Commit 44b2296c authored by Tim Taubert's avatar Tim Taubert

Bug 1333361 - Fix static fuzzing builds r=franziskus

Differential Revision: https://nss-review.dev.mozaws.net/D170

--HG--
extra : amend_source : 03d8c1cbf21c4d130e2df5dc56273090ec233d9c
parent 10018fe2
......@@ -125,7 +125,6 @@ export default async function main() {
"bin/checkout.sh && nss/automation/taskcluster/scripts/build_gyp.sh -g -v --ubsan --asan"
],
env: {
ASAN_OPTIONS: "detect_odr_violation=0", // bug 1316276
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
......@@ -272,8 +271,7 @@ async function scheduleLinux(name, base) {
async function scheduleFuzzing() {
let base = {
env: {
// bug 1316276
ASAN_OPTIONS: "allocator_may_return_null=1:detect_odr_violation=0",
ASAN_OPTIONS: "allocator_may_return_null=1",
UBSAN_OPTIONS: "print_stacktrace=1",
NSS_DISABLE_ARENA_FREE_LIST: "1",
NSS_DISABLE_UNLOAD: "1",
......@@ -334,8 +332,10 @@ async function scheduleFuzzing() {
"bin/checkout.sh && nss/automation/taskcluster/scripts/fuzz.sh " +
"quickder nss/fuzz/corpus/quickder -max_total_time=300"
],
// Need a privileged docker container to remove this.
env: {ASAN_OPTIONS: "detect_leaks=0"},
// Need a privileged docker container to remove detect_leaks=0.
env: {
ASAN_OPTIONS: "allocator_may_return_null=1:detect_leaks=0",
},
symbol: "QuickDER",
kind: "test"
}));
......
......@@ -14,7 +14,16 @@
'mpi-test.c',
],
'dependencies': [
'<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)',
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
]
}
],
......
......@@ -152,7 +152,7 @@
'product_dir': '<(nss_dist_obj_dir)/lib'
}],
# mapfile handling
[ 'test_build==0 and mapfile!=""', {
[ 'mapfile!=""', {
# Work around a gyp bug. Fixed upstream but not in Ubuntu packages:
# https://chromium.googlesource.com/external/gyp/+/b85ad3e578da830377dbc1843aa4fbc5af17a192%5E%21/
'sources': [
......@@ -360,6 +360,11 @@
'cflags': [
'-Wno-unused-function',
],
'xcode_settings': {
'OTHER_CFLAGS': [
'-Wno-unused-function',
],
},
}],
[ 'sanitizer_flags!=0', {
'cflags': ['<@(sanitizer_flags)'],
......
......@@ -15,7 +15,7 @@ if [ -z "$CC" ]; then
export CXX=clang++
fi
gyp_params+=(-Dtest_build=1 -Dfuzz=1)
gyp_params+=(-Dtest_build=1 -Dfuzz=1 -Dsign_libs=0)
# Add debug symbols even for opt builds.
nspr_params+=(--enable-debug-symbols)
......
......@@ -37,8 +37,9 @@
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/util/util.gyp:nssutil',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
# This is a static build of pk11wrap, softoken, and freebl.
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
],
'conditions': [
['use_fuzzing_engine==0', {
......
......@@ -13,8 +13,8 @@
class NSSDatabase {
public:
NSSDatabase() { NSS_NoDB_Init(nullptr); }
~NSSDatabase() { NSS_Shutdown(); }
NSSDatabase() { assert(NSS_NoDB_Init(nullptr) == SECSuccess); }
~NSSDatabase() { assert(NSS_Shutdown() == SECSuccess); }
};
size_t CustomMutate(std::vector<decltype(LLVMFuzzerCustomMutator) *> mutators,
......
......@@ -18,6 +18,9 @@
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
'<(DEPTH)/lib/nss/nss.gyp:nss3',
]
}
],
......
