[bignum-fuzzer] BoringSSL vs. mbed TLS differential bignum fuzzing (#…

…1636) * Add BoringSSL+mbed TLS fuzzer * Fix BoringSSL UBSAN build * Set maximum bignum size to 100 decimals * Add BoringSSL team members to auto_ccs
google · Jul 23, 2018 · 14762cd · 14762cd
1 parent 17fdbc4
commit 14762cd
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 1 deletion.
diff --git a/projects/bignum-fuzzer/Dockerfile b/projects/bignum-fuzzer/Dockerfile
@@ -16,7 +16,7 @@
 
 FROM gcr.io/oss-fuzz-base/base-builder
 MAINTAINER guidovranken@gmail.com
-RUN apt-get update && apt-get install -y software-properties-common python-software-properties wget curl sudo mercurial autoconf bison texinfo libboost-all-dev
+RUN apt-get update && apt-get install -y software-properties-common python-software-properties wget curl sudo mercurial autoconf bison texinfo libboost-all-dev cmake
 RUN add-apt-repository -y ppa:gophers/archive && apt-get update && apt-get install -y golang-1.9-go
 RUN ln -s /usr/lib/go-1.9/bin/go /usr/bin/go
 
@@ -26,4 +26,6 @@ RUN curl -s https://static.rust-lang.org/rustup.sh | sh -s -- --channel=nightly
 RUN git clone --depth 1 https://github.com/guidovranken/bignum-fuzzer
 RUN git clone --depth 1 https://github.com/openssl/openssl
 RUN hg clone https://gmplib.org/repo/gmp/ libgmp/
+RUN git clone https://boringssl.googlesource.com/boringssl
+RUN git clone --depth 1 https://github.com/ARMmbed/mbedtls
 COPY build.sh $SRC/
diff --git a/projects/bignum-fuzzer/build.sh b/projects/bignum-fuzzer/build.sh
@@ -73,8 +73,39 @@ LIBFUZZER_LINK="-lFuzzingEngine" make
 # Copy OpenSSL/libgmp fuzzer to the designated location
 cp $SRC/bignum-fuzzer/fuzzer $OUT/fuzzer_openssl_libgmp_num_len_1200_all_operations_num_loops_1
 
+# Build mbedtls
+cd $SRC/mbedtls
+make lib -j$(nproc)
+
+# Build BoringSSL
+cd $SRC/boringssl
+mkdir build
+cd build
+cmake -DCMAKE_CXX_FLAGS="$CXXFLAGS" -DCMAKE_C_FLAGS="$CFLAGS" -DBORINGSSL_ALLOW_CXX_RUNTIME=1 ..
+make -j$(nproc)
+
+# Build BoringSSL module
+cd $SRC/bignum-fuzzer/modules/openssl
+make clean
+CFLAGS="$CFLAGS -DBIGNUM_FUZZER_BORINGSSL" OPENSSL_INCLUDE_PATH=$SRC/boringssl/include OPENSSL_LIBCRYPTO_A_PATH=$SRC/boringssl/build/crypto/libcrypto.a make
+
+# Build mbedtls module
+cd $SRC/bignum-fuzzer/modules/mbedtls
+MBEDTLS_LIBMBEDCRYPTO_A_PATH=$SRC/mbedtls/library/libmbedcrypto.a MBEDTLS_INCLUDE_PATH=$SRC/mbedtls/include make
+
+# Build BoringSSL/mbedtls fuzzer
+cd $SRC/bignum-fuzzer
+make clean
+./config-modules.sh boringssl mbedtls
+CXXFLAGS="$BASE_CXXFLAGS -DBNFUZZ_FLAG_NUM_LEN=100 -DBNFUZZ_FLAG_ALL_OPERATIONS=1 -DBNFUZZ_FLAG_NUM_LOOPS=1"
+LIBFUZZER_LINK="-lFuzzingEngine" make
+
+# Copy BoringSSL/mbedtls fuzzer to the designated location
+cp $SRC/bignum-fuzzer/fuzzer $OUT/fuzzer_boringssl_mbedtls_num_len_100_all_operations_num_loops_1
+
 # Copy seed corpora to the designated location
 cp $SRC/bignum-fuzzer/corpora/fuzzer_openssl_go_no_negative_num_len_1200_all_operations_seed_corpus.zip $OUT
 cp $SRC/bignum-fuzzer/corpora/fuzzer_openssl_rust_num_len_1200_all_operations_num_loops_1_seed_corpus.zip $OUT
 cp $SRC/bignum-fuzzer/corpora/fuzzer_openssl_cpp_boost_num_len_1200_all_operations_num_loops_1_seed_corpus.zip $OUT
 cp $SRC/bignum-fuzzer/corpora/fuzzer_openssl_libgmp_num_len_1200_all_operations_num_loops_1_seed_corpus.zip $OUT
+cp $SRC/bignum-fuzzer/corpora/fuzzer_boringssl_mbedtls_num_len_100_all_operations_num_loops_1_seed_corpus.zip $OUT
diff --git a/projects/bignum-fuzzer/project.yaml b/projects/bignum-fuzzer/project.yaml
@@ -9,3 +9,6 @@ auto_ccs:
     - "caswell.matt@googlemail.com"
     - "jz.maddock@gmail.com"
     - "jz.maddock@googlemail.com"
+    - "agl@google.com"
+    - "davidben@google.com"
+    - "svaldez@google.com"