Skip to content

clang-asan-check

clang-asan-check #582

name: clang-asan-check
on:
push:
pull_request:
schedule:
# Execute a weekly build on Monday at 2AM UTC
- cron: '0 2 * * 1'
env:
IBMSWTPM_VER: rev183-2024-08-02
# sha1 is not tested by default because Fedora 41+ does not support it
TPM2_TEST_HASHES: "sha1 sha256 sha384 sha512"
jobs:
build:
strategy:
matrix:
branch: [openssl-3.0, openssl-3.1, openssl-3.2, master]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: sudo apt-get install curl autoconf-archive libtss2-dev libtss2-tcti-tabrmd0 tpm2-abrmd tpm2-tools
- name: Build TPM2 simulator
run: |
curl -Ls https://github.com/kgoldman/ibmswtpm2/archive/refs/tags/$IBMSWTPM_VER.tar.gz | tar xz
cd ibmswtpm2-$IBMSWTPM_VER/src
make
- name: Build openssl
run: |
wget --no-verbose https://github.com/openssl/openssl/archive/$BRANCH.zip
unzip -q $BRANCH.zip
cd openssl-$BRANCH
# disable all unnecessary features, with deprecated functions
./Configure linux-x86_64-clang enable-asan no-aria no-async \
no-autoload-config no-bf no-blake2 no-cast no-chacha \
no-comp no-ct no-dgram no-ec2m \
no-filenames no-fips no-fips-securitychecks no-gost no-idea \
no-ktls no-makedepend no-md4 no-multiblock \
no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rfc3779 \
no-rmd160 no-seed no-siphash no-siv no-sm3 no-sm4 \
no-srtp no-ssl3-method no-tests no-ts no-whirlpool
make build_sw
sudo make install_sw install_ssldirs
echo '#!/usr/bin/env bash' > openssl.sh
echo 'LD_LIBRARY_PATH=/usr/local/lib64 /usr/local/bin/openssl_b "$@"' >> openssh.sh
chmod u+x openssh.sh
sudo mv /usr/local/bin/openssl /usr/local/bin/openssl_b
sudo mv openssh.sh /usr/local/bin/openssl
env:
BRANCH: ${{ matrix.branch }}
- name: Configure tpm2-openssl
run: |
./bootstrap
./configure CC=clang PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig \
--enable-op-digest --enable-op-cipher --enable-asan --enable-debug
- name: Build tpm2-openssl
run: |
make
sudo make install
- name: Start TPM2 simulator
run: |
export DBUS_SESSION_BUS_ADDRESS=`dbus-daemon --session --print-address --fork`
echo "DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS" >> $GITHUB_ENV
ibmswtpm2-$IBMSWTPM_VER/src/tpm_server &
timeout 20 bash -c 'until printf "" 2>>/dev/null >>/dev/tcp/$0/$1; do sleep 1; done' localhost 2321
tpm2-abrmd --session --tcti mssim:host=localhost,port=2321 &
echo "TCTI_ADDRESS=tabrmd:bus_name=com.intel.tss2.Tabrmd,bus_type=session" >> $GITHUB_ENV
sleep 1
- name: Run tests
run: |
openssl version
tpm2_getcap properties-fixed | head -n 20
make check
env:
TPM2TOOLS_TCTI: ${{ env.TCTI_ADDRESS }}
TPM2OPENSSL_TCTI: ${{ env.TCTI_ADDRESS }}
- name: Archive log files
if: ${{ success() || failure() }}
uses: actions/upload-artifact@v4
with:
name: test-report-clang-${{ matrix.branch }}
path: |
*.log
test/*.log
test/*/*.log