projects / thirdparty / openssl.git / blame
| Commit | Line | Data |
|---|---|---|
| c38bb727 BL |
1 | # I Can Haz Fuzz? |
| 2 | ||
| 75a11229 | 3 | Or, how to fuzz OpenSSL with [libfuzzer](llvm.org/docs/LibFuzzer.html). |
| c38bb727 BL |
4 | |
| 5 | Starting from a vanilla+OpenSSH server Ubuntu install. | |
| 6 | ||
| 7 | Use Chrome's handy recent build of clang. Older versions may also work. | |
| 8 | ||
| 9 | $ sudo apt-get install git | |
| 10 | $ mkdir git-work | |
| 11 | $ git clone https://chromium.googlesource.com/chromium/src/tools/clang | |
| 12 | $ clang/scripts/update.py | |
| 13 | ||
| 14 | You may want to git pull and re-run the update from time to time. | |
| 15 | ||
| 16 | Update your path: | |
| 17 | ||
| 18 | $ PATH=~/third_party/llvm-build/Release+Asserts/bin/:$PATH | |
| 19 | ||
| 20 | Get and build libFuzzer (there is a git mirror at | |
| 21 | https://github.com/llvm-mirror/llvm/tree/master/lib/Fuzzer if you prefer): | |
| 22 | ||
| 23 | $ cd | |
| 24 | $ sudo apt-get install subversion | |
| 25 | $ mkdir svn-work | |
| 26 | $ cd svn-work | |
| 27 | $ svn co http://llvm.org/svn/llvm-project/llvm/trunk/lib/Fuzzer | |
| 28 | $ cd Fuzzer | |
| 29 | $ clang++ -c -g -O2 -std=c++11 *.cpp | |
| 30 | $ ar r libFuzzer.a *.o | |
| 31 | $ ranlib libFuzzer.a | |
| 32 | ||
| 33 | Configure for fuzzing: | |
| 34 | ||
| 35 | $ CC=clang ./config enable-fuzz enable-asan enable-ubsan no-shared | |
| 36 | $ sudo apt-get install make | |
| 37 | $ LDCMD=clang++ make -j | |
| 38 | $ fuzz/helper.py <fuzzer> <arguments> | |
| 39 | ||
| 40 | Where `<fuzzer>` is one of the executables in `fuzz/`. Most fuzzers do not | |
| 41 | need any command line arguments, but, for example, `asn1` needs the name of a | |
| 42 | data type. | |
| 43 | ||
| 44 | If you get a crash, you should find a corresponding input file in | |
| 45 | `fuzz/corpora/<fuzzer>-crash/`. You can reproduce the crash with | |
| 46 | ||
| 47 | $ fuzz/<fuzzer> <crashfile> |