LibFuzzer is linked with the library under test, and feeds fuzzed inputs to the library via a specific fuzzing entrypoint (aka “target function”); the fuzzer then tracks which areas of the code are reached, and generates mutations on the corpus of input data in order to maximize the code coverage. The code coverage information for libFuzzer is provided by LLVM’s SanitizerCoverage instrumentation.
With this tool, wolfSSL API are being tested on how well they can handle random gibberish, poorly formatted certificates, and other forms of data that are created and input by the user. These tests are being used to detect buffer-overflow bugs, segmentation faults, memory leaks, undefined behaviors, and many other bugs that could potentially be used to exploit the wolfSSL library.
If you are interested in further details of how wolfSSL is using libFuzzer, email us at firstname.lastname@example.org.