1 # Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
3 # Licensed under the Apache License 2.0 (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
10 on: [pull_request, push]
12 # for some reason, this does not work:
15 # HARNESS_JOBS: "${HARNESS_JOBS:-4}"
17 # for some reason, this does not work:
26 runs-on: ubuntu-latest
28 - name: install unifdef
31 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
32 - uses: actions/checkout@v3
36 run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
37 - name: make build_generated
38 run: make -s build_generated
42 run: git diff --exit-code
45 runs-on: ubuntu-latest
47 - uses: actions/checkout@v3
49 run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
50 - name: make build_generated
51 run: make -s build_generated
59 # This checks that we use ANSI C language syntax and semantics.
60 # We are not as strict with libraries, but rather adapt to what's
61 # expected to be available in a certain version of each platform.
63 runs-on: ubuntu-latest
65 - uses: actions/checkout@v3
67 run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
72 runs-on: ubuntu-latest
74 - uses: actions/checkout@v3
76 run: sudo locale-gen tr_TR.UTF-8
78 run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
82 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
85 runs-on: ubuntu-latest
87 - uses: actions/checkout@v3
89 run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump
93 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
96 runs-on: ubuntu-latest
98 - uses: actions/checkout@v3
100 run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
102 run: make -j4 # verbose, so no -s here
104 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
107 runs-on: ubuntu-latest
109 - uses: actions/checkout@v3
111 run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump
115 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
120 os: [ ubuntu-latest, macos-latest ]
121 runs-on: ${{matrix.os}}
123 - uses: actions/checkout@v3
125 run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
129 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
132 runs-on: ubuntu-latest
134 - uses: actions/checkout@v3
136 run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
140 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
142 address_ub_sanitizer:
143 runs-on: ubuntu-latest
145 - uses: actions/checkout@v3
147 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
151 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
154 runs-on: ubuntu-latest
156 - uses: actions/checkout@v3
158 # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
159 run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump
163 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
166 runs-on: ubuntu-latest
168 - uses: actions/checkout@v3
170 run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
174 run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp" test HARNESS_JOBS=${HARNESS_JOBS:-4}
176 enable_non-default_options:
177 runs-on: ubuntu-latest
179 - uses: actions/checkout@v3
181 run: sudo modprobe tls
183 run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic && perl configdata.pm --dump
187 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
190 runs-on: ubuntu-latest
192 - uses: actions/checkout@v3
194 run: sudo modprobe tls
196 run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump
200 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
202 enable_brotli_dynamic:
203 runs-on: ubuntu-latest
205 - name: install brotli
208 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
209 - name: checkout openssl
210 uses: actions/checkout@v3
212 run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
216 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
219 runs-on: ubuntu-latest
224 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
225 - name: checkout openssl
226 uses: actions/checkout@v3
228 run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
232 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
234 enable_brotli_and_zstd_dynamic:
235 runs-on: ubuntu-latest
237 - name: install brotli and zstd
240 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
241 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
242 - name: checkout openssl
243 uses: actions/checkout@v3
245 run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
249 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
251 enable_brotli_and_asan_ubsan:
252 runs-on: ubuntu-latest
254 - name: install brotli
257 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
258 - name: checkout openssl
259 uses: actions/checkout@v3
261 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump
265 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
267 enable_zstd_and_asan_ubsan:
268 runs-on: ubuntu-latest
273 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
274 - name: checkout openssl
275 uses: actions/checkout@v3
277 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump
281 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
284 runs-on: ubuntu-latest
286 - uses: actions/checkout@v3
288 run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump
292 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
295 runs-on: ubuntu-latest
297 - uses: actions/checkout@v3
299 run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
303 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
308 os: [ ubuntu-latest, macos-latest ]
309 runs-on: ${{matrix.os}}
311 - uses: actions/checkout@v3
313 run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump
317 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
320 runs-on: ubuntu-latest
322 - uses: actions/checkout@v3
324 run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
328 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
330 out-of-source-and-install:
333 os: [ubuntu-latest, macos-latest ]
334 runs-on: ${{matrix.os}}
336 - uses: actions/checkout@v3
337 - name: extra preparations
342 run: ../config --banner=Configured enable-fips enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) && perl configdata.pm --dump
343 working-directory: ./build
346 working-directory: ./build
348 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
349 working-directory: ./build
352 working-directory: ./build
355 runs-on: ubuntu-latest
357 - uses: actions/checkout@v3
359 submodules: recursive
360 - name: package installs
363 sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
364 - name: install cpanm and Test2::V0 for gost_engine testing
365 uses: perl-actions/install-with-cpanm@v1
368 - name: setup hostname workaround
369 run: sudo hostname localhost
371 run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
374 - name: test external gost-engine
375 run: make test TESTS="test_external_gost_engine"
376 - name: test external krb5
377 run: make test TESTS="test_external_krb5"
378 - name: test external_tlsfuzzer
379 run: make test TESTS="test_external_tlsfuzzer"
380 - name: test external oqs-provider
381 run: make test TESTS="test_external_oqsprovider"
384 runs-on: ubuntu-latest
392 - uses: actions/checkout@v3
394 submodules: recursive
395 - name: Configure OpenSSL
396 run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
400 uses: actions/setup-python@v4.5.0
402 python-version: ${{ matrix.PYTHON }}
403 - uses: actions-rs/toolchain@v1
406 toolchain: ${{ matrix.RUST }}
409 - name: test external pyca
410 run: make test TESTS="test_external_pyca" VERBOSE=1