......@@ -16,8 +16,17 @@
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
],
'conditions': [
[ 'ct_verif==1', {
......
......@@ -13,39 +13,7 @@
'sources': [
'gtest/src/gtest-all.cc'
],
'dependencies': [
'<(DEPTH)/lib/nss/nss.gyp:nss3',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/smime/smime.gyp:smime3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
'<(DEPTH)/cmd/lib/lib.gyp:sectool'
]
},
{
'target_name': 'gtest1',
'type': 'shared_library',
'dependencies': [
'gtest'
],
# Work around a gyp bug. Fixed upstream in gyp:
# https://chromium.googlesource.com/external/gyp/+/93cc6e2c23e4d5ebd179f388e67aa907d0dfd43d
'conditions': [
['OS!="win"', {
'libraries': [
'-lstdc++',
],
}],
],
# For some reason when just linking static libraries into
# a DLL the link fails without this.
'msvs_settings': {
'VCLinkerTool': {
'AdditionalDependencies': [
'/DEFAULTLIB:MSVCRT',
],
},
},
}
],
'target_defaults': {
'include_dirs': [
......
......@@ -21,9 +21,29 @@
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
],
'conditions': [
[ 'test_build==1', {
'dependencies': [
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
],
}, {
'dependencies': [
'<(DEPTH)/lib/nss/nss.gyp:nss3',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl3',
],
}],
],
}
],
'target_defaults': {
......
......@@ -47,27 +47,33 @@
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/softoken/softoken.gyp:softokn',
'<(DEPTH)/lib/smime/smime.gyp:smime',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/cmd/lib/lib.gyp:sectool',
'<(DEPTH)/lib/pkcs12/pkcs12.gyp:pkcs12',
'<(DEPTH)/lib/pkcs7/pkcs7.gyp:pkcs7',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/softoken/softoken.gyp:softokn',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/freebl/freebl.gyp:<(freebl_name)',
'<(DEPTH)/lib/zlib/zlib.gyp:nss_zlib'
],
'conditions': [
[ 'test_build==1', {
'dependencies': [
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
],
}, {
'dependencies': [
'<(DEPTH)/lib/sqlite/sqlite.gyp:sqlite3',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'<(DEPTH)/lib/softoken/softoken.gyp:softokn',
'<(DEPTH)/lib/freebl/freebl.gyp:freebl',
],
}],
[ 'disable_dbm==0', {
'dependencies': [
'<(DEPTH)/lib/dbm/src/src.gyp:dbm',
......@@ -103,6 +109,5 @@
},
'variables': {
'module': 'nss',
'use_static_libs': 1,
}
}
......@@ -18,6 +18,15 @@
'<(DEPTH)/exports.gyp:nss_exports',
'<(DEPTH)/gtests/google_test/google_test.gyp:gtest',
'<(DEPTH)/lib/util/util.gyp:nssutil',
'<(DEPTH)/lib/nss/nss.gyp:nss_static',
'<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap_static',
'<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'<(DEPTH)/lib/base/base.gyp:nssb',
'<(DEPTH)/lib/dev/dev.gyp:nssdev',
'<(DEPTH)/lib/pki/pki.gyp:nsspki',
'<(DEPTH)/lib/ssl/ssl.gyp:ssl',
]
}
],
......
......@@ -32,125 +32,55 @@
'<(DEPTH)/exports.gyp:nss_exports'
]
