--- a/.gitignore
+++ b/.gitignore
@@ -12,8 +12,9 @@ out/*
GPATH
GRTAGS
GTAGS
#*
.#*
.ycm_extra_conf.py*
fuzz/libFuzzer/*
fuzz/corpus
+fuzz/out
--- a/.hgignore
+++ b/.hgignore
@@ -12,8 +12,9 @@ out/*
GPATH
GRTAGS
GTAGS
#*
.#*
.ycm_extra_conf.py*
fuzz/libFuzzer/*
fuzz/corpus
+fuzz/out
--- a/automation/taskcluster/graph/src/extend.js
+++ b/automation/taskcluster/graph/src/extend.js
@@ -280,17 +280,17 @@ async function scheduleFuzzing() {
};
// Build base definition.
let build_base = merge({
command: [
"/bin/bash",
"-c",
"bin/checkout.sh && " +
- "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz"
+ "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls"
],
artifacts: {
public: {
expires: 24 * 7,
type: "directory",
path: "/home/worker/artifacts"
}
},
--- a/automation/taskcluster/scripts/fuzz.sh
+++ b/automation/taskcluster/scripts/fuzz.sh
@@ -13,9 +13,9 @@ fetch_dist
# Ensure we have a directory.
mkdir -p nss/fuzz/corpus/$type
# Fetch objdir name.
objdir=$(cat dist/latest)
# Run nssfuzz.
-LD_LIBRARY_PATH=$LD_LIBRARY_PATH:dist/$objdir/lib dist/$objdir/bin/nssfuzz-"$type" "$@"
+dist/$objdir/bin/nssfuzz-"$type" "$@"
--- a/build.sh
+++ b/build.sh
@@ -10,19 +10,19 @@ cwd=$(cd $(dirname $0); pwd -P)
source "$cwd"/coreconf/nspr.sh
source "$cwd"/coreconf/sanitizers.sh
# Usage info
show_help()
{
cat << EOF
Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
- [--test] [--fuzz] [--pprof] [--scan-build[=output]]
+ [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
[--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
- [--ct-verif] [--disable-tests]
+ [--disable-tests] [--fuzz[=tls|oss]]
This script builds NSS with gyp and ninja.
This build system is still under development. It does not yet support all
the features or platforms that NSS supports.
NSS build tool options:
@@ -30,17 +30,19 @@ NSS build tool options:
-c clean before build
-v verbose build
-j <n> run at most <n> concurrent jobs
--nspr force a rebuild of NSPR
--gyp|-g force a rerun of gyp
--opt|-o do an opt build
-m32 do a 32-bit build on a 64-bit system
--test ignore map files and export everything we have
- --fuzz enable fuzzing mode. this always enables test builds
+ --fuzz build fuzzing targets (this always enables test builds)
+ --fuzz=tls to enable TLS fuzzing mode
+ --fuzz=oss to build for OSS-Fuzz
--pprof build with gperftool support
--ct-verif build with valgrind for ct-verif
--scan-build run the build with scan-build (scan-build has to be in the path)
--scan-build=/out/path sets the output path for scan-build
--asan do an asan build
--ubsan do an ubsan build
--ubsan=bool,shift,... sets specific UB sanitizers
--msan do an msan build
@@ -69,16 +71,18 @@ fi
opt_build=0
build_64=0
clean=0
rebuild_gyp=0
rebuild_nspr=0
target=Debug
verbose=0
fuzz=0
+fuzz_tls=0
+fuzz_oss=0
gyp_params=(--depth="$cwd" --generator-output=".")
