]>
Commit | Line | Data |
---|---|---|
da1c088f | 1 | # Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved. |
08d8c2d8 P |
2 | # |
3 | # Licensed under the Apache License 2.0 (the "License"). You may not use | |
4 | # this file except in compliance with the License. You can obtain a copy | |
5 | # in the file LICENSE in the source distribution or at | |
6 | # https://www.openssl.org/source/license.html | |
7 | ||
f92bfddc P |
8 | name: Fuzz-checker CI |
9 | ||
10 | on: [push] | |
11 | ||
c6e7f427 VS |
12 | permissions: |
13 | contents: read | |
14 | ||
f92bfddc P |
15 | jobs: |
16 | fuzz-checker: | |
17 | strategy: | |
18 | fail-fast: false | |
19 | matrix: | |
20 | fuzzy: [ | |
21 | { | |
22 | name: AFL, | |
23 | config: enable-fuzz-afl no-module, | |
24 | install: afl++-clang, | |
25 | cc: afl-clang-fast | |
26 | }, { | |
27 | name: libFuzzer, | |
83529f07 | 28 | config: enable-fuzz-libfuzzer enable-asan enable-ubsan, |
aef6b828 | 29 | libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer, |
f92bfddc P |
30 | install: libfuzzer-12-dev, |
31 | cc: clang-12, | |
32 | linker: clang++-12, | |
33 | tests: -test_memleak | |
34 | }, { | |
35 | name: libFuzzer+, | |
83529f07 | 36 | config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, |
aef6b828 | 37 | libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer, |
f92bfddc P |
38 | extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg, |
39 | install: libfuzzer-12-dev, | |
40 | cc: clang-12, | |
41 | linker: clang++-12, | |
42 | tests: -test_memleak | |
43 | } | |
44 | ] | |
45 | runs-on: ubuntu-latest | |
46 | steps: | |
47 | - name: install packages | |
48 | run: | | |
49 | sudo apt-get update | |
50 | sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }} | |
37cd49f5 NH |
51 | - name: Adjust ASLR for sanitizer |
52 | run: | | |
53 | sudo cat /proc/sys/vm/mmap_rnd_bits | |
54 | sudo sysctl -w vm.mmap_rnd_bits=28 | |
d4231af6 | 55 | - uses: actions/checkout@v4 |
f92bfddc P |
56 | |
57 | - name: config | |
58 | run: | | |
59 | CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \ | |
60 | ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }} | |
61 | ||
62 | - name: config dump | |
63 | run: ./configdata.pm --dump | |
64 | - name: make with explicit linker | |
65 | if: matrix.fuzzy.linker != '' | |
66 | run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4 | |
67 | - name: make sans explicit linker | |
68 | if: matrix.fuzzy.linker == '' | |
69 | run: make -s -j4 | |
2d374e1c DM |
70 | - name: get cpu info |
71 | run: | | |
72 | cat /proc/cpuinfo | |
73 | ./util/opensslwrap.sh version -c | |
f92bfddc P |
74 | - name: make test restricted |
75 | if: matrix.fuzzy.tests != '' | |
13ee569d | 76 | run: AFL_MAP_SIZE=120985 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}" |
f92bfddc P |
77 | - name: make test all |
78 | if: matrix.fuzzy.tests == '' | |
13ee569d | 79 | run: AFL_MAP_SIZE=120985 make test HARNESS_JOBS=${HARNESS_JOBS:-4} |