The default branch of https://github.com/ARMmbed/mbedtls is about to
change to point to the work on the next major release (3.0). We expect
frequent API changes during that time. Switch fuzzers to run on the
stable major version of Mbed TLS (2.x) during the transition period.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
* [cryptofuzz, bignum-fuzzer] Fix AFL++ builds
* [cryptofuzz, bignum-fuzzer] Don't build Golang
Because it's already part of the base image.
* [cryptofuzz, bignum-fuzzer] Retrigger CI
Update the primary contact addresss and website in the Mbed TLS
project file.
Also update the Mbed TLS cc address in the bignum-fuzzer project
file.
Signed-off-by: Dan Handley <dan.handley@arm.com>
[bignum-fuzzer] Mbed TLS no longer has an mbed-crypto submodule
Mbed TLS has gone back to being self-contained, without a separate
submodule for the cryptography part of the library. Revert the
bignum-fuzzer build scripts accordingly.
This reverts commit 54733ddc84.
* [presubmit] Enforce language attribute in projectt.yaml to be always set.
* Update documentation, better presubmit check, new project template.
* add docstring to templates.py
* Add example values in the project.yaml template and remove python value for now
* Add "project: c++" to 256 projects
* format
* Add labels and selective_unpack sections to the presubmit check
* fix incorrect auto_ccs format in three projects
* fix nss emails after rebase
* [bignum-fuzzer] Clone Mbed TLS recursively
The cryptography library of Mbed TLS has been moved to a separate
repository. It is now included into the project as a git submodule and
therefore we need to clone Mbed TLS recursively.
* [bignum-fuzzer] Use new Mbed TLS library location
The bignum module in Mbed TLS as part of the cryptography library has
been moved to a new location. This commit sets the corresponding paths
to their new values.
* [cryptofuzz] EverCrypt: Don't explicitly allow AVX instructions
Recent crashes involving EverCrypt were found to be caused by
AVX instructions in the EverCrypt library. The Makefile explicitly
allowed the use of AVX instructions via hardcoded CFLAGS. The authors
have released a new version that should resolve this problem.
* [cryptofuzz, bignum-fuzzer] Revert to default OpenSSL build method
Reverts the workaround for OpenSSL broken build script, which is
now fixed.
* [cryptofuzz] Compile with -D_GLIBCXX_DEBUG (runtime C++ UB checks)
This activates assert()s across the library that might help to detect
issues that other safeguards (sanitizers, differential testing)
aren't capable of.
jonathanmetzman