fuzz: Add fuzzing boilerplate

This commit is contained in:
Tobias Brunner 2017-03-08 11:00:22 +01:00
parent 4d0795bcef
commit 157742be7d
6 changed files with 75 additions and 8 deletions

View File

@ -1,5 +1,9 @@
SUBDIRS = src man conf init testing SUBDIRS = src man conf init testing
if USE_FUZZING
SUBDIRS += fuzz
endif
if USE_SCRIPTS if USE_SCRIPTS
SUBDIRS += scripts SUBDIRS += scripts
endif endif

View File

@ -277,6 +277,7 @@ ARG_ENABL_SET([cmd], [enable the command line IKE client charon-cmd.]
ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.]) ARG_ENABL_SET([conftest], [enforce Suite B conformance test framework.])
ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.]) ARG_ENABL_SET([dumm], [enable the DUMM UML test framework.])
ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.]) ARG_ENABL_SET([fast], [enable libfast (FastCGI Application Server w/ templates.])
ARG_ENABL_SET([fuzzing], [enable fuzzing scripts (found in directory fuzz).])
ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.]) ARG_ENABL_SET([libipsec], [enable user space IPsec implementation.])
ARG_ENABL_SET([manager], [enable web management console (proof of concept).]) ARG_ENABL_SET([manager], [enable web management console (proof of concept).])
ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.]) ARG_ENABL_SET([medcli], [enable mediation client configuration database plugin.])
@ -1263,6 +1264,11 @@ if test x$coverage = xtrue; then
CFLAGS="${CFLAGS} -g -O0" CFLAGS="${CFLAGS} -g -O0"
fi fi
if test x$fuzzing = xtrue; then
AC_MSG_NOTICE([fuzzing enabled, modifying CFLAGS])
CFLAGS="${CFLAGS} -fsanitize-coverage=trace-pc-guard -fsanitize=address"
fi
if test x$ruby_gems = xtrue; then if test x$ruby_gems = xtrue; then
AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin]) AC_PATH_PROG([GEM], [gem], [], [$PATH:/bin:/usr/bin:/usr/local/bin])
if test x$GEM = x; then if test x$GEM = x; then
@ -1309,6 +1315,7 @@ attest_plugins=
scepclient_plugins= scepclient_plugins=
pki_plugins= pki_plugins=
scripts_plugins= scripts_plugins=
fuzz_plugins=
manager_plugins= manager_plugins=
medsrv_plugins= medsrv_plugins=
nm_plugins= nm_plugins=
@ -1332,21 +1339,21 @@ ADD_PLUGIN([aes], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([des], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([des], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([blowfish], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([blowfish], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([rc2], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([rc2], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([sha2], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([sha3], [s charon scepclient pki scripts medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([sha1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([md4], [s charon scepclient pki nm cmd]) ADD_PLUGIN([md4], [s charon scepclient pki nm cmd])
ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen]) ADD_PLUGIN([md5], [s charon scepclient pki scripts attest nm cmd aikgen])
ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([mgf1], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([rdrand], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([random], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([nonce], [s charon nm cmd aikgen]) ADD_PLUGIN([nonce], [s charon nm cmd aikgen])
ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen]) ADD_PLUGIN([x509], [s charon scepclient pki scripts attest nm cmd aikgen fuzz])
ADD_PLUGIN([revocation], [s charon pki nm cmd]) ADD_PLUGIN([revocation], [s charon pki nm cmd])
ADD_PLUGIN([constraints], [s charon nm cmd]) ADD_PLUGIN([constraints], [s charon nm cmd])
ADD_PLUGIN([acert], [s charon]) ADD_PLUGIN([acert], [s charon])
ADD_PLUGIN([pubkey], [s charon cmd aikgen]) ADD_PLUGIN([pubkey], [s charon cmd aikgen])
ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([pkcs1], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd]) ADD_PLUGIN([pkcs7], [s charon scepclient pki scripts nm cmd])
ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd]) ADD_PLUGIN([pkcs8], [s charon scepclient pki scripts manager medsrv attest nm cmd])
ADD_PLUGIN([pkcs12], [s charon scepclient pki scripts cmd]) ADD_PLUGIN([pkcs12], [s charon scepclient pki scripts cmd])
@ -1355,13 +1362,13 @@ ADD_PLUGIN([dnskey], [s charon pki])
ADD_PLUGIN([sshkey], [s charon pki nm cmd]) ADD_PLUGIN([sshkey], [s charon pki nm cmd])
ADD_PLUGIN([dnscert], [c charon]) ADD_PLUGIN([dnscert], [c charon])
ADD_PLUGIN([ipseckey], [c charon]) ADD_PLUGIN([ipseckey], [c charon])
ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([pem], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([padlock], [s charon]) ADD_PLUGIN([padlock], [s charon])
ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([openssl], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([gcrypt], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd]) ADD_PLUGIN([fips-prf], [s charon nm cmd])
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz])
ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd]) ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
ADD_PLUGIN([agent], [s charon nm cmd]) ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd]) ADD_PLUGIN([keychain], [s charon cmd])
@ -1462,6 +1469,7 @@ AC_SUBST(attest_plugins)
AC_SUBST(scepclient_plugins) AC_SUBST(scepclient_plugins)
AC_SUBST(pki_plugins) AC_SUBST(pki_plugins)
AC_SUBST(scripts_plugins) AC_SUBST(scripts_plugins)
AC_SUBST(fuzz_plugins)
AC_SUBST(manager_plugins) AC_SUBST(manager_plugins)
AC_SUBST(medsrv_plugins) AC_SUBST(medsrv_plugins)
AC_SUBST(nm_plugins) AC_SUBST(nm_plugins)
@ -1646,6 +1654,7 @@ AM_CONDITIONAL(USE_NM, test x$nm = xtrue)
AM_CONDITIONAL(USE_PKI, test x$pki = xtrue) AM_CONDITIONAL(USE_PKI, test x$pki = xtrue)
AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue) AM_CONDITIONAL(USE_SCEPCLIENT, test x$scepclient = xtrue)
AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue) AM_CONDITIONAL(USE_SCRIPTS, test x$scripts = xtrue)
AM_CONDITIONAL(USE_FUZZING, test x$fuzzing = xtrue)
AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue) AM_CONDITIONAL(USE_CONFTEST, test x$conftest = xtrue)
AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBSTRONGSWAN, test x$charon = xtrue -o x$pki = xtrue -o x$scepclient = xtrue -o x$conftest = xtrue -o x$fast = xtrue -o x$imcv = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$tls = xtrue -o x$tnc_tnccs = xtrue -o x$aikgen = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue) AM_CONDITIONAL(USE_LIBCHARON, test x$charon = xtrue -o x$conftest = xtrue -o x$nm = xtrue -o x$tkm = xtrue -o x$cmd = xtrue -o x$svc = xtrue -o x$systemd = xtrue)
@ -1734,6 +1743,7 @@ AC_SUBST(strongswan_options)
AC_CONFIG_FILES([ AC_CONFIG_FILES([
Makefile Makefile
conf/Makefile conf/Makefile
fuzz/Makefile
man/Makefile man/Makefile
init/Makefile init/Makefile
init/systemd/Makefile init/systemd/Makefile

