• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash -eu
2# Copyright 2016 Google Inc.
3#
4# Licensed under the Apache License, Version 2.0 (the "License");
5# you may not use this file except in compliance with the License.
6# You may obtain a copy of the License at
7#
8#      http://www.apache.org/licenses/LICENSE-2.0
9#
10# Unless required by applicable law or agreed to in writing, software
11# distributed under the License is distributed on an "AS IS" BASIS,
12# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13# See the License for the specific language governing permissions and
14# limitations under the License.
15#
16################################################################################
17
18if [[ $CFLAGS != *sanitize=dataflow* ]]
19then
20    WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-rabbit --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-idea --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-keygen --enable-curve25519 --enable-curve448 --enable-shake256 --disable-crypttests --disable-examples --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-aesgcm-stream --enable-smallstack --enable-ed25519-stream --enable-ed448-stream"
21    if [[ $CFLAGS = *sanitize=memory* ]]
22    then
23        WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS --disable-asm"
24    fi
25
26    # Install Boost headers
27    cd $SRC/
28    tar jxf boost_1_74_0.tar.bz2
29    cd boost_1_74_0/
30    CFLAGS="" CXXFLAGS="" ./bootstrap.sh
31    CFLAGS="" CXXFLAGS="" ./b2 headers
32    cp -R boost/ /usr/include/
33
34    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN_IS_ORACLE"
35
36    OLD_CFLAGS="$CFLAGS"
37    OLD_CXXFLAGS="$CXXFLAGS"
38
39    # Configure Cryptofuzz
40    cd $SRC/cryptofuzz
41    sed -i 's/kNegativeIntegers = false/kNegativeIntegers = true/g' config.h
42    cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-openssl-api/
43    cd $SRC/cryptofuzz-openssl-api/
44    python gen_repository.py
45    rm extra_options.h
46    echo -n '"' >>extra_options.h
47    echo -n '--force-module=wolfCrypt-OpenSSL ' >>extra_options.h
48    echo -n '"' >>extra_options.h
49
50    # Build OpenSSL API fuzzer
51    cp -R $SRC/wolfssl/ $SRC/wolfssl-openssl-api/
52    cd $SRC/wolfssl-openssl-api/
53    autoreconf -ivf
54    CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP"
55    if [[ $CFLAGS = *-m32* ]]
56    then
57        ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-opensslall --enable-opensslextra --disable-fastmath
58    else
59        ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-opensslall --enable-opensslextra
60    fi
61    make -j$(nproc)
62    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT_OPENSSL"
63    export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-openssl-api/src/.libs/libwolfssl.a"
64    export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-openssl-api/"
65    cd $SRC/cryptofuzz-openssl-api/modules/wolfcrypt-openssl
66    make -j$(nproc)
67    cd $SRC/cryptofuzz-openssl-api/
68    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
69    cp cryptofuzz $OUT/cryptofuzz-openssl-api
70    CFLAGS="$OLD_CFLAGS"
71    CXXFLAGS="$OLD_CXXFLAGS"
72    unset WOLFCRYPT_LIBWOLFSSL_A_PATH
73    unset WOLFCRYPT_INCLUDE_PATH
74
75    # Configure Cryptofuzz
76    cd $SRC/cryptofuzz/
77    python gen_repository.py
78    rm extra_options.h
79    echo -n '"' >>extra_options.h
80    echo -n '--force-module=wolfCrypt ' >>extra_options.h
81    echo -n '--digests=NULL ' >>extra_options.h
82    echo -n '--operations=' >>extra_options.h
83    echo -n 'BignumCalc,' >>extra_options.h
84    echo -n 'DH_GenerateKeyPair,' >>extra_options.h
85    echo -n 'DH_Derive,' >>extra_options.h