nspr_params=()
ninja_params=()
# try to guess sensible defaults
arch=$(python "$cwd"/coreconf/detect_host_arch.py)
if [ "$arch" = "x64" -o "$arch" = "aarch64" ]; then
@@ -90,29 +94,32 @@ while [ $# -gt 0 ]; do
case $1 in
-c) clean=1 ;;
--gyp|-g) rebuild_gyp=1 ;;
--nspr) nspr_clean; rebuild_nspr=1 ;;
-j) ninja_params+=(-j "$2"); shift ;;
-v) ninja_params+=(-v); verbose=1 ;;
--test) gyp_params+=(-Dtest_build=1) ;;
--fuzz) fuzz=1 ;;
+ --fuzz=oss) fuzz=1; fuzz_oss=1 ;;
+ --fuzz=tls) fuzz=1; fuzz_tls=1 ;;
--scan-build) enable_scanbuild ;;
--scan-build=?*) enable_scanbuild "${1#*=}" ;;
--opt|-o) opt_build=1 ;;
-m32|--m32) build_64=0 ;;
--asan) enable_sanitizer asan ;;
--msan) enable_sanitizer msan ;;
--ubsan) enable_ubsan ;;
--ubsan=?*) enable_ubsan "${1#*=}" ;;
--sancov) enable_sancov ;;
--sancov=?*) enable_sancov "${1#*=}" ;;
--pprof) gyp_params+=(-Duse_pprof=1) ;;
--ct-verif) gyp_params+=(-Dct_verif=1) ;;
--disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
+ --no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
*) show_help; exit 2 ;;
esac
shift
done
if [ "$opt_build" = 1 ]; then
target=Release
else
@@ -147,16 +154,17 @@ fi
# e.g., "-e 2 -f 1" and "-e 1 -f 2" canonicalize the same.
check_config()
{
local newconf="$1".new oldconf="$1"
shift
mkdir -p $(dirname "$newconf")
echo CC="$CC" >"$newconf"
echo CCC="$CCC" >>"$newconf"
+ echo CXX="$CXX" >>"$newconf"
for i in "$@"; do echo $i; done | sort >>"$newconf"
# Note: The following diff fails if $oldconf isn't there as well, which
# happens if we don't have a previous successful build.
! diff -q "$newconf" "$oldconf" >/dev/null 2>&1
}
gyp_config="$cwd"/out/gyp_config
@@ -165,23 +173,31 @@ nspr_config="$cwd"/out/$target/nspr_conf
# If we don't have a build directory make sure that we rebuild.
if [ ! -d "$target_dir" ]; then
rebuild_nspr=1
rebuild_gyp=1
elif [ ! -d "$dist_dir"/$target ]; then
rebuild_nspr=1
fi
+# Update NSPR ${C,CXX,LD}FLAGS.
+nspr_set_flags $sanitizer_flags
+
if check_config "$nspr_config" "${nspr_params[@]}" \
nspr_cflags="$nspr_cflags" \
nspr_cxxflags="$nspr_cxxflags" \
nspr_ldflags="$nspr_ldflags"; then
rebuild_nspr=1
fi
+# Forward sanitizer flags.
+if [ ! -z "$sanitizer_flags" ]; then
+ gyp_params+=(-Dsanitizer_flags="$sanitizer_flags")
+fi
+
if check_config "$gyp_config" "${gyp_params[@]}"; then
rebuild_gyp=1
fi
# save the chosen target
mkdir -p "$dist_dir"
