diff --git a/projects/libfido2/Dockerfile b/projects/libfido2/Dockerfile new file mode 100644 index 000000000..0b6a1c7ed --- /dev/null +++ b/projects/libfido2/Dockerfile @@ -0,0 +1,25 @@ +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM gcr.io/oss-fuzz-base/base-builder +MAINTAINER g.kihlman@yubico.com +RUN apt-get update && apt-get install -y make autoconf automake libtool +RUN apt-get install -y cmake libudev-dev pkg-config chrpath +RUN git clone --branch v0.5.0 https://github.com/PJK/libcbor +RUN git clone --branch OpenSSL_1_1_1-stable https://github.com/openssl/openssl +RUN git clone https://github.com/Yubico/libfido2 +WORKDIR libfido2 +COPY build.sh $SRC/ diff --git a/projects/libfido2/build.sh b/projects/libfido2/build.sh new file mode 100755 index 000000000..3f000584a --- /dev/null +++ b/projects/libfido2/build.sh @@ -0,0 +1,69 @@ +#!/bin/bash -eu +# Copyright 2019 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +# Build libcbor, taken from oss-fuzz/projects/libcbor/build.sh +# Note SANITIZE=OFF since it gets taken care of by $CFLAGS set by oss-fuzz +cd ${SRC}/libcbor +patch -l -p0 < ${SRC}/libfido2/fuzz/README +mkdir build && cd build +cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_INSTALL_PREFIX=${WORK} -DSANITIZE=OFF .. +make -j$(nproc) VERBOSE=1 +make install + +# Build OpenSSL, taken from oss-fuzz/projects/openssl/build.sh +cd ${SRC}/openssl +CONFIGURE_FLAGS="" +if [[ ${SANITIZER} = memory ]] +then + CONFIGURE_FLAGS="no-asm" +fi +./config --debug no-tests ${CFLAGS} --prefix=${WORK} \ + --openssldir=${WORK}/openssl ${CONFIGURE_FLAGS} +make -j$(nproc) LDCMD="${CXX} ${CXXFLAGS}" +make install_sw + +# Building libfido2 with ${LIB_FUZZING_ENGINE} and chosen sanitizer +cd ${SRC}/libfido2 +mkdir build && cd build +cmake -DFUZZ=1 -DFUZZ_LDFLAGS=${LIB_FUZZING_ENGINE} \ + -DPKG_CONFIG_USE_CMAKE_PREFIX_PATH=1 \ + -DCMAKE_PREFIX_PATH=${WORK} \ + -DCMAKE_INSTALL_PREFIX=${WORK} \ + -DCMAKE_BUILD_TYPE=Debug .. +make -j$(nproc) +make install + +# Prepare ${OUT} with instrumented libs +mkdir -p ${OUT}/lib +for lib in `ls ${WORK}/lib/lib*.so*`; do + cp ${lib} ${OUT}/lib; +done + +# Fixup rpath in the fuzzers so they use our libs +for f in `ls fuzz/fuzz_*`; do + cp ${f} ${OUT}/ + fuzzer=$(basename $f) + chrpath -r '$ORIGIN/lib' ${OUT}/${fuzzer} +done + + # Prepare seed corpora +tar xzf ${SRC}/libfido2/fuzz/corpus.tgz +(set -e ; cd fuzz_assert/corpus ; zip -r ${OUT}/fuzz_assert_seed_corpus.zip .) +(set -e ; cd fuzz_bio/corpus ; zip -r ${OUT}/fuzz_bio_seed_corpus.zip .) +(set -e ; cd fuzz_cred/corpus ; zip -r ${OUT}/fuzz_cred_seed_corpus.zip .) +(set -e ; cd fuzz_credman/corpus ; zip -r ${OUT}/fuzz_credman_seed_corpus.zip .) +(set -e ; cd fuzz_mgmt/corpus ; zip -r ${OUT}/fuzz_mgmt_seed_corpus.zip .) diff --git a/projects/libfido2/project.yaml b/projects/libfido2/project.yaml new file mode 100644 index 000000000..1d65b74e5 --- /dev/null +++ b/projects/libfido2/project.yaml @@ -0,0 +1,10 @@ +homepage: https://github.com/Yubico/libfido2 +primary_contact: "g.kihlman@yubico.com" +auto_ccs: + - "pedro@ambientworks.net" + - "marissa.nishimoto@yubico.com" +sanitizers: + - address + - undefined +fuzzing_engines: + - libfuzzer