Ensure service indicator is incremented only once, update RSA and ED25519 to ensure the state is locked #4783
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: General CI Tests | |
| on: | |
| push: | |
| branches: [ '*' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| env: | |
| GOPROXY: https://proxy.golang.org,direct | |
| SDE_MIRROR_URL: "https://downloadmirror.intel.com/831748/sde-external-9.44.0-2024-08-22-win.tar.xz" | |
| SDE_VERSION_TAG: sde-external-9.44.0-2024-08-22-win | |
| PACKAGE_NAME: aws-lc | |
| # Used to enable ASAN test dimension. | |
| AWSLC_NO_ASM_FIPS: 1 | |
| jobs: | |
| # MacOS and Windows GHA runners are more expensive, so we do a sanity test run before proceeding. | |
| sanity-test-run: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Git clone the repository | |
| uses: actions/checkout@v3 | |
| - name: Sanity Test Run | |
| run: | | |
| sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none | |
| sudo apt-get install ninja-build | |
| cmake -GNinja -Btest_build_dir | |
| ninja -C test_build_dir run_tests | |
| macOS-x86: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - "macos-14-large" | |
| - "macos-13-large" | |
| - "macos-12-large" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Build ${{ env.PACKAGE_NAME }} | |
| run: | | |
| ./tests/ci/run_posix_tests.sh | |
| macOS-x86-FIPS: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - "macos-14-large" | |
| - "macos-13-large" | |
| - "macos-12-large" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Build ${{ env.PACKAGE_NAME }} with FIPS mode | |
| run: | | |
| ./tests/ci/run_fips_tests.sh | |
| macOS-ARM: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - "macos-14-xlarge" | |
| - "macos-13-xlarge" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Build ${{ env.PACKAGE_NAME }} | |
| run: | | |
| ./tests/ci/run_posix_tests.sh | |
| macOS-ARM-FIPS: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: | |
| - "macos-14-xlarge" | |
| - "macos-13-xlarge" | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Build ${{ env.PACKAGE_NAME }} with FIPS mode | |
| run: | | |
| ./tests/ci/run_fips_tests.sh | |
| MSVC-2019: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| runs-on: aws-lc_windows-2019_8-core | |
| steps: | |
| - name: Git clone the repository | |
| uses: actions/checkout@v3 | |
| - name: Build Windows Dependencies | |
| run: | | |
| choco install ninja --version 1.9.0.20190208 -y && | |
| choco install nasm --version 2.14.02 -y | |
| - name: Run Windows Tests on MSVC-2019 | |
| run: | | |
| .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x64 | |
| MSVC-2022: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| runs-on: aws-lc_windows-latest_8-core | |
| steps: | |
| - name: Git clone the repository | |
| uses: actions/checkout@v3 | |
| - name: Build Windows Dependencies | |
| run: | | |
| choco install ninja --version 1.9.0.20190208 -y && | |
| choco install nasm --version 2.14.02 -y | |
| - name: Run Windows Tests on MSVC-2022 | |
| run: | | |
| .\tests\ci\run_windows_tests.bat "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" x64 | |
| MSVC-SDE-64-bit: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| # TODO: Update this to run on windows-2022. windows-2022 (Windows 11) has phased out support for older processors. | |
| # https://learn.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors | |
| runs-on: aws-lc_windows-2019_64-core | |
| steps: | |
| - name: Git clone the repository | |
| uses: actions/checkout@v3 | |
| - name: Build Windows Dependencies | |
| run: | | |
| choco install ninja --version 1.9.0.20190208 -y && | |
| choco install nasm --version 2.14.02 -y | |
| - name: Install SDE simulator | |
| run: | | |
| curl -SL --output temp.tar.xz ${{ env.SDE_MIRROR_URL }} | |
| 7z x temp.tar.xz | |
| 7z x temp.tar | |
| ren ${{ env.SDE_VERSION_TAG }} windows-sde | |
| del temp.tar.xz | |
| del temp.tar | |
| - name: Run Windows SDE Tests for 64 bit | |
| run: | | |
| $env:SDEROOT = "${PWD}\windows-sde" | |
| echo ${env:SDEROOT} | |
| .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x64 true | |
| gcc-ubuntu-2004-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| gccversion: | |
| - "10" | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: gcc-${{ matrix.gccversion }} | |
| cxx-compiler: g++-${{ matrix.gccversion }} | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| run: cmake --build ./build --target run_tests | |
| gcc-ubuntu-2204-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| gccversion: | |
| - "10" | |
| - "11" | |