echo $target > "$dist_dir"/latest
--- a/coreconf/config.gypi
+++ b/coreconf/config.gypi
@@ -92,22 +92,21 @@
'disable_chachapoly%': 0,
'disable_dbm%': 0,
'disable_libpkix%': 1,
'disable_werror%': 0,
'mozilla_client%': 0,
'moz_fold_libs%': 0,
'moz_folded_library_name%': '',
'ssl_enable_zlib%': 1,
- 'use_asan%': 0,
- 'use_ubsan%': 0,
- 'use_msan%': 0,
- 'use_sancov%': 0,
+ 'sanitizer_flags%': 0,
'test_build%': 0,
+ 'no_zdefs%': 0,
'fuzz%': 0,
+ 'fuzz_tls%': 0,
'sign_libs%': 1,
'use_pprof%': 0,
'ct_verif%': 0,
'nss_public_dist_dir%': '<(nss_dist_dir)/public',
'nss_private_dist_dir%': '<(nss_dist_dir)/private',
},
'target_defaults': {
# Settings specific to targets should go here.
@@ -130,17 +129,17 @@
],
}],
[ 'OS=="linux"', {
'libraries': [
'-ldl',
'-lc',
],
}],
- [ 'use_asan==1 or use_ubsan!=0 or fuzz==1', {
+ [ 'fuzz==1', {
'variables': {
'debug_optimization_level%': '1',
},
}],
],
'target_conditions': [
# If we want to properly export a static library, and copy it to lib,
# we need to mark it as a 'standalone_static_library'. Otherwise,
@@ -211,25 +210,29 @@
],
}],
# Shared library specific settings.
[ '_type=="shared_library"', {
'conditions': [
[ 'cc_use_gnu_ld==1', {
'ldflags': [
'-Wl,--gc-sections',
- '-Wl,-z,defs',
],
'conditions': [
['OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', {
# Bug 1321317 - unix_rand.c:880: undefined reference to `environ'
'ldflags': [
'-Wl,--warn-unresolved-symbols',
],
}],
+ ['no_zdefs==0', {
+ 'ldflags': [
+ '-Wl,-z,defs',
+ ],
+ }],
],
}],
],
'xcode_settings': {
'DYLIB_INSTALL_NAME_BASE': '@executable_path',
'DYLIB_COMPATIBILITY_VERSION': '1',
'DYLIB_CURRENT_VERSION': '1',
'OTHER_LDFLAGS': [
@@ -343,83 +346,32 @@
}],
],
}],
[ 'disable_werror==0 and OS!="android" and OS!="win"', {
'cflags': [
'<!@(<(python) <(DEPTH)/coreconf/werror.py)',
],
}],
- [ 'fuzz==1', {
+ [ 'fuzz_tls==1', {
'cflags': [
'-Wno-unused-function',
- ]
+ ],
}],
- [ 'use_asan==1', {
- 'variables': {
- 'asan_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py asan)',
- 'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
- },
- 'cflags': ['<@(asan_flags)'],
- 'ldflags': ['<@(asan_flags)'],
- 'ldflags!': ['<@(no_ldflags)'],
+ [ 'sanitizer_flags!=0', {
+ 'cflags': ['<@(sanitizer_flags)'],
+ 'ldflags': ['<@(sanitizer_flags)'],
'xcode_settings': {
- 'OTHER_CFLAGS': ['<@(asan_flags)'],
- 'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
+ 'OTHER_CFLAGS': ['<@(sanitizer_flags)'],
# We want to pass -fsanitize=... to our final link call,
# but not to libtool. OTHER_LDFLAGS is passed to both.
# To trick GYP into doing what we want, we'll piggyback on
# LIBRARY_SEARCH_PATHS, producing "-L/usr/lib -fsanitize=...".
# The -L/usr/lib is redundant but innocuous: it's a default path.
- 'LIBRARY_SEARCH_PATHS': ['/usr/lib <(asan_flags)'],
- },
- }],
- [ 'use_ubsan!=0', {
- 'variables': {
- 'ubsan_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ubsan <(use_ubsan))',
- 'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
- },
- 'cflags': ['<@(ubsan_flags)'],
- 'ldflags': ['<@(ubsan_flags)'],
- 'ldflags!': ['<@(no_ldflags)'],
- 'xcode_settings': {
- 'OTHER_CFLAGS': ['<@(ubsan_flags)'],
- 'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
- # See comment above.
- 'LIBRARY_SEARCH_PATHS': ['/usr/lib <(ubsan_flags)'],
- },
- }],
- [ 'use_msan==1', {
- 'variables': {
- 'msan_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py msan)',
- 'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
- },
- 'cflags': ['<@(msan_flags)'],
- 'ldflags': ['<@(msan_flags)'],
- 'ldflags!': ['<@(no_ldflags)'],
- 'xcode_settings': {
- 'OTHER_CFLAGS': ['<@(msan_flags)'],
- 'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
- # See comment above.
- 'LIBRARY_SEARCH_PATHS': ['/usr/lib <(msan_flags)'],
- },
- }],
- [ 'use_sancov!=0', {
- 'variables': {
- 'sancov_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py sancov <(use_sancov))',
- 'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
- },
- 'cflags': ['<@(sancov_flags)'],
- 'ldflags': ['<@(sancov_flags)'],
- 'ldflags!': ['<@(no_ldflags)'],
- 'xcode_settings': {
- 'OTHER_CFLAGS': ['<@(sancov_flags)'],
- 'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
- # See comment above.
