[third_party][boringssl] Limit unsafe lib visibiliaty
This CL restricts the fuzzed versions of libcrypto and libssl to only
be available to the fuzzers. It also tries to more gracefully handle
the name collision between the fuzzers_package template and the
generated .gni file.
Change-Id: I849c2406c1e574f34c591cbfc41a12a08ce02d8a
diff --git a/BUILD.gn b/BUILD.gn
index 08aaf32..37e77d2 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -53,12 +53,16 @@
}
source_set("crypto_unsafe") {
+ testonly = true
+ visibility = [ ":*" ]
sources = crypto_sources
public = crypto_headers
configs += [ ":fuzz_config" ]
}
source_set("ssl_unsafe") {
+ testonly = true
+ visibility = [ ":*" ]
sources = ssl_sources
public = ssl_headers
configs += [ ":fuzz_config" ]
@@ -177,17 +181,17 @@
################################################################################
# Fuzzers
+# Upstream BoringSSL defines a `fuzzers` global variable in the generated
+# GNI files; we rename it to avoid colliding with the similarly-named parameter
+# on the fuzzers_package.
+fuzzer_names = fuzzers
+
# Explicitly remove the arm_cpuinfo fuzzer, which tests Linux-specific routines
if (is_fuchsia) {
- fuzzers -= [ "arm_cpuinfo" ]
+ fuzzer_names -= [ "arm_cpuinfo" ]
}
-_boringssl_fuzzers = []
-foreach(name, fuzzers) {
- _boringssl_fuzzers += [ ":${name}_fuzzer" ]
-}
-
-foreach(name, fuzzers) {
+foreach(name, fuzzer_names) {
fuzzer("${name}_fuzzer") {
visibility = [ ":*" ]
sources = [
@@ -201,9 +205,11 @@
}
}
-fuzzers = []
fuzzers_package("boringssl_fuzzers") {
- fuzzers = _boringssl_fuzzers
+ fuzzers = []
+ foreach(name, fuzzer_names) {
+ fuzzers += [ ":${name}_fuzzer" ]
+ }
}
################################################################################