},
# For test builds, build a static freebl library so we can statically
# link it into the test build binary. This way we don't have to
# dlopen() the shared lib but can directly call freebl functions.
{
'target_name': '<(freebl_name)',
'type': 'shared_library',
'sources': [
'aeskeywrap.c',
'alg2268.c',
'alghmac.c',
'arcfive.c',
'arcfour.c',
'camellia.c',
'chacha20poly1305.c',
'ctr.c',
'cts.c',
'des.c',
'desblapi.c',
'dh.c',
'drbg.c',
'dsa.c',
'ec.c',
'ecdecode.c',
'ecl/ec_naf.c',
'ecl/ecl.c',
'ecl/ecl_curve.c',
'ecl/ecl_gf.c',
'ecl/ecl_mult.c',
'ecl/ecp_25519.c',
'ecl/ecp_256.c',
'ecl/ecp_256_32.c',
'ecl/ecp_384.c',
'ecl/ecp_521.c',
'ecl/ecp_aff.c',
'ecl/ecp_jac.c',
'ecl/ecp_jm.c',
'ecl/ecp_mont.c',
'fipsfreebl.c',
'freeblver.c',
'gcm.c',
'hmacct.c',
'jpake.c',
'ldvector.c',
'md2.c',
'md5.c',
'mpi/mp_gf2m.c',
'mpi/mpcpucache.c',
'mpi/mpi.c',
'mpi/mplogic.c',
'mpi/mpmontg.c',
'mpi/mpprime.c',
'pqg.c',
'rawhash.c',
'rijndael.c',
'rsa.c',
'rsapkcs.c',
'seed.c',
'sha512.c',
'sha_fast.c',
'shvfy.c',
'sysrand.c',
'tlsprfalg.c'
'target_name': 'freebl_static',
'type': 'static_library',
'includes': [
'freebl_base.gypi',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
],
'conditions': [
[ 'OS=="linux"', {
'sources': [
'nsslowhash.c',
'stubs.c',
'defines!': [
'FREEBL_NO_DEPEND',
'FREEBL_LOWHASH',
'USE_HW_AES',
'INTEL_GCM',
],
'conditions': [
[ 'test_build==1', {
'dependencies': [
'<(DEPTH)/lib/util/util.gyp:nssutil3',
],
}],
]
}],
[ 'OS=="linux" or OS=="android"', {
'conditions': [
[ 'target_arch=="x64"', {
'sources': [
'arcfour-amd64-gas.s',
# The AES assembler code doesn't work in static test builds.
# The linker complains about non-relocatable code, and I
# currently don't know how to fix this properly.
'sources!': [
'intel-aes.s',
'intel-gcm.s',
'mpi/mpi_amd64.c',
'mpi/mpi_amd64_gas.s',
'mpi/mp_comba.c',
],
'dependencies': [
'intel-gcm-wrap_c_lib',
],
'conditions': [
[ 'cc_is_clang==1', {
'cflags': [
'-no-integrated-as',
],
'cflags_mozilla': [
'-no-integrated-as',
],
'asflags_mozilla': [
'-no-integrated-as',
],
}],
],
}],
[ 'target_arch=="ia32"', {
'sources': [
'mpi/mpi_x86.s',
],
}],
[ 'target_arch=="arm"', {
'sources': [
'mpi/mpi_arm.c',
],
}],
],
}, {
# not Linux or Android
}],
],
},
{
'target_name': '<(freebl_name)',
'type': 'shared_library',
'includes': [
'freebl_base.gypi',
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
],
'conditions': [
[ 'OS!="linux" and OS!="android"', {
'conditions': [
[ 'moz_fold_libs==0', {
'dependencies': [
'../util/util.gyp:nssutil3',
'<(DEPTH)/lib/util/util.gyp:nssutil3',
],
}, {
'libraries': [
......@@ -158,105 +88,23 @@
],
}],
],
}],
[ 'OS=="win"', {
'sources': [
#TODO: building with mingw should not need this.
