building.md

Building Cryptofuzz

There are three main steps in building Cryptofuzz to begin fuzzing:

1. Generating Cryptofuzz Headers
2. Building Cryptographic Libraries and Cryptofuzz Modules
3. Building Cryptofuzz

1. Generating Cryptofuzz Headers

Run:

./gen_repository.py

to generate look-up tables required for the compilation of Cryptofuzz.

If you don't, you'll typically see an error message like:

include/cryptofuzz/repository.h:23:10: fatal error: ../../repository_tbl.h: No such file or directory
   23 | #include "../../repository_tbl.h"
      |          ^~~~~~~~~~~~~~~~~~~~~~~~

2. Building Cryptographic Libraries and Cryptofuzz Modules

Refer to the following documentation for building your desired set of libraries. Note that Cryptofuzz is built around differential fuzzing; having multiple libraries for a given primitive is helpful in finding bugs.

Cryptofuzz uses libfuzzer and the related -fsantize=fuzzer flags which are only supported by clang. If your machine's default compiler is not clang you will need to override the CC and CXX variables for building the cryptofuzz modules and cryptofuzz itself.

export CC=clang
export CXX=clang++

When building Cryptofuzz and cryptographic libraries, the suggested compilation flags are:

export CFLAGS="-fsanitize=address,undefined,fuzzer-no-link -O2 -g"
export CXXFLAGS="-fsanitize=address,undefined,fuzzer-no-link -D_GLIBCXX_DEBUG -O2 -g"

Some libraries might also require -Wl,--unresolved-symbols=ignore-all in order to build successfully.

Available library-specific build instructions:

• OpenSSL, LibreSSL, BoringSSL
• Botan
• Crypto++
• NSS
• wolfCrypt
• mbedTLS
• libtomcrypt
• libgmp
• mpdecimal
• libsodium
• libgcrypt
• Linux crypto api
• SymCrypt
• bn.js
• bignumber.js
• crypto-js
• sjcl
• Ring

3. Building Cryptofuzz

Set the fuzzing engine link:

export LIBFUZZER_LINK="-fsanitize=fuzzer"

Then, build Cryptofuzz:

make