Skip to content

P-256 ECDSA verification: Use BoringSSL's W-NAF-based implementation. #2421

P-256 ECDSA verification: Use BoringSSL's W-NAF-based implementation.

P-256 ECDSA verification: Use BoringSSL's W-NAF-based implementation. #2421

Workflow file for this run

name: ci
permissions:
contents: read
on:
pull_request:
push:
jobs:
rustfmt:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
components: rustfmt
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: cargo fmt --all -- --check
clippy:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
components: clippy
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: mk/clippy.sh
audit:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
- uses: briansmith/actions-cache@v2
with:
path: |
~/.cargo/bin/cargo-audit
~/.cargo/.crates.toml
~/.cargo/.crates2.json
key: ${{ runner.os }}-v2-cargo-audit-0.17.4
# With `--locked` `cargo install` complains about using yanked crates.
- run: cargo install cargo-audit --vers "0.17.4"
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: cargo generate-lockfile
- run: cargo audit --deny warnings
deny:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
- uses: briansmith/actions-cache@v2
with:
path: |
~/.cargo/bin/cargo-deny
~/.cargo/.crates.toml
~/.cargo/.crates2.json
key: ${{ runner.os }}-v2-cargo-deny-locked-0.9.1
- run: cargo install cargo-deny --locked --vers "0.9.1"
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: cargo deny check
# Verify that documentation builds.
rustdoc:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
strategy:
matrix:
rust_channel:
- stable
- beta
- nightly
include:
- target: x86_64-unknown-linux-gnu
steps:
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
toolchain: ${{ matrix.rust_channel }}
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: |
cargo doc --all-features
package:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: windows-latest
steps:
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: ./mk/install-build-tools.ps1
- uses: briansmith/actions-rs-toolchain@v1
with:
toolchain: stable
profile: minimal
- run: echo "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
shell: bash
- run: sh mk/package.sh
shell: bash
# Intentionally excludes benchmarks for build performance reasons.
test:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
strategy:
matrix:
# XXX: See `test-features` below.
features:
- # Default
target:
- aarch64-apple-ios
- aarch64-apple-darwin
- aarch64-linux-android
- aarch64-pc-windows-msvc
- aarch64-unknown-linux-gnu
- aarch64-unknown-linux-musl
- arm-unknown-linux-gnueabi
- armv7-linux-androideabi
- armv7-unknown-linux-musleabihf
- i686-pc-windows-msvc
- i686-unknown-linux-gnu
- i686-unknown-linux-musl
- powerpc-unknown-linux-gnu
- riscv64gc-unknown-linux-gnu
- wasm32-wasi
- x86_64-pc-windows-gnu
- x86_64-pc-windows-msvc
- x86_64-apple-darwin
- x86_64-unknown-linux-musl
- x86_64-unknown-linux-gnu
mode:
- # debug
- --release
rust_channel:
- stable
# Keep in sync with Cargo.toml and similar `rust_channel` sections.
- 1.61.0 # MSRV
# TODO: Move these to a daily/pre-release job.
# - nightly
# - beta
include:
- target: aarch64-apple-darwin
host_os: macos-12
# GitHub Actions doesn't have a way to run this target yet.
cargo_options: --no-run
- target: aarch64-apple-ios
host_os: macos-12
# GitHub Actions doesn't have a way to run this target yet.
cargo_options: --no-run
- target: aarch64-linux-android
host_os: ubuntu-22.04
# TODO: https://github.com/briansmith/ring/issues/486
cargo_options: --no-run
- target: aarch64-pc-windows-msvc
host_os: windows-latest
# GitHub Actions doesn't have a way to run this target yet.
cargo_options: --no-run
- target: aarch64-unknown-linux-gnu
host_os: ubuntu-22.04
- target: aarch64-unknown-linux-musl
host_os: ubuntu-22.04
- target: arm-unknown-linux-gnueabi
host_os: ubuntu-22.04
- target: armv7-linux-androideabi
host_os: ubuntu-22.04
# TODO: https://github.com/briansmith/ring/issues/838
cargo_options: --no-run
- target: armv7-unknown-linux-musleabihf
host_os: ubuntu-22.04
- target: i686-pc-windows-msvc
host_os: windows-latest
- target: i686-unknown-linux-gnu
host_os: ubuntu-22.04
- target: i686-unknown-linux-musl
host_os: ubuntu-22.04
