mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
b646179229
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
80 lines
2.8 KiB
YAML
80 lines
2.8 KiB
YAML
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
|
#
|
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
# this file except in compliance with the License. You can obtain a copy
|
|
# in the file LICENSE in the source distribution or at
|
|
# https://www.openssl.org/source/license.html
|
|
|
|
name: Fuzz-checker CI
|
|
|
|
on: [push]
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
fuzz-checker:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
fuzzy: [
|
|
{
|
|
name: AFL,
|
|
config: enable-fuzz-afl no-module,
|
|
install: afl++-clang,
|
|
cc: afl-clang-fast
|
|
}, {
|
|
name: libFuzzer,
|
|
config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
|
|
libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
|
|
install: libfuzzer-12-dev,
|
|
cc: clang-12,
|
|
linker: clang++-12,
|
|
tests: -test_memleak
|
|
}, {
|
|
name: libFuzzer+,
|
|
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
|
|
libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
|
|
extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
|
|
install: libfuzzer-12-dev,
|
|
cc: clang-12,
|
|
linker: clang++-12,
|
|
tests: -test_memleak
|
|
}
|
|
]
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: install packages
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
|
|
- name: Adjust ASLR for sanitizer
|
|
run: |
|
|
sudo cat /proc/sys/vm/mmap_rnd_bits
|
|
sudo sysctl -w vm.mmap_rnd_bits=28
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: config
|
|
run: |
|
|
CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
|
|
${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
|
|
|
|
- name: config dump
|
|
run: ./configdata.pm --dump
|
|
- name: make with explicit linker
|
|
if: matrix.fuzzy.linker != ''
|
|
run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
|
|
- name: make sans explicit linker
|
|
if: matrix.fuzzy.linker == ''
|
|
run: make -s -j4
|
|
- name: get cpu info
|
|
run: |
|
|
cat /proc/cpuinfo
|
|
./util/opensslwrap.sh version -c
|
|
- name: make test restricted
|
|
if: matrix.fuzzy.tests != ''
|
|
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
|
|
- name: make test all
|
|
if: matrix.fuzzy.tests == ''
|
|
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|