clang-asan-check #582
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: clang-asan-check | |
on: | |
push: | |
pull_request: | |
schedule: | |
# Execute a weekly build on Monday at 2AM UTC | |
- cron: '0 2 * * 1' | |
env: | |
IBMSWTPM_VER: rev183-2024-08-02 | |
# sha1 is not tested by default because Fedora 41+ does not support it | |
TPM2_TEST_HASHES: "sha1 sha256 sha384 sha512" | |
jobs: | |
build: | |
strategy: | |
matrix: | |
branch: [openssl-3.0, openssl-3.1, openssl-3.2, master] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install dependencies | |
run: sudo apt-get install curl autoconf-archive libtss2-dev libtss2-tcti-tabrmd0 tpm2-abrmd tpm2-tools | |
- name: Build TPM2 simulator | |
run: | | |
curl -Ls https://github.com/kgoldman/ibmswtpm2/archive/refs/tags/$IBMSWTPM_VER.tar.gz | tar xz | |
cd ibmswtpm2-$IBMSWTPM_VER/src | |
make | |
- name: Build openssl | |
run: | | |
wget --no-verbose https://github.com/openssl/openssl/archive/$BRANCH.zip | |
unzip -q $BRANCH.zip | |
cd openssl-$BRANCH | |
# disable all unnecessary features, with deprecated functions | |
./Configure linux-x86_64-clang enable-asan no-aria no-async \ | |
no-autoload-config no-bf no-blake2 no-cast no-chacha \ | |
no-comp no-ct no-dgram no-ec2m \ | |
no-filenames no-fips no-fips-securitychecks no-gost no-idea \ | |
no-ktls no-makedepend no-md4 no-multiblock \ | |
no-ocb no-poly1305 no-psk no-rc2 no-rc4 no-rfc3779 \ | |
no-rmd160 no-seed no-siphash no-siv no-sm3 no-sm4 \ | |
no-srtp no-ssl3-method no-tests no-ts no-whirlpool | |
make build_sw | |
sudo make install_sw install_ssldirs | |
echo '#!/usr/bin/env bash' > openssl.sh | |
echo 'LD_LIBRARY_PATH=/usr/local/lib64 /usr/local/bin/openssl_b "$@"' >> openssh.sh | |
chmod u+x openssh.sh | |
sudo mv /usr/local/bin/openssl /usr/local/bin/openssl_b | |
sudo mv openssh.sh /usr/local/bin/openssl | |
env: | |
BRANCH: ${{ matrix.branch }} | |
- name: Configure tpm2-openssl | |
run: | | |
./bootstrap | |
./configure CC=clang PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig \ | |
--enable-op-digest --enable-op-cipher --enable-asan --enable-debug | |
- name: Build tpm2-openssl | |
run: | | |
make | |
sudo make install | |
- name: Start TPM2 simulator | |
run: | | |
export DBUS_SESSION_BUS_ADDRESS=`dbus-daemon --session --print-address --fork` | |
echo "DBUS_SESSION_BUS_ADDRESS=$DBUS_SESSION_BUS_ADDRESS" >> $GITHUB_ENV | |
ibmswtpm2-$IBMSWTPM_VER/src/tpm_server & | |
timeout 20 bash -c 'until printf "" 2>>/dev/null >>/dev/tcp/$0/$1; do sleep 1; done' localhost 2321 | |
tpm2-abrmd --session --tcti mssim:host=localhost,port=2321 & | |
echo "TCTI_ADDRESS=tabrmd:bus_name=com.intel.tss2.Tabrmd,bus_type=session" >> $GITHUB_ENV | |
sleep 1 | |
- name: Run tests | |
run: | | |
openssl version | |
tpm2_getcap properties-fixed | head -n 20 | |
make check | |
env: | |
TPM2TOOLS_TCTI: ${{ env.TCTI_ADDRESS }} | |
TPM2OPENSSL_TCTI: ${{ env.TCTI_ADDRESS }} | |
- name: Archive log files | |
if: ${{ success() || failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-report-clang-${{ matrix.branch }} | |
path: | | |
*.log | |
test/*.log | |
test/*/*.log |