diff options
author | Guido Vranken <guidovranken@users.noreply.github.com> | 2019-12-05 01:55:39 +0100 |
---|---|---|
committer | Max Moroz <mmoroz@chromium.org> | 2019-12-04 16:55:39 -0800 |
commit | 40d7406c1fccdafaab722f29dd5f3be64b5c5e84 (patch) | |
tree | 3ba7129ed31a6d4ee6ed5fe49946c17fe40c6b5d /projects/cryptofuzz | |
parent | 2ed0ce1313e2ed9194bddacdc4489bf2674f4a54 (diff) | |
download | oss-fuzz-40d7406c1fccdafaab722f29dd5f3be64b5c5e84.tar.gz |
[cryptofuzz] Add NSS (#3089)
* [cryptofuzz] Add NSS
* [cryptofuzz] Add NSS CCs
Diffstat (limited to 'projects/cryptofuzz')
-rw-r--r-- | projects/cryptofuzz/Dockerfile | 4 | ||||
-rwxr-xr-x | projects/cryptofuzz/build.sh | 104 | ||||
-rw-r--r-- | projects/cryptofuzz/project.yaml | 3 |
3 files changed, 82 insertions, 29 deletions
diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile index 6cac8b0e4..576c6504d 100644 --- a/projects/cryptofuzz/Dockerfile +++ b/projects/cryptofuzz/Dockerfile @@ -17,7 +17,7 @@ FROM gcr.io/oss-fuzz-base/base-builder MAINTAINER guidovranken@gmail.com -RUN apt-get update && apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev wget +RUN apt-get update && apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev wget mercurial gyp ninja-build zlib1g-dev libsqlite3-dev # BoringSSL needs Go to build RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go @@ -41,6 +41,8 @@ RUN git clone --depth 1 https://github.com/golang/go RUN git clone --depth 1 https://github.com/randombit/botan.git RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git RUN git clone --depth 1 https://github.com/ARMmbed/mbed-crypto.git +RUN hg clone https://hg.mozilla.org/projects/nspr +RUN hg clone https://hg.mozilla.org/projects/nss RUN apt-get remove -y libunwind8 COPY build.sh $SRC/ diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh index 9f4027423..bca9b2912 100755 --- a/projects/cryptofuzz/build.sh +++ b/projects/cryptofuzz/build.sh @@ -60,6 +60,31 @@ then export CXXFLAGS="$CXXFLAGS -DMSAN" fi +# Compile NSS +if [[ $CFLAGS != *-m32* ]] +then + mkdir $SRC/nss-nspr + mv $SRC/nss $SRC/nss-nspr/ + mv $SRC/nspr $SRC/nss-nspr/ + cd $SRC/nss-nspr/ + if [[ $CFLAGS = *sanitize=address* ]] + then + CFLAGS="" CXXFLAGS="" nss/build.sh --asan --static + elif [[ $CFLAGS = *sanitize=memory* ]] + then + CFLAGS="" CXXFLAGS="" nss/build.sh --msan --static + else + CFLAGS="" CXXFLAGS="" nss/build.sh --ubsan --static + fi + export NSS_NSPR_PATH=$(realpath $SRC/nss-nspr/) + export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NSS" + export LINK_FLAGS="$LINK_FLAGS -lsqlite3" + + # Compile Cryptofuzz NSS module + cd $SRC/cryptofuzz/modules/nss + make -B +fi + # Compile Cityhash cd $SRC/cityhash if [[ $CFLAGS != *-m32* ]] @@ -111,34 +136,6 @@ cd $SRC/cryptofuzz/modules/mbedtls make -B ############################################################################## -# Compile wolfCrypt -cd $SRC/wolfssl -autoreconf -ivf - -export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden" - -if [[ $CFLAGS = *sanitize=memory* ]] -then - export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-asm" -fi - -if [[ $CFLAGS = *-m32* ]] -then - export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-fastmath" -fi - -./configure $WOLFCRYPT_CONFIGURE_PARAMS -make -j$(nproc) >/dev/null 2>&1 - -export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_WOLFCRYPT" -export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl/src/.libs/libwolfssl.a" -export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl" - -# Compile Cryptofuzz wolfcrypt (without assembly) module -cd $SRC/cryptofuzz/modules/wolfcrypt -make -B - -############################################################################## # Compile Botan cd $SRC/botan if [[ $CFLAGS != *-m32* ]] @@ -263,6 +260,57 @@ then make -B fi +if [[ $CFLAGS != *-m32* ]] +then + # Compile Cryptofuzz (NSS-based) + cd $SRC/cryptofuzz + LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL $INCLUDE_PATH_FLAGS" make -B -j$(nproc) + + # Generate dictionary + ./generate_dict + + # Copy fuzzer + cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-nss + # Copy dictionary + cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-nss.dict + # Copy seed corpus + cp $SRC/cryptofuzz-corpora/libressl_latest.zip $OUT/cryptofuzz-nss_seed_corpus.zip + + rm $SRC/cryptofuzz/modules/nss/module.a + + CXXFLAGS=${CXXFLAGS//"-DCRYPTOFUZZ_NSS"/} + LINK_FLAGS=${LINK_FLAGS//"-lsqlite3"/} +fi + +############################################################################## +# Compile wolfCrypt +cd $SRC/wolfssl +autoreconf -ivf + +export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden" + +if [[ $CFLAGS = *sanitize=memory* ]] +then + export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-asm" +fi + +if [[ $CFLAGS = *-m32* ]] +then + export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-fastmath" +fi + +./configure $WOLFCRYPT_CONFIGURE_PARAMS +make -j$(nproc) >/dev/null 2>&1 + +export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_WOLFCRYPT" +export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl/src/.libs/libwolfssl.a" +export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl" + +# Compile Cryptofuzz wolfcrypt (without assembly) module +cd $SRC/cryptofuzz/modules/wolfcrypt +make -B + + ############################################################################## if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]] then diff --git a/projects/cryptofuzz/project.yaml b/projects/cryptofuzz/project.yaml index e435dcba4..f6e036148 100644 --- a/projects/cryptofuzz/project.yaml +++ b/projects/cryptofuzz/project.yaml @@ -22,6 +22,9 @@ auto_ccs: - "david@wolfssl.com" - "kaleb@wolfssl.com" - "jacob@wolfssl.com" + - "jjones@mozilla.com" + - "sledru@mozilla.com" + - "kjacobs@mozilla.com" sanitizers: - address - undefined |