# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html name: Run-checker daily # Jobs run daily on: schedule: - cron: '0 6 * * *' permissions: contents: read jobs: run-checker: strategy: fail-fast: false matrix: opt: [ 386, no-afalgeng, no-apps, no-aria, no-asan, no-asm, no-async, no-atexit, no-autoalginit, no-autoerrinit, no-autoload-config, no-bf, no-blake2, no-buildtest-c++, no-bulk, no-cached-fetch, no-camellia, no-capieng, no-cast, no-chacha, no-cmac, no-comp, enable-crypto-mdebug, no-crypto-mdebug, enable-crypto-mdebug-backtrace, no-crypto-mdebug-backtrace, no-deprecated, no-des, no-devcryptoeng, no-docs, no-dsa, no-dtls1, no-dtls1_2, no-dtls1_2-method, no-dtls1-method, no-ecdh, no-ecdsa, enable-ec_nistp_64_gcc_128, no-ec_nistp_64_gcc_128, enable-egd, no-egd, no-engine, no-external-tests, enable-fips, enable-fips enable-acvp-tests, enable-fips no-tls1_3, enable-fips no-des no-dsa no-ec2m, no-fuzz-afl, no-fuzz-libfuzzer, no-gost, enable-heartbeats, no-heartbeats, no-hw, no-hw-padlock, no-idea, no-makedepend, enable-md2, no-md2, no-md4, no-mdc2, no-msan, no-multiblock, no-nextprotoneg, no-ocb, no-padlockeng, no-pic, no-poly1305, no-posix-io, no-psk, no-rc2, no-rc4, enable-rc5, no-rc5, no-rdrand, no-rfc3779, no-ripemd, no-rmd160, no-scrypt, no-secure-memory, no-seed, no-shared, no-siphash, no-siv, no-sm2, no-sm2-precomp, no-sm3, no-sm4, no-sock, no-sse2, no-ssl, no-ssl3, no-ssl3-method, no-ssl-trace, no-static-engine no-shared, no-tests, enable-tfo, no-tls1, no-tls1_1, no-tls1_1-method, no-tls1_2-method, no-tls1-method, no-trace, no-ubsan, no-ui-console, no-unit-test, enable-unit-test, no-uplink, no-weak-ssl-ciphers, no-whirlpool, no-zlib, enable-zlib-dynamic, no-zlib-dynamic, -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING, -DSSL3_ALIGN_PAYLOAD=4 ] runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} - name: config dump run: ./configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} run-checker-sctp: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Install Dependencies for sctp option run: | sudo apt-get update sudo apt-get -yq install lksctp-tools libsctp-dev - name: Check SCTP and enable auth id: sctp_auth continue-on-error: true run: | checksctp sudo sysctl -w net.sctp.auth_enable=1 - name: config if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' run: CC=clang ./config --banner=Configured --strict-warnings enable-sctp - name: config dump if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' run: ./configdata.pm --dump - name: make if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} jitter: runs-on: ubuntu-latest steps: - name: checkout openssl uses: actions/checkout@v4 - name: checkout jitter uses: actions/checkout@v4 with: repository: smuellerDD/jitterentropy-library ref: v3.5.0 path: jitter - name: build jitter run: make -C jitter/ - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_brotli_dynamic: runs-on: ubuntu-latest steps: - name: install brotli run: | sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev - name: checkout openssl uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_zstd_dynamic: runs-on: ubuntu-latest steps: - name: install zstd run: | sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev - name: checkout openssl uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_brotli_and_zstd_dynamic: runs-on: ubuntu-latest steps: - name: install brotli and zstd run: | sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev - name: checkout openssl uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_brotli_and_asan_ubsan: runs-on: ubuntu-latest steps: - name: install brotli run: | sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev - name: checkout openssl uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer run: | sudo cat /proc/sys/vm/mmap_rnd_bits sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 enable_zstd_and_asan_ubsan: runs-on: ubuntu-latest steps: - name: install zstd run: | sudo apt-get update sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev - name: checkout openssl uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: Adjust ASLR for sanitizer run: | sudo cat /proc/sys/vm/mmap_rnd_bits sudo sysctl -w vm.mmap_rnd_bits=28 - name: config run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 enable_tfo: strategy: matrix: os: [ ubuntu-latest, macos-13, macos-14 ] runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} enable_buildtest: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump - name: make run: make -s -j4 - name: get cpu info run: | cat /proc/cpuinfo ./util/opensslwrap.sh version -c - name: make test run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}