Commit 7621bb07 authored by Tim Taubert's avatar Tim Taubert

Bug 1330655 - Make NSS build within OSS-Fuzz r=franziskus

Differential Revision: https://nss-review.dev.mozaws.net/D161

--HG--
extra : amend_source : 875313e502f89c1488e945bd4f2b2aaf7b487575
parent d8a4fc55
...@@ -17,3 +17,4 @@ GTAGS ...@@ -17,3 +17,4 @@ GTAGS
.ycm_extra_conf.py* .ycm_extra_conf.py*
fuzz/libFuzzer/* fuzz/libFuzzer/*
fuzz/corpus fuzz/corpus
fuzz/out
...@@ -17,3 +17,4 @@ GTAGS ...@@ -17,3 +17,4 @@ GTAGS
.ycm_extra_conf.py* .ycm_extra_conf.py*
fuzz/libFuzzer/* fuzz/libFuzzer/*
fuzz/corpus fuzz/corpus
fuzz/out
...@@ -285,7 +285,7 @@ async function scheduleFuzzing() { ...@@ -285,7 +285,7 @@ async function scheduleFuzzing() {
"/bin/bash", "/bin/bash",
"-c", "-c",
"bin/checkout.sh && " + "bin/checkout.sh && " +
"nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz" "nss/automation/taskcluster/scripts/build_gyp.sh -g -v --fuzz=tls"
], ],
artifacts: { artifacts: {
public: { public: {
......
...@@ -18,4 +18,4 @@ mkdir -p nss/fuzz/corpus/$type ...@@ -18,4 +18,4 @@ mkdir -p nss/fuzz/corpus/$type
objdir=$(cat dist/latest) objdir=$(cat dist/latest)
# Run nssfuzz. # Run nssfuzz.
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:dist/$objdir/lib dist/$objdir/bin/nssfuzz-"$type" "$@" dist/$objdir/bin/nssfuzz-"$type" "$@"
...@@ -15,9 +15,9 @@ show_help() ...@@ -15,9 +15,9 @@ show_help()
{ {
cat << EOF cat << EOF
Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32] Usage: ${0##*/} [-hcv] [-j <n>] [--nspr] [--gyp|-g] [--opt|-o] [-m32]
[--test] [--fuzz] [--pprof] [--scan-build[=output]] [--test] [--pprof] [--scan-build[=output]] [--ct-verif]
[--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]] [--asan] [--ubsan] [--msan] [--sancov[=edge|bb|func|...]]
[--ct-verif] [--disable-tests] [--disable-tests] [--fuzz[=tls|oss]]
This script builds NSS with gyp and ninja. This script builds NSS with gyp and ninja.
...@@ -35,7 +35,9 @@ NSS build tool options: ...@@ -35,7 +35,9 @@ NSS build tool options:
--opt|-o do an opt build --opt|-o do an opt build
-m32 do a 32-bit build on a 64-bit system -m32 do a 32-bit build on a 64-bit system
--test ignore map files and export everything we have --test ignore map files and export everything we have
--fuzz enable fuzzing mode. this always enables test builds --fuzz build fuzzing targets (this always enables test builds)
--fuzz=tls to enable TLS fuzzing mode
--fuzz=oss to build for OSS-Fuzz
--pprof build with gperftool support --pprof build with gperftool support
--ct-verif build with valgrind for ct-verif --ct-verif build with valgrind for ct-verif
--scan-build run the build with scan-build (scan-build has to be in the path) --scan-build run the build with scan-build (scan-build has to be in the path)
...@@ -74,6 +76,8 @@ rebuild_nspr=0 ...@@ -74,6 +76,8 @@ rebuild_nspr=0
target=Debug target=Debug
verbose=0 verbose=0
fuzz=0 fuzz=0
fuzz_tls=0
fuzz_oss=0
gyp_params=(--depth="$cwd" --generator-output=".") gyp_params=(--depth="$cwd" --generator-output=".")