| - "12" | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: gcc-${{ matrix.gccversion }} | |
| cxx-compiler: g++-${{ matrix.gccversion }} | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| run: cmake --build ./build --target run_tests | |
| gcc-ubuntu-2404-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [ sanity-test-run ] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| gccversion: | |
| - "12" | |
| - "13" | |
| - "14" | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: gcc-${{ matrix.gccversion }} | |
| cxx-compiler: g++-${{ matrix.gccversion }} | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| # TODO: Re-enable gcc-14/FIPS build once delocator updated | |
| if: ${{ !( matrix.gccversion == '14' && matrix.fips == '1' ) }} | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| # TODO: Re-enable gcc-14/FIPS build once delocator updated | |
| if: ${{ !( matrix.gccversion == '14' && matrix.fips == '1' ) }} | |
| run: cmake --build ./build --target run_tests | |
| gcc-13-pedantic: | |
| if: github.repository_owner == 'aws' | |
| needs: [ sanity-test-run ] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: gcc-13 | |
| cxx-compiler: g++-13 | |
| options: CMAKE_BUILD_TYPE=Release CMAKE_C_FLAGS=-pedantic CMAKE_CXX_FLAGS=-pedantic | |
| - name: Build Crypto | |
| run: cmake --build ./build --target crypto | |
| - name: Build SSL | |
| run: cmake --build ./build --target ssl | |
| clang-19-pedantic: | |
| if: github.repository_owner == 'aws' | |
| needs: [ sanity-test-run ] | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install clang-19 | |
| run: | | |
| wget https://apt.llvm.org/llvm.sh | |
| chmod u+x llvm.sh | |
| sudo ./llvm.sh 19 | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: clang-19 | |
| cxx-compiler: clang++-19 | |
| options: CMAKE_BUILD_TYPE=Release CMAKE_C_FLAGS=-pedantic CMAKE_CXX_FLAGS=-pedantic | |
| - name: Build Crypto | |
| run: cmake --build ./build --target crypto | |
| - name: Build SSL | |
| run: cmake --build ./build --target ssl | |
| clang-ubuntu-2004-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| clangversion: | |
| - "10" | |
| - "11" | |
| - "12" | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: clang-${{ matrix.clangversion }} | |
| cxx-compiler: clang++-${{ matrix.clangversion }} | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| run: cmake --build ./build --target run_tests | |
| clang-ubuntu-2204-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| clangversion: | |
| - "13" | |
| - "14" | |
| - "15" | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: clang-${{ matrix.clangversion }} | |
| cxx-compiler: clang++-${{ matrix.clangversion }} | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| run: cmake --build ./build --target run_tests | |
| clang-ubuntu-2404-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| clangversion: | |
| - "16" | |
| - "17" | |
| - "18" | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: clang-${{ matrix.clangversion }} | |
| cxx-compiler: clang++-${{ matrix.clangversion }} | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| run: cmake --build ./build --target run_tests | |
| clang-19-sanity: | |
| if: github.repository_owner == 'aws' | |
| needs: [ sanity-test-run ] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| fips: | |
| - "0" | |
| - "1" | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-go@v4 | |
| with: | |
| go-version: '>=1.18' | |
| - name: Install clang-19 | |
| run: | | |
| wget https://apt.llvm.org/llvm.sh | |
| chmod u+x llvm.sh | |
| sudo ./llvm.sh 19 | |
| - name: Setup CMake | |
| uses: threeal/[email protected] | |
| with: | |
| generator: Ninja | |
| c-compiler: clang-19 | |
| cxx-compiler: clang++-19 | |
| options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release | |
| - name: Build Project | |
| run: cmake --build ./build --target all | |
| - name: Run tests | |
| run: cmake --build ./build --target run_tests | |
| OpenBSD: | |
| needs: [sanity-test-run] | |
| runs-on: ubuntu-latest | |
| name: OpenBSD ${{ matrix.version }} (${{ matrix.arch }}) test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: ["x86-64", "arm64"] | |
| version: ["7.5", "7.6"] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: OpenBSD | |
| uses: cross-platform-actions/action@595d543e5d1aeb6d48c0a176965028afe56c7018 | |
| env: | |
| AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5 | |
| AWS_LC_GO_TEST_TIMEOUT: 120m | |
| with: | |
| environment_variables: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT | |
| operating_system: openbsd | |
| cpu_count: 3 | |
| memory: 12G | |
