From: Kurt Roeckx <kurt@roeckx.be>
Date: Thu, 15 Dec 2016 19:06:51 +0000 (+0100)
Subject: Document the recommended parameters for fuzzing
X-Git-Tag: OpenSSL_1_1_1-pre1~2840
X-Git-Url: http://git.ipfire.org/?p=thirdparty%2Fopenssl.git;a=commitdiff_plain;h=e104d01debba258ceed728ddf84d8cb3ef655d85

Document the recommended parameters for fuzzing

We use those parameters for calculating the coverage.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2088
---

diff --git a/fuzz/README.md b/fuzz/README.md
index 69c388121b..e0d2eb68fb 100644
--- a/fuzz/README.md
+++ b/fuzz/README.md
@@ -40,7 +40,10 @@ Configure for fuzzing:
             --with-fuzzer-lib=../../svn-work/Fuzzer/libFuzzer \
             -DPEDANTIC enable-asan enable-ubsan no-shared \
             -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \
-	    -fsanitize-coverage=edge,indirect-calls,8bit-counters
+            -fsanitize-coverage=edge,indirect-calls,8bit-counters \
+            enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 \
+            enable-weak-ssl-ciphers enable-rc5 enable-md2 \
+            enable-ssl3 enable-ssl3-method enable-nextprotoneg
     $ sudo apt-get install make
     $ LDCMD=clang++ make -j
     $ fuzz/helper.py $FUZZER
@@ -58,9 +61,14 @@ AFL
 Configure for fuzzing:
 
     $ sudo apt-get install afl-clang
-    $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared
+    $ CC=afl-clang-fast ./config enable-fuzz-afl no-shared -DPEDANTIC \
+        enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 \
+        enable-ssl3 enable-ssl3-method enable-nextprotoneg \
+        enable-ec_nistp_64_gcc_128
     $ make
 
+The following options can also be enabled: enable-asan, enable-ubsan, enable-msan
+
 Run one of the fuzzers:
 
     $ afl-fuzz -i fuzz/corpora/$FUZZER -o fuzz/corpora/$FUZZER/out fuzz/$FUZZER