.github/workflows/fuzz-checker.yml

   1 # Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
   2 #
   3 # Licensed under the Apache License 2.0 (the "License").  You may not use
   4 # this file except in compliance with the License.  You can obtain a copy
   5 # in the file LICENSE in the source distribution or at
   6 # https://www.openssl.org/source/license.html
   7
   8 name: Fuzz-checker CI
   9
  10 on: [push]
  11
  12 permissions:
  13   contents: read
  14
  15 jobs:
  16   fuzz-checker:
  17     strategy:
  18       fail-fast: false
  19       matrix:
  20         fuzzy: [
  21           {
  22             name: AFL,
  23             config: enable-fuzz-afl no-module,
  24             install: afl++-clang,
  25             cc: afl-clang-fast
  26           }, {
  27             name: libFuzzer,
  28             config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
  29             libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  30             install: libfuzzer-12-dev,
  31             cc: clang-12,
  32             linker: clang++-12,
  33             tests: -test_memleak
  34           }, {
  35             name: libFuzzer+,
  36             config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
  37             libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
  38             extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
  39             install: libfuzzer-12-dev,
  40             cc: clang-12,
  41             linker: clang++-12,
  42             tests: -test_memleak
  43           }
  44         ]
  45     runs-on: ubuntu-latest
  46     steps:
  47     - name: install packages
  48       run: |
  49         sudo apt-get update
  50         sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
  51     - name: Adjust ASLR for sanitizer
  52       run: |
  53         sudo cat /proc/sys/vm/mmap_rnd_bits
  54         sudo sysctl -w vm.mmap_rnd_bits=28
  55     - uses: actions/checkout@v4
  56
  57     - name: config
  58       run: |
  59         CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
  60             ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
  61
  62     - name: config dump
  63       run: ./configdata.pm --dump
  64     - name: make with explicit linker
  65       if: matrix.fuzzy.linker != ''
  66       run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
  67     - name: make sans explicit linker
  68       if: matrix.fuzzy.linker == ''
  69       run: make -s -j4
  70     - name: get cpu info
  71       run: |
  72         cat /proc/cpuinfo
  73         ./util/opensslwrap.sh version -c
  74     - name: make test restricted
  75       if: matrix.fuzzy.tests != ''
  76       run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
  77     - name: make test all
  78       if: matrix.fuzzy.tests == ''
  79       run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}