1 # Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
3 # Licensed under the Apache License 2.0 (the "License"). You may not use
4 # this file except in compliance with the License. You can obtain a copy
5 # in the file LICENSE in the source distribution or at
6 # https://www.openssl.org/source/license.html
10 on: [pull_request, push]
12 # for some reason, this does not work:
15 # HARNESS_JOBS: "${HARNESS_JOBS:-4}"
17 # for some reason, this does not work:
26 runs-on: ubuntu-latest
28 - name: install unifdef
31 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
32 - uses: actions/checkout@v3
36 run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
37 - name: make build_generated
38 run: make -s build_generated
42 run: git diff --exit-code
45 runs-on: ubuntu-latest
47 - uses: actions/checkout@v3
49 run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
50 - name: make build_generated
51 run: make -s build_generated
61 # This checks that we use ANSI C language syntax and semantics.
62 # We are not as strict with libraries, but rather adapt to what's
63 # expected to be available in a certain version of each platform.
65 runs-on: ubuntu-latest
67 - uses: actions/checkout@v3
69 run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
74 runs-on: ubuntu-latest
76 - uses: actions/checkout@v3
77 - name: checkout fuzz/corpora submodule
78 run: git submodule update --init --depth 1 fuzz/corpora
80 run: sudo locale-gen tr_TR.UTF-8
82 run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
86 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
89 runs-on: ubuntu-latest
91 - uses: actions/checkout@v3
92 - name: checkout fuzz/corpora submodule
93 run: git submodule update --init --depth 1 fuzz/corpora
95 run: CC=clang ./config --banner=Configured no-fips --strict-warnings && perl configdata.pm --dump
99 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
102 runs-on: ubuntu-latest
104 - uses: actions/checkout@v3
105 - name: checkout fuzz/corpora submodule
106 run: git submodule update --init --depth 1 fuzz/corpora
108 run: ./config --banner=Configured --strict-warnings no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
110 run: make -j4 # verbose, so no -s here
112 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
115 runs-on: ubuntu-latest
117 - uses: actions/checkout@v3
118 - name: checkout fuzz/corpora submodule
119 run: git submodule update --init --depth 1 fuzz/corpora
121 run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump
125 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
130 os: [ ubuntu-latest, macos-latest ]
131 runs-on: ${{matrix.os}}
133 - uses: actions/checkout@v3
134 - name: checkout fuzz/corpora submodule
135 run: git submodule update --init --depth 1 fuzz/corpora
137 run: ./config --banner=Configured --strict-warnings no-shared no-fips && perl configdata.pm --dump
141 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
144 runs-on: ubuntu-latest
146 - uses: actions/checkout@v3
147 - name: checkout fuzz/corpora submodule
148 run: git submodule update --init --depth 1 fuzz/corpora
150 run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
154 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
156 address_ub_sanitizer:
157 runs-on: ubuntu-latest
159 - uses: actions/checkout@v3
160 - name: checkout fuzz/corpora submodule
161 run: git submodule update --init --depth 1 fuzz/corpora
163 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
167 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
170 runs-on: ubuntu-latest
172 - uses: actions/checkout@v3
173 - name: checkout fuzz/corpora submodule
174 run: git submodule update --init --depth 1 fuzz/corpora
176 # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
177 run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump
181 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
184 runs-on: ubuntu-latest
186 - uses: actions/checkout@v3
187 - name: checkout fuzz/corpora submodule
188 run: git submodule update --init --depth 1 fuzz/corpora
190 run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread enable-quic && perl configdata.pm --dump
194 run: make V=1 TESTS="test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*" test HARNESS_JOBS=${HARNESS_JOBS:-4}
196 enable_non-default_options:
197 runs-on: ubuntu-latest
199 - uses: actions/checkout@v3
200 - name: checkout fuzz/corpora submodule
201 run: git submodule update --init --depth 1 fuzz/corpora
203 run: sudo modprobe tls
205 run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic no-threads && perl configdata.pm --dump
209 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
212 runs-on: ubuntu-latest
214 - uses: actions/checkout@v3
215 - name: checkout fuzz/corpora submodule
216 run: git submodule update --init --depth 1 fuzz/corpora
218 run: sudo modprobe tls
220 run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump
224 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
226 enable_brotli_dynamic:
227 runs-on: ubuntu-latest
229 - name: install brotli
232 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
233 - name: checkout openssl
234 uses: actions/checkout@v3
235 - name: checkout fuzz/corpora submodule
236 run: git submodule update --init --depth 1 fuzz/corpora