- 'LIBRARY_SEARCH_PATHS': ['/usr/lib <(sancov_flags)'],
+ 'LIBRARY_SEARCH_PATHS': ['/usr/lib <(sanitizer_flags)'],
},
}],
[ 'OS=="android" and mozilla_client==0', {
'defines': [
'NO_SYSINFO',
'NO_FORK_CHECK',
'ANDROID',
],
--- a/coreconf/fuzz.sh
+++ b/coreconf/fuzz.sh
@@ -1,16 +1,24 @@
#!/usr/bin/env bash
# This file is used by build.sh to setup fuzzing.
gyp_params+=(-Dtest_build=1 -Dfuzz=1)
-enable_sanitizer asan
-enable_ubsan
-enable_sancov
# Add debug symbols even for opt builds.
nspr_params+=(--enable-debug-symbols)
-echo "fuzz [1/2] Cloning libFuzzer files ..."
-run_verbose "$cwd"/fuzz/clone_libfuzzer.sh
+if [ "$fuzz_oss" = 1 ]; then
+ gyp_params+=(-Dno_zdefs=1)
+else
+ enable_sanitizer asan
+ enable_ubsan
+ enable_sancov
+fi
-echo "fuzz [2/2] Cloning fuzzing corpus ..."
-run_verbose "$cwd"/fuzz/clone_corpus.sh
+if [ "$fuzz_tls" = 1 ]; then
+ gyp_params+=(-Dfuzz_tls=1)
+fi
+
+if [ ! -f "/usr/lib/libFuzzingEngine.a" ]; then
+ echo "Cloning libFuzzer files ..."
+ run_verbose "$cwd"/fuzz/clone_libfuzzer.sh
+fi
--- a/coreconf/nspr.sh
+++ b/coreconf/nspr.sh
@@ -9,22 +9,21 @@ nspr_cflags=
nspr_cxxflags=
nspr_ldflags=
# Try to avoid bmake on OS X and BSD systems
if hash gmake 2>/dev/null; then
make() { command gmake "$@"; }
fi
-nspr_sanitizer()
+nspr_set_flags()
{
- local extra=$(python $cwd/coreconf/sanitizers.py "$@")
- nspr_cflags="$nspr_cflags $extra"
- nspr_cxxflags="$nspr_cxxflags $extra"
- nspr_ldflags="$nspr_ldflags $extra"
+ nspr_cflags="$CFLAGS $@"
+ nspr_cxxflags="$CXXFLAGS $@"
+ nspr_ldflags="$LDFLAGS $@"
}
nspr_build()
{
local nspr_dir="$cwd"/../nspr/$target
mkdir -p "$nspr_dir"
# These NSPR options are directory-specific, so they don't need to be
--- a/coreconf/sanitizers.py
+++ b/coreconf/sanitizers.py
@@ -1,16 +1,16 @@
#!/usr/bin/env python2
from __future__ import print_function
import sys
def main():
if len(sys.argv) < 2:
- raise Exception('Specify either "ld", asan", "msan", "sancov" or "ubsan" as argument.')
+ raise Exception('Specify either "asan", "msan", "sancov" or "ubsan" as argument.')
sanitizer = sys.argv[1]
if sanitizer == "ubsan":
if len(sys.argv) < 3:
raise Exception('ubsan requires another argument.')
print('-fsanitize='+sys.argv[2]+' -fno-sanitize-recover=undefined ', end='')
return
if sanitizer == "asan":
@@ -22,17 +22,12 @@ def main():
print('-fno-omit-frame-pointer -fno-optimize-sibling-calls ', end='')
return
if sanitizer == "sancov":
if len(sys.argv) < 3:
raise Exception('sancov requires another argument (edge|bb|func).')
print('-fsanitize-coverage='+sys.argv[2]+' ', end='')
return
- # We have to remove this from the ld flags when building asan.
