1# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved. 2# 3# Licensed under the Apache License 2.0 (the "License"). You may not use 4# this file except in compliance with the License. You can obtain a copy 5# in the file LICENSE in the source distribution or at 6# https://www.openssl.org/source/license.html 7 8name: Run-checker daily 9# Jobs run daily 10 11on: 12 schedule: 13 - cron: '0 6 * * *' 14permissions: 15 contents: read 16 17jobs: 18 run-checker: 19 strategy: 20 fail-fast: false 21 matrix: 22 opt: [ 23 386, 24 no-afalgeng, 25 no-apps, 26 no-aria, 27 no-asan, 28 no-asm, 29 no-async, 30 no-atexit, 31 no-autoalginit, 32 no-autoerrinit, 33 no-autoload-config, 34 no-bf, 35 no-blake2, 36 no-buildtest-c++, 37 no-bulk, 38 no-cached-fetch, 39 no-camellia, 40 no-capieng, 41 no-cast, 42 no-chacha, 43 no-cmac, 44 no-comp, 45 enable-crypto-mdebug, 46 no-crypto-mdebug, 47 enable-crypto-mdebug-backtrace, 48 no-crypto-mdebug-backtrace, 49 no-deprecated, 50 no-des, 51 no-devcryptoeng, 52 no-docs, 53 no-dsa, 54 no-dtls1, 55 no-dtls1_2, 56 no-dtls1_2-method, 57 no-dtls1-method, 58 no-ecdh, 59 no-ecdsa, 60 enable-ec_nistp_64_gcc_128, 61 no-ec_nistp_64_gcc_128, 62 enable-egd, 63 no-egd, 64 no-engine, 65 no-external-tests, 66 enable-fips, 67 enable-fips enable-acvp-tests, 68 enable-fips no-tls1_3, 69 no-fuzz-afl, 70 no-fuzz-libfuzzer, 71 no-gost, 72 enable-heartbeats, 73 no-heartbeats, 74 no-hw, 75 no-hw-padlock, 76 no-idea, 77 no-makedepend, 78 enable-md2, 79 no-md2, 80 no-md4, 81 no-mdc2, 82 no-msan, 83 no-multiblock, 84 no-nextprotoneg, 85 no-ocb, 86 no-padlockeng, 87 no-pic, 88 no-poly1305, 89 no-posix-io, 90 no-psk, 91 no-rc2, 92 no-rc4, 93 enable-rc5, 94 no-rc5, 95 no-rdrand, 96 no-rfc3779, 97 no-ripemd, 98 no-rmd160, 99 no-scrypt, 100 no-secure-memory, 101 no-seed, 102 no-shared, 103 no-siphash, 104 no-siv, 105 no-sm2, 106 no-sm2-precomp, 107 no-sm3, 108 no-sm4, 109 no-sock, 110 no-sse2, 111 no-ssl, 112 no-ssl3, 113 no-ssl3-method, 114 no-ssl-trace, 115 no-static-engine no-shared, 116 no-tests, 117 enable-tfo, 118 no-tls1, 119 no-tls1_1, 120 no-tls1_1-method, 121 no-tls1_2-method, 122 no-tls1-method, 123 no-trace, 124 no-ubsan, 125 no-ui-console, 126 no-unit-test, 127 enable-unit-test, 128 no-uplink, 129 no-weak-ssl-ciphers, 130 no-whirlpool, 131 no-zlib, 132 enable-zlib-dynamic, 133 no-zlib-dynamic, 134 -DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING, 135 -DSSL3_ALIGN_PAYLOAD=4 136 ] 137 runs-on: ubuntu-latest 138 steps: 139 - uses: actions/checkout@v4 140 - name: checkout fuzz/corpora submodule 141 run: git submodule update --init --depth 1 fuzz/corpora 142 - name: config 143 run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }} 144 - name: config dump 145 run: ./configdata.pm --dump 146 - name: make 147 run: make -s -j4 148 - name: get cpu info 149 run: | 150 cat /proc/cpuinfo 151 if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi 152 - name: make test 153 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 154 155 run-checker-sctp: 156 runs-on: ubuntu-latest 157 steps: 158 - uses: actions/checkout@v4 159 - name: checkout fuzz/corpora submodule 160 run: git submodule update --init --depth 1 fuzz/corpora 161 - name: Install Dependencies for sctp option 162 run: | 163 sudo apt-get update 164 sudo apt-get -yq install lksctp-tools libsctp-dev 165 166 - name: Check SCTP and enable auth 167 id: sctp_auth 168 continue-on-error: true 169 run: | 170 checksctp 171 sudo sysctl -w net.sctp.auth_enable=1 172 173 - name: config 174 if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' 175 run: CC=clang ./config --banner=Configured --strict-warnings enable-sctp 176 177 - name: config dump 178 if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' 179 run: ./configdata.pm --dump 180 181 - name: make 182 if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' 183 run: make -s -j4 184 185 - name: get cpu info 186 run: | 187 cat /proc/cpuinfo 188 ./util/opensslwrap.sh version -c 189 190 - name: make test 191 if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success' 192 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 193 194 jitter: 195 runs-on: ubuntu-latest 196 steps: 197 - name: checkout openssl 198 uses: actions/checkout@v4 199 - name: checkout jitter 200 uses: actions/checkout@v4 201 with: 202 repository: smuellerDD/jitterentropy-library 203 ref: v3.5.0 204 path: jitter 205 - name: build jitter 206 run: make -C jitter/ 207 - name: checkout fuzz/corpora submodule 208 run: git submodule update --init --depth 1 fuzz/corpora 209 - name: config 210 run: ./config --with-rand-seed=none enable-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump 211 - name: make 212 run: make -s -j4 213 - name: get cpu info 214 run: | 215 cat /proc/cpuinfo 216 ./util/opensslwrap.sh