1# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
2#
3# Licensed under the Apache License 2.0 (the "License").  You may not use
4# this file except in compliance with the License.  You can obtain a copy
5# in the file LICENSE in the source distribution or at
6# https://www.openssl.org/source/license.html
7
8name: Fuzz-checker CI
9
10on: [push]
11
12permissions:
13  contents: read
14
15jobs:
16  fuzz-checker:
17    strategy:
18      fail-fast: false
19      matrix:
20        fuzzy: [
21          {
22            name: AFL,
23            config: enable-fuzz-afl no-module,
24            install: afl++-clang,
25            cc: afl-clang-fast
26          }, {
27            name: libFuzzer,
28            config: enable-fuzz-libfuzzer enable-asan enable-ubsan,
29            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
30            install: libfuzzer-12-dev,
31            cc: clang-12,
32            linker: clang++-12,
33            tests: -test_memleak
34          }, {
35            name: libFuzzer+,
36            config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
37            libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer,
38            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
39            install: libfuzzer-12-dev,
40            cc: clang-12,
41            linker: clang++-12,
42            tests: -test_memleak
43          }
44        ]
45    runs-on: ubuntu-latest
46    steps:
47    - name: install packages
48      run: |
49        sudo apt-get update
50        sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
51    - name: Adjust ASLR for sanitizer
52      run: |
53        sudo cat /proc/sys/vm/mmap_rnd_bits
54        sudo sysctl -w vm.mmap_rnd_bits=28
55    - uses: actions/checkout@v4
56
57    - name: config
58      run: |
59        CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
60            ${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
61
62    - name: config dump
63      run: ./configdata.pm --dump
64    - name: make with explicit linker
65      if: matrix.fuzzy.linker != ''
66      run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
67    - name: make sans explicit linker
68      if: matrix.fuzzy.linker == ''
69      run: make -s -j4
70    - name: get cpu info
71      run: |
72        cat /proc/cpuinfo
73        ./util/opensslwrap.sh version -c
74    - name: make test restricted
75      if: matrix.fuzzy.tests != ''
76      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
77    - name: make test all
78      if: matrix.fuzzy.tests == ''
79      run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}
80