Merge branch 'Tongsuo-Project:master' into use_chain_file

daipingh · Oct 21, 2024 · 661574f · 661574f
2 parents f29f483 + 26b0fa5
commit 661574f
Show file tree

Hide file tree

Showing 223 changed files with 10,652 additions and 3,772 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -113,7 +113,11 @@ jobs:
   non-caching:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
     - name: make
@@ -124,7 +128,11 @@ jobs:
   address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-ec_nistp_64_gcc_128 enable-fips enable-cert-compression enable-bn-method enable-delegated-credential -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
@@ -135,7 +143,11 @@ jobs:
   ntls_address_ub_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-ec_nistp_64_gcc_128 enable-ec_sm2p_64_gcc_128 enable-ntls -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
@@ -146,7 +158,11 @@ jobs:
   memory_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
       run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-ec_nistp_64_gcc_128 enable-fips enable-cert-compression enable-delegated-credential enable-bn-method && perl configdata.pm --dump
@@ -158,7 +174,11 @@ jobs:
   ntls_memory_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
       run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-ec_nistp_64_gcc_128 enable-ec_sm2p_64_gcc_128 enable-ntls && perl configdata.pm --dump
@@ -170,7 +190,11 @@ jobs:
   threads_sanitizer:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
     - name: config
       run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
     - name: make
@@ -185,7 +209,7 @@ jobs:
     - name: modprobe tls
       run: sudo modprobe tls
     - name: config
-      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-ntls enable-optimize-chacha-choose enable-status enable-crypto-mdebug-count enable-cert-compression enable-delegated-credential enable-bn-method --with-rand-seed=getrandom,rtc && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-ntls enable-optimize-chacha-choose enable-status enable-crypto-mdebug-count enable-cert-compression enable-delegated-credential enable-bn-method --with-rand-seed=rtcode,rtmem,rtsock && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -268,7 +292,11 @@ jobs:
   EC_POINTs_api_test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Adjust ASLR for sanitizer
+        run: |
+          sudo cat /proc/sys/vm/mmap_rnd_bits
+          sudo sysctl -w vm.mmap_rnd_bits=28
       - name: config
         run: ./config --strict-warnings --debug --api=1.1.1 enable-asan enable-ubsan enable-ssl-trace enable-zlib enable-zlib-dynamic no-fips enable-engine enable-dynamic-engine no-deprecated && perl configdata.pm --dump
       - name: make
@@ -371,8 +399,11 @@ jobs:
         run: ./config enable-ntls enable-smtc enable-smtc-debug --strict-warnings && perl configdata.pm --dump
       - name: make
         run: make -s -j4
-      - name: make test
-        run: make test
+      - name: make test selected cases
+        run: |
+          make test TESTS="test_abort test_sanity test_symbol_presence test_test test_errstr test_internal_context \
+            test_internal_sm3 test_internal_sm4 test_smtc_rand_self_test test_mod test_mod_sm2 test_cli_smtc \
+            test_ntlssni test_tsapi test_sign_sm2 test_ntls"
       - name: make clean
         run: make clean
       - name: check dirty
@@ -394,7 +425,11 @@ jobs:
   sm2-threshold-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
+      - name: Adjust ASLR for sanitizer
+        run: |
+          sudo cat /proc/sys/vm/mmap_rnd_bits
+          sudo sysctl -w vm.mmap_rnd_bits=28
       - name: config
         run: CC=clang ./config --strict-warnings --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY enable-sm2_threshold && perl configdata.pm --dump
       - name: make

diff --git a/.github/workflows/compiler-zoo.yml b/.github/workflows/compiler-zoo.yml
@@ -76,8 +76,7 @@ jobs:
     - name: config
       run: |
         CC=${{ matrix.zoo.cc }} ./config --banner=Configured no-shared \
-            -Wall -Werror enable-ntls enable-smtc enable-smtc-debug \
-            --strict-warnings
+            -Wall -Werror enable-ntls --strict-warnings
 
     - name: config dump
       run: ./configdata.pm --dump

diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml
@@ -45,8 +45,11 @@ jobs:
       run: |
         sudo apt-get update
         sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
-    - uses: actions/checkout@v2
-
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - uses: actions/checkout@v4
     - name: config
       run: |
         CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \

diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -21,7 +21,7 @@ jobs:
         fuzz-seconds: 600
         dry-run: false
     - name: Upload Crash
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v4
       if: failure()
       with:
         name: artifacts

diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml
@@ -1,4 +1,4 @@
-# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
 #
 # Licensed under the Apache License 2.0 (the "License").  You may not use
 # this file except in compliance with the License.  You can obtain a copy
@@ -11,56 +11,154 @@ on:
   schedule:
     - cron: '0 5 * * *'
 