1
fuzz/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
fuzz_certs

12
fuzz/Makefile.am Normal file
View File

@ -0,0 +1,12 @@
AM_CPPFLAGS = \
-I$(top_srcdir)/src/libstrongswan \
-DPLUGINDIR=\""$(abs_top_builddir)/src/libstrongswan/plugins\"" \
-DPLUGINS="\"${fuzz_plugins}\""
noinst_PROGRAMS = fuzz_certs
fuzz_certs_SOURCES = fuzz_certs.c
fuzz_certs_LDFLAGS = libFuzzer.a -lstdc++
fuzz_certs_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la

40
fuzz/fuzz_certs.c Normal file
View File

@ -0,0 +1,40 @@
/*
* Copyright (C) 2017 Tobias Brunner
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* for more details.
*/
#include <library.h>
#include <utils/debug.h>
int LLVMFuzzerTestOneInput(const uint8_t *buf, size_t len)
{
certificate_t *cert;
chunk_t chunk;
dbg_default_set_level(-1);
library_init(NULL, "fuzz_certs");
plugin_loader_add_plugindirs(PLUGINDIR, PLUGINS);
if (!lib->plugins->load(lib->plugins, PLUGINS))
{
return 1;
}
chunk = chunk_create((u_char*)buf, len);
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
BUILD_BLOB, chunk, BUILD_END);
DESTROY_IF(cert);
lib->plugins->unload(lib->plugins);
library_deinit();
return 0;
}

View File

@ -32,7 +32,7 @@ printf-builtin)
all|coverage) all|coverage)
CONFIG="--enable-all --disable-android-dns --disable-android-log CONFIG="--enable-all --disable-android-dns --disable-android-log
--disable-dumm --disable-kernel-pfroute --disable-keychain --disable-dumm --disable-kernel-pfroute --disable-keychain
--disable-lock-profiler --disable-padlock --disable-lock-profiler --disable-padlock --disable-fuzzing
--disable-osx-attr --disable-tkm --disable-uci --disable-osx-attr --disable-tkm --disable-uci
--disable-systemd --disable-soup --disable-unwind-backtraces --disable-systemd --disable-soup --disable-unwind-backtraces
--disable-svc --disable-dbghelp-backtraces --disable-socket-win --disable-svc --disable-dbghelp-backtraces --disable-socket-win