nspr_params=() nspr_params=()
...@@ -95,6 +99,8 @@ while [ $# -gt 0 ]; do ...@@ -95,6 +99,8 @@ while [ $# -gt 0 ]; do
-v) ninja_params+=(-v); verbose=1 ;; -v) ninja_params+=(-v); verbose=1 ;;
--test) gyp_params+=(-Dtest_build=1) ;; --test) gyp_params+=(-Dtest_build=1) ;;
--fuzz) fuzz=1 ;; --fuzz) fuzz=1 ;;
--fuzz=oss) fuzz=1; fuzz_oss=1 ;;
--fuzz=tls) fuzz=1; fuzz_tls=1 ;;
--scan-build) enable_scanbuild ;; --scan-build) enable_scanbuild ;;
--scan-build=?*) enable_scanbuild "${1#*=}" ;; --scan-build=?*) enable_scanbuild "${1#*=}" ;;
--opt|-o) opt_build=1 ;; --opt|-o) opt_build=1 ;;
...@@ -108,6 +114,7 @@ while [ $# -gt 0 ]; do ...@@ -108,6 +114,7 @@ while [ $# -gt 0 ]; do
--pprof) gyp_params+=(-Duse_pprof=1) ;; --pprof) gyp_params+=(-Duse_pprof=1) ;;
--ct-verif) gyp_params+=(-Dct_verif=1) ;; --ct-verif) gyp_params+=(-Dct_verif=1) ;;
--disable-tests) gyp_params+=(-Ddisable_tests=1) ;; --disable-tests) gyp_params+=(-Ddisable_tests=1) ;;
--no-zdefs) gyp_params+=(-Dno_zdefs=1) ;;
*) show_help; exit 2 ;; *) show_help; exit 2 ;;
esac esac
shift shift
...@@ -152,6 +159,7 @@ check_config() ...@@ -152,6 +159,7 @@ check_config()
mkdir -p $(dirname "$newconf") mkdir -p $(dirname "$newconf")
echo CC="$CC" >"$newconf" echo CC="$CC" >"$newconf"
echo CCC="$CCC" >>"$newconf" echo CCC="$CCC" >>"$newconf"
echo CXX="$CXX" >>"$newconf"
for i in "$@"; do echo $i; done | sort >>"$newconf" for i in "$@"; do echo $i; done | sort >>"$newconf"
# Note: The following diff fails if $oldconf isn't there as well, which # Note: The following diff fails if $oldconf isn't there as well, which
...@@ -170,6 +178,9 @@ elif [ ! -d "$dist_dir"/$target ]; then ...@@ -170,6 +178,9 @@ elif [ ! -d "$dist_dir"/$target ]; then
rebuild_nspr=1 rebuild_nspr=1
fi fi
# Update NSPR ${C,CXX,LD}FLAGS.
nspr_set_flags $sanitizer_flags
if check_config "$nspr_config" "${nspr_params[@]}" \ if check_config "$nspr_config" "${nspr_params[@]}" \
nspr_cflags="$nspr_cflags" \ nspr_cflags="$nspr_cflags" \
nspr_cxxflags="$nspr_cxxflags" \ nspr_cxxflags="$nspr_cxxflags" \
...@@ -177,6 +188,11 @@ if check_config "$nspr_config" "${nspr_params[@]}" \ ...@@ -177,6 +188,11 @@ if check_config "$nspr_config" "${nspr_params[@]}" \
rebuild_nspr=1 rebuild_nspr=1
fi fi
# Forward sanitizer flags.
if [ ! -z "$sanitizer_flags" ]; then
gyp_params+=(-Dsanitizer_flags="$sanitizer_flags")
fi
if check_config "$gyp_config" "${gyp_params[@]}"; then if check_config "$gyp_config" "${gyp_params[@]}"; then
rebuild_gyp=1 rebuild_gyp=1
fi fi
......
