From c63c01e0fea2150e81bc57897c2f430ebe46786c Mon Sep 17 00:00:00 2001 From: Kurt Roeckx Date: Thu, 15 Dec 2016 23:04:03 +0100 Subject: [PATCH] Openssl update (#190) * Openssl: Enable more configure options This enables all the options that are off by default but that we still want to test. * openssl: Enable undefined sanitizer. * openssl: Add the security security contact as auto Cc * openssl: bignum: limit to 2048 bytes --- projects/openssl/bignum.options | 2 ++ projects/openssl/build.sh | 3 ++- projects/openssl/project.yaml | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) create mode 100644 projects/openssl/bignum.options diff --git a/projects/openssl/bignum.options b/projects/openssl/bignum.options new file mode 100644 index 000000000..60bd9b0b2 --- /dev/null +++ b/projects/openssl/bignum.options @@ -0,0 +1,2 @@ +[libfuzzer] +max_len = 2048 diff --git a/projects/openssl/build.sh b/projects/openssl/build.sh index 9c691c8aa..fe3d2117b 100755 --- a/projects/openssl/build.sh +++ b/projects/openssl/build.sh @@ -15,7 +15,7 @@ # ################################################################################ -./config enable-fuzz-libfuzzer -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION no-shared --with-fuzzer-lib=/usr/lib/libFuzzingEngine $CFLAGS +./config enable-fuzz-libfuzzer -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION no-shared enable-tls1_3 enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers --with-fuzzer-lib=/usr/lib/libFuzzingEngine $CFLAGS -fno-sanitize=alignment make -j$(nproc) EX_LIBS="-ldl /usr/local/lib/libc++.a" fuzzers=$(find fuzz -executable -type f '!' -name \*.py '!' -name \*-test) @@ -25,3 +25,4 @@ for f in $fuzzers; do zip -j $OUT/${fuzzer}_seed_corpus.zip fuzz/corpora/${fuzzer}/* done +cp $SRC/*.options $OUT/ diff --git a/projects/openssl/project.yaml b/projects/openssl/project.yaml index 67fe2a22d..4038e54a2 100644 --- a/projects/openssl/project.yaml +++ b/projects/openssl/project.yaml @@ -1,2 +1,6 @@ homepage: "https://www.openssl.org/" primary_contact: "kurt@roeckx.be" +auto_ccs: "openssl-security@openssl.org" +sanitizers: + - address + - undefined