Skip to content
wolfPKCS11 Sanitizer Tests

use DHUK to wrap/unwrap seed value used for token #466

Sign in to view logs

use DHUK to wrap/unwrap seed value used for token

use DHUK to wrap/unwrap seed value used for token #466

Workflow file for this run

.github/workflows/sanitizer-tests.yml at 3e013fe
name: wolfPKCS11 Sanitizer Tests
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
jobs:
sanitizer:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# msan disabled due to too many failures
# tsan disabled due to weird failures
sanitizer: [asan, ubsan]
config:
- name: "Standard Build"
configure_flags: ""
- name: "NSS Build"
configure_flags: "--enable-nss"
- name: "TPM Build"
configure_flags: "--enable-tpm"
- name: "NSS+TPM Build"
configure_flags: "--enable-nss --enable-tpm"
steps:
#pull wolfPKCS11
- uses: actions/checkout@v4
with:
submodules: true
#install dependencies
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential \
libnss3-dev \
libnspr4-dev
#setup wolfssl
- uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: wolfssl autogen
working-directory: ./wolfssl
run: ./autogen.sh
- name: wolfssl configure with ${{ matrix.sanitizer }}
working-directory: ./wolfssl
run: |
export CC=clang
export CXX=clang++
case "${{ matrix.sanitizer }}" in
"asan")
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"
;;
"msan")
export CFLAGS="-fsanitize=memory -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=memory"
;;
"tsan")
export CFLAGS="-fsanitize=thread -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=thread"
;;
"ubsan")
export CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=undefined"
;;
esac
./configure --enable-cryptocb --enable-aescfb --enable-rsapss --enable-keygen --enable-pwdbased --enable-scrypt --enable-md5 --enable-debug \
C_EXTRA_FLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DHAVE_AES_ECB -DHAVE_AES_KEYWRAP"
- name: wolfssl make
working-directory: ./wolfssl
run: |
make
- name: wolfssl make install
working-directory: ./wolfssl
run: |
sudo make install
sudo ldconfig
#setup ibmswtpm2 (only if TPM enabled)
- uses: actions/checkout@v4
if: contains(matrix.config.configure_flags, '--enable-tpm')
with:
repository: kgoldman/ibmswtpm2
path: ibmswtpm2
- name: ibmswtpm2 make
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./ibmswtpm2/src
run: |
make
./tpm_server &
#setup wolftpm (only if TPM enabled)
- uses: actions/checkout@v4
if: contains(matrix.config.configure_flags, '--enable-tpm')
with:
repository: wolfssl/wolftpm
path: wolftpm
- name: wolftpm autogen
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: ./autogen.sh
- name: wolftpm configure with ${{ matrix.sanitizer }}
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: |
export CC=clang
export CXX=clang++
case "${{ matrix.sanitizer }}" in
"asan")
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"
;;
"msan")
export CFLAGS="-fsanitize=memory -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=memory"
;;
"tsan")
export CFLAGS="-fsanitize=thread -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=thread"
;;
"ubsan")
export CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=undefined"
;;
esac
./configure --enable-swtpm --enable-debug
- name: wolftpm make
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: |
make
- name: wolftpm make install
if: contains(matrix.config.configure_flags, '--enable-tpm')
working-directory: ./wolftpm
run: |
sudo make install
sudo ldconfig
#setup wolfPKCS11
- name: wolfpkcs11 autogen
run: ./autogen.sh
- name: wolfpkcs11 configure with ${{ matrix.sanitizer }} (${{ matrix.config.name }})
run: |
export CC=clang
export CXX=clang++
case "${{ matrix.sanitizer }}" in
"asan")
export CFLAGS="-fsanitize=address -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=address"
;;
"msan")
export CFLAGS="-fsanitize=memory -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=memory"
;;
"tsan")
export CFLAGS="-fsanitize=thread -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=thread"
;;
"ubsan")
export CFLAGS="-fsanitize=undefined -fno-omit-frame-pointer -g"
export LDFLAGS="-fsanitize=undefined"
;;
esac
if [ -n "${{ matrix.config.configure_flags }}" ]; then
./configure ${{ matrix.config.configure_flags }}
else
./configure
fi
- name: wolfpkcs11 make
run: |
make
- name: wolfpkcs11 make check
run: |
if [ "${{ matrix.sanitizer }}" = "tsan" ]; then
export TSAN_OPTIONS="suppressions=$PWD/tsan_suppressions.txt"
fi
if [[ "${{ matrix.config.configure_flags }}" == *"--enable-tpm"* ]]; then
./tests/pkcs11str && ./tests/pkcs11test
else
make check
fi
# capture logs on failure
- name: Upload failure logs
if: failure() || cancelled()
uses: actions/upload-artifact@v4
with:
name: wolfpkcs11-${{ matrix.sanitizer }}-${{ matrix.config.name }}-test-logs
path: |
test-suite.log
retention-days: 5