...@@ -97,12 +97,11 @@ ...@@ -97,12 +97,11 @@
'moz_fold_libs%': 0, 'moz_fold_libs%': 0,
'moz_folded_library_name%': '', 'moz_folded_library_name%': '',
'ssl_enable_zlib%': 1, 'ssl_enable_zlib%': 1,
'use_asan%': 0, 'sanitizer_flags%': 0,
'use_ubsan%': 0,
'use_msan%': 0,
'use_sancov%': 0,
'test_build%': 0, 'test_build%': 0,
'no_zdefs%': 0,
'fuzz%': 0, 'fuzz%': 0,
'fuzz_tls%': 0,
'sign_libs%': 1, 'sign_libs%': 1,
'use_pprof%': 0, 'use_pprof%': 0,
'ct_verif%': 0, 'ct_verif%': 0,
...@@ -135,7 +134,7 @@ ...@@ -135,7 +134,7 @@
'-lc', '-lc',
], ],
}], }],
[ 'use_asan==1 or use_ubsan!=0 or fuzz==1', { [ 'fuzz==1', {
'variables': { 'variables': {
'debug_optimization_level%': '1', 'debug_optimization_level%': '1',
}, },
...@@ -216,7 +215,6 @@ ...@@ -216,7 +215,6 @@
[ 'cc_use_gnu_ld==1', { [ 'cc_use_gnu_ld==1', {
'ldflags': [ 'ldflags': [
'-Wl,--gc-sections', '-Wl,--gc-sections',
'-Wl,-z,defs',
], ],
'conditions': [ 'conditions': [
['OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', { ['OS=="dragonfly" or OS=="freebsd" or OS=="netbsd" or OS=="openbsd"', {
...@@ -225,6 +223,11 @@ ...@@ -225,6 +223,11 @@
'-Wl,--warn-unresolved-symbols', '-Wl,--warn-unresolved-symbols',
], ],
}], }],
['no_zdefs==0', {
'ldflags': [
'-Wl,-z,defs',
],
}],
], ],
}], }],
], ],
...@@ -348,73 +351,22 @@ ...@@ -348,73 +351,22 @@
'<!@(<(python) <(DEPTH)/coreconf/werror.py)', '<!@(<(python) <(DEPTH)/coreconf/werror.py)',
], ],
}], }],
[ 'fuzz==1', { [ 'fuzz_tls==1', {
'cflags': [ 'cflags': [
'-Wno-unused-function', '-Wno-unused-function',
] ],
}], }],
[ 'use_asan==1', { [ 'sanitizer_flags!=0', {
'variables': { 'cflags': ['<@(sanitizer_flags)'],
'asan_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py asan)', 'ldflags': ['<@(sanitizer_flags)'],
'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
},
'cflags': ['<@(asan_flags)'],
'ldflags': ['<@(asan_flags)'],
'ldflags!': ['<@(no_ldflags)'],
'xcode_settings': { 'xcode_settings': {
'OTHER_CFLAGS': ['<@(asan_flags)'], 'OTHER_CFLAGS': ['<@(sanitizer_flags)'],
'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
# We want to pass -fsanitize=... to our final link call, # We want to pass -fsanitize=... to our final link call,
# but not to libtool. OTHER_LDFLAGS is passed to both. # but not to libtool. OTHER_LDFLAGS is passed to both.
# To trick GYP into doing what we want, we'll piggyback on # To trick GYP into doing what we want, we'll piggyback on
# LIBRARY_SEARCH_PATHS, producing "-L/usr/lib -fsanitize=...". # LIBRARY_SEARCH_PATHS, producing "-L/usr/lib -fsanitize=...".
# The -L/usr/lib is redundant but innocuous: it's a default path. # The -L/usr/lib is redundant but innocuous: it's a default path.
