oss-fuzz Ideal integration
Arjun
pkillarjun at protonmail.com
Sun Apr 28 10:28:04 EDT 2024
Hi,
I'm Arjun, I'm the guy who did the integration of krb5 into oss-fuzz.
I'm planning a new PR for Ideal Integrations. Here are some design ideas;
This is my initial design.
* You can try applying my current patch `krb.patch`, in the root directory. This will show you the only changes that will be needed for the build system.
* Fuzz targets that currently exist in `oss-fuzz/projects/krb5/fuzzing` will be moved to `krb5/src/tests/fuzzing`. Also I'm adding some new targets.
* Adding `CIFuzz` workflow for GitHub for PR testing.
This is a simple change, I know, but here comes the trickiest part where my brain crashes.
krb5 implements its own crypto functions. To properly test those crypto function implementations, I need to do differential fuzzing where krb5 crypto functions will be tested against OpenSSL and other crypto libraries.
Now, doing this the official way is bad because it will require an exorbitant amount of work and a lot of changes in the build system to check proper dependencies.
I would like to say it again: I don't want to do differential fuzzing using the official build system.
Now, there are some hacks.
Zero hack:
* Load the `Makefile.am` with hacks, so it can compile without proper dependency checks for differential fuzzing;
Note: I like this one;
First hack:
* Using a build.sh or Makefile in `fuzzing/differential` folder, where the differential fuzzing target will be compiled;
Second hack:
* Not adding the fuzzing src and build into the krb5 build system, but treating it as a different test;
* I don't know how to explain, but I have an example.
Example :
- https://github.com/curl/curl-fuzzer
- https://github.com/curl/curl-fuzzer/blob/master/.github/workflows/ci.yml
* In this way, the krb5 GitHub account will have a separate repo for fuzzing.
WHY?
You may ask why dude?
Some time ago, my main GitHub account 0x34d was suspended for a joke. Now it's back, by the way.
I panicked so badly, and a lot of builds were failing too. So, I decided to make a change and do my work properly, and finished what I started on the oss-fuzz infrastructure.
Arjun.
Sent with [Proton Mail](https://proton.me/) secure email.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb.patch
Type: text/x-patch
Size: 1848 bytes
Desc: not available
URL: <http://mailman.mit.edu/pipermail/krbdev/attachments/20240428/20924ac0/attachment.bin>
More information about the krbdev
mailing list