• Home
  • Annotate
  • current directory
Name Date Size #Lines LOC

..12-Nov-2021-

corpuses/12-Nov-2021-

.gitignore A D12-Nov-2021120 109

CMakeLists.txt A D12-Nov-20211.2 KiB4939

Makefile A D12-Nov-20211.8 KiB6846

README.md A D12-Nov-20212.5 KiB6955

common.c A D12-Nov-20212.2 KiB9773

common.h A D12-Nov-2021632 2016

fuzz_client.c A D12-Nov-20215.2 KiB174140

fuzz_client.options A D12-Nov-202130 32

fuzz_dtlsclient.c A D12-Nov-20213.5 KiB125102

fuzz_dtlsclient.options A D12-Nov-202130 32

fuzz_dtlsserver.c A D12-Nov-20214.8 KiB152126

fuzz_dtlsserver.options A D12-Nov-202130 32

fuzz_privkey.c A D12-Nov-20212.3 KiB8062

fuzz_privkey.options A D12-Nov-202128 32

fuzz_pubkey.c A D12-Nov-20212.5 KiB7861

fuzz_pubkey.options A D12-Nov-202128 32

fuzz_server.c A D12-Nov-20216 KiB190161

fuzz_server.options A D12-Nov-202130 32

fuzz_x509crl.c A D12-Nov-2021670 3025

fuzz_x509crl.options A D12-Nov-202128 32

fuzz_x509crt.c A D12-Nov-2021670 3025

fuzz_x509crt.options A D12-Nov-202128 32

fuzz_x509csr.c A D12-Nov-2021670 3025

fuzz_x509csr.options A D12-Nov-202128 32

onefile.c A D12-Nov-20211.1 KiB5745

README.md

1What is it?
2------
3
4This directory contains fuzz targets.
5Fuzz targets are simple codes using the library.
6They are used with a so-called fuzz driver, which will generate inputs, try to process them with the fuzz target, and alert in case of an unwanted behavior (such as a buffer overflow for instance).
7
8These targets were meant to be used with oss-fuzz but can be used in other contexts.
9
10This code was contributed by Philippe Antoine ( Catena cyber ).
11
12How to run?
13------
14
15To run the fuzz targets like oss-fuzz:
16```
17git clone https://github.com/google/oss-fuzz
18cd oss-fuzz
19python infra/helper.py build_image mbedtls
20python infra/helper.py build_fuzzers --sanitizer address mbedtls
21python infra/helper.py run_fuzzer mbedtls fuzz_client
22```
23You can use `undefined` sanitizer as well as `address` sanitizer.
24And you can run any of the fuzz targets like `fuzz_client`.
25
26To run the fuzz targets without oss-fuzz, you first need to install one libFuzzingEngine (libFuzzer for instance).
27Then you need to compile the code with the compiler flags of the wished sanitizer.
28```
29perl scripts/config.py set MBEDTLS_PLATFORM_TIME_ALT
30mkdir build
31cd build
32cmake ..
33make
34```
35Finally, you can run the targets like `./test/fuzz/fuzz_client`.
36
37
38Corpus generation for network trafic targets
39------
40
41These targets use network trafic as inputs :
42* client : simulates a client against (fuzzed) server traffic
43* server : simulates a server against (fuzzed) client traffic
44* dtls_client
45* dtls_server
46
47They also use the last bytes as configuration options.
48
49To generate corpus for these targets, you can do the following, not fully automated steps :
50* Build mbedtls programs ssl_server2 and ssl_client2
51* Run them one against the other with `reproducible` option turned on while capturing trafic into test.pcap
52* Extract tcp payloads, for instance with tshark : `tshark -Tfields -e tcp.dstport -e tcp.payload -r test.pcap > test.txt`
53* Run a dummy python script to output either client or server corpus file like `python dummy.py test.txt > test.cor`
54* Finally, you can add the options by appending the last bytes to the file test.cor
55
56Here is an example of dummy.py for extracting payload from client to server (if we used `tcp.dstport` in tshark command)
57```
58import sys
59import binascii
60
61f = open(sys.argv[1])
62for l in f.readlines():
63    portAndPl=l.split()
64    if len(portAndPl) == 2:
65        # determine client or server based on port
66        if portAndPl[0] == "4433":
67            print(binascii.unhexlify(portAndPl[1].replace(":","")))
68```
69