summaryrefslogtreecommitdiffstats
path: root/.github/workflows/fuzz-checker.yml
blob: 7ac104a3a43342adca27b319e3911ec9bd733e60 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

name: Fuzz-checker CI

on: [push]

permissions:
  contents: read

jobs:
  fuzz-checker:
    strategy:
      fail-fast: false
      matrix:
        fuzzy: [
          {
            name: AFL,
            config: enable-fuzz-afl no-module,
            install: afl++,
            cc: afl-clang-fast
          }, {
            name: libFuzzer,
            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
            install: libfuzzer-18-dev,
            cc: clang-18,
            linker: clang++-18,
            tests: -test_memleak
          }, {
            name: libFuzzer+,
            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
            libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
            install: libfuzzer-18-dev,
            cc: clang-18,
            linker: clang++-18,
            tests: -test_memleak
          }
        ]
    runs-on: ubuntu-24.04
    steps:
    - name: install packages
      run: |
        sudo apt-get update
        sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
    - name: Adjust ASLR for sanitizer
      run: |
        sudo cat /proc/sys/vm/mmap_rnd_bits
        sudo sysctl -w vm.mmap_rnd_bits=28
    - uses: actions/checkout@v4

    - name: config
      run: |
        CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
            ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}

    - name: config dump
      run: ./configdata.pm --dump
    - name: make with explicit linker
      if: matrix.fuzzy.linker != ''
      run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
    - name: make sans explicit linker
      if: matrix.fuzzy.linker == ''
      run: make -s -j4
    - name: get cpu info
      run: |
        cat /proc/cpuinfo
        ./util/opensslwrap.sh version -c
    - name: make test restricted
      if: matrix.fuzzy.tests != ''
      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
    - name: make test all
      if: matrix.fuzzy.tests == ''
      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}