Merge pull request #489 from aidangarske/fix-nations-spdm-test #20
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Sanitizer Tests | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| sanitizer_test: | |
| name: ${{ matrix.name }} | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: "ASan" | |
| cflags: "-fsanitize=address -fno-omit-frame-pointer -g -O1" | |
| ldflags: "-fsanitize=address" | |
| asan_options: "detect_leaks=0" | |
| - name: "UBSan" | |
| cflags: "-fsanitize=undefined -fno-sanitize-recover=all -fno-omit-frame-pointer -g" | |
| ldflags: "-fsanitize=undefined" | |
| ubsan_options: "halt_on_error=1:print_stacktrace=1" | |
| - name: "LeakSan" | |
| cflags: "-fsanitize=leak -fno-omit-frame-pointer -g" | |
| ldflags: "-fsanitize=leak" | |
| steps: | |
| - name: Workaround high-entropy ASLR | |
| run: sudo sysctl vm.mmap_rnd_bits=28 | |
| - name: Checkout wolfTPM | |
| uses: actions/checkout@v4 | |
| - name: Checkout wolfSSL | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: wolfssl/wolfssl | |
| path: wolfssl | |
| - name: Install tpm2-tools | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y tpm2-tools libtss2-tcti-mssim0 | |
| - name: Build and install wolfSSL with ${{ matrix.name }} | |
| working-directory: ./wolfssl | |
| run: | | |
| ./autogen.sh | |
| ./configure --enable-wolftpm --enable-pkcallbacks --enable-keygen \ | |
| --prefix=/tmp/wolfssl-install \ | |
| CFLAGS="-DWC_RSA_NO_PADDING ${{ matrix.cflags }}" \ | |
| LDFLAGS="${{ matrix.ldflags }}" | |
| make | |
| make install | |
| - name: Build wolfTPM with fwTPM + ${{ matrix.name }} | |
| run: | | |
| ./autogen.sh | |
| ./configure --enable-fwtpm --enable-swtpm --enable-debug \ | |
| --with-wolfcrypt=/tmp/wolfssl-install \ | |
| CFLAGS="${{ matrix.cflags }}" \ | |
| LDFLAGS="${{ matrix.ldflags }}" | |
| make | |
| - name: Run tests (make check) | |
| env: | |
| # WOLFSSL_PATH must point at the wolfSSL *source tree* (with built | |
| # examples/server/server), not the install prefix — run_examples.sh | |
| # `pushd $WOLFSSL_PATH && ./examples/server/server ...` for TLS tests. | |
| WOLFSSL_PATH: ${{ github.workspace }}/wolfssl | |
| LD_LIBRARY_PATH: /tmp/wolfssl-install/lib | |
| ASAN_OPTIONS: ${{ matrix.asan_options }} | |
| UBSAN_OPTIONS: ${{ matrix.ubsan_options }} | |
| run: | | |
| FWTPM_USE_FIXED_PORT=1 \ | |
| sudo -E unshare --net /bin/bash -c ' | |
| set -e | |
| ip link set lo up | |
| make check | |
| ' | |
| - name: Upload failure logs | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: wolftpm-${{ matrix.name }}-logs | |
| path: | | |
| /tmp/fwtpm_check_*.log | |
| test-suite.log | |
| tests/*.log | |
| config.log | |
| retention-days: 5 |