-
Notifications
You must be signed in to change notification settings - Fork 24
201 lines (191 loc) · 6.34 KB
/
sanitizer-tests.yml
File metadata and controls
201 lines (191 loc) · 6.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
name: wolfPKCS11 Sanitizer Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
sanitizer:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# msan disabled due to too many failures
# tsan disabled due to weird failures
sanitizer: [asan, ubsan]
config:
- name: "Standard Build"
configure_flags: "--enable-aeskeywrap"
- name: "NSS Build"
configure_flags: "--enable-nss"
- name: "TPM Build"
configure_flags: "--enable-tpm"
- name: "NSS+TPM Build"
configure_flags: "--enable-nss --enable-tpm"
- name: "PKCS#11 V3.2 PQC Build"
configure_flags: "--enable-pkcs11v32 --enable-mldsa --enable-mlkem"
steps:
#pull wolfPKCS11
- uses: actions/checkout@v4
with:
submodules: true
#install dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
libnss3-dev \
libnspr4-dev
#setup wolfssl
- uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: wolfssl autogen
working-directory: ./wolfssl
run: ./autogen.sh
- name: wolfssl configure with ${{ matrix.sanitizer }}
working-directory: ./wolfssl
run: |
export CC=clang
export CXX=clang++
case "${{ matrix.sanitizer }}" in
"asan")
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"
;;
"msan")
export CFLAGS="-fsanitize=memory -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=memory"
;;
"tsan")
export CFLAGS="-fsanitize=thread -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=thread"
;;
"ubsan")
export CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=undefined"
;;
esac
./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 --enable-debug \
--enable-mldsa C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
- name: wolfssl make
working-directory: ./wolfssl
run: |
make
- name: wolfssl make install
working-directory: ./wolfssl
run: |
sudo make install
sudo ldconfig
#setup ibmswtpm2 (only if TPM enabled)
- uses: actions/checkout@v4
if: contains(matrix.config.configure_flags, '--enable-tpm')
with:
repository: kgoldman/ibmswtpm2
path: ibmswtpm2
- name: ibmswtpm2 make
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./ibmswtpm2/src
run: |
make
./tpm_server &
#setup wolftpm (only if TPM enabled)
- uses: actions/checkout@v4
if: contains(matrix.config.configure_flags, '--enable-tpm')
with:
repository: wolfssl/wolftpm
path: wolftpm
- name: wolftpm autogen
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: ./autogen.sh
- name: wolftpm configure with ${{ matrix.sanitizer }}
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: |
export CC=clang
export CXX=clang++
case "${{ matrix.sanitizer }}" in
"asan")
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"
;;
"msan")
export CFLAGS="-fsanitize=memory -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=memory"
;;
"tsan")
export CFLAGS="-fsanitize=thread -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=thread"
;;
"ubsan")
export CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=undefined"
;;
esac
./configure --enable-swtpm --enable-debug
- name: wolftpm make
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: |
make
- name: wolftpm make install
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: |
sudo make install
sudo ldconfig
#setup wolfPKCS11
- name: wolfpkcs11 autogen
run: ./autogen.sh
- name: wolfpkcs11 configure with ${{ matrix.sanitizer }} (${{ matrix.config.name }})
run: |
export CC=clang
export CXX=clang++
case "${{ matrix.sanitizer }}" in
"asan")
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"
;;
"msan")
export CFLAGS="-fsanitize=memory -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=memory"
;;
"tsan")
export CFLAGS="-fsanitize=thread -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=thread"
;;
"ubsan")
export CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=undefined"
;;
esac
if [ -n "${{ matrix.config.configure_flags }}" ]; then
./configure ${{ matrix.config.configure_flags }}
else
./configure
fi
- name: wolfpkcs11 make
run: |
make
- name: wolfpkcs11 make check
run: |
if [ "${{ matrix.sanitizer }}" = "tsan" ]; then
export TSAN_OPTIONS="suppressions=$PWD/tsan_suppressions.txt"
fi
if [[ "${{ matrix.config.configure_flags }}" == *"--enable-tpm"* ]]; then
./tests/pkcs11str && ./tests/pkcs11test
else
make check
fi
# capture logs on failure
- name: Upload failure logs
if: failure() || cancelled()
uses: actions/upload-artifact@v4
with:
name: wolfpkcs11-${{ matrix.sanitizer }}-${{ matrix.config.name }}-test-logs
path: |
test-suite.log
retention-days: 5