86    echo -n 'ECC_GenerateKeyPair,' >>extra_options.h
87    echo -n 'ECC_PrivateToPublic,' >>extra_options.h
88    echo -n 'ECC_ValidatePubkey,' >>extra_options.h
89    echo -n 'ECDSA_Verify,' >>extra_options.h
90    echo -n 'ECDSA_Sign,' >>extra_options.h
91    echo -n 'ECIES_Encrypt,' >>extra_options.h
92    echo -n 'ECIES_Decrypt,' >>extra_options.h
93    echo -n 'ECC_Point_Add,' >>extra_options.h
94    echo -n 'ECC_Point_Mul,' >>extra_options.h
95    echo -n 'ECDH_Derive ' >>extra_options.h
96    echo -n '"' >>extra_options.h
97
98    # Build Botan
99    cd $SRC/botan
100    if [[ $CFLAGS != *-m32* ]]
101    then
102        ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
103    else
104        ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation
105    fi
106    make -j$(nproc)
107    export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a"
108    export BOTAN_INCLUDE_PATH="$SRC/botan/build/include"
109
110    # Build normal math fuzzer
111    cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-normal-math/
112    cp -R $SRC/wolfssl/ $SRC/wolfssl-normal-math/
113    cd $SRC/wolfssl-normal-math/
114    autoreconf -ivf
115    CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP"
116    if [[ $CFLAGS != *-m32* ]]
117    then
118        ./configure $WOLFCRYPT_CONFIGURE_PARAMS
119    else
120        # Compiling instrumented 32 bit normal math with asm is currently
121        # not possible because it results in Clang error messages such as:
122        #
123        # wolfcrypt/src/tfm.c:3154:11: error: inline assembly requires more registers than available
124        ./configure $WOLFCRYPT_CONFIGURE_PARAMS --disable-asm
125    fi
126    make -j$(nproc)
127    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
128    export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-normal-math/src/.libs/libwolfssl.a"
129    export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-normal-math/"
130    cd $SRC/cryptofuzz-normal-math/modules/wolfcrypt
131    make -j$(nproc)
132    cd $SRC/cryptofuzz-normal-math/modules/botan
133    make -j$(nproc)
134    cd $SRC/cryptofuzz-normal-math/
135    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
136    cp cryptofuzz $OUT/cryptofuzz-normal-math
137    CFLAGS="$OLD_CFLAGS"
138    CXXFLAGS="$OLD_CXXFLAGS"
139    unset WOLFCRYPT_LIBWOLFSSL_A_PATH
140    unset WOLFCRYPT_INCLUDE_PATH
141
142    # Build sp-math-all fuzzer
143    cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-sp-math-all/
144    cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math-all/
145    cd $SRC/wolfssl-sp-math-all/
146    autoreconf -ivf
147    CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DWOLFSSL_SP_INT_NEGATIVE"
148    ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-sp-math-all
149    make -j$(nproc)
150    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
151    export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-sp-math-all/src/.libs/libwolfssl.a"
152    export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-sp-math-all/"
153    cd $SRC/cryptofuzz-sp-math-all/modules/wolfcrypt
154    make -j$(nproc)
155    cd $SRC/cryptofuzz-sp-math-all/modules/botan
156    make -j$(nproc)
157    cd $SRC/cryptofuzz-sp-math-all/
158    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
159    cp cryptofuzz $OUT/cryptofuzz-sp-math-all
160    CFLAGS="$OLD_CFLAGS"
161    CXXFLAGS="$OLD_CXXFLAGS"
162    unset WOLFCRYPT_LIBWOLFSSL_A_PATH
163    unset WOLFCRYPT_INCLUDE_PATH
164
165    # Build sp-math-all 8bit fuzzer
166    cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-sp-math-all-8bit/
167    cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math-all-8bit/
