From de5f04b08be69db9ffeba061fc69e7ebd6e9d9b3 Mon Sep 17 00:00:00 2001 From: Mike Aizatsky Date: Mon, 1 Aug 2016 14:14:13 -0700 Subject: [PATCH] [boringssl] initial checkin --- boringssl/Dockerfile | 23 ++++++++++++++++++ boringssl/Jenkinsfile | 26 ++++++++++++++++++++ boringssl/build.sh | 42 +++++++++++++++++++++++++++++++++ expat/build.sh | 2 +- infra/libfuzzer-pipeline.groovy | 14 +++++------ 5 files changed, 99 insertions(+), 8 deletions(-) create mode 100644 boringssl/Dockerfile create mode 100644 boringssl/Jenkinsfile create mode 100755 boringssl/build.sh diff --git a/boringssl/Dockerfile b/boringssl/Dockerfile new file mode 100644 index 000000000..6ee4741da --- /dev/null +++ b/boringssl/Dockerfile @@ -0,0 +1,23 @@ +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ + +FROM ossfuzz/base-libfuzzer +MAINTAINER mike.aizatsky@gmail.com + +RUN apt-get install -y cmake ninja-build golang +VOLUME /src/boringssl +CMD /src/oss-fuzz/boringssl/build.sh + diff --git a/boringssl/Jenkinsfile b/boringssl/Jenkinsfile new file mode 100644 index 000000000..bb7325bf1 --- /dev/null +++ b/boringssl/Jenkinsfile @@ -0,0 +1,26 @@ +// Copyright 2016 Google Inc. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// +//////////////////////////////////////////////////////////////////////////////// + +def libfuzzerPipeline = fileLoader.fromGit( + 'infra/libfuzzer-pipeline.groovy', + 'https://github.com/google/oss-fuzz.git', 'master', null, '') + +libfuzzerPipeline { + git = "https://boringssl.googlesource.com/boringssl" + dockerfile = "oss-fuzz/boringssl/Dockerfile" +} + + diff --git a/boringssl/build.sh b/boringssl/build.sh new file mode 100755 index 000000000..0b24acabd --- /dev/null +++ b/boringssl/build.sh @@ -0,0 +1,42 @@ +#!/bin/bash -eux +# +# Copyright 2016 Google Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# +################################################################################ +. /env + +mkdir -p /work/boringssl +cd /work/boringssl + +CFLAGS="$CFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE" +CXXFLAGS="$CXXFLAGS -DBORINGSSL_UNSAFE_FUZZER_MODE" + +cmake -GNinja -DCMAKE_C_COMPILER=$CC -DCMAKE_CXX_COMPILER=$CXX \ + -DCMAKE_C_FLAGS="$CFLAGS" -DCMAKE_CXX_FLAGS="$CXXFLAGS" \ + -DCMAKE_EXE_LINKER_FLAGS="$LDFLAGS" \ + /src/boringssl/ +ninja + +fuzzerFiles=$(find /src/boringssl/fuzz/ -name "*.cc") + +find . -name "*.a" + +for F in $fuzzerFiles; do + fuzzerName=$(basename $F .cc) + echo "Building fuzzer $fuzzerName" + $CXX $CXXFLAGS $LDFLAGS -std=c++11 -o /out/openssl_${fuzzerName} /work/libfuzzer/*.o $F \ + -I /src/boringssl/include ./ssl/libssl.a ./crypto/libcrypto.a +done + diff --git a/expat/build.sh b/expat/build.sh index 0a71fb7f7..e17192be8 100755 --- a/expat/build.sh +++ b/expat/build.sh @@ -8,5 +8,5 @@ cd /workspace/expat make clean all $CXX $CXXFLAGS $LDFLAGS -std=c++11 -Ilib/ \ - /src/oss-fuzz/expat/parse_fuzzer.cc -o /out/parse_fuzzer \ + /src/oss-fuzz/expat/parse_fuzzer.cc -o /out/expat_parse_fuzzer \ /work/libfuzzer/*.o .libs/libexpat.a diff --git a/infra/libfuzzer-pipeline.groovy b/infra/libfuzzer-pipeline.groovy index 6351fca53..e5c0deafc 100644 --- a/infra/libfuzzer-pipeline.groovy +++ b/infra/libfuzzer-pipeline.groovy @@ -50,13 +50,13 @@ def call(body) { def workspace = "$pwd/$sanitizer" def out = "$pwd/out/$sanitizer" - dir('oss-fuzz') { - git url: 'https://github.com/google/oss-fuzz.git' - } + dir('oss-fuzz') { + git url: 'https://github.com/google/oss-fuzz.git' + } - dir(checkoutDir) { - git url: gitUrl - } + dir(checkoutDir) { + git url: gitUrl + } sh "docker build -t $dockerTag -f $dockerfile ." @@ -64,7 +64,7 @@ def call(body) { def zipFile= "$projectName-$sanitizer-${date}.zip" sh "mkdir -p $out" - sh "docker run -v $workspace/$checkoutDir:/workspace -v $workspace/oss-fuzz:/src/oss-fuzz -v $out:/out -e sanitizer_flags=\"-fsanitize=$sanitizer\" -t $dockerTag" + sh "docker run -v $workspace/$checkoutDir:/src/$checkoutDir -v $workspace/oss-fuzz:/src/oss-fuzz -v $out:/out -e sanitizer_flags=\"-fsanitize=$sanitizer\" -t $dockerTag" sh "zip -j $zipFile $out/*" sh "gsutil cp $zipFile gs://clusterfuzz-builds/$projectName/" }