replace `fuzztarget` Cargo feature with a rustc --cfg flag

It's super dangerous to use Cargo features for this, since they can be set
accidentally (or maliciously by any crate in a user's entire dep tree). Instead
we can just require users set `RUSTFLAGS` appropriately, which we can easily
do in our fuzzing scripts.
This commit is contained in:
Andrew Poelstra 2020-12-22 15:42:02 +00:00
parent d77483f00e
commit 85075a654c
6 changed files with 20 additions and 15 deletions

View File

@ -26,9 +26,6 @@ endomorphism = ["secp256k1-sys/endomorphism"]
lowmemory = ["secp256k1-sys/lowmemory"]
global-context = ["std", "rand-std"]
# Do not use this feature! HAZMAT. (meant for Fuzzing only. this is *BROKEN CRYPTOGRAPHY*)
fuzztarget = ["secp256k1-sys/fuzztarget"]
[dependencies]
secp256k1-sys = { version = "0.3.1", default-features = false, path = "./secp256k1-sys" }
bitcoin_hashes = { version = "0.9", optional = true }

View File

@ -35,3 +35,12 @@ before_script:
cargo generate-lockfile --verbose && cargo update -p cc --precise "1.0.41" --verbose;
fi
```
## Fuzzing
If you want to fuzz this library, or any library which depends on it, you will
probably want to disable the actual cryptography, since fuzzers are unable to
forge signatures and therefore won't test many interesting codepaths. To instead
use a trivially-broken but fuzzer-accessible signature scheme, compile with
`--cfg=rust_secp_fuzz` in your `RUSTFLAGS` variable.

View File

@ -31,8 +31,8 @@ if [ "$DO_FEATURE_MATRIX" = true ]; then
done
# Other combos
cargo test --no-run --verbose --features="fuzztarget"
cargo test --no-run --verbose --features="fuzztarget recovery"
RUSTFLAGS='--cfg=rust_secp_fuzz' cargo test --no-run --verbose
RUSTFLAGS='--cfg=rust_secp_fuzz' cargo test --no-run --verbose --features="recovery"
cargo test --verbose --features="rand rand-std"
cargo test --verbose --features="rand serde"

View File

@ -31,5 +31,3 @@ endomorphism = []
lowmemory = []
std = []
# Do not use this feature! HAZMAT. (meant for Fuzzing only. this is *BROKEN CRYPTOGRAPHY*)
fuzztarget = []

View File

@ -93,7 +93,7 @@ pub type SchnorrNonceFn = unsafe extern "C" fn(
#[derive(Clone, Debug)]
#[repr(C)] pub struct Context(c_int);
#[cfg(feature = "fuzztarget")]
#[cfg(rust_secp_fuzz)]
impl Context {
pub fn flags(&self) -> u32 {
self.0 as u32
@ -260,7 +260,7 @@ impl hash::Hash for KeyPair {
}
}
#[cfg(not(feature = "fuzztarget"))]
#[cfg(not(rust_secp_fuzz))]
extern "C" {
/// Default ECDH hash function
#[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdh_hash_function_default")]
@ -674,7 +674,7 @@ impl<T> CPtr for [T] {
#[cfg(feature = "fuzztarget")]
#[cfg(rust_secp_fuzz)]
mod fuzz_dummy {
extern crate std;
use self::std::{ptr, mem};
@ -1156,7 +1156,8 @@ mod fuzz_dummy {
unimplemented!();
}
}
#[cfg(feature = "fuzztarget")]
#[cfg(rust_secp_fuzz)]
pub use self::fuzz_dummy::*;

View File

@ -16,7 +16,7 @@
//! # FFI of the recovery module
use ::types::*;
#[cfg(not(feature = "fuzztarget"))]
#[cfg(not(rust_secp_fuzz))]
use ::{Context, Signature, NonceFn, PublicKey};
/// Library-internal representation of a Secp256k1 signature + recovery ID
@ -36,7 +36,7 @@ impl Default for RecoverableSignature {
}
}
#[cfg(not(feature = "fuzztarget"))]
#[cfg(not(rust_secp_fuzz))]
extern "C" {
#[cfg_attr(not(rust_secp_no_symbol_renaming), link_name = "rustsecp256k1_v0_3_1_ecdsa_recoverable_signature_parse_compact")]
pub fn secp256k1_ecdsa_recoverable_signature_parse_compact(cx: *const Context, sig: *mut RecoverableSignature,
@ -70,7 +70,7 @@ extern "C" {
}
#[cfg(feature = "fuzztarget")]
#[cfg(rust_secp_fuzz)]
mod fuzz_dummy {
extern crate std;
use self::std::ptr;
@ -126,6 +126,6 @@ mod fuzz_dummy {
unimplemented!();
}
}
#[cfg(feature = "fuzztarget")]
#[cfg(rust_secp_fuzz)]
pub use self::fuzz_dummy::*;