1#!/bin/sh -eux 2 3# Copyright (c) 2020-2024 Yubico AB. All rights reserved. 4# Use of this source code is governed by a BSD-style 5# license that can be found in the LICENSE file. 6# SPDX-License-Identifier: BSD-2-Clause 7 8LIBCBOR_URL="https://github.com/pjk/libcbor" 9LIBCBOR_TAG="v0.12.0" 10LIBCBOR_ASAN="address alignment bounds" 11LIBCBOR_MSAN="memory" 12OPENSSL_URL="https://github.com/openssl/openssl" 13OPENSSL_TAG="openssl-3.0.15" 14ZLIB_URL="https://github.com/madler/zlib" 15ZLIB_TAG="v1.3.1" 16ZLIB_ASAN="address alignment bounds undefined" 17ZLIB_MSAN="memory" 18FIDO2_ASAN="address bounds fuzzer-no-link implicit-conversion leak" 19FIDO2_ASAN="${FIDO2_ASAN} pointer-compare pointer-subtract undefined" 20FIDO2_MSAN="fuzzer-no-link memory" 21COMMON_CFLAGS="-g2 -fno-omit-frame-pointer" 22COMMON_CFLAGS="${COMMON_CFLAGS} -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" 23UBSAN_OPTIONS="halt_on_error=1:print_stacktrace=1:strict_string_checks=1" 24ASAN_OPTIONS="${UBSAN_OPTIONS}:detect_invalid_pointer_pairs=2:detect_leaks=1" 25MSAN_OPTIONS="${UBSAN_OPTIONS}" 26 27case "$1" in 28asan) 29 LIBCBOR_CFLAGS="-fsanitize=$(echo "${LIBCBOR_ASAN}" | tr ' ' ',')" 30 ZLIB_CFLAGS="-fsanitize=$(echo "${ZLIB_ASAN}" | tr ' ' ',')" 31 FIDO2_CFLAGS="-fsanitize=$(echo "${FIDO2_ASAN}" | tr ' ' ',')" 32 FIDO2_CFLAGS="${FIDO2_CFLAGS} -fsanitize-address-use-after-scope" 33 ;; 34msan) 35 LIBCBOR_CFLAGS="-fsanitize=$(echo "${LIBCBOR_MSAN}" | tr ' ' ',')" 36 ZLIB_CFLAGS="-fsanitize=$(echo "${ZLIB_MSAN}" | tr ' ' ',')" 37 FIDO2_CFLAGS="-fsanitize=$(echo "${FIDO2_MSAN}" | tr ' ' ',')" 38 FIDO2_CFLAGS="${FIDO2_CFLAGS} -fsanitize-memory-track-origins" 39 ;; 40*) 41 echo "unknown sanitiser \"$1\"" 1>&2 && exit 1 42esac 43 44${CC} --version 45WORKDIR="${WORKDIR:-$(pwd)}" 46FAKEROOT="${FAKEROOT:-$(mktemp -d)}" 47cd "${FAKEROOT}" 48 49# libcbor 50git clone --depth=1 "${LIBCBOR_URL}" -b "${LIBCBOR_TAG}" 51cd libcbor 52patch -p0 -s < "${WORKDIR}/fuzz/README" 53mkdir build 54(cd build && cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_BUILD_TYPE=Debug \ 55 -DCMAKE_C_FLAGS_DEBUG="${LIBCBOR_CFLAGS} ${COMMON_CFLAGS}" \ 56 -DCMAKE_INSTALL_LIBDIR=lib -DCMAKE_INSTALL_PREFIX="${FAKEROOT}" \ 57 -DSANITIZE=OFF ..) 58make VERBOSE=1 -j"$(nproc)" -C build all install 59cd - 60 61# openssl 62git clone --depth=1 "${OPENSSL_URL}" -b "${OPENSSL_TAG}" 63cd openssl 64./Configure linux-x86_64-clang "enable-$1" --prefix="${FAKEROOT}" \ 65 --openssldir="${FAKEROOT}/openssl" --libdir=lib 66make -j"$(nproc)" build_sw 67make install_sw 68cd - 69 70# zlib 71git clone --depth=1 "${ZLIB_URL}" -b "${ZLIB_TAG}" 72cd zlib 73CFLAGS="${ZLIB_CFLAGS}" LDFLAGS="${ZLIB_CFLAGS}" ./configure \ 74 --prefix="${FAKEROOT}" 75make -j"$(nproc)" install 76cd - 77 78# libfido2 79mkdir build 80export PKG_CONFIG_PATH="${FAKEROOT}/lib/pkgconfig" 81(cd build && cmake -DCMAKE_BUILD_TYPE=Debug \ 82 -DCMAKE_C_FLAGS_DEBUG="${FIDO2_CFLAGS} ${COMMON_CFLAGS}" -DFUZZ=ON \ 83 -DFUZZ_LDFLAGS="-fsanitize=fuzzer" "${WORKDIR}") 84make -j"$(nproc)" -C build 85 86# fuzz 87mkdir corpus 88curl -s https://storage.googleapis.com/yubico-libfido2/corpus.tgz | 89 tar -C corpus -zxf - 90export UBSAN_OPTIONS ASAN_OPTIONS MSAN_OPTIONS 91for f in assert attobj bio cred credman hid largeblob mgmt netlink pcsc; do 92 build/fuzz/fuzz_${f} -use_value_profile=1 -reload=30 -print_pcs=1 \ 93 -print_funcs=30 -timeout=10 -runs=1 corpus/fuzz_${f} 94done 95