'ecl/uint128.c',
],
'libraries': [
'advapi32.lib',
],
'conditions': [
[ 'target_arch=="x64"', {
'sources': [
'arcfour-amd64-masm.asm',
'mpi/mpi_amd64.c',
'mpi/mpi_amd64_masm.asm',
'mpi/mp_comba_amd64_masm.asm',
'intel-aes-x64-masm.asm',
'intel-gcm-x64-masm.asm',
],
}, {
# not x64
'sources': [
'mpi/mpi_x86_asm.c',
'intel-aes-x86-masm.asm',
'intel-gcm-x86-masm.asm',
],
}],
[ 'cc_is_clang==1', {
'dependencies': [
'intel-gcm-wrap_c_lib',
],
}, {
# MSVC
'sources': [
'intel-gcm-wrap.c',
],
}],
],
}],
['target_arch=="ia32" or target_arch=="x64"', {
'sources': [
# All intel architectures get the 64 bit version
'ecl/curve25519_64.c',
],
}, {
'sources': [
# All non intel architectures get the generic 32 bit implementation (slow!)
'ecl/curve25519_32.c',
}, 'target_arch=="x64"', {
'dependencies': [
'intel-gcm-wrap_c_lib',
],
}],
#TODO uint128.c
[ 'disable_chachapoly==0', {
'conditions': [
[ 'OS!="win" and target_arch=="x64"', {
'sources': [
'chacha20_vec.c',
'poly1305-donna-x64-sse2-incremental-source.c',
],
}, {
# not x64
'sources': [
'chacha20.c',
'poly1305.c',
],
}],
[ 'OS=="win" and cc_is_clang==1', {
'dependencies': [
'intel-gcm-wrap_c_lib',
],
}],
[ 'fuzz_tls==1', {
[ 'OS=="linux"', {
'sources': [
'det_rng.c',
],
'defines': [
'UNSAFE_FUZZER_MODE',
],
}],
[ 'ct_verif==1', {
'defines': [
'CT_VERIF',
],
}],
[ 'OS=="mac"', {
'conditions': [
[ 'target_arch=="ia32"', {
'sources': [
'mpi/mpi_sse2.s',
],
'defines': [
'MP_USE_UINT_DIGIT',
'MP_ASSEMBLY_MULTIPLY',
'MP_ASSEMBLY_SQUARE',
'MP_ASSEMBLY_DIV_2DX1D',
],
}],
'nsslowhash.c',
'stubs.c',
],
}],
],
'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports',
],
'variables': {
'conditions': [
[ 'OS=="linux"', {
......@@ -266,9 +114,6 @@
}],
]
},
'ldflags': [
'-Wl,-Bsymbolic'
]
},
],
'conditions': [
......@@ -371,13 +216,7 @@
[ 'OS=="linux"', {
'defines': [
'FREEBL_LOWHASH',
],
'conditions': [
[ 'test_build==0', {
'defines': [
'FREEBL_NO_DEPEND',
],
}],
'FREEBL_NO_DEPEND',
],
}],
[ 'OS=="linux" or OS=="android"', {
......
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
{
'sources': [
'aeskeywrap.c',
'alg2268.c',
'alghmac.c',
'arcfive.c',
'arcfour.c',
'camellia.c',
'chacha20poly1305.c',
'ctr.c',
'cts.c',
'des.c',
'desblapi.c',
'dh.c',
'drbg.c',
'dsa.c',
'ec.c',
'ecdecode.c',
'ecl/ec_naf.c',
'ecl/ecl.c',
'ecl/ecl_curve.c',
'ecl/ecl_gf.c',
'ecl/ecl_mult.c',
'ecl/ecp_25519.c',
'ecl/ecp_256.c',
'ecl/ecp_256_32.c',
'ecl/ecp_384.c',
'ecl/ecp_521.c',
'ecl/ecp_aff.c',
'ecl/ecp_jac.c',
'ecl/ecp_jm.c',
'ecl/ecp_mont.c',
'fipsfreebl.c',
'freeblver.c',
'gcm.c',
'hmacct.c',
'jpake.c',
'ldvector.c',
'md2.c',
'md5.c',
'mpi/mp_gf2m.c',
'mpi/mpcpucache.c',
'mpi/mpi.c',
'mpi/mplogic.c',
'mpi/mpmontg.c',
'mpi/mpprime.c',
'pqg.c',
'rawhash.c',
'rijndael.c',
'rsa.c',
'rsapkcs.c',
'seed.c',
'sha512.c',
'sha_fast.c',
'shvfy.c',
'sysrand.c',
'tlsprfalg.c'
],
'conditions': [
[ 'OS=="linux" or OS=="android"', {
'conditions': [
[ 'target_arch=="x64"', {
'sources': [
'arcfour-amd64-gas.s',
'intel-aes.s',
'intel-gcm.s',
'mpi/mpi_amd64.c',
'mpi/mpi_amd64_gas.s',
'mpi/mp_comba.c',
],
'conditions': [
[ 'cc_is_clang==1', {
'cflags': [
'-no-integrated-as',
],
'cflags_mozilla': [
'-no-integrated-as',
],
'asflags_mozilla': [
'-no-integrated-as',
],
}],
],
}],
[ 'target_arch=="ia32"', {
'sources': [
'mpi/mpi_x86.s',
],
}],
[ 'target_arch=="arm"', {
'sources': [
'mpi/mpi_arm.c',
],
}],
],
}],
[ 'OS=="win"', {
'sources': [
#TODO: building with mingw should not need this.