238 run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
242 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
245 runs-on: ubuntu-latest
250 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
251 - name: checkout openssl
252 uses: actions/checkout@v3
253 - name: checkout fuzz/corpora submodule
254 run: git submodule update --init --depth 1 fuzz/corpora
256 run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
260 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
262 enable_brotli_and_zstd_dynamic:
263 runs-on: ubuntu-latest
265 - name: install brotli and zstd
268 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
269 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
270 - name: checkout openssl
271 uses: actions/checkout@v3
272 - name: checkout fuzz/corpora submodule
273 run: git submodule update --init --depth 1 fuzz/corpora
275 run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
279 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
281 enable_brotli_and_asan_ubsan:
282 runs-on: ubuntu-latest
284 - name: install brotli
287 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
288 - name: checkout openssl
289 uses: actions/checkout@v3
290 - name: checkout fuzz/corpora submodule
291 run: git submodule update --init --depth 1 fuzz/corpora
293 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump
297 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
299 enable_zstd_and_asan_ubsan:
300 runs-on: ubuntu-latest
305 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
306 - name: checkout openssl
307 uses: actions/checkout@v3
308 - name: checkout fuzz/corpora submodule
309 run: git submodule update --init --depth 1 fuzz/corpora
311 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION -DPEDANTIC && perl configdata.pm --dump
315 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
318 runs-on: ubuntu-latest
320 - uses: actions/checkout@v3
321 - name: checkout fuzz/corpora submodule
322 run: git submodule update --init --depth 1 fuzz/corpora
324 run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump
328 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
331 runs-on: ubuntu-latest
333 - uses: actions/checkout@v3
334 - name: checkout fuzz/corpora submodule
335 run: git submodule update --init --depth 1 fuzz/corpora
337 run: ./config --banner=Configured -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
341 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
346 os: [ ubuntu-latest, macos-latest ]
347 runs-on: ${{matrix.os}}
349 - uses: actions/checkout@v3
350 - name: checkout fuzz/corpora submodule
351 run: git submodule update --init --depth 1 fuzz/corpora
353 run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump
357 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
360 runs-on: ubuntu-latest
362 - uses: actions/checkout@v3
363 - name: checkout fuzz/corpora submodule
364 run: git submodule update --init --depth 1 fuzz/corpora
366 run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
370 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
372 out-of-source-and-install:
375 os: [ubuntu-latest, macos-latest ]
376 runs-on: ${{matrix.os}}
378 - uses: actions/checkout@v3
379 - name: checkout fuzz/corpora submodule
380 run: git submodule update --init --depth 1 fuzz/corpora
381 - name: extra preparations
386 run: ../config --banner=Configured enable-fips enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd) && perl configdata.pm --dump
387 working-directory: ./build
390 working-directory: ./build
392 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
393 working-directory: ./build
396 working-directory: ./build
399 runs-on: ubuntu-latest
401 - uses: actions/checkout@v3
403 submodules: recursive
404 - name: package installs
407 sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
408 - name: install cpanm and Test2::V0 for gost_engine testing
409 uses: perl-actions/install-with-cpanm@v1
412 - name: setup hostname workaround
413 run: sudo hostname localhost
415 run: ./config --banner=Configured --strict-warnings --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
418 - name: test external gost-engine
419 run: make test TESTS="test_external_gost_engine"
420 - name: test external krb5
421 run: make test TESTS="test_external_krb5"
422 - name: test external_tlsfuzzer
423 run: make test TESTS="test_external_tlsfuzzer"
424 - name: test external oqs-provider
425 run: make test TESTS="test_external_oqsprovider"
428 runs-on: ubuntu-latest
436 - uses: actions/checkout@v3
438 submodules: recursive
439 - name: Configure OpenSSL
440 run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
444 uses: actions/setup-python@v4.6.0
446 python-version: ${{ matrix.PYTHON }}
447 - uses: actions-rs/toolchain@v1
450 toolchain: ${{ matrix.RUST }}
453 - name: test external pyca
454 run: make test TESTS="test_external_pyca" VERBOSE=1
456 external-test-cf-quiche:
457 runs-on: ubuntu-latest
459 - uses: actions/checkout@v3
461 submodules: recursive
462 - name: Configure OpenSSL
463 run: ./config --banner=Configured --strict-warnings enable-external-tests enable-quic && perl configdata.pm --dump
466 - uses: actions-rs/toolchain@v1
471 - name: test external Cloudflare quiche
472 run: make test TESTS="test_external_cf_quiche" VERBOSE=1