fuzz-checker.yml 2.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071
  1. # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
  2. #
  3. # Licensed under the Apache License 2.0 (the "License"). You may not use
  4. # this file except in compliance with the License. You can obtain a copy
  5. # in the file LICENSE in the source distribution or at
  6. # https://www.openssl.org/source/license.html
  7. name: Fuzz-checker CI
  8. on: [push]
  9. permissions:
  10. contents: read
  11. jobs:
  12. fuzz-checker:
  13. strategy:
  14. fail-fast: false
  15. matrix:
  16. fuzzy: [
  17. {
  18. name: AFL,
  19. config: enable-fuzz-afl no-module,
  20. install: afl++-clang,
  21. cc: afl-clang-fast
  22. }, {
  23. name: libFuzzer,
  24. config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
  25. libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  26. install: libfuzzer-12-dev,
  27. cc: clang-12,
  28. linker: clang++-12,
  29. tests: -test_memleak
  30. }, {
  31. name: libFuzzer+,
  32. config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
  33. libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  34. extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
  35. install: libfuzzer-12-dev,
  36. cc: clang-12,
  37. linker: clang++-12,
  38. tests: -test_memleak
  39. }
  40. ]
  41. runs-on: ubuntu-latest
  42. steps:
  43. - name: install packages
  44. run: |
  45. sudo apt-get update
  46. sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
  47. - uses: actions/checkout@v3
  48. - name: config
  49. run: |
  50. CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
  51. ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
  52. - name: config dump
  53. run: ./configdata.pm --dump
  54. - name: make with explicit linker
  55. if: matrix.fuzzy.linker != ''
  56. run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
  57. - name: make sans explicit linker
  58. if: matrix.fuzzy.linker == ''
  59. run: make -s -j4
  60. - name: make test restricted
  61. if: matrix.fuzzy.tests != ''
  62. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
  63. - name: make test all
  64. if: matrix.fuzzy.tests == ''
  65. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}