[thirdparty/openssl.git] / .github / workflows / fuzz-checker.yml

# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

name: Fuzz-checker CI

on: [push]

permissions:
  contents: read

jobs:
  fuzz-checker:
    strategy:
      fail-fast: false
      matrix:
        fuzzy: [
          {
            name: AFL,
            config: enable-fuzz-afl no-module,
            install: afl++-clang,
            cc: afl-clang-fast
          }, {
            name: libFuzzer,
            config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
            install: libfuzzer-12-dev,
            cc: clang-12,
            linker: clang++-12,
            tests: -test_memleak
          }, {
            name: libFuzzer+,
            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
            install: libfuzzer-12-dev,
            cc: clang-12,
            linker: clang++-12,
            tests: -test_memleak
          }
        ]
    runs-on: ubuntu-latest
    steps:
    - name: install packages
      run: |
        sudo apt-get update
        sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
    - name: Adjust ASLR for sanitizer
      run: |
        sudo cat /proc/sys/vm/mmap_rnd_bits
        sudo sysctl -w vm.mmap_rnd_bits=28
    - uses: actions/checkout@v4

    - name: config
      run: |
        CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
            ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}

    - name: config dump
      run: ./configdata.pm --dump
    - name: make with explicit linker
      if: matrix.fuzzy.linker != ''
      run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
    - name: make sans explicit linker
      if: matrix.fuzzy.linker == ''
      run: make -s -j4
    - name: get cpu info
      run: |
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test restricted
      if: matrix.fuzzy.tests != ''
      run: AFL_MAP_SIZE=120985 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
    - name: make test all
      if: matrix.fuzzy.tests == ''
      run: AFL_MAP_SIZE=120985 make test HARNESS_JOBS=${HARNESS_JOBS:-4}
Commit	Line	Data
da1c088f	1	# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
08d8c2d8 P	2	#
	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
	4	# this file except in compliance with the License. You can obtain a copy
	5	# in the file LICENSE in the source distribution or at
	6	# https://www.openssl.org/source/license.html
	7
f92bfddc P	8	name: Fuzz-checker CI
	9
	10	on: [push]
	11
c6e7f427 VS	12	permissions:
	13	contents: read
	14
f92bfddc P	15	jobs:
	16	fuzz-checker:
	17	strategy:
	18	fail-fast: false
	19	matrix:
	20	fuzzy: [
	21	{
	22	name: AFL,
	23	config: enable-fuzz-afl no-module,
	24	install: afl++-clang,
	25	cc: afl-clang-fast
	26	}, {
	27	name: libFuzzer,
83529f07	28	config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
aef6b828	29	libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
f92bfddc P	30	install: libfuzzer-12-dev,
	31	cc: clang-12,
	32	linker: clang++-12,
	33	tests: -test_memleak
	34	}, {
	35	name: libFuzzer+,
83529f07	36	config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
aef6b828	37	libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
f92bfddc P	38	extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
	39	install: libfuzzer-12-dev,
	40	cc: clang-12,
	41	linker: clang++-12,
	42	tests: -test_memleak
	43	}
	44	]
	45	runs-on: ubuntu-latest
	46	steps:
	47	- name: install packages
	48	run: \|
	49	sudo apt-get update
	50	sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
37cd49f5 NH	51	- name: Adjust ASLR for sanitizer
	52	run: \|
	53	sudo cat /proc/sys/vm/mmap_rnd_bits
	54	sudo sysctl -w vm.mmap_rnd_bits=28
d4231af6	55	- uses: actions/checkout@v4
f92bfddc P	56
	57	- name: config
	58	run: \|
	59	CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
	60	${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
	61
	62	- name: config dump
	63	run: ./configdata.pm --dump
	64	- name: make with explicit linker
	65	if: matrix.fuzzy.linker != ''
	66	run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
	67	- name: make sans explicit linker
	68	if: matrix.fuzzy.linker == ''
	69	run: make -s -j4
2d374e1c DM	70	- name: get cpu info
	71	run: \|
	72	cat /proc/cpuinfo
	73	./util/opensslwrap.sh version -c
f92bfddc P	74	- name: make test restricted
f92bfddc P	75	if: matrix.fuzzy.tests != ''
13ee569d	76	run: AFL_MAP_SIZE=120985 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
f92bfddc P	77	- name: make test all
f92bfddc P	78	if: matrix.fuzzy.tests == ''
13ee569d	79	run: AFL_MAP_SIZE=120985 make test HARNESS_JOBS=${HARNESS_JOBS:-4}