[gnutls-devel] GnuTLS 3.6.0 released

Nikos Mavrogiannopoulos nmav at gnutls.org
Sun Aug 27 09:50:01 CEST 2017


On Sat, Aug 26, 2017 at 3:31 PM, Andreas Metzler <ametzler at bebt.de> wrote:
> On 2017-08-21 Nikos Mavrogiannopoulos <nmav at gnutls.org> wrote:
>> We are proud to announce a new GnuTLS release: Version 3.6.0.
> [...]
>> ** libgnutls: tlsfuzzer is part of the CI testsuite. This is a TLS testing and
>>    fuzzying toolkit, allowing for corner case testing, and ensuring that the
>>    behavior of the library will not change across releases.
>>    https://github.com/tomato42/tlsfuzzer
>
> Hello,
>
> I have tried building with --enable-fuzzer-target, "make check" gets
> stuck when running crq_key_id test and rng-fork fails.

Hi,
 Maybe we need better documentation for the fuzzying options. If your
intention is to run the tlsfuzzer, it doesn't need a particular
configure option, it runs on the stock library. It is included in the
set of tests in tests/suite/. It is only available in git repo, not on
releases as it requires tlsfuzzer/tlslite which are git submodules.

The AFL or libfuzzer checks (in fuzz/ subdir) automatically discover
paths to search in code and modify input accordingly in order to
trigger them. To reduce search space, the enable-fuzzer-mode enables a
predictable random generator, removes necessary checks like the
finished messages, drops iteration counts (like in PKCS#12 files), to
lower levels, and so on. These are run using helper scripts in fuzz/,
e.g, ./run-afl.sh, and they run indefinitely.

The option make -C fuzz, during dist or CI in git, runs the most
"interesting" paths discovered by fuzzers and other reproducers
through the available fuzzers, i.e., something like regression
testing. That itself, also doesn't need any special configure option
to be run.

I hope that helps.

regards,
Nikos



More information about the Gnutls-devel mailing list