Skip to content

Commit b2850a2

Browse files
committed
TSan with OpenSSL
1 parent e535bdb commit b2850a2

File tree

2 files changed

+30
-1
lines changed

2 files changed

+30
-1
lines changed

.github/workflows/reusable-san.yml

Lines changed: 22 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,18 @@ jobs:
2323
&& ' (free-threading)'
2424
|| ''
2525
}}
26-
runs-on: ubuntu-24.04
26+
strategy:
27+
fail-fast: false
28+
matrix:
29+
os: [ubuntu-24.04]
30+
openssl_ver: [3.5.4]
31+
runs-on: ${{ matrix.os }}
2732
timeout-minutes: 60
33+
env:
34+
OPENSSL_VER: ${{ matrix.openssl_ver }}
35+
MULTISSL_DIR: ${{ github.workspace }}/multissl
36+
OPENSSL_DIR: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}
37+
LD_LIBRARY_PATH: ${{ github.workspace }}/multissl/openssl/${{ matrix.openssl_ver }}/lib
2838
steps:
2939
- uses: actions/checkout@v4
3040
with:
@@ -69,6 +79,16 @@ jobs:
6979
- name: Add ccache to PATH
7080
run: |
7181
echo "PATH=/usr/lib/ccache:$PATH" >> "$GITHUB_ENV"
82+
- name: 'Restore OpenSSL build (TSan)'
83+
id: cache-openssl
84+
uses: actions/cache@v4
85+
if: inputs.sanitizer == 'TSan'
86+
with:
87+
path: ./multissl/openssl/${{ env.OPENSSL_VER }}
88+
key: ${{ matrix.os }}-multissl-openssl-tsan-${{ env.OPENSSL_VER }}
89+
- name: Install OpenSSL (TSan)
90+
if: steps.cache-openssl.outputs.cache-hit != 'true' && inputs.sanitizer == 'TSan'
91+
run: python3 Tools/ssl/multissltests.py --steps=library --base-directory "$MULTISSL_DIR" --openssl "$OPENSSL_VER" --system Linux --tsan
7292
- name: Configure CPython
7393
run: >-
7494
./configure
@@ -79,6 +99,7 @@ jobs:
7999
|| '--with-undefined-behavior-sanitizer'
80100
}}
81101
--with-pydebug
102+
${{ inputs.sanitizer == 'TSan' && ' --with-openssl="$OPENSSL_DIR"' || '' }}
82103
${{ fromJSON(inputs.free-threading) && '--disable-gil' || '' }}
83104
- name: Build CPython
84105
run: make -j4

Tools/ssl/multissltests.py

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -158,6 +158,12 @@
158158
dest='keep_sources',
159159
help="Keep original sources for debugging."
160160
)
161+
parser.add_argument(
162+
'--tsan',
163+
action='store_true',
164+
dest='tsan',
165+
help="Build with thread sanitizer. (Disables fips in OpenSSL 3.x)."
166+
)
161167

162168

163169
class AbstractBuilder(object):
@@ -312,6 +318,8 @@ def _build_src(self, config_args=()):
312318
"""Now build openssl"""
313319
log.info("Running build in {}".format(self.build_dir))
314320
cwd = self.build_dir
321+
if self.args.tsan:
322+
config_args += ("-fsanitize=thread",)
315323
cmd = [
316324
"./config", *config_args,
317325
"shared", "--debug",

0 commit comments

Comments
 (0)