168    cd $SRC/wolfssl-sp-math-all-8bit/
169    autoreconf -ivf
170    CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DSP_WORD_SIZE=8 -DWOLFSSL_SP_INT_NEGATIVE"
171    ./configure $WOLFCRYPT_CONFIGURE_PARAMS --enable-sp-math-all
172    make -j$(nproc)
173    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
174    export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-sp-math-all-8bit/src/.libs/libwolfssl.a"
175    export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-sp-math-all-8bit/"
176    cd $SRC/cryptofuzz-sp-math-all-8bit/modules/wolfcrypt
177    make -j$(nproc)
178    cd $SRC/cryptofuzz-sp-math-all-8bit/modules/botan
179    make -j$(nproc)
180    cd $SRC/cryptofuzz-sp-math-all-8bit/
181    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
182    cp cryptofuzz $OUT/cryptofuzz-sp-math-all-8bit
183    CFLAGS="$OLD_CFLAGS"
184    CXXFLAGS="$OLD_CXXFLAGS"
185    unset WOLFCRYPT_LIBWOLFSSL_A_PATH
186    unset WOLFCRYPT_INCLUDE_PATH
187
188    # Build sp-math fuzzer
189    cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-sp-math/
190    cp -R $SRC/wolfssl/ $SRC/wolfssl-sp-math/
191    cd $SRC/wolfssl-sp-math/
192    autoreconf -ivf
193    # -DHAVE_ECC_BRAINPOOL and -DHAVE_ECC_KOBLITZ are lacking from the CFLAGS; these are not supported by SP math
194    CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP -DWOLFSSL_PUBLIC_ECC_ADD_DBL"
195    # SP math does not support custom curves, so remove that flag
196    export WOLFCRYPT_CONFIGURE_PARAMS_SP_MATH=${WOLFCRYPT_CONFIGURE_PARAMS//"--enable-ecccustcurves"/}
197    ./configure $WOLFCRYPT_CONFIGURE_PARAMS_SP_MATH --enable-sp --enable-sp-math
198    make -j$(nproc)
199    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
200    export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-sp-math/src/.libs/libwolfssl.a"
201    export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-sp-math/"
202    cd $SRC/cryptofuzz-sp-math/modules/wolfcrypt
203    make -j$(nproc)
204    cd $SRC/cryptofuzz-sp-math/modules/botan
205    make -j$(nproc)
206    cd $SRC/cryptofuzz-sp-math/
207    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
208    cp cryptofuzz $OUT/cryptofuzz-sp-math
209    CFLAGS="$OLD_CFLAGS"
210    CXXFLAGS="$OLD_CXXFLAGS"
211    unset WOLFCRYPT_LIBWOLFSSL_A_PATH
212    unset WOLFCRYPT_INCLUDE_PATH
213
214    # Build disable-fastmath fuzzer
215    cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-disable-fastmath/
216    cp -R $SRC/wolfssl/ $SRC/wolfssl-disable-fastmath/
217    cd $SRC/wolfssl-disable-fastmath/
218    autoreconf -ivf
219    CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP"
220    ./configure $WOLFCRYPT_CONFIGURE_PARAMS --disable-fastmath
221    make -j$(nproc)
222    export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_NO_OPENSSL -DCRYPTOFUZZ_WOLFCRYPT -DCRYPTOFUZZ_BOTAN"
223    export WOLFCRYPT_LIBWOLFSSL_A_PATH="$SRC/wolfssl-disable-fastmath/src/.libs/libwolfssl.a"
224    export WOLFCRYPT_INCLUDE_PATH="$SRC/wolfssl-disable-fastmath/"
225    cd $SRC/cryptofuzz-disable-fastmath/modules/wolfcrypt
226    make -j$(nproc)
227    cd $SRC/cryptofuzz-disable-fastmath/modules/botan
228    make -j$(nproc)
229    cd $SRC/cryptofuzz-disable-fastmath/
230    LIBFUZZER_LINK="$LIB_FUZZING_ENGINE" make -B -j$(nproc)
231    cp cryptofuzz $OUT/cryptofuzz-disable-fastmath
232    CFLAGS="$OLD_CFLAGS"
233    CXXFLAGS="$OLD_CXXFLAGS"
234    unset WOLFCRYPT_LIBWOLFSSL_A_PATH
235    unset WOLFCRYPT_INCLUDE_PATH
236
237    mkdir $SRC/cryptofuzz-seed-corpus/
238
239    # Convert Wycheproof test vectors to Cryptofuzz corpus format