'ecl/uint128.c',
],
'libraries': [
'advapi32.lib',
],
'conditions': [
[ 'target_arch=="x64"', {
'sources': [
'arcfour-amd64-masm.asm',
'mpi/mpi_amd64.c',
'mpi/mpi_amd64_masm.asm',
'mpi/mp_comba_amd64_masm.asm',
'intel-aes-x64-masm.asm',
'intel-gcm-x64-masm.asm',
],
}, {
# not x64
'sources': [
'mpi/mpi_x86_asm.c',
'intel-aes-x86-masm.asm',
'intel-gcm-x86-masm.asm',
],
}],
[ 'cc_is_clang!=1', {
# MSVC
'sources': [
'intel-gcm-wrap.c',
],
}],
],
}],
['target_arch=="ia32" or target_arch=="x64"', {
'sources': [
# All intel architectures get the 64 bit version
'ecl/curve25519_64.c',
],
}, {
'sources': [
# All non intel architectures get the generic 32 bit implementation (slow!)
'ecl/curve25519_32.c',
],
}],
#TODO uint128.c
[ 'disable_chachapoly==0', {
'conditions': [
[ 'OS!="win" and target_arch=="x64"', {
'sources': [
'chacha20_vec.c',
'poly1305-donna-x64-sse2-incremental-source.c',
],
}, {
# not x64
'sources': [
'chacha20.c',
'poly1305.c',
],
}],
],
}],
[ 'fuzz_tls==1', {
'sources': [
'det_rng.c',
],
'defines': [
'UNSAFE_FUZZER_MODE',
],
}],
[ 'ct_verif==1', {
'defines': [
'CT_VERIF',
],
}],
[ 'OS=="mac"', {
'conditions': [
[ 'target_arch=="ia32"', {
'sources': [
'mpi/mpi_sse2.s',
],
'defines': [
'MP_USE_UINT_DIGIT',
'MP_ASSEMBLY_MULTIPLY',
'MP_ASSEMBLY_SQUARE',
'MP_ASSEMBLY_DIV_2DX1D',
],
}],
],
}],
],
'ldflags': [
'-Wl,-Bsymbolic'
],
}
......@@ -17,6 +17,10 @@
#include "secerr.h"
#include "prenv.h"
#include "utilparst.h"
#include "prio.h"
#include "prprf.h"
#include <stdio.h>
#include "prsystem.h"
#define DEBUG_MODULE 1
......@@ -350,6 +354,7 @@ SECMOD_SetRootCerts(PK11SlotInfo *slot, SECMODModule *mod)
}
}
#ifndef NSS_TEST_BUILD
static const char *my_shlib_name =
SHLIB_PREFIX "nss" SHLIB_VERSION "." SHLIB_SUFFIX;