.0/programs/fuzz/README.md | |
| parent | 3836606e2b735ba7b2dc0f580231843660587fb4 (diff) | |
| download | lite-xl-plugin-manager-curl-removal.tar.gz lite-xl-plugin-manager-curl-removal.zip | |
Removed openssl, and curl, and added mbedded tls.curl-removal
Almost fully removed curl, needs more testing.
Fixed most issues, now trying to cross compile.
Fix?
Sigh.
Diffstat (limited to 'lib/mbedtls-2.27.0/programs/fuzz/README.md')
| -rw-r--r-- | lib/mbedtls-2.27.0/programs/fuzz/README.md | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/lib/mbedtls-2.27.0/programs/fuzz/README.md b/lib/mbedtls-2.27.0/programs/fuzz/README.md new file mode 100644 index 0000000..b6a4333 --- /dev/null +++ b/lib/mbedtls-2.27.0/programs/fuzz/README.md @@ -0,0 +1,68 @@ +What is it? +------ + +This directory contains fuzz targets. +Fuzz targets are simple codes using the library. +They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance). + +These targets were meant to be used with oss-fuzz but can be used in other contexts. + +This code was contributed by Philippe Antoine ( Catena cyber ). + +How to run? +------ + +To run the fuzz targets like oss-fuzz: +``` +git clone https://github.com/google/oss-fuzz +cd oss-fuzz +python infra/helper.py build_image mbedtls +python infra/helper.py build_fuzzers --sanitizer address mbedtls +python infra/helper.py run_fuzzer mbedtls fuzz_client +``` +You can use `undefined` sanitizer as well as `address` sanitizer. +And you can run any of the fuzz targets like `fuzz_client`. + +To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance). +Then you need to compile the code with the compiler flags of the wished sanitizer. +``` +perl scripts/config.py set MBEDTLS_PLATFORM_TIME_ALT +mkdir build +cd build +cmake .. +make +``` +Finally, you can run the targets like `./test/fuzz/fuzz_client`. + + +Corpus generation for network trafic targets +------ + +These targets use network trafic as inputs : +* client : simulates a client against (fuzzed) server traffic +* server : simulates a server against (fuzzed) client traffic +* dtls_client +* dtls_server + +They also use the last bytes as configuration options. + +To generate corpus for these targets, you can do the following, not fully automated steps : +* Build mbedtls programs ssl_server2 and ssl_client2 +* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap +* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt` +* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor` +* Finally, you can add the options by appending the last bytes to the file test.cor + +Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command) +``` +import sys +import binascii + +f = open(sys.argv[1]) +for l in f.readlines(): + portAndPl=l.split() + if len(portAndPl) == 2: + # determine client or server based on port + if portAndPl[0] == "4433": + print(binascii.unhexlify(portAndPl[1].replace(":",""))) +``` |