240    find $SRC/wycheproof/testvectors/ -type f -name 'ecdsa_*' -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-wycheproof={},$SRC/cryptofuzz-seed-corpus/ \;
241
242    # Unpack corpora from other projects
243    unzip -n $SRC/corpus_bearssl.zip -d $SRC/cryptofuzz_seed_corpus/
244    unzip -n $SRC/corpus_nettle.zip -d $SRC/cryptofuzz_seed_corpus/
245    unzip -n $SRC/corpus_libecc.zip -d $SRC/cryptofuzz_seed_corpus/
246    unzip -n $SRC/corpus_relic.zip -d $SRC/cryptofuzz_seed_corpus/
247    unzip -n $SRC/corpus_cryptofuzz.zip -d $SRC/cryptofuzz_seed_corpus/
248    unzip -n $SRC/corpus_wolfssl_sp-math-all.zip -d $SRC/cryptofuzz_seed_corpus/
249    unzip -n $SRC/corpus_wolfssl_sp-math-all-8bit.zip -d $SRC/cryptofuzz_seed_corpus/
250    unzip -n $SRC/corpus_wolfssl_sp-math.zip -d $SRC/cryptofuzz_seed_corpus/
251    unzip -n $SRC/corpus_wolfssl_disable-fastmath.zip -d $SRC/cryptofuzz_seed_corpus/
252
253    # Import Botan corpora
254    mkdir $SRC/botan-p256-corpus/
255    unzip $SRC/corpus_botan_ecc_p256.zip -d $SRC/botan-p256-corpus/
256    find $SRC/botan-p256-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,secp256r1 \;
257
258    mkdir $SRC/botan-p384-corpus/
259    unzip $SRC/corpus_botan_ecc_p384.zip -d $SRC/botan-p384-corpus/
260    find $SRC/botan-p384-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,secp384r1 \;
261
262    mkdir $SRC/botan-p521-corpus/
263    unzip $SRC/corpus_botan_ecc_p521.zip -d $SRC/botan-p521-corpus/
264    find $SRC/botan-p521-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,secp521r1 \;
265
266    mkdir $SRC/botan-bp256-corpus/
267    unzip $SRC/corpus_botan_ecc_bp256.zip -d $SRC/botan-bp256-corpus/
268    find $SRC/botan-bp256-corpus/ -type f -exec $SRC/cryptofuzz-disable-fastmath/cryptofuzz --from-botan={},$SRC/cryptofuzz-seed-corpus/,brainpool256r1 \;
269
270    # Pack it
271    cd $SRC/cryptofuzz_seed_corpus
272    zip -r $SRC/cryptofuzz_seed_corpus.zip .
273
274    # Use it as the seed corpus for each Cryptofuzz-based fuzzer
275    cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-normal-math_seed_corpus.zip
276    cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-sp-math-all_seed_corpus.zip
277    cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-sp-math-all-8bit_seed_corpus.zip
278    cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-sp-math_seed_corpus.zip
279    cp $SRC/cryptofuzz_seed_corpus.zip $OUT/cryptofuzz-disable-fastmath_seed_corpus.zip
280
281    # Remove files that are no longer needed to prevent running out of disk space
282    rm -rf $SRC/botan-p256-corpus/
283    rm -rf $SRC/botan-p384-corpus/
284    rm -rf $SRC/botan-p521-corpus/
285    rm -rf $SRC/botan-bp256-corpus/
286    rm -rf $SRC/cryptofuzz_seed_corpus/
287    rm -rf $SRC/cryptofuzz_seed_corpus.zip
288
289    # Build SSL/SSH fuzzers
290    NEW_SRC=$SRC/wolf-ssl-ssh-fuzzers/oss-fuzz/projects/wolf-ssl-ssh/
291    cp -R $SRC/wolfssl/ $NEW_SRC
292    cp -R $SRC/wolfssh/ $NEW_SRC
293    cp -R $SRC/fuzzing-headers/ $NEW_SRC
294    OSS_FUZZ_BUILD=1 SRC="$NEW_SRC" $NEW_SRC/build.sh
295fi
296
297if [[ $CFLAGS != *-m32* ]]
298then
299    cd $SRC/wolfssl
300
301    # target_dir determined by Dockerfile
302    target_dir="$SRC/fuzz-targets"
303
304    # build wolfssl
305    ./autogen.sh
306    ./configure --enable-static --disable-shared --prefix=/usr CC="clang"
307    make -j "$(nproc)" all
308    make install
309
310    # put linker arguments into the environment, appending to any existing ones
311    export LDFLAGS="${LDFLAGS-""}"
312    export LDLIBS="${LDLIBS-""} -lwolfssl $LIB_FUZZING_ENGINE"
313
314    # make and export targets to $OUT; environment overridding internal variables
315    cd "${target_dir}"
316    make -e all
317    make -e export prefix="$OUT"
318fi
319