Browse Source

CI: add last run-checker fuzzing CIs to Actions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16438)
Pauli 2 years ago
parent
commit
f92bfddc1d
1 changed files with 61 additions and 0 deletions
  1. 61 0
      .github/workflows/fuzz-checker.yml

+ 61 - 0
.github/workflows/fuzz-checker.yml

@@ -0,0 +1,61 @@
+name: Fuzz-checker CI
+
+on: [push]
+
+jobs:
+  fuzz-checker:
+    strategy:
+      fail-fast: false
+      matrix:
+        fuzzy: [
+          {
+            name: AFL,
+            config: enable-fuzz-afl no-module,
+            install: afl++-clang,
+            cc: afl-clang-fast
+          }, {
+            name: libFuzzer,
+            config: enable-fuzz-libfuzzer -DPEDANTIC enable-asan enable-ubsan,
+            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/lib/llvm-12/build/lib/clang/12.0.0/include/fuzzer,
+            install: libfuzzer-12-dev,
+            cc: clang-12,
+            linker: clang++-12,
+            tests: -test_memleak
+          }, {
+            name: libFuzzer+,
+            config: enable-fuzz-libfuzzer -DPEDANTIC enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
+            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/lib/llvm-12/build/lib/clang/12.0.0/include/fuzzer,
+            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
+            install: libfuzzer-12-dev,
+            cc: clang-12,
+            linker: clang++-12,
+            tests: -test_memleak
+          }
+        ]
+    runs-on: ubuntu-latest
+    steps:
+    - name: install packages
+      run: |
+        sudo apt-get update
+        sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
+    - uses: actions/checkout@v2
+
+    - name: config
+      run: |
+        CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
+            ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
+
+    - name: config dump
+      run: ./configdata.pm --dump
+    - name: make with explicit linker
+      if: matrix.fuzzy.linker != ''
+      run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
+    - name: make sans explicit linker
+      if: matrix.fuzzy.linker == ''
+      run: make -s -j4
+    - name: make test restricted
+      if: matrix.fuzzy.tests != ''
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
+    - name: make test all
+      if: matrix.fuzzy.tests == ''
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}