'LIBRARY_SEARCH_PATHS': ['/usr/lib <(asan_flags)'], 'LIBRARY_SEARCH_PATHS': ['/usr/lib <(sanitizer_flags)'],
},
}],
[ 'use_ubsan!=0', {
'variables': {
'ubsan_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ubsan <(use_ubsan))',
'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
},
'cflags': ['<@(ubsan_flags)'],
'ldflags': ['<@(ubsan_flags)'],
'ldflags!': ['<@(no_ldflags)'],
'xcode_settings': {
'OTHER_CFLAGS': ['<@(ubsan_flags)'],
'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
# See comment above.
'LIBRARY_SEARCH_PATHS': ['/usr/lib <(ubsan_flags)'],
},
}],
[ 'use_msan==1', {
'variables': {
'msan_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py msan)',
'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
},
'cflags': ['<@(msan_flags)'],
'ldflags': ['<@(msan_flags)'],
'ldflags!': ['<@(no_ldflags)'],
'xcode_settings': {
'OTHER_CFLAGS': ['<@(msan_flags)'],
'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
# See comment above.
'LIBRARY_SEARCH_PATHS': ['/usr/lib <(msan_flags)'],
},
}],
[ 'use_sancov!=0', {
'variables': {
'sancov_flags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py sancov <(use_sancov))',
'no_ldflags': '<!(<(python) <(DEPTH)/coreconf/sanitizers.py ld)',
},
'cflags': ['<@(sancov_flags)'],
'ldflags': ['<@(sancov_flags)'],
'ldflags!': ['<@(no_ldflags)'],
'xcode_settings': {
'OTHER_CFLAGS': ['<@(sancov_flags)'],
'OTHER_LDFLAGS!': ['<@(no_ldflags)'],
# See comment above.
'LIBRARY_SEARCH_PATHS': ['/usr/lib <(sancov_flags)'],
}, },
}], }],
[ 'OS=="android" and mozilla_client==0', { [ 'OS=="android" and mozilla_client==0', {
......
...@@ -2,15 +2,23 @@ ...@@ -2,15 +2,23 @@
# This file is used by build.sh to setup fuzzing. # This file is used by build.sh to setup fuzzing.
gyp_params+=(-Dtest_build=1 -Dfuzz=1) gyp_params+=(-Dtest_build=1 -Dfuzz=1)
enable_sanitizer asan
enable_ubsan
enable_sancov
# Add debug symbols even for opt builds. # Add debug symbols even for opt builds.
nspr_params+=(--enable-debug-symbols) nspr_params+=(--enable-debug-symbols)
echo "fuzz [1/2] Cloning libFuzzer files ..." if [ "$fuzz_oss" = 1 ]; then
run_verbose "$cwd"/fuzz/clone_libfuzzer.sh gyp_params+=(-Dno_zdefs=1)
else
enable_sanitizer asan
enable_ubsan
enable_sancov
fi
echo "fuzz [2/2] Cloning fuzzing corpus ..." if [ "$fuzz_tls" = 1 ]; then
run_verbose "$cwd"/fuzz/clone_corpus.sh gyp_params+=(-Dfuzz_tls=1)
fi
if [ ! -f "/usr/lib/libFuzzingEngine.a" ]; then
echo "Cloning libFuzzer files ..."
run_verbose "$cwd"/fuzz/clone_libfuzzer.sh
fi
...@@ -14,12 +14,11 @@ if hash gmake 2>/dev/null; then ...@@ -14,12 +14,11 @@ if hash gmake 2>/dev/null; then
make() { command gmake "$@"; } make() { command gmake "$@"; }
fi fi
nspr_sanitizer() nspr_set_flags()
{ {
local extra=$(python $cwd/coreconf/sanitizers.py "$@") nspr_cflags="$CFLAGS $@"
nspr_cflags="$nspr_cflags $extra" nspr_cxxflags="$CXXFLAGS $@"
nspr_cxxflags="$nspr_cxxflags $extra" nspr_ldflags="$LDFLAGS $@"
nspr_ldflags="$nspr_ldflags $extra"
} }
nspr_build() nspr_build()
......
