.github/workflows/fuzz-checker.yml

   1 # Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
   2 #
   3 # Licensed under the Apache License 2.0 (the "License").  You may not use
   4 # this file except in compliance with the License.  You can obtain a copy
   5 # in the file LICENSE in the source distribution or at
   6 # https://www.openssl.org/source/license.html
   7
   8 name: Fuzz-checker CI
   9
  10 on: [push]
  11
  12 permissions:
  13   contents: read
  14
  15 jobs:
  16   fuzz-checker:
  17     strategy:
  18       fail-fast: false
  19       matrix:
  20         fuzzy: [
  21           {
  22             name: AFL,
  23             config: enable-fuzz-afl no-module,
  24             install: afl++-clang,
  25             cc: afl-clang-fast
  26           }, {
  27             name: libFuzzer,
  28             config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
  29             libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  30             install: libfuzzer-12-dev,
  31             cc: clang-12,
  32             linker: clang++-12,
  33             tests: -test_memleak
  34           }, {
  35             name: libFuzzer+,
  36             config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
  37             libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  38             extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
  39             install: libfuzzer-12-dev,
  40             cc: clang-12,
  41             linker: clang++-12,
  42             tests: -test_memleak
  43           }
  44         ]
  45     runs-on: ubuntu-latest
  46     steps:
  47     - name: install packages
  48       run: |
  49         sudo apt-get update
  50         sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
  51     - uses: actions/checkout@v4
  52
  53     - name: config
  54       run: |
  55         CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
  56             ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
  57
  58     - name: config dump
  59       run: ./configdata.pm --dump
  60     - name: make with explicit linker
  61       if: matrix.fuzzy.linker != ''
  62       run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
  63     - name: make sans explicit linker
  64       if: matrix.fuzzy.linker == ''
  65       run: make -s -j4
  66     - name: make test restricted
  67       if: matrix.fuzzy.tests != ''
  68       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
  69     - name: make test all
  70       if: matrix.fuzzy.tests == ''
  71       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}