- if sanitizer == "ld":
- print('-Wl,-z,defs ', end='')
- return
-
- raise Exception('Specify either "ld", asan", "msan", "sancov" or "ubsan" as argument.')
+ raise Exception('Specify either "asan", "msan", "sancov" or "ubsan" as argument.')
if __name__ == '__main__':
main()
--- a/coreconf/sanitizers.sh
+++ b/coreconf/sanitizers.sh
@@ -1,20 +1,27 @@
#!/usr/bin/env bash
# This file is used by build.sh to setup sanitizers.
+sanitizer_flags=""
+
# This tracks what sanitizers are enabled, and their options.
declare -A sanitizers
enable_sanitizer()
{
local san="$1"
[ -n "${sanitizers[$san]}" ] && return
sanitizers[$san]="${2:-1}"
- gyp_params+=(-Duse_"$san"="${2:-1}")
- nspr_sanitizer "$san" "$2"
+
+ if [ -z "$sanitizer_flags" ]; then
+ gyp_params+=(-Dno_zdefs=1)
+ fi
+
+ local cflags=$(python $cwd/coreconf/sanitizers.py "$@")
+ sanitizer_flags="$sanitizer_flags $cflags"
}
enable_sancov()
{
local clang_version=$($CC --version | grep -oE 'clang version (3\.9\.|4\.)')
if [ -z "$clang_version" ]; then
echo "Need at least clang-3.9 (better 4.0) for sancov." 1>&2
exit 1
--- a/fuzz/fuzz.gyp
+++ b/fuzz/fuzz.gyp
@@ -1,106 +1,137 @@
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'includes': [
'../coreconf/config.gypi',
- '../cmd/platlibs.gypi'
],
+ 'variables': {
+ 'use_fuzzing_engine': '<!(test -f /usr/lib/libFuzzingEngine.a && echo 1 || echo 0)',
+ },
+ 'target_defaults': {
+ 'variables': {
+ 'debug_optimization_level': '2',
+ },
+ 'target_conditions': [
+ [ '_type=="executable"', {
+ 'libraries!': [
+ '<@(nspr_libs)',
+ ],
+ 'libraries': [
+ '<(nss_dist_obj_dir)/lib/libplds4.a',
+ '<(nss_dist_obj_dir)/lib/libnspr4.a',
+ '<(nss_dist_obj_dir)/lib/libplc4.a',
+ ],
+ }],
+ ],
+ },
'targets': [
{
- 'target_name': 'libFuzzer',
- 'type': 'static_library',
- 'sources': [
- 'libFuzzer/FuzzerCrossOver.cpp',
- 'libFuzzer/FuzzerDriver.cpp',
- 'libFuzzer/FuzzerExtFunctionsDlsym.cpp',
- 'libFuzzer/FuzzerExtFunctionsWeak.cpp',
- 'libFuzzer/FuzzerExtFunctionsWeakAlias.cpp',
- 'libFuzzer/FuzzerIO.cpp',
- 'libFuzzer/FuzzerIOPosix.cpp',
- 'libFuzzer/FuzzerIOWindows.cpp',
- 'libFuzzer/FuzzerLoop.cpp',
- 'libFuzzer/FuzzerMain.cpp',
- 'libFuzzer/FuzzerMerge.cpp',
- 'libFuzzer/FuzzerMutate.cpp',
- 'libFuzzer/FuzzerSHA1.cpp',
- 'libFuzzer/FuzzerTracePC.cpp',
- 'libFuzzer/FuzzerTraceState.cpp',
- 'libFuzzer/FuzzerUtil.cpp',
- 'libFuzzer/FuzzerUtilDarwin.cpp',
- 'libFuzzer/FuzzerUtilLinux.cpp',
- 'libFuzzer/FuzzerUtilPosix.cpp',
- 'libFuzzer/FuzzerUtilWindows.cpp',
+ 'target_name': 'fuzz_base',
+ 'dependencies': [
+ '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
+ '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
+ '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
