[cryptofuzz] Add NSS (#3089)

* [cryptofuzz] Add NSS

* [cryptofuzz] Add NSS CCs

3 files changed, 82 insertions, 29 deletions

diff --git a/projects/cryptofuzz/Dockerfile b/projects/cryptofuzz/Dockerfile
index 6cac8b0e4..576c6504d 100644
--- a/projects/cryptofuzz/Dockerfile
+++ b/projects/cryptofuzz/Dockerfile
@@ -17,7 +17,7 @@
 FROM gcr.io/oss-fuzz-base/base-builder
 MAINTAINER guidovranken@gmail.com
 
-RUN apt-get update && apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev wget
+RUN apt-get update && apt-get install -y software-properties-common python-software-properties make autoconf automake libtool build-essential cmake libboost-all-dev wget mercurial gyp ninja-build zlib1g-dev libsqlite3-dev
 
 # BoringSSL needs Go to build
 RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go
@@ -41,6 +41,8 @@ RUN git clone --depth 1 https://github.com/golang/go
 RUN git clone --depth 1 https://github.com/randombit/botan.git
 RUN git clone --depth 1 https://github.com/wolfSSL/wolfssl.git
 RUN git clone --depth 1 https://github.com/ARMmbed/mbed-crypto.git
+RUN hg clone https://hg.mozilla.org/projects/nspr
+RUN hg clone https://hg.mozilla.org/projects/nss
 RUN apt-get remove -y libunwind8
 
 COPY build.sh $SRC/
diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh
index 9f4027423..bca9b2912 100755
--- a/projects/cryptofuzz/build.sh
+++ b/projects/cryptofuzz/build.sh
@@ -60,6 +60,31 @@ then
     export CXXFLAGS="$CXXFLAGS -DMSAN"
 fi
 
+# Compile NSS
+if [[ $CFLAGS != *-m32* ]]
+then
+    mkdir $SRC/nss-nspr
+    mv $SRC/nss $SRC/nss-nspr/
+    mv $SRC/nspr $SRC/nss-nspr/
+    cd $SRC/nss-nspr/
+    if [[ $CFLAGS = *sanitize=address* ]]
+    then
+        CFLAGS="" CXXFLAGS="" nss/build.sh --asan --static
+    elif [[ $CFLAGS = *sanitize=memory* ]]
+    then
+        CFLAGS="" CXXFLAGS="" nss/build.sh --msan --static
+    else
+        CFLAGS="" CXXFLAGS="" nss/build.sh --ubsan --static
+    fi
+    export NSS_NSPR_PATH=$(realpath $SRC/nss-nspr/)
+    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NSS"
+    export LINK_FLAGS="$LINK_FLAGS -lsqlite3"
+
+    # Compile Cryptofuzz NSS module
+    cd $SRC/cryptofuzz/modules/nss
+    make -B
+fi
+
 # Compile Cityhash
 cd $SRC/cityhash
 if [[ $CFLAGS != *-m32* ]]
@@ -111,34 +136,6 @@ cd $SRC/cryptofuzz/modules/mbedtls
 make -B
 
 ##############################################################################
-# Compile wolfCrypt
-cd $SRC/wolfssl
-autoreconf -ivf
-
-export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden"
-
-if [[ $CFLAGS = *sanitize=memory* ]]
-then
-    export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-asm"
-fi
-
-if [[ $CFLAGS = *-m32* ]]
-then
-    export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-fastmath"
-fi
-
-./configure $WOLFCRYPT_CONFIGURE_PARAMS
-make -j$(nproc) >/dev/null 2>&1
-
-export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_WOLFCRYPT"
-export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl/src/.libs/libwolfssl.a"
-export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl"
-
-# Compile Cryptofuzz wolfcrypt (without assembly) module
-cd $SRC/cryptofuzz/modules/wolfcrypt
-make -B
-
-##############################################################################
 # Compile Botan
 cd $SRC/botan
 if [[ $CFLAGS != *-m32* ]]
@@ -263,6 +260,57 @@ then
     make -B
 fi
 
+if [[ $CFLAGS != *-m32* ]]
+then
+    # Compile Cryptofuzz (NSS-based)
+    cd $SRC/cryptofuzz
+    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL $INCLUDE_PATH_FLAGS" make -B -j$(nproc)
+
+    # Generate dictionary
+    ./generate_dict
+
+    # Copy fuzzer
+    cp $SRC/cryptofuzz/cryptofuzz $OUT/cryptofuzz-nss
+    # Copy dictionary
+    cp $SRC/cryptofuzz/cryptofuzz-dict.txt $OUT/cryptofuzz-nss.dict
+    # Copy seed corpus
+    cp $SRC/cryptofuzz-corpora/libressl_latest.zip $OUT/cryptofuzz-nss_seed_corpus.zip
+
+    rm $SRC/cryptofuzz/modules/nss/module.a
+
+    CXXFLAGS=${CXXFLAGS//"-DCRYPTOFUZZ_NSS"/}
+    LINK_FLAGS=${LINK_FLAGS//"-lsqlite3"/}
+fi
+
+##############################################################################
+# Compile wolfCrypt
+cd $SRC/wolfssl
+autoreconf -ivf
+
+export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden"
+
+if [[ $CFLAGS = *sanitize=memory* ]]
+then
+    export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-asm"
+fi
+
+if [[ $CFLAGS = *-m32* ]]
+then
+    export WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS -disable-fastmath"
+fi
+
+./configure $WOLFCRYPT_CONFIGURE_PARAMS
+make -j$(nproc) >/dev/null 2>&1
+
+export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_WOLFCRYPT"
+export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl/src/.libs/libwolfssl.a"
+export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl"
+
+# Compile Cryptofuzz wolfcrypt (without assembly) module
+cd $SRC/cryptofuzz/modules/wolfcrypt
+make -B
+
+
 ##############################################################################
 if [[ $CFLAGS != *sanitize=memory* && $CFLAGS != *-m32* ]]
 then
diff --git a/projects/cryptofuzz/project.yaml b/projects/cryptofuzz/project.yaml
index e435dcba4..f6e036148 100644
--- a/projects/cryptofuzz/project.yaml
+++ b/projects/cryptofuzz/project.yaml
@@ -22,6 +22,9 @@ auto_ccs:
     - "david@wolfssl.com"
     - "kaleb@wolfssl.com"
     - "jacob@wolfssl.com"
+    - "jjones@mozilla.com"
+    - "sledru@mozilla.com"
+    - "kjacobs@mozilla.com"
 sanitizers:
  - address
  - undefined