fuzz-checker.yml 2.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475
  1. # Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
  2. #
  3. # Licensed under the Apache License 2.0 (the "License"). You may not use
  4. # this file except in compliance with the License. You can obtain a copy
  5. # in the file LICENSE in the source distribution or at
  6. # https://www.openssl.org/source/license.html
  7. name: Fuzz-checker CI
  8. on: [push]
  9. permissions:
  10. contents: read
  11. jobs:
  12. fuzz-checker:
  13. strategy:
  14. fail-fast: false
  15. matrix:
  16. fuzzy: [
  17. {
  18. name: AFL,
  19. config: enable-fuzz-afl no-module,
  20. install: afl++-clang,
  21. cc: afl-clang-fast
  22. }, {
  23. name: libFuzzer,
  24. config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
  25. libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  26. install: libfuzzer-12-dev,
  27. cc: clang-12,
  28. linker: clang++-12,
  29. tests: -test_memleak
  30. }, {
  31. name: libFuzzer+,
  32. config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
  33. libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  34. extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
  35. install: libfuzzer-12-dev,
  36. cc: clang-12,
  37. linker: clang++-12,
  38. tests: -test_memleak
  39. }
  40. ]
  41. runs-on: ubuntu-latest
  42. steps:
  43. - name: install packages
  44. run: |
  45. sudo apt-get update
  46. sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
  47. - name: Adjust ASLR for sanitizer
  48. run: |
  49. sudo cat /proc/sys/vm/mmap_rnd_bits
  50. sudo sysctl -w vm.mmap_rnd_bits=28
  51. - uses: actions/checkout@v4
  52. - name: config
  53. run: |
  54. CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
  55. ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
  56. - name: config dump
  57. run: ./configdata.pm --dump
  58. - name: make with explicit linker
  59. if: matrix.fuzzy.linker != ''
  60. run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
  61. - name: make sans explicit linker
  62. if: matrix.fuzzy.linker == ''
  63. run: make -s -j4
  64. - name: make test restricted
  65. if: matrix.fuzzy.tests != ''
  66. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
  67. - name: make test all
  68. if: matrix.fuzzy.tests == ''
  69. run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}