...@@ -5,7 +5,7 @@ import sys ...@@ -5,7 +5,7 @@ import sys
def main(): def main():
if len(sys.argv) < 2: if len(sys.argv) < 2:
raise Exception('Specify either "ld", asan", "msan", "sancov" or "ubsan" as argument.') raise Exception('Specify either "asan", "msan", "sancov" or "ubsan" as argument.')
sanitizer = sys.argv[1] sanitizer = sys.argv[1]
if sanitizer == "ubsan": if sanitizer == "ubsan":
...@@ -27,12 +27,7 @@ def main(): ...@@ -27,12 +27,7 @@ def main():
print('-fsanitize-coverage='+sys.argv[2]+' ', end='') print('-fsanitize-coverage='+sys.argv[2]+' ', end='')
return return
# We have to remove this from the ld flags when building asan. raise Exception('Specify either "asan", "msan", "sancov" or "ubsan" as argument.')
if sanitizer == "ld":
print('-Wl,-z,defs ', end='')
return
raise Exception('Specify either "ld", asan", "msan", "sancov" or "ubsan" as argument.')
if __name__ == '__main__': if __name__ == '__main__':
main() main()
#!/usr/bin/env bash #!/usr/bin/env bash
# This file is used by build.sh to setup sanitizers. # This file is used by build.sh to setup sanitizers.
sanitizer_flags=""
# This tracks what sanitizers are enabled, and their options. # This tracks what sanitizers are enabled, and their options.
declare -A sanitizers declare -A sanitizers
enable_sanitizer() enable_sanitizer()
...@@ -8,8 +10,13 @@ enable_sanitizer() ...@@ -8,8 +10,13 @@ enable_sanitizer()
local san="$1" local san="$1"
[ -n "${sanitizers[$san]}" ] && return [ -n "${sanitizers[$san]}" ] && return
sanitizers[$san]="${2:-1}" sanitizers[$san]="${2:-1}"
gyp_params+=(-Duse_"$san"="${2:-1}")
nspr_sanitizer "$san" "$2" if [ -z "$sanitizer_flags" ]; then
gyp_params+=(-Dno_zdefs=1)
fi
local cflags=$(python $cwd/coreconf/sanitizers.py "$@")
sanitizer_flags="$sanitizer_flags $cflags"
} }
enable_sancov() enable_sancov()
......
...@@ -4,39 +4,86 @@ ...@@ -4,39 +4,86 @@
{ {
'includes': [ 'includes': [
'../coreconf/config.gypi', '../coreconf/config.gypi',
'../cmd/platlibs.gypi'
], ],
'variables': {
'use_fuzzing_engine': '<!(test -f /usr/lib/libFuzzingEngine.a && echo 1 || echo 0)',
},
'target_defaults': {
'variables': {
'debug_optimization_level': '2',
},
'target_conditions': [
[ '_type=="executable"', {
'libraries!': [
'<@(nspr_libs)',
],
'libraries': [
'<(nss_dist_obj_dir)/lib/libplds4.a',
'<(nss_dist_obj_dir)/lib/libnspr4.a',
'<(nss_dist_obj_dir)/lib/libplc4.a',
],
}],
],
},
'targets': [ 'targets': [
{ {
'target_name': 'libFuzzer', 'target_name': 'fuzz_base',
'type': 'static_library', 'dependencies': [
'sources': [ '<(DEPTH)/lib/certdb/certdb.gyp:certdb',
'libFuzzer/FuzzerCrossOver.cpp', '<(DEPTH)/lib/certhigh/certhigh.gyp:certhi',
'libFuzzer/FuzzerDriver.cpp', '<(DEPTH)/lib/cryptohi/cryptohi.gyp:cryptohi',
