Openssl update (#190)

* Openssl: Enable more configure options This enables all the options that are off by default but that we still want to test. * openssl: Enable undefined sanitizer. * openssl: Add the security security contact as auto Cc * openssl: bignum: limit to 2048 bytes
2016-12-15 23:04:03 +01:00 · 2016-12-15 23:04:03 +01:00 · c63c01e0fe
parent e4c8ca54d6
commit c63c01e0fe
3 changed files with 8 additions and 1 deletions
--- a/projects/openssl/bignum.options
+++ b/projects/openssl/bignum.options
@ -0,0 +1,2 @@
+[libfuzzer]
+max_len = 2048
--- a/projects/openssl/build.sh
+++ b/projects/openssl/build.sh
@ -15,7 +15,7 @@
 #
 ################################################################################

-./config enable-fuzz-libfuzzer -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION no-shared --with-fuzzer-lib=/usr/lib/libFuzzingEngine $CFLAGS
+./config enable-fuzz-libfuzzer -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION no-shared enable-tls1_3 enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers --with-fuzzer-lib=/usr/lib/libFuzzingEngine $CFLAGS -fno-sanitize=alignment
 make -j$(nproc) EX_LIBS="-ldl /usr/local/lib/libc++.a"

 fuzzers=$(find fuzz -executable -type f '!' -name \*.py '!' -name \*-test)
@ -25,3 +25,4 @@ for f in $fuzzers; do
 	zip -j $OUT/${fuzzer}_seed_corpus.zip fuzz/corpora/${fuzzer}/*
 done

+cp $SRC/*.options $OUT/
--- a/projects/openssl/project.yaml
+++ b/projects/openssl/project.yaml
@ -1,2 +1,6 @@
 homepage: "https://www.openssl.org/"
 primary_contact: "kurt@roeckx.be"
+auto_ccs: "openssl-security@openssl.org"
+sanitizers:
+  - address
+  - undefined