build_cryptofuzz.sh (3507B)
1 #!/usr/bin/env bash 2 # 3 # NOTE: This file is used to build Cryptofuzz both on CI and OSS-Fuzz. 4 # 5 6 set -e 7 set -x 8 set -o pipefail 9 10 # Do differential fuzzing with Botan (and not OpenSSL) since NSS has 11 # symbol collisions with OpenSSL and therefore they can't be used together 12 # in Cryptofuzz. 13 export CRYPTOFUZZ_VERSION="3d2377257129fc5da6effb92b0736e31db147dee" 14 export BOTAN_VERSION="3.10.0" 15 16 git clone -q https://github.com/MozillaSecurity/cryptofuzz.git 17 git -C cryptofuzz checkout "$CRYPTOFUZZ_VERSION" 18 19 git clone -q https://github.com/randombit/botan.git 20 git -C botan checkout "$BOTAN_VERSION" 21 22 export CC="${CC-clang}" 23 export CCC="${CCC-clang++}" 24 export CXX="${CXX-clang++}" 25 26 # Default flags if CFLAGS is not set. 27 if [ -z "$CFLAGS" ]; then 28 export CFLAGS="-fsanitize=address,fuzzer-no-link -O2 -g" 29 export CXXFLAGS="-fsanitize=address,fuzzer-no-link -O2 -g" 30 31 if [ "$1" = "--i386" ]; then 32 # Make sure everything is compiled and linked with 32-bit. 33 export CFLAGS="$CFLAGS -m32" 34 export CXXFLAGS="$CXXFLAGS -m32" 35 36 export LD_FLAGS="$LD_FLAGS -m32" 37 export LINK_FLAGS="$LINK_FLAGS -m32" 38 39 # Some static libraries aren't built on 32-bit systems, but still assumed 40 # to exist by Cryptofuzz. 41 sed -i "/libhw-acc-crypto-avx.a/d" cryptofuzz/modules/nss/Makefile 42 sed -i "/libhw-acc-crypto-avx2.a/d" cryptofuzz/modules/nss/Makefile 43 else 44 # UBSan is only enabled for 64-bit builds of NSS. 45 export CFLAGS="$CFLAGS -fsanitize=undefined" 46 export CXXFLAGS="$CXXFLAGS -fsanitize=undefined" 47 fi 48 fi 49 50 # Build Botan. 51 pushd botan 52 if [ "$1" = "--i386" ]; then 53 ./configure.py --cpu=x86_32 \ 54 --cc-bin=$CXX \ 55 --cc-abi-flags="$CXXFLAGS" \ 56 --disable-shared \ 57 --disable-modules=locking_allocator \ 58 --build-targets=static \ 59 --without-documentation 60 else 61 ./configure.py --cc-bin=$CXX \ 62 --cc-abi-flags="$CXXFLAGS" \ 63 --disable-shared \ 64 --disable-modules=locking_allocator \ 65 --build-targets=static \ 66 --without-documentation 67 fi 68 make -j"$(nproc)" 69 popd 70 71 # Generate Cryptofuzz header. 72 pushd cryptofuzz 73 ./gen_repository.py 74 popd 75 76 # Specify Cryptofuzz extra options. 77 pushd cryptofuzz 78 echo -n "\"--force-module=nss\"" > extra_options.h 79 popd 80 81 # Setup Botan module. 82 export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN" 83 export LIBBOTAN_A_PATH="$(realpath botan/libbotan-3.a)" 84 export BOTAN_INCLUDE_PATH="$(realpath botan/build/include)" 85 86 # Build Botan module. 87 pushd cryptofuzz/modules/botan 88 make -j"$(nproc)" 89 popd 90 91 # Setup NSS module. 92 export NSS_NSPR_PATH="${SRC-$PWD}" 93 export CXXFLAGS="$CXXFLAGS -I $NSS_NSPR_PATH/dist/public/nss -I $NSS_NSPR_PATH/dist/Debug/include/nspr -DCRYPTOFUZZ_NSS -DCRYPTOFUZZ_NO_OPENSSL" 94 export LINK_FLAGS="$LINK_FLAGS -lsqlite3" 95 96 # On CI, the library lies somewhere else than what is expected by 97 # Cryptofuzz. 98 if [ ! -d "$NSS_NSPR_PATH/nspr/Debug/pr/src" ]; then 99 sed -i "s/nspr\/Debug\/pr\/src/dist\/Debug\/lib/" cryptofuzz/modules/nss/Makefile 100 fi 101 102 # Build NSS module. 103 pushd cryptofuzz/modules/nss 104 make -j"$(nproc)" 105 popd 106 107 # Setup Cryptofuzz. 108 export LIBFUZZER_LINK="${LIB_FUZZING_ENGINE--fsanitize=fuzzer}" 109 110 # Build Cryptofuzz. 111 pushd cryptofuzz 112 make -j"$(nproc)" 113 popd 114 115 # Generate dictionary 116 pushd cryptofuzz 117 ./generate_dict 118 popd 119 120 # Package 121 mkdir -p artifacts 122 tar cvfjh artifacts/cryptofuzz.tar.bz2 cryptofuzz