'libFuzzer/FuzzerExtFunctionsDlsym.cpp', '<(DEPTH)/lib/base/base.gyp:nssb',
'libFuzzer/FuzzerExtFunctionsWeak.cpp', '<(DEPTH)/lib/dev/dev.gyp:nssdev',
'libFuzzer/FuzzerExtFunctionsWeakAlias.cpp', '<(DEPTH)/lib/pki/pki.gyp:nsspki',
'libFuzzer/FuzzerIO.cpp', '<(DEPTH)/lib/util/util.gyp:nssutil',
'libFuzzer/FuzzerIOPosix.cpp', '<(DEPTH)/lib/nss/nss.gyp:nss_static',
'libFuzzer/FuzzerIOWindows.cpp', '<(DEPTH)/lib/pk11wrap/pk11wrap.gyp:pk11wrap',
'libFuzzer/FuzzerLoop.cpp', ],
'libFuzzer/FuzzerMain.cpp', 'conditions': [
'libFuzzer/FuzzerMerge.cpp', ['use_fuzzing_engine==0', {
'libFuzzer/FuzzerMutate.cpp', 'type': 'static_library',
'libFuzzer/FuzzerSHA1.cpp', 'sources': [
'libFuzzer/FuzzerTracePC.cpp', 'libFuzzer/FuzzerCrossOver.cpp',
'libFuzzer/FuzzerTraceState.cpp', 'libFuzzer/FuzzerDriver.cpp',
'libFuzzer/FuzzerUtil.cpp', 'libFuzzer/FuzzerExtFunctionsDlsym.cpp',
'libFuzzer/FuzzerUtilDarwin.cpp', 'libFuzzer/FuzzerExtFunctionsWeak.cpp',
'libFuzzer/FuzzerUtilLinux.cpp', 'libFuzzer/FuzzerExtFunctionsWeakAlias.cpp',
'libFuzzer/FuzzerUtilPosix.cpp', 'libFuzzer/FuzzerIO.cpp',
'libFuzzer/FuzzerUtilWindows.cpp', 'libFuzzer/FuzzerIOPosix.cpp',
'libFuzzer/FuzzerIOWindows.cpp',
'libFuzzer/FuzzerLoop.cpp',
'libFuzzer/FuzzerMain.cpp',
'libFuzzer/FuzzerMerge.cpp',
'libFuzzer/FuzzerMutate.cpp',
'libFuzzer/FuzzerSHA1.cpp',
'libFuzzer/FuzzerTracePC.cpp',
'libFuzzer/FuzzerTraceState.cpp',
'libFuzzer/FuzzerUtil.cpp',
'libFuzzer/FuzzerUtilDarwin.cpp',
'libFuzzer/FuzzerUtilLinux.cpp',
'libFuzzer/FuzzerUtilPosix.cpp',
'libFuzzer/FuzzerUtilWindows.cpp',
],
'cflags/': [
['exclude', '-fsanitize-coverage'],
],
'xcode_settings': {
'OTHER_CFLAGS/': [
['exclude', '-fsanitize-coverage'],
],
},
'direct_dependent_settings': {
'include_dirs': [
'libFuzzer',
],
},
}, {
'type': 'none',
'direct_dependent_settings': {
'libraries': ['-lFuzzingEngine'],
}
}]
], ],
'direct_dependent_settings': {
'include_dirs': [
'libFuzzer',
],
}
}, },
{ {
'target_name': 'nssfuzz-cert', 'target_name': 'nssfuzz-cert',
...@@ -48,33 +95,33 @@ ...@@ -48,33 +95,33 @@
], ],
'dependencies': [ 'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/exports.gyp:nss_exports',
'libFuzzer', 'fuzz_base',
], ],
}, },
{ {
'target_name': 'nssfuzz-pkcs8', 'target_name': 'nssfuzz-spki',
'type': 'executable', 'type': 'executable',
'sources': [ 'sources': [
'asn1_mutators.cc', 'asn1_mutators.cc',
'spki_target.cc',
'initialize.cc', 'initialize.cc',
'pkcs8_target.cc',
], ],
'dependencies': [ 'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/exports.gyp:nss_exports',
'libFuzzer', 'fuzz_base',
], ],
}, },
{ {
'target_name': 'nssfuzz-spki', 'target_name': 'nssfuzz-pkcs8',
'type': 'executable', 'type': 'executable',
'sources': [ 'sources': [
'asn1_mutators.cc', 'asn1_mutators.cc',
'spki_target.cc',
'initialize.cc', 'initialize.cc',
