Skip to content

Commit 6d51aff

Browse files
colesburycolesbury
committed
TSan with OpenSSL?
1 parent e535bdb commit 6d51aff

File tree

2 files changed

+24
-0
lines changed

2 files changed

+24
-0
lines changed

.github/workflows/reusable-san.yml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -25,6 +25,11 @@ jobs:
2525
}}
2626
runs-on: ubuntu-24.04
2727
timeout-minutes: 60
28+
env:
29+
OPENSSL_VER: 3.5.4
30+
MULTISSL_DIR: ${{ github.workspace }}/multissl
31+
OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/3.5.4
32+
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/3.5.4/lib
2833
steps:
2934
- uses: actions/checkout@v4
3035
with:
@@ -69,6 +74,16 @@ jobs:
6974
- name: Add ccache to PATH
7075
run: |
7176
echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV"
77+
- name: 'Restore OpenSSL build (TSan)'
78+
id: cache-openssl
79+
uses: actions/cache@v4
80+
if: inputs.sanitizer == 'TSan'
81+
with:
82+
path: ./multissl/openssl/${{ env.OPENSSL_VER }}
83+
key: ${{ matrix.os }}-multissl-openssl-tsan-${{ env.OPENSSL_VER }}
84+
- name: Install OpenSSL (TSan)
85+
if: steps.cache-openssl.outputs.cache-hit != 'true' && inputs.sanitizer == 'TSan'
86+
run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux --tsan
7287
- name: Configure CPython
7388
run: >-
7489
./configure
@@ -79,6 +94,7 @@ jobs:
7994
|| '--with-undefined-behavior-sanitizer'
8095
}}
8196
--with-pydebug
97+
${{ inputs.sanitizer == 'TSan' && ' --with-openssl="$OPENSSL_DIR"' || '' }}
8298
${{ fromJSON(inputs.free-threading) && '--disable-gil' || '' }}
8399
- name: Build CPython
84100
run: make -j4

Tools/ssl/multissltests.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,12 @@
158158
dest='keep_sources',
159159
help="Keep original sources for debugging."
160160
)
161+
parser.add_argument(
162+
'--tsan',
163+
action='store_true',
164+
dest='tsan',
165+
help="Build with thread sanitizer. (Disables fips in OpenSSL 3.x)."
166+
)
161167

162168

163169
class AbstractBuilder(object):
@@ -312,6 +318,8 @@ def _build_src(self, config_args=()):
312318
"""Now build openssl"""
313319
log.info("Running build in {}".format(self.build_dir))
314320
cwd = self.build_dir
321+
if self.args.tsan:
322+
config_args += ("-fsanitize=thread",)
315323
cmd = [
316324
"./config", *config_args,
317325
"shared", "--debug",

0 commit comments

Comments
 (0)