Comments (15)
Hi Ronald,
Did you also set the env variables CC
to clang
and CXX
to clang++
before compiling? I'm not familiar with this error but https://stackoverflow.com/questions/19821041/g-ld-symbols-not-found-for-architecture-x86-64 indicates that this could be due to trying to compile C++ code with the C compiler.
from cryptofuzz.
Hi Guido,
Thanks for the quick reply. After just installing the latest llvm from scratch the build process seem to work. All *.o files are created, the apps generate_corpus and generate_dict are created.
I was expecting an executable called cryptofuzz, but that does not seem to be created.
when running cryptofuzz from makefile:
cryptofuzz : driver.o executor.o util.o entry.o tests.o operation.o datasource.o repository.o options.o components.o wycheproof.o crypto.o expmod.o mutator.o z3.o numbers.o mutatorpool.o ecc_diff_fuzzer_importer.o ecc_diff_fuzzer_exporter.o botan_importer.o openssl_importer.o builtin_tests_importer.o third_party/cpu_features/build/libcpu_features.a test $(LIBFUZZER_LINK) $(CXX) $(CXXFLAGS) driver.o executor.o util.o entry.o tests.o operation.o datasource.o repository.o options.o components.o wycheproof.o crypto.o expmod.o mutator.o z3.o numbers.o mutatorpool.o ecc_diff_fuzzer_importer.o ecc_diff_fuzzer_exporter.o botan_importer.o openssl_importer.o builtin_tests_importer.o $(shell find modules -type f -name module.a) $(LIBFUZZER_LINK) third_party/cpu_features/build/libcpu_features.a $(LINK_FLAGS) -o cryptofuzz
it just prints
test
make: *** [cryptofuzz] Error 1
Also when running ./generate_corpus /path/to/directory
I receiving a segmentation fault.
This is the first time I am working with fuzzers, so not sure where these issues come from.
from cryptofuzz.
Are you sure LIBFUZZER_LINK
is set to -fsanitize=fuzzer
?
generate_corpus
was useful in the past but Cryptofuzz is now capable of generating useful inputs itself via its custom mutator. So you don't need to use it per se. But I will check if there's anything wrong with it.
from cryptofuzz.
Are you at liberty to tell which library you are going to fuzz? If so I can give some useful tips.
from cryptofuzz.
I run this when starting from scratch:
#!/bin/bash
set -euo pipefail
git clone https://github.com/guidovranken/cryptofuzz.git
cd cryptofuzz
python3 gen_repository.py
export CFLAGS="-fsanitize=address,undefined,fuzzer-no-link -O2 -g"
export CXXFLAGS="-fsanitize=address,undefined,fuzzer-no-link -D_GLIBCXX_DEBUG -O2 -g"
export LIBFUZZER_LINK="-fsanitize=fuzzer"
then I run make (attached log file)
build.log
I noticed on this last run that the previous error is back again (ld: file not found: /Library/Developer/CommandLineTools/usr/lib/clang/14.0.0/lib/darwin/libclang_rt.fuzzer_osx.a
clang: error: linker command failed with exit code 1 (use -v to see invocation)) So I'll need to fix that first by having clang15 (which does include the .fuzzer files).
running make clean and rebuilding does not always seem to generate this error
We are a research center for Cryptography, so I would like to run cryptofuzz to test our own internal libs, but unfortunately I cannot share them.
from cryptofuzz.
Ok. If you have trouble acquiring libFuzzer, you can also take https://github.com/llvm/llvm-project/tree/main/compiler-rt/lib/fuzzer and type ./build.sh. That should produce libFuzzer.a
. You can then set LIBFUZZER_LINK
to the full path of libFuzzer.a
and try again.
from cryptofuzz.
Thanks I will try that approach
from cryptofuzz.
Unfortunately that approach causes different issues.
The build.sh from libfuzzer generates an error (see log), the libFuzzer.a files does get created.
libfuzzer.log
Following with the make on cryptofuzz, comes to the same situation where the cryptoFuzz executable is not created and the clang error comes up again:
ld: symbol(s) not found for architecture x86_64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
build.log
from cryptofuzz.
Hi,
I got cryptofuzz working, I decided to drop the mac altogether and build a docker image with Ubuntu, The build and compiling of cryptofuzz goes without issues there. I'm thinking that applaclang might have something to do with it, but can't investigate that now.
Cheered a bit to soon, I see the cryptofuzz executable being created but it errors out again with: undefined reference to `typeinfo for cryptofuzz::module::OpenSSL'
Here is a full log:
from cryptofuzz.
Glad you got it working so far. To resolve that error, add -DCRYPTOFUZZ_NO_OPENSSL
to CXXFLAGS
, rebuild entry.o
and then cryptofuzz
, e.g. from the cryptofuzz/
directory:
export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL"
rm entry.o
make
from cryptofuzz.
Yeah, I read that on SO and gave it a try. It results in a fatal error due to too many errors in ./repository_map.h
like this:
./repository_map.h:607:140: error: no member named 'nullopt' in namespace 'std'
{fuzzing::datasource::ID("Cryptofuzz/Digest/BLAKE2S128"), {fuzzing::datasource::ID("Cryptofuzz/Digest/BLAKE2S128"), "BLAKE2S128", std::nullopt} },
from cryptofuzz.
Does this error occur in the Ubuntu build environment? Which .cpp file is including ./repository_map.h? Try adding #include <optional>
to that file and try again.
You can also try to compile this test program:
#include <optional>
int main(void)
{
std::optional<int> x;
return 0;
}
using
clang++ -std=c++17 x.cpp
And see if that works. If it doesn't, your clang version or stdlibc++ might be too old.
If you can't get this working you can also grab https://github.com/google/oss-fuzz and use an existing Cryptofuzz-based project, like libecc
.
git clone --depth 1 https://github.com/google/oss-fuzz
cd oss-fuzz/
infra/helper.py build_fuzzers libecc
This should certainly succeed. The build scripts are in the projects/libecc
directory and you can adjust them to your own needs.
from cryptofuzz.
Thanks, I'll investigate those approaches and see if I can make it work.
- I'm running in docker image ubuntu:22.04
- repository_map.h is created by running the python script: gen_repository.py (using python 3) and it does not have any #include
- Ubuntu clang version 14.0.0-1ubuntu1
- libstdc++.so.6 (libc6,x86-64) => /lib/x86_64-linux-gnu/libstdc++.so.6
libstdc++.so.6 (libc6) => /lib32/libstdc++.so.6
adding #include to repository_map.h prior to running make seemed to have compiled without errors. So it seems it's ready to be used now.
Just to be sure. In order to start fuzzing our lib, I just use command ./cryptofuzz path/to/lib with flags I want from ./cryptofuzz -help=1 or is it done during compiling of our libs I add these?
from cryptofuzz.
If you're adding a new library, you need to implement a harness in a .cpp file. You can copy any of the directories in https://github.com/guidovranken/cryptofuzz/tree/master/modules and work from there. Unfortunately the tool cannot automatically work with libraries for which no harness has been implemented.
from cryptofuzz.
Ok, thanks a lot for the information, especially during the weekend :)
I'm just a "simple" QA, so it seems some development from our side has to be done to create a harness for our libraries, but looking forward to getting that to work.
Thanks again. I'll close this issue now, since the issue I encountered is resolved.
from cryptofuzz.
Related Issues (20)
- Step #4: /src/cryptofuzz/modules/secp256k1/module.cpp:338: undefined reference to `secp256k1_keypair_create' HOT 2
- Cryptofuzz is failing to build on OSS-Fuzz HOT 1
- Docs on how to run cryptofuzz need enhancement HOT 2
- Building Cryptofuzz HOT 4
- Undefined Behavior Sanitizer Link Failure HOT 1
- Bignum to Unsigned Long Conversion is Incorrect HOT 11
- Sample Output
- mbedtls: AEAD assertion is wrong for NIST_KW
- no member named 'IEEE_1363' in namespace 'Botan' HOT 1
- API transitions in Mbed TLS HOT 3
- an issue building latest cryptofuzz + botan HOT 4
- Having error when doing ./generate_corpus on our internal library
- Error when building HOT 3
- ERROR: not recognizing C++17 members.
- Symmetric ciphers with invalid key sizes HOT 1
- An error when building
- Unit tests
- KDF_PBKDF2 tests libraries including unsupported operations HOT 2
- Order of evaluation issues HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cryptofuzz.