| architecture: ${{ matrix.arch }} | |
| version: "${{ matrix.version }}" | |
| shell: bash | |
| run: | | |
| set -x | |
| sudo pkg_add cmake ninja go gmake | |
| sudo pfctl -d | |
| mkdir "${HOME}/bin" | |
| ln -s /usr/local/bin/gmake "${HOME}/bin/make" | |
| cat << EOF | sudo tee /etc/login.conf.d/unlimited | |
| unlimited:\ | |
| :datasize-cur=infinity:\ | |
| :datasize-max=infinity:\ | |
| :stacksize-cur=infinity:\ | |
| :stacksize-max=infinity:\ | |
| :memoryuse-cur=infinity:\ | |
| :memoryuse-max=infinity:\ | |
| :maxproc-cur=infinity:\ | |
| :maxproc-max=infinity:\ | |
| :openfiles-cur=infinity:\ | |
| :openfiles-max=infinity:\ | |
| :cpuuse-cur=infinity:\ | |
| :cpuuse-max=infinity:\ | |
| :priority=0:\ | |
| :ignoretime: | |
| EOF | |
| sudo usermod -L unlimited runner | |
| sudo su -c unlimited -s /usr/local/bin/bash -l runner <<EOF | |
| set -x | |
| export AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS=${AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS} | |
| export AWS_LC_GO_TEST_TIMEOUT=${AWS_LC_GO_TEST_TIMEOUT} | |
| cd $(pwd) | |
| export PATH="${HOME}/bin:${PATH}" | |
| env | |
| tests/ci/run_bsd_tests.sh | |
| EOF | |
| gcc-4_8: | |
| needs: [sanity-test-run] | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build Docker Image | |
| working-directory: .github/docker_images/gcc-4.8 | |
| run: | | |
| docker build -t "gcc-4.8" . | |
| - name: Build using pre-generated assembly | |
| run: | | |
| docker run -v "${{ github.workspace }}:/awslc" "gcc-4.8" | |
| alpine-linux-x86: | |
| needs: [sanity-test-run] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| tests: [ | |
| /awslc/tests/ci/run_fips_tests.sh, | |
| /awslc/tests/ci/run_posix_tests.sh | |
| ] | |
| compiler: [ | |
| --build-arg CC=clang --build-arg CXX=clang++, | |
| --build-arg CC=gcc --build-arg CXX=g++ | |
| ] | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Build Docker Image | |
| working-directory: .github/docker_images/alpine-linux | |
| run: | | |
| docker build -t alpine_linux ${{ matrix.compiler }} . | |
| - name: Run tests | |
| run: | | |
| docker run -v "${{ github.workspace }}:/awslc" \ | |
| alpine_linux ${{ matrix.tests }} | |
| # TODO: Investigate sudden hanging tests and failures in GHA runners (P114059413) | |
| # MSVC-SDE-32-bit: | |
| # needs: [sanity-test-run] | |
| # runs-on: aws-lc_windows-2019_64-core | |
| # steps: | |
| # - name: Git clone the repository | |
| # uses: actions/checkout@v3 | |
| # | |
| # - name: Build Windows Dependencies | |
| # run: | | |
| # choco install ninja --version 1.9.0.20190208 -y && | |
| # choco install nasm --version 2.14.02 -y | |
| # | |
| # - name: Install SDE simulator | |
| # run: | | |
| # curl -SL --output temp.tar.xz ${{ env.SDE_MIRROR_URL }} | |
| # 7z x temp.tar.xz | |
| # 7z x temp.tar | |
| # ren ${{ env.SDE_VERSION_TAG }} windows-sde | |
| # del temp.tar.xz | |
| # del temp.tar | |
| # | |
| # - name: Run Windows SDE Tests for 32 bit | |
| # run: | | |
| # $env:SDEROOT = "${PWD}\windows-sde" | |
| # echo ${env:SDEROOT} | |
| # .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 true | |
| # | |
| freebsd: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| name: FreeBSD ${{ matrix.version }} (${{ matrix.arch }}) test | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| arch: | |
| - 'x86-64' | |
| - 'arm64' | |
| version: | |
| - '13.3' | |
| - '14.1' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - name: Prepare VM | |
| uses: cross-platform-actions/[email protected] | |
| env: | |
| AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5 | |
| AWS_LC_GO_TEST_TIMEOUT: 90m | |
| GOFLAGS: "-buildvcs=false" | |
| with: | |
| environment_variables: 'AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT GOFLAGS' | |
| operating_system: freebsd | |
| architecture: ${{ matrix.arch }} | |
| version: ${{ matrix.version }} | |
| shell: bash | |
| memory: 12G | |
| cpu_count: 3 | |
| run: | | |
| sudo pkg install -y git gmake cmake go ninja | |
| tests/ci/run_bsd_tests.sh | |
| # Temporary to test the x509-limbo patch and building of the reporting tool. | |
| # This will move into a separate project in the next PR. But doing this for now to | |
| # cutdown the review size. | |
| x509-limbo-tooling: | |
| if: github.repository_owner == 'aws' | |
| needs: [sanity-test-run] | |
| name: x509-limbo tooling | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: 'recursive' | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.13' | |
| - name: Verify x509-limbo patch and reporting tool | |
| run: | | |
| ./tests/ci/run_x509_limbo.sh |