- target: powerpc-unknown-linux-gnu
host_os: ubuntu-22.04
- target: riscv64gc-unknown-linux-gnu
host_os: ubuntu-22.04
- target: wasm32-wasi
host_os: ubuntu-22.04
- target: x86_64-pc-windows-gnu
host_os: windows-latest
- target: x86_64-pc-windows-msvc
host_os: windows-latest
- target: x86_64-apple-darwin
host_os: macos-12
- target: x86_64-unknown-linux-musl
host_os: ubuntu-22.04
- target: x86_64-unknown-linux-gnu
host_os: ubuntu-22.04
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}
- if: ${{ contains(matrix.host_os, 'windows') }}
run: ./mk/install-build-tools.ps1
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
toolchain: ${{ matrix.rust_channel }}
- if: ${{ matrix.target == 'aarch64-pc-windows-msvc' }}
run: |
echo "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
echo "RUSTFLAGS=-C target-feature=+crt-static" >> $GITHUB_ENV
shell: bash
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: |
mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- if: ${{ contains(matrix.host_os, 'windows') }}
run: |
cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# --all-targets doesn't run doctests: https://github.com/rust-lang/cargo/issues/6669
# Run doctests only on x86_64 to avoid cross-compilation hassles with `--no-run`.
- if: ${{ !contains(matrix.host_os, 'windows') && contains(matrix.target, 'x86_64') }}
run: |
mk/cargo.sh test -vv --doc --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# Check that all the needed symbol renaming was done.
# TODO: Do this check on Windows too.
# TODO: Check iOS too.
# TODO: Do this on Apple-hosted release builds too; currently these fail with:
# Unknown attribute kind (528)
# (Producer: 'LLVM12.0.0-rust-1.54.0-nightly'
# Reader: 'LLVM APPLE_1_1200.0.32.29_0')
- if: ${{ matrix.target != 'aarch64-apple-ios' &&
!contains(matrix.host_os, 'windows') &&
(!contains(matrix.host_os, 'macos') || matrix.mode != '--release') }}
run: mk/check-symbol-prefixes.sh --target=${{ matrix.target }}
test-bench:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ubuntu-22.04
steps:
- run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: mk/install-build-tools.sh --target=x86_64-unknown-linux-gnu
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
toolchain: stable
- run: cargo test -p ring-bench --all-features --all-targets
# XXX: GitHub Actions won't let us test all the combinations of features in
# the "test" matrix because the resultant matrix would be larger than the
# maximum they allow.
test-features:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
strategy:
matrix:
features:
- --no-default-features
- --features=std,slow_tests
target:
- aarch64-unknown-linux-musl
- i686-pc-windows-msvc
- x86_64-unknown-linux-gnu
mode:
- --release
rust_channel:
- stable
- nightly
# Keep in sync with Cargo.toml and similar `rust_channel` sections.
- 1.61.0 # MSRV
include:
- target: aarch64-unknown-linux-musl
host_os: ubuntu-22.04
- target: i686-pc-windows-msvc
host_os: windows-latest
- target: x86_64-unknown-linux-gnu
host_os: ubuntu-22.04
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}
- if: ${{ contains(matrix.host_os, 'windows') }}
run: ./mk/install-build-tools.ps1
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
toolchain: ${{ matrix.rust_channel }}
- if: ${{ matrix.target == 'aarch64-pc-windows-msvc' }}
run: |
echo "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH
shell: bash
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: |
mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- if: ${{ contains(matrix.host_os, 'windows') }}
run: |
cargo test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# --all-targets doesn't run doctests: https://github.com/rust-lang/cargo/issues/6669
# Run doctests only on x86_64 to avoid cross-compilation hassles with `--no-run`.
- if: ${{ !contains(matrix.host_os, 'windows') && contains(matrix.target, 'x86_64') }}
run: |
mk/cargo.sh test -vv --doc --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
# Check that all the needed symbol renaming was done.
# TODO: Do this check on Windows too.
# TODO: Check iOS too.
# TODO: Do this on Apple-hosted release builds too; currently these fail with:
# Unknown attribute kind (528)
# (Producer: 'LLVM12.0.0-rust-1.54.0-nightly'
# Reader: 'LLVM APPLE_1_1200.0.32.29_0')
- if: ${{ matrix.target != 'aarch64-apple-ios' &&
!contains(matrix.host_os, 'windows') &&
(!contains(matrix.host_os, 'macos') || matrix.mode != '--release') }}
run: mk/check-symbol-prefixes.sh --target=${{ matrix.target }}
# The wasm32-unknown-unknown targets have a different set of feature sets and
# an additional `webdriver` dimension.
test-wasm32-browser:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
strategy:
matrix:
features:
- --features=wasm32_unknown_unknown_js
- --no-default-features --features=wasm32_unknown_unknown_js
host_os:
- ubuntu-22.04
mode:
- # debug
- --release
rust_channel:
- stable
- beta
- nightly
target:
- wasm32-unknown-unknown
webdriver:
# TODO: Firefox is not in Ubuntu 22.04 images according to
# https://github.com/actions/runner-images/issues/5490 and our
# testing.
# - GECKODRIVER=$GECKOWEBDRIVER/geckodriver
- CHROMEDRIVER=$CHROMEWEBDRIVER/chromedriver
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- run: cargo generate-lockfile
- run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
toolchain: ${{ matrix.rust_channel }}
- run: |
${{ matrix.webdriver }} mk/cargo.sh test -vv --target=${{ matrix.target }} ${{ matrix.features }} ${{ matrix.mode }}
# Check that all the needed symbol renaming was done.
# TODO: Do this check on Windows too.
- run: mk/check-symbol-prefixes.sh --target=${{ matrix.target }}
coverage:
# Don't run duplicate `push` jobs for the repo owner's PRs.
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
runs-on: ${{ matrix.host_os }}
strategy:
fail-fast: false
matrix:
features:
# Enable all the library features so we can measure all the coverage.
# Don't enable `slow_tests` and other (test suite) features that are
# unuseful, or even counterproductive, for coverage testing.
# `slow_tests` is slow and it is running code that is already intended
# to be covered without it being enabled.
- --features=std
# TODO: targets
target:
- aarch64-unknown-linux-gnu # Has assembly
- i686-unknown-linux-gnu # Has assembly
# TODO: arm-unknown-linux-gnueabi # Has assembly but doesn't build w/ clang
# TODO: armv7-unknown-linux-gnueabihf # Has assembly but doesn't have profiler builtins
# TODO: powerpc-unknown-linux-gnu No assembly 32-bit big-endian but doesn't have profiler builtins
- powerpc64le-unknown-linux-gnu # No assembly 64-bit little-endian with flags
- riscv64gc-unknown-linux-gnu # No assembly 64-bit little-endian without flags
- s390x-unknown-linux-gnu # No assembly 64-bit big-endian
- x86_64-unknown-linux-musl # Has assembly
mode:
- # debug
# Coverage collection is Nightly-only
rust_channel:
- nightly
# TODO: targets
include:
# TODO: Use the -musl target after
# https://github.com/rust-lang/rust/issues/79556 and
# https://github.com/rust-lang/rust/issues/79555 are fixed.
- target: aarch64-unknown-linux-gnu
host_os: ubuntu-22.04
# TODO: Use the -musl target after
# https://github.com/rust-lang/rust/issues/79556 and
# https://github.com/rust-lang/rust/issues/79555 are fixed.
- target: i686-unknown-linux-gnu
host_os: ubuntu-22.04
- target: powerpc64le-unknown-linux-gnu
host_os: ubuntu-22.04
- target: riscv64gc-unknown-linux-gnu
host_os: ubuntu-22.04
- target: s390x-unknown-linux-gnu
host_os: ubuntu-22.04
- target: x86_64-unknown-linux-musl
host_os: ubuntu-22.04
# TODO: Add an ARM target after
# https://github.com/rust-lang/rust/issues/79555 is fixed. This may
# require https://github.com/rust-lang/rust/issues/79555 to be fixed
# too.
steps:
- if: ${{ contains(matrix.host_os, 'ubuntu') }}
run: sudo apt-get update -y
- uses: briansmith/actions-checkout@v2
with:
persist-credentials: false
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: RING_COVERAGE=1 mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }}
- uses: briansmith/actions-rs-toolchain@v1
with:
override: true
target: ${{ matrix.target }}
toolchain: ${{ matrix.rust_channel }}
- if: ${{ !contains(matrix.host_os, 'windows') }}
run: |
RING_COVERAGE=1 mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }}
- uses: briansmith/codecov-codecov-action@v3
with:
directory: ./target/${{ matrix.target }}/debug/coverage/reports
fail_ci_if_error: true
verbose: true