fuzz: Add fuzzing boilerplate
This commit is contained in:
parent
4d0795bcef
commit
157742be7d
|
@ -1,5 +1,9 @@
|
||||||
SUBDIRS = src man conf init testing
|
SUBDIRS = src man conf init testing
|
||||||
|
|
||||||
|
if USE_FUZZING
|
||||||
|
SUBDIRS += fuzz
|
||||||
|
endif
|
||||||
|
|
||||||
if USE_SCRIPTS
|
if USE_SCRIPTS
|
||||||
SUBDIRS += scripts
|
SUBDIRS += scripts
|
||||||
endif
|
endif
|
||||||
|
|
24
configure.ac
24
configure.ac
|
@ -277,6 +277,7 @@ ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.]
|
||||||
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
|
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
|
||||||
ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.])
|
ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.])
|
||||||
ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.])
|
ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.])
|
||||||
|
ARG_ENABL_SET([fuzzing], [enable fuzzing scripts (found in directory fuzz).])
|
||||||
ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.])
|
ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.])
|
||||||
ARG_ENABL_SET([manager], [enable web management console (proof of concept).])
|
ARG_ENABL_SET([manager], [enable web management console (proof of concept).])
|
||||||
ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.])
|
ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.])
|
||||||
|
@ -1263,6 +1264,11 @@ if test x$coverage = xtrue; then
|
||||||
CFLAGS="${CFLAGS} -g -O0"
|
CFLAGS="${CFLAGS} -g -O0"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if test x$fuzzing = xtrue; then
|
||||||
|
AC_MSG_NOTICE([fuzzing enabled, modifying CFLAGS])
|
||||||
|
CFLAGS="${CFLAGS} -fsanitize-coverage=trace-pc-guard -fsanitize=address"
|
||||||
|
fi
|
||||||
|
|
||||||
if test x$ruby_gems = xtrue; then
|
if test x$ruby_gems = xtrue; then
|
||||||
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
|
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
|
||||||
if test x$GEM = x; then
|
if test x$GEM = x; then
|
||||||
|
@ -1309,6 +1315,7 @@ attest_plugins=
|
||||||
scepclient_plugins=
|
scepclient_plugins=
|
||||||
pki_plugins=
|
pki_plugins=
|
||||||
scripts_plugins=
|
scripts_plugins=
|
||||||
|
fuzz_plugins=
|
||||||
manager_plugins=
|
manager_plugins=
|
||||||
medsrv_plugins=
|
medsrv_plugins=
|
||||||
nm_plugins=
|
nm_plugins=
|
||||||
|
@ -1332,21 +1339,21 @@ ADD_PLUGIN([aes], [s charon scepclient pki scripts nm cmd])
|
||||||
ADD_PLUGIN([des], [s charon scepclient pki scripts nm cmd])
|
ADD_PLUGIN([des], [s charon scepclient pki scripts nm cmd])
|
||||||
ADD_PLUGIN([blowfish], [s charon scepclient pki scripts nm cmd])
|
ADD_PLUGIN([blowfish], [s charon scepclient pki scripts nm cmd])
|
||||||
ADD_PLUGIN([rc2], [s charon scepclient pki scripts nm cmd])
|
ADD_PLUGIN([rc2], [s charon scepclient pki scripts nm cmd])
|
||||||
ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
|
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
|
||||||
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
|
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
|
ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
|
||||||
ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen])
|
ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([revocation], [s charon pki nm cmd])
|
ADD_PLUGIN([revocation], [s charon pki nm cmd])
|
||||||
ADD_PLUGIN([constraints], [s charon nm cmd])
|
ADD_PLUGIN([constraints], [s charon nm cmd])
|
||||||
ADD_PLUGIN([acert], [s charon])
|
ADD_PLUGIN([acert], [s charon])
|
||||||
ADD_PLUGIN([pubkey], [s charon cmd aikgen])
|
ADD_PLUGIN([pubkey], [s charon cmd aikgen])
|
||||||
ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd])
|
ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd])
|
||||||
ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd])
|
ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd])
|
||||||
ADD_PLUGIN([pkcs12], [s charon scepclient pki scripts cmd])
|
ADD_PLUGIN([pkcs12], [s charon scepclient pki scripts cmd])
|
||||||
|
@ -1355,13 +1362,13 @@ ADD_PLUGIN([dnskey], [s charon pki])
|
||||||
ADD_PLUGIN([sshkey], [s charon pki nm cmd])
|
ADD_PLUGIN([sshkey], [s charon pki nm cmd])
|
||||||
ADD_PLUGIN([dnscert], [c charon])
|
ADD_PLUGIN([dnscert], [c charon])
|
||||||
ADD_PLUGIN([ipseckey], [c charon])
|
ADD_PLUGIN([ipseckey], [c charon])
|
||||||
ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([padlock], [s charon])
|
ADD_PLUGIN([padlock], [s charon])
|
||||||
ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
|
||||||
ADD_PLUGIN([fips-prf], [s charon nm cmd])
|
ADD_PLUGIN([fips-prf], [s charon nm cmd])
|
||||||
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
|
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
|
||||||
ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
|
ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
|
||||||
ADD_PLUGIN([agent], [s charon nm cmd])
|
ADD_PLUGIN([agent], [s charon nm cmd])
|
||||||
ADD_PLUGIN([keychain], [s charon cmd])
|
ADD_PLUGIN([keychain], [s charon cmd])
|
||||||
|
@ -1462,6 +1469,7 @@ AC_SUBST(attest_plugins)
|
||||||
AC_SUBST(scepclient_plugins)
|
AC_SUBST(scepclient_plugins)
|
||||||
AC_SUBST(pki_plugins)
|
AC_SUBST(pki_plugins)
|
||||||
AC_SUBST(scripts_plugins)
|
AC_SUBST(scripts_plugins)
|
||||||
|
AC_SUBST(fuzz_plugins)
|
||||||
AC_SUBST(manager_plugins)
|
AC_SUBST(manager_plugins)
|
||||||
AC_SUBST(medsrv_plugins)
|
AC_SUBST(medsrv_plugins)
|
||||||
AC_SUBST(nm_plugins)
|
AC_SUBST(nm_plugins)
|
||||||
|
@ -1646,6 +1654,7 @@ AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
|
||||||
AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
|
AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
|
||||||
AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
|
AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
|
||||||
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
|
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
|
||||||
|
AM_CONDITIONAL(USE_FUZZING, test x$fuzzing = xtrue)
|
||||||
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
|
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
|
||||||
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
|
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
|
||||||
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
|
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
|
||||||
|
@ -1734,6 +1743,7 @@ AC_SUBST(strongswan_options)
|
||||||
AC_CONFIG_FILES([
|
AC_CONFIG_FILES([
|
||||||
Makefile
|
Makefile
|
||||||
conf/Makefile
|
conf/Makefile
|
||||||
|
fuzz/Makefile
|
||||||
man/Makefile
|
man/Makefile
|
||||||
init/Makefile
|
init/Makefile
|
||||||
init/systemd/Makefile
|
init/systemd/Makefile
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
fuzz_certs
|
|
@ -0,0 +1,12 @@
|
||||||
|
AM_CPPFLAGS = \
|
||||||
|
-I$(top_srcdir)/src/libstrongswan \
|
||||||
|
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
|
||||||
|
-DPLUGINS="\"${fuzz_plugins}\""
|
||||||
|
|
||||||
|
noinst_PROGRAMS = fuzz_certs
|
||||||
|
|
||||||
|
fuzz_certs_SOURCES = fuzz_certs.c
|
||||||
|
|
||||||
|
fuzz_certs_LDFLAGS = libFuzzer.a -lstdc++
|
||||||
|
|
||||||
|
fuzz_certs_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la
|
|
@ -0,0 +1,40 @@
|
||||||
|
/*
|
||||||
|
* Copyright (C) 2017 Tobias Brunner
|
||||||
|
* HSR Hochschule fuer Technik Rapperswil
|
||||||
|
*
|
||||||
|
* This program is free software; you can redistribute it and/or modify it
|
||||||
|
* under the terms of the GNU General Public License as published by the
|
||||||
|
* Free Software Foundation; either version 2 of the License, or (at your
|
||||||
|
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful, but
|
||||||
|
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
||||||
|
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
||||||
|
* for more details.
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <library.h>
|
||||||
|
#include <utils/debug.h>
|
||||||
|
|
||||||
|
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
|
||||||
|
{
|
||||||
|
certificate_t *cert;
|
||||||
|
chunk_t chunk;
|
||||||
|
|
||||||
|
dbg_default_set_level(-1);
|
||||||
|
library_init(NULL, "fuzz_certs");
|
||||||
|
plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
|
||||||
|
if (!lib->plugins->load(lib->plugins, PLUGINS))
|
||||||
|
{
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
chunk = chunk_create((u_char*)buf, len);
|
||||||
|
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||||
|
BUILD_BLOB, chunk, BUILD_END);
|
||||||
|
DESTROY_IF(cert);
|
||||||
|
|
||||||
|
lib->plugins->unload(lib->plugins);
|
||||||
|
library_deinit();
|
||||||
|
return 0;
|
||||||
|
}
|
|
@ -32,7 +32,7 @@ printf-builtin)
|
||||||
all|coverage)
|
all|coverage)
|
||||||
CONFIG="--enable-all --disable-android-dns --disable-android-log
|
CONFIG="--enable-all --disable-android-dns --disable-android-log
|
||||||
--disable-dumm --disable-kernel-pfroute --disable-keychain
|
--disable-dumm --disable-kernel-pfroute --disable-keychain
|
||||||
--disable-lock-profiler --disable-padlock
|
--disable-lock-profiler --disable-padlock --disable-fuzzing
|
||||||
--disable-osx-attr --disable-tkm --disable-uci
|
--disable-osx-attr --disable-tkm --disable-uci
|
||||||
--disable-systemd --disable-soup --disable-unwind-backtraces
|
--disable-systemd --disable-soup --disable-unwind-backtraces
|
||||||
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
|
--disable-svc --disable-dbghelp-backtraces --disable-socket-win
|
||||||
|
|
Loading…
Reference in New Issue