+ '<(DEPTH)/lib/base/base.gyp:nssb',
+ '<(DEPTH)/lib/dev/dev.gyp:nssdev',
+ '<(DEPTH)/lib/pki/pki.gyp:nsspki',
+ '<(DEPTH)/lib/util/util.gyp:nssutil',
+ '<(DEPTH)/lib/nss/nss.gyp:nss_static',
+ '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
],
- 'direct_dependent_settings': {
- 'include_dirs': [
- 'libFuzzer',
- ],
- }
+ 'conditions': [
+ ['use_fuzzing_engine==0', {
+ 'type': 'static_library',
+ 'sources': [
+ 'libFuzzer/FuzzerCrossOver.cpp',
+ 'libFuzzer/FuzzerDriver.cpp',
+ 'libFuzzer/FuzzerExtFunctionsDlsym.cpp',
+ 'libFuzzer/FuzzerExtFunctionsWeak.cpp',
+ 'libFuzzer/FuzzerExtFunctionsWeakAlias.cpp',
+ 'libFuzzer/FuzzerIO.cpp',
+ 'libFuzzer/FuzzerIOPosix.cpp',
+ 'libFuzzer/FuzzerIOWindows.cpp',
+ 'libFuzzer/FuzzerLoop.cpp',
+ 'libFuzzer/FuzzerMain.cpp',
+ 'libFuzzer/FuzzerMerge.cpp',
+ 'libFuzzer/FuzzerMutate.cpp',
+ 'libFuzzer/FuzzerSHA1.cpp',
+ 'libFuzzer/FuzzerTracePC.cpp',
+ 'libFuzzer/FuzzerTraceState.cpp',
+ 'libFuzzer/FuzzerUtil.cpp',
+ 'libFuzzer/FuzzerUtilDarwin.cpp',
+ 'libFuzzer/FuzzerUtilLinux.cpp',
+ 'libFuzzer/FuzzerUtilPosix.cpp',
+ 'libFuzzer/FuzzerUtilWindows.cpp',
+ ],
+ 'cflags/': [
+ ['exclude', '-fsanitize-coverage'],
+ ],
+ 'xcode_settings': {
+ 'OTHER_CFLAGS/': [
+ ['exclude', '-fsanitize-coverage'],
+ ],
+ },
+ 'direct_dependent_settings': {
+ 'include_dirs': [
+ 'libFuzzer',
+ ],
+ },
+ }, {
+ 'type': 'none',
+ 'direct_dependent_settings': {
+ 'libraries': ['-lFuzzingEngine'],
+ }
+ }]
+ ],
},
{
'target_name': 'nssfuzz-cert',
'type': 'executable',
'sources': [
'asn1_mutators.cc',
'cert_target.cc',
'initialize.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
- 'libFuzzer',
+ 'fuzz_base',
+ ],
+ },
+ {
+ 'target_name': 'nssfuzz-spki',
+ 'type': 'executable',
+ 'sources': [
+ 'asn1_mutators.cc',
+ 'spki_target.cc',
+ 'initialize.cc',
+ ],
+ 'dependencies': [
+ '<(DEPTH)/exports.gyp:nss_exports',
+ 'fuzz_base',
],
},
{
'target_name': 'nssfuzz-pkcs8',
'type': 'executable',
'sources': [
'asn1_mutators.cc',
'initialize.cc',
'pkcs8_target.cc',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
- 'libFuzzer',
- ],
- },
- {
- 'target_name': 'nssfuzz-spki',
- 'type': 'executable',
- 'sources': [
- 'asn1_mutators.cc',
- 'spki_target.cc',
- 'initialize.cc',
- ],
- 'dependencies': [
- '<(DEPTH)/exports.gyp:nss_exports',
- 'libFuzzer',
+ 'fuzz_base',
],
},
{
'target_name': 'nssfuzz',
'type': 'none',
'dependencies': [
'nssfuzz-cert',
+ 'nssfuzz-spki',
'nssfuzz-pkcs8',
- 'nssfuzz-spki',
- ]
+ ],
}
],
- 'target_defaults': {
- 'variables': {
- 'debug_optimization_level': '2',
- },
- 'cflags/': [
- ['exclude', '-fsanitize-coverage'],
- ],
- 'xcode_settings': {
- 'OTHER_CFLAGS/': [
- ['exclude', '-fsanitize-coverage'],
- ],