'pkcs8_target.cc',
], ],
'dependencies': [ 'dependencies': [
'<(DEPTH)/exports.gyp:nss_exports', '<(DEPTH)/exports.gyp:nss_exports',
'libFuzzer', 'fuzz_base',
], ],
}, },
{ {
...@@ -82,25 +129,9 @@ ...@@ -82,25 +129,9 @@
'type': 'none', 'type': 'none',
'dependencies': [ 'dependencies': [
'nssfuzz-cert', 'nssfuzz-cert',
'nssfuzz-pkcs8',
'nssfuzz-spki', 'nssfuzz-spki',
] 'nssfuzz-pkcs8',
],
} }
], ],
'target_defaults': {
'variables': {
'debug_optimization_level': '2',
},
'cflags/': [
['exclude', '-fsanitize-coverage'],
],
'xcode_settings': {
'OTHER_CFLAGS/': [
['exclude', '-fsanitize-coverage'],
],
},
},
'variables': {
'module': 'nss',
}
} }
############################################## ##################################################
## ## ## ##
## WARNING: You're building with -Dfuzz=1 ## ## WARNING: You're building with -Dfuzz_tls=1 ##
## ## ## ##
## This means: ## ## This means: ##
## ## ## ##
## * Your PRNG is DETERMINISTIC. ## ## * Your PRNG is DETERMINISTIC. ##
## * TLS transcripts are PLAINTEXT. ## ## * TLS transcripts are PLAINTEXT. ##
## * TLS signature checks are DISABLED. ## ## * Session tickets are NOT encrypted. ##
## ## ## * TLS signature/MAC checks are DISABLED. ##
## Thank you for fuzzing! ## ## ##
## ## ## Thank you for fuzzing! ##
############################################## ## ##
##################################################
...@@ -14,7 +14,7 @@ ...@@ -14,7 +14,7 @@
'-lstdc++', '-lstdc++',
], ],
}], }],
[ 'fuzz==1', { [ 'fuzz_tls==1', {
'defines': [ 'defines': [
'UNSAFE_FUZZER_MODE', 'UNSAFE_FUZZER_MODE',
], ],
......
...@@ -225,7 +225,7 @@ ...@@ -225,7 +225,7 @@
}], }],
], ],
}], }],
[ 'fuzz==1', { [ 'fuzz_tls==1', {
'sources': [ 'sources': [
'det_rng.c', 'det_rng.c',
], ],
...@@ -391,7 +391,7 @@ ...@@ -391,7 +391,7 @@
'NSS_USE_COMBA', 'NSS_USE_COMBA',
], ],
}], }],
[ 'target_arch=="x64" and use_msan==0', { [ 'target_arch=="x64"', {
'defines': [ 'defines': [
'USE_HW_AES', 'USE_HW_AES',
'INTEL_GCM', 'INTEL_GCM',
......
...@@ -63,7 +63,7 @@ ...@@ -63,7 +63,7 @@
'NSS_SSL_ENABLE_ZLIB', 'NSS_SSL_ENABLE_ZLIB',
], ],
}], }],
[ 'fuzz==1', { [ 'fuzz_tls==1', {
'defines': [ 'defines': [
'UNSAFE_FUZZER_MODE', 'UNSAFE_FUZZER_MODE',
], ],
......
...@@ -241,7 +241,7 @@ ...@@ -241,7 +241,7 @@
}, },
], ],
}], }],
[ 'fuzz==1', { [ 'fuzz_tls==1', {
'targets': [ 'targets': [
{ {
'target_name': 'fuzz_warning', 'target_name': 'fuzz_warning',
...@@ -256,12 +256,16 @@ ...@@ -256,12 +256,16 @@
} }
], ],
}, },
],
}],
[ 'fuzz==1', {
'targets': [
{ {
'target_name': 'fuzz', 'target_name': 'fuzz',
'type': 'none', 'type': 'none',
'dependencies': [ 'dependencies': [
'fuzz/fuzz.gyp:nssfuzz', 'fuzz/fuzz.gyp:nssfuzz',
] ],
}, },
], ],
}], }],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment