-
Notifications
You must be signed in to change notification settings - Fork 140
TLS Server Compilation
Juraj Somorovsky edited this page Oct 19, 2016
·
2 revisions
If you want to compile your test servers with Address sanitizer, these few commands are helpful.
Good source of information is the Fuzzing project.
cd openssl
./config -fsanitize=address
make -j10To validate that everything went well, run:
objdump -d openssl | grep asan -iYou should see something like this:
...
470e43: e8 c8 2a f9 ff callq 403910 <__asan_report_store1@plt>
470e4d: e8 5e 22 f9 ff callq 4030b0 <__asan_report_load8@plt>
470e5a: e8 51 22 f9 ff callq 4030b0 <__asan_report_load8@plt>
470e62: e8 49 22 f9 ff callq 4030b0 <__asan_report_load8@plt>
470e67: e8 44 22 f9 ff callq 4030b0 <__asan_report_load8@plt>
...
Tested with OpenSSL 1.1.0.
This also applies to further libraries listed here.
cd botan
./configure.py --with-sanitizers --disable-shared
make -j4 Tested with Botan 1.11.33
cd mbedtls
cmake -D CMAKE_BUILD_TYPE:String="ASan" .
makeTested with mbedtls 2.4.0
cd gnutls
./configure CPPFLAGS="-fsanitize=address" CFLAGS="-fsanitize=address" --disable-shared --with-included-libtasn1 --without-p11-kit
make -j4Tested with GnuTLS 3.5.3 (in my case the test failed, but you can still find the gnutls-serv executable in the src directory)
Edit common.mk file to enable debugging and so that it contains the following lines
#Manually enable debug here
MATRIX_DEBUG:=1
ifdef MATRIX_DEBUG
CC:=clang
OPT:=-O1 -g -DDEBUG -Wall -fsanitize=address
#OPT+=-Wconversion
LDFLAGS+=-fsanitize=address
STRIP:=test # no-opAfterwards, run
makeTested with matrixssl-3-8-3-open