version -c 217 - name: make test 218 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 219 220 enable_brotli_dynamic: 221 runs-on: ubuntu-latest 222 steps: 223 - name: install brotli 224 run: | 225 sudo apt-get update 226 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev 227 - name: checkout openssl 228 uses: actions/checkout@v4 229 - name: checkout fuzz/corpora submodule 230 run: git submodule update --init --depth 1 fuzz/corpora 231 - name: config 232 run: ./config enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump 233 - name: make 234 run: make -s -j4 235 - name: get cpu info 236 run: | 237 cat /proc/cpuinfo 238 ./util/opensslwrap.sh version -c 239 - name: make test 240 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 241 242 enable_zstd_dynamic: 243 runs-on: ubuntu-latest 244 steps: 245 - name: install zstd 246 run: | 247 sudo apt-get update 248 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev 249 - name: checkout openssl 250 uses: actions/checkout@v4 251 - name: checkout fuzz/corpora submodule 252 run: git submodule update --init --depth 1 fuzz/corpora 253 - name: config 254 run: ./config enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump 255 - name: make 256 run: make -s -j4 257 - name: get cpu info 258 run: | 259 cat /proc/cpuinfo 260 ./util/opensslwrap.sh version -c 261 - name: make test 262 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 263 264 enable_brotli_and_zstd_dynamic: 265 runs-on: ubuntu-latest 266 steps: 267 - name: install brotli and zstd 268 run: | 269 sudo apt-get update 270 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev 271 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev 272 - name: checkout openssl 273 uses: actions/checkout@v4 274 - name: checkout fuzz/corpora submodule 275 run: git submodule update --init --depth 1 fuzz/corpora 276 - name: config 277 run: ./config enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump 278 - name: make 279 run: make -s -j4 280 - name: get cpu info 281 run: | 282 cat /proc/cpuinfo 283 ./util/opensslwrap.sh version -c 284 - name: make test 285 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 286 287 enable_brotli_and_asan_ubsan: 288 runs-on: ubuntu-latest 289 steps: 290 - name: install brotli 291 run: | 292 sudo apt-get update 293 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev 294 - name: checkout openssl 295 uses: actions/checkout@v4 296 - name: checkout fuzz/corpora submodule 297 run: git submodule update --init --depth 1 fuzz/corpora 298 - name: Adjust ASLR for sanitizer 299 run: | 300 sudo cat /proc/sys/vm/mmap_rnd_bits 301 sudo sysctl -w vm.mmap_rnd_bits=28 302 - name: config 303 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump 304 - name: make 305 run: make -s -j4 306 - name: get cpu info 307 run: | 308 cat /proc/cpuinfo 309 ./util/opensslwrap.sh version -c 310 - name: make test 311 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 312 313 enable_zstd_and_asan_ubsan: 314 runs-on: ubuntu-latest 315 steps: 316 - name: install zstd 317 run: | 318 sudo apt-get update 319 sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev 320 - name: checkout openssl 321 uses: actions/checkout@v4 322 - name: checkout fuzz/corpora submodule 323 run: git submodule update --init --depth 1 fuzz/corpora 324 - name: Adjust ASLR for sanitizer 325 run: | 326 sudo cat /proc/sys/vm/mmap_rnd_bits 327 sudo sysctl -w vm.mmap_rnd_bits=28 328 - name: config 329 run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump 330 - name: make 331 run: make -s -j4 332 - name: get cpu info 333 run: | 334 cat /proc/cpuinfo 335 ./util/opensslwrap.sh version -c 336 - name: make test 337 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0 338 339 enable_tfo: 340 strategy: 341 matrix: 342 os: [ ubuntu-latest, macos-13, macos-14 ] 343 runs-on: ${{matrix.os}} 344 steps: 345 - uses: actions/checkout@v4 346 - name: checkout fuzz/corpora submodule 347 run: git submodule update --init --depth 1 fuzz/corpora 348 - name: config 349 run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump 350 - name: make 351 run: make -s -j4 352 - name: get cpu info 353 run: ./util/opensslwrap.sh version -c 354 - name: make test 355 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 356 357 enable_buildtest: 358 runs-on: ubuntu-latest 359 steps: 360 - uses: actions/checkout@v4 361 - name: checkout fuzz/corpora submodule 362 run: git submodule update --init --depth 1 fuzz/corpora 363 - name: config 364 run: ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump 365 - name: make 366 run: make -s -j4 367 - name: get cpu info 368 run: | 369 cat /proc/cpuinfo 370 ./util/opensslwrap.sh version -c 371 - name: make test 372 run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} 373