- },
- },
- 'variables': {
- 'module': 'nss',
- }
}
--- a/fuzz/warning.txt
+++ b/fuzz/warning.txt
@@ -1,15 +1,16 @@
-##############################################
-## ##
-## WARNING: You're building with -Dfuzz=1 ##
-## ##
-## This means: ##
-## ##
-## * Your PRNG is DETERMINISTIC. ##
-## * TLS transcripts are PLAINTEXT. ##
-## * TLS signature checks are DISABLED. ##
-## ##
-## Thank you for fuzzing! ##
-## ##
-##############################################
+##################################################
+## ##
+## WARNING: You're building with -Dfuzz_tls=1 ##
+## ##
+## This means: ##
+## ##
+## * Your PRNG is DETERMINISTIC. ##
+## * TLS transcripts are PLAINTEXT. ##
+## * Session tickets are NOT encrypted. ##
+## * TLS signature/MAC checks are DISABLED. ##
+## ##
+## Thank you for fuzzing! ##
+## ##
+##################################################
--- a/gtests/common/gtest.gypi
+++ b/gtests/common/gtest.gypi
@@ -9,17 +9,17 @@
'-lws2_32',
],
}],
['OS=="android"', {
'libraries': [
'-lstdc++',
],
}],
- [ 'fuzz==1', {
+ [ 'fuzz_tls==1', {
'defines': [
'UNSAFE_FUZZER_MODE',
],
}],
],
'msvs_settings': {
'VCCLCompilerTool': {
'ExceptionHandling': 1,
--- a/lib/freebl/freebl.gyp
+++ b/lib/freebl/freebl.gyp
@@ -220,17 +220,17 @@
# not x64
'sources': [
'chacha20.c',
'poly1305.c',
],
}],
],
}],
- [ 'fuzz==1', {
+ [ 'fuzz_tls==1', {
'sources': [
'det_rng.c',
],
'defines': [
'UNSAFE_FUZZER_MODE',
],
}],
[ 'ct_verif==1', {
@@ -386,17 +386,17 @@
'defines': [
'MP_IS_LITTLE_ENDIAN',
'NSS_BEVAND_ARCFOUR',
'MPI_AMD64',
'MP_ASSEMBLY_MULTIPLY',
'NSS_USE_COMBA',
],
}],
- [ 'target_arch=="x64" and use_msan==0', {
+ [ 'target_arch=="x64"', {
'defines': [
'USE_HW_AES',
'INTEL_GCM',
],
}],
[ 'target_arch=="ia32"', {
'defines': [
'MP_IS_LITTLE_ENDIAN',
--- a/lib/ssl/ssl.gyp
+++ b/lib/ssl/ssl.gyp
@@ -58,17 +58,17 @@
[ 'ssl_enable_zlib==1', {
'dependencies': [
'<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
],
'defines': [
'NSS_SSL_ENABLE_ZLIB',
],
}],
- [ 'fuzz==1', {
+ [ 'fuzz_tls==1', {
'defines': [
'UNSAFE_FUZZER_MODE',
],
}],
[ 'mozilla_client==1', {
'defines': [
'NSS_ENABLE_TLS13_SHORT_HEADERS',
],
--- a/nss.gyp
+++ b/nss.gyp
@@ -236,34 +236,38 @@
}],
],
'action': ['<(python)', '<(DEPTH)/coreconf/shlibsign.py', '<@(_inputs)']
}
],
},
],
}],
- [ 'fuzz==1', {
+ [ 'fuzz_tls==1', {
'targets': [
{
'target_name': 'fuzz_warning',
'type': 'none',
'actions': [
{
'action_name': 'fuzz_warning',
'action': ['cat', 'fuzz/warning.txt'],
'inputs': ['fuzz/warning.txt'],
'ninja_use_console': 1,
'outputs': ['dummy'],
}
],
},
+ ],
+ }],
+ [ 'fuzz==1', {
+ 'targets': [
{
'target_name': 'fuzz',
'type': 'none',
'dependencies': [
'fuzz/fuzz.gyp:nssfuzz',
- ]
+ ],
},
],
}],
],
}