Migrate OSS-Fuzz back to development #9071
Labels
component-test
Test framework and CI scripts
needs-preceding-pr
Requires another PR to be merged first
size-s
Estimated task size: small (~2d)
Projects
Comments
gilles-peskine-arm
added
needs-preceding-pr
gilles-peskine-arm
added a commit
to gilles-peskine-arm/oss-fuzz
that referenced
this issue
Apr 29, 2024
The `development` branch of Mbed TLS will have some API-breaking changes in the next few months, in preparation for the next major release (see https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/RHZSQLKCBOPDXS7NFKY5FATMTBYV7D5J/). To avoid breaking fuzzers, temporarily point them at the `mbedtls-3.6` long-term support branch. We will go back to fuzzing the `development` branch before the 4.0 release (Mbed-TLS/mbedtls#9071). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/oss-fuzz
that referenced
this issue
Apr 30, 2024
The `development` branch of Mbed TLS will have some API-breaking changes in the next few months, in preparation for the next major release (see https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/RHZSQLKCBOPDXS7NFKY5FATMTBYV7D5J/). To avoid breaking fuzzers, temporarily point them at the `mbedtls-3.6` long-term support branch. We will go back to fuzzing the `development` branch before the 4.0 release (Mbed-TLS/mbedtls#9071). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/oss-fuzz
that referenced
this issue
Apr 30, 2024
The `development` branch of Mbed TLS will have some API-breaking changes in the next few months, in preparation for the next major release (see https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/RHZSQLKCBOPDXS7NFKY5FATMTBYV7D5J/). To avoid breaking fuzzers, temporarily point them at the `mbedtls-3.6` long-term support branch. We will go back to fuzzing the `development` branch before the 4.0 release (Mbed-TLS/mbedtls#9071). Do not change ecc-diff-fuzzer because https://oss-fuzz-build-logs.storage.googleapis.com/index.html#ecc-diff-fuzzer shows that its build has been broken since 2024-01-13. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/oss-fuzz
that referenced
this issue
Apr 30, 2024
The `development` branch of Mbed TLS will have some API-breaking changes in the next few months, in preparation for the next major release (see https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/RHZSQLKCBOPDXS7NFKY5FATMTBYV7D5J/). To avoid breaking fuzzers, temporarily point them at the `mbedtls-3.6` long-term support branch. We will go back to fuzzing the `development` branch before the 4.0 release (Mbed-TLS/mbedtls#9071). Do not change ecc-diff-fuzzer because https://oss-fuzz-build-logs.storage.googleapis.com/index.html#ecc-diff-fuzzer shows that its build has been broken since 2024-01-13. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
gilles-peskine-arm
added a commit
to gilles-peskine-arm/oss-fuzz
that referenced
this issue
Apr 30, 2024
The `development` branch of Mbed TLS will have some API-breaking changes in the next few months, in preparation for the next major release (see https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/RHZSQLKCBOPDXS7NFKY5FATMTBYV7D5J/). To avoid breaking fuzzers, temporarily point them at the `mbedtls-3.6` long-term support branch. We will go back to fuzzing the `development` branch before the 4.0 release (Mbed-TLS/mbedtls#9071). Do not change ecc-diff-fuzzer because https://oss-fuzz-build-logs.storage.googleapis.com/index.html#ecc-diff-fuzzer shows that its build has been broken since 2024-01-13. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
DonggeLiu
pushed a commit
to google/oss-fuzz
that referenced
this issue
May 1, 2024
The `development` branch of Mbed TLS will have some API-breaking changes in the next few months, in preparation for the next major release (see https://lists.trustedfirmware.org/archives/list/mbed-tls@lists.trustedfirmware.org/thread/RHZSQLKCBOPDXS7NFKY5FATMTBYV7D5J/). To avoid breaking fuzzers, temporarily point them at the `mbedtls-3.6` long-term support branch. We will go back to fuzzing the `development` branch before the 4.0 release (Mbed-TLS/mbedtls#9071). Do not change ecc-diff-fuzzer because https://oss-fuzz-build-logs.storage.googleapis.com/index.html#ecc-diff-fuzzer shows that its build has been broken since 2024-01-13. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
During the preparation of Mbed TLS 4.0, we pointed OSS-Fuzz to
mbedtls-3.6, due to the likely instability of thedevelopmentbranch. The goal of this issue is to migrate OSS-Fuzz back to what will become Mbed TLS 4.0, or as applicable TF-PSA-Crypto 1.0.We should do this as soon as APIs and build scripts have stabilized enough. In any case, This must be completed several weeks before the 4.0 release so that we have run at least one fuzz cycle with the new code.
Prerequisites: design a way to keep fuzzing bignum and ECC and implement that design.
The text was updated successfully, but these errors were encountered: