From d85cda3b740a2385eb5f11d6da8b08a33a8ec90a Mon Sep 17 00:00:00 2001 From: Guido Vranken Date: Wed, 18 Jan 2023 13:52:45 +0100 Subject: [PATCH] [wolfssl, cryptofuzz] Build wolfCrypt with small elliptic curves (#9438) Build wolfCrypt with all supported elliptic curves smaller than the default of 224 bits. --- projects/cryptofuzz/build.sh | 2 +- projects/wolfssl/build.sh | 26 ++++++++++++-------------- 2 files changed, 13 insertions(+), 15 deletions(-) diff --git a/projects/cryptofuzz/build.sh b/projects/cryptofuzz/build.sh index 0452fcd04c0b..d8956cc3d17e 100755 --- a/projects/cryptofuzz/build.sh +++ b/projects/cryptofuzz/build.sh @@ -511,7 +511,7 @@ cd $SRC/wolfssl export CFLAGS="$CFLAGS -DHAVE_AES_ECB -DWOLFSSL_DES_ECB -DHAVE_ECC_SECPR2 -DHAVE_ECC_SECPR3 -DHAVE_ECC_BRAINPOOL -DHAVE_ECC_KOBLITZ -DWOLFSSL_ECDSA_SET_K -DWOLFSSL_ECDSA_SET_K_ONE_LOOP" autoreconf -ivf -export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-aessiv --enable-shake256 --enable-curve25519 --enable-curve448 --disable-crypttests --disable-examples --enable-keygen --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-aesgcm-stream --enable-shake128 --enable-siphash --enable-eccsi" +export WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-aesccm --enable-aesctr --enable-hc128 --enable-xts --enable-des3 --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-aessiv --enable-shake256 --enable-curve25519 --enable-curve448 --disable-crypttests --disable-examples --enable-keygen --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-aesgcm-stream --enable-shake128 --enable-siphash --enable-eccsi --with-eccminsz=0" if [[ $CFLAGS = *sanitize=memory* ]] then diff --git a/projects/wolfssl/build.sh b/projects/wolfssl/build.sh index 82b4b2ee5fe5..3b008a69ad7d 100755 --- a/projects/wolfssl/build.sh +++ b/projects/wolfssl/build.sh @@ -18,8 +18,7 @@ if [[ $CFLAGS != *sanitize=dataflow* ]] then cd $SRC/wolfssl/ - git fetch origin pull/5972/head:pr5972 && git checkout pr5972 - WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-aesccm --enable-aesctr --enable-xts --enable-des3 --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-aessiv --enable-keygen --enable-curve25519 --enable-curve448 --enable-shake256 --disable-crypttests --disable-examples --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-aesgcm-stream --enable-smallstack --enable-ed25519-stream --enable-ed448-stream --enable-aesgcm-stream --enable-shake128 --enable-siphash --enable-eccsi" + WOLFCRYPT_CONFIGURE_PARAMS="--enable-static --enable-md2 --enable-md4 --enable-ripemd --enable-blake2 --enable-blake2s --enable-pwdbased --enable-scrypt --enable-hkdf --enable-cmac --enable-arc4 --enable-camellia --enable-aesccm --enable-aesctr --enable-xts --enable-des3 --enable-x963kdf --enable-harden --enable-aescfb --enable-aesofb --enable-aeskeywrap --enable-aessiv --enable-keygen --enable-curve25519 --enable-curve448 --enable-shake256 --disable-crypttests --disable-examples --enable-compkey --enable-ed448 --enable-ed25519 --enable-ecccustcurves --enable-xchacha --enable-cryptocb --enable-eccencrypt --enable-aesgcm-stream --enable-smallstack --enable-ed25519-stream --enable-ed448-stream --enable-aesgcm-stream --enable-shake128 --enable-siphash --enable-eccsi --with-eccminsz=0" if [[ $CFLAGS = *sanitize=memory* ]] then WOLFCRYPT_CONFIGURE_PARAMS="$WOLFCRYPT_CONFIGURE_PARAMS --disable-asm" @@ -33,7 +32,18 @@ then CFLAGS="" CXXFLAGS="" ./b2 headers cp -R boost/ /usr/include/ + # Build Botan export CXXFLAGS="$CXXFLAGS -DCRYPTOFUZZ_BOTAN_IS_ORACLE" + cd $SRC/botan + if [[ $CFLAGS != *-m32* ]] + then + ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation + else + ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation + fi + make -j$(nproc) + export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" + export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" OLD_CFLAGS="$CFLAGS" OLD_CXXFLAGS="$CXXFLAGS" @@ -100,18 +110,6 @@ then echo -n 'ECCSI_Verify ' >>extra_options.h echo -n '"' >>extra_options.h - # Build Botan - cd $SRC/botan - if [[ $CFLAGS != *-m32* ]] - then - ./configure.py --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation - else - ./configure.py --cpu=x86_32 --cc-bin=$CXX --cc-abi-flags="$CXXFLAGS" --disable-shared --disable-modules=locking_allocator --build-targets=static --without-documentation - fi - make -j$(nproc) - export LIBBOTAN_A_PATH="$SRC/botan/libbotan-3.a" - export BOTAN_INCLUDE_PATH="$SRC/botan/build/include" - # Build normal math fuzzer cp -R $SRC/cryptofuzz/ $SRC/cryptofuzz-normal-math/ cp -R $SRC/wolfssl/ $SRC/wolfssl-normal-math/