+permissions:
+  contents: read
+
 jobs:
-  unix:
+  alpine:
     strategy:
       fail-fast: false
       matrix:
-        os: [
-          macos-10.15,
-          macos-11,
-          ubuntu-18.04,
-          ubuntu-20.04,
-        ]
-    runs-on: ${{ matrix.os }}
+        tag: [edge, latest]
+        cc: [gcc, clang]
+        branch: [8.3-stable, 8.4-stable, master]
+    runs-on: ubuntu-latest
+    container:
+      image: docker.io/library/alpine:${{ matrix.tag }}
+    env:
+      # https://www.openwall.com/lists/musl/2022/02/16/14
+      EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || '' }}
+      CC: ${{ matrix.cc }}
     steps:
-    - uses: actions/checkout@v2
+    - name: install packages
+      run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ matrix.branch }}
     - name: config
       run: |
-        CC=${{ matrix.zoo.cc }} ./config --banner=Configured \
-            -Wall -Werror --strict-warnings enable-fips
+        ./config --banner=Configured no-shared -Wall -Werror enable-ntls --strict-warnings \
+                 ${EXTRA_CFLAGS}
     - name: config dump
       run: ./configdata.pm --dump
     - name: make
       run: make -s -j4
+    - name: get cpu info
+      run: |
+        cat /proc/cpuinfo
+        ./util/opensslwrap.sh version -c
     - name: make test
       run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
+  linux:
+    strategy:
+      fail-fast: false
+      matrix:
+        branch: [8.3-stable, 8.4-stable, master]
+        zoo:
+          - image: docker.io/library/debian:10
+            install: apt-get update && apt-get install -y gcc make perl
+          - image: docker.io/library/debian:11
+            install: apt-get update && apt-get install -y gcc make perl
+          - image: docker.io/library/debian:12
+            install: apt-get update && apt-get install -y gcc make perl
+          - image: docker.io/library/ubuntu:20.04
+            install: apt-get update && apt-get install -y gcc make perl
+          - image: docker.io/library/ubuntu:22.04
+            install: apt-get update && apt-get install -y gcc make perl
+          - image: docker.io/library/fedora:38
+            install: dnf install -y gcc make perl-core
+          - image: docker.io/library/fedora:39
+            install: dnf install -y gcc make perl-core
+          - image: docker.io/library/centos:8
+            install: |
+              sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
+              sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
+              dnf install -y gcc make perl-core
+          - image: docker.io/library/rockylinux:8
+            install: dnf install -y gcc make perl-core
+          - image: docker.io/library/rockylinux:9
+            install: dnf install -y gcc make perl-core
+    runs-on: ubuntu-latest
+    container: ${{ matrix.zoo.image }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ matrix.branch }}
+    - name: install packages
+      run: ${{ matrix.zoo.install }}
+    - name: config
+      run: ./config
+    - name: config dump
+      run: ./configdata.pm --dump
+    - name: make
+      run: make -j4
+    - name: get cpu info
+      run: |
+        cat /proc/cpuinfo
+        ./util/opensslwrap.sh version -c
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
+  macos:
+    strategy:
+      fail-fast: false
+      matrix:
+        branch: [8.3-stable, 8.4-stable, master]
+        os: [macos-12, macos-13, macos-14]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ matrix.branch }}
+    - name: config
+      run: ./config --banner=Configured -Wall -Werror --strict-warnings enable-ntls
+    - name: config dump
+      run: ./configdata.pm --dump
+    - name: make
+      run: make -s -j4
+    - name: get cpu info
+      run: |
+        sysctl machdep.cpu
+        ./util/opensslwrap.sh version -c
+    - name: make test
+      run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
+
   windows:
     strategy:
       fail-fast: false
       matrix:
-        os: [
-          windows-2019,
-          windows-2022
-        ]
+        branch: [8.3-stable, 8.4-stable, master]
+        os: [windows-2019, windows-2022]
     runs-on: ${{ matrix.os }}
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
+      with:
+        ref: ${{ matrix.branch }}
     - uses: ilammy/msvc-dev-cmd@v1
     - uses: ilammy/setup-nasm@v1
-    - uses: shogo82148/actions-setup-perl@v1
     - name: prepare the build directory
       run: mkdir _build
     - name: config
       working-directory: _build
-      run: |
-        perl ..\Configure --banner=Configured no-makedepend enable-fips
+      run: perl ..\Configure --banner=Configured no-makedepend enable-ntls
     - name: config dump
       working-directory: _build
       run: ./configdata.pm --dump
     - name: build
       working-directory: _build
       run: nmake /S
+    - name: download coreinfo
+      uses: suisei-cn/actions-download-file@v1.6.0
+      with:
+        url: "https://download.sysinternals.com/files/Coreinfo.zip"
+        target: _build/coreinfo/
+    - name: get cpu info
+      working-directory: _build
+      run: |
+        7z.exe x coreinfo/Coreinfo.zip
+        ./Coreinfo64.exe -accepteula -f
+        apps/openssl.exe version -c
     - name: test
       working-directory: _build
       run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml
@@ -32,8 +32,6 @@ jobs:
           no-tls1_3,
           enable-trace enable-fips,
           enable-ntls,
-          enable-smtc enable-smtc-debug,
-          enable-ntls enable-smtc enable-smtc-debug,
           no-ts,
           no-ui,
         ]

diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml
@@ -114,8 +114,6 @@ jobs:
           enable-zlib-dynamic,
           no-zlib-dynamic,
           enable-ntls,
-          enable-smtc enable-smtc-debug,
-          enable-ntls enable-smtc enable-smtc-debug,
           enable-ec_elgamal enable-twisted_ec_elgamal,
           enable-bulletproofs,
           enable-bulletproofs enable-nizk enable-zkp-gadget enable-ec_elgamal enable-twisted_ec_elgamal,

diff --git a/.github/workflows/run-checker-merge.yml b/.github/workflows/run-checker-merge.yml
@@ -27,12 +27,14 @@ jobs:
           enable-weak-ssl-ciphers,
           enable-zlib,
           enable-ntls,
-          enable-smtc enable-smtc-debug,
-          enable-ntls enable-smtc enable-smtc-debug,
         ]
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - name: Adjust ASLR for sanitizer
+      run: |
+        sudo cat /proc/sys/vm/mmap_rnd_bits
+        sudo sysctl -w vm.mmap_rnd_bits=28
+    - uses: actions/checkout@v4
     - name: config
       run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
     - name: config dump