x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1… #1324
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. | |
# | |
# Licensed under the Apache License 2.0 (the "License"). You may not use | |
# this file except in compliance with the License. You can obtain a copy | |
# in the file LICENSE in the source distribution or at | |
# https://www.openssl.org/source/license.html | |
name: Fuzz-checker CI | |
on: [push] | |
permissions: | |
contents: read | |
jobs: | |
fuzz-checker: | |
strategy: | |
fail-fast: false | |
matrix: | |
fuzzy: [ | |
{ | |
name: AFL, | |
config: enable-fuzz-afl no-module, | |
install: afl++-clang, | |
cc: afl-clang-fast | |
}, { | |
name: libFuzzer, | |
config: enable-fuzz-libfuzzer enable-asan enable-ubsan, | |
libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer, | |
install: libfuzzer-12-dev, | |
cc: clang-12, | |
linker: clang++-12, | |
tests: -test_memleak | |
}, { | |
name: libFuzzer+, | |
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION, | |
libs: --with-fuzzer-lib=/usr/lib/llvm-12/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/12/include/fuzzer, | |
extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg, | |
install: libfuzzer-12-dev, | |
cc: clang-12, | |
linker: clang++-12, | |
tests: -test_memleak | |
} | |
] | |
runs-on: ubuntu-latest | |
steps: | |
- name: install packages | |
run: | | |
sudo apt-get update | |
sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }} | |
- name: Adjust ASLR for sanitizer | |
run: | | |
sudo cat /proc/sys/vm/mmap_rnd_bits | |
sudo sysctl -w vm.mmap_rnd_bits=28 | |
- uses: actions/checkout@v4 | |
- name: config | |
run: | | |
CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \ | |
${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }} | |
- name: config dump | |
run: ./configdata.pm --dump | |
- name: make with explicit linker | |
if: matrix.fuzzy.linker != '' | |
run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4 | |
- name: make sans explicit linker | |
if: matrix.fuzzy.linker == '' | |
run: make -s -j4 | |
- name: get cpu info | |
run: | | |
cat /proc/cpuinfo | |
./util/opensslwrap.sh version -c | |
- name: make test restricted | |
if: matrix.fuzzy.tests != '' | |
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}" | |
- name: make test all | |
if: matrix.fuzzy.tests == '' | |
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} |