Skip to content

New X509D2iError to improve error checking for X509_ext_get_d2i() #2263

New X509D2iError to improve error checking for X509_ext_get_d2i()

New X509D2iError to improve error checking for X509_ext_get_d2i() #2263

Workflow file for this run

name: CI
on:
pull_request:
branches:
- master
push:
branches:
- master
env:
RUSTFLAGS: -Dwarnings
RUST_BACKTRACE: 1
concurrency:
group: ${{ github.ref }}
cancel-in-progress: true
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
rustfmt:
name: rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: sfackler/actions/rustup@master
- uses: sfackler/actions/rustfmt@master
clippy:
name: clippy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: sfackler/actions/rustup@master
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
id: rust-version
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/index
key: index-${{ runner.os }}-${{ github.run_number }}
restore-keys: |
index-${{ runner.os }}-
- run: cargo generate-lockfile
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/cache
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo fetch
- uses: actions/cache@v4
with:
path: target
key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo clippy --all --all-targets
min-version:
name: min-version
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Remember to also update `--rust-target` in `openssl-sys/build/run_bindgen.rs`
- uses: sfackler/actions/rustup@master
with:
version: 1.56.0
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
id: rust-version
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/index
key: index-${{ runner.os }}-${{ github.run_number }}
restore-keys: |
index-${{ runner.os }}-
- run: cargo generate-lockfile
- run: |
cargo update -p cc --precise 1.0.94
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/cache
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo fetch
- uses: actions/cache@v4
with:
path: target
key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo check -p openssl
windows-vcpkg:
name: windows-vcpkg
runs-on: windows-latest
steps:
- uses: actions/checkout@v4
- uses: sfackler/actions/rustup@master
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
id: rust-version
- run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
- run: vcpkg install openssl:x64-windows-static-md
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/index
key: index-${{ runner.os }}-${{ github.run_number }}
restore-keys: |
index-${{ runner.os }}-
- run: cargo generate-lockfile
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/cache
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo fetch
- uses: actions/cache@v4
with:
path: target
key: target-${{ github.job }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
# - run: cargo run -p systest
- run: cargo test -p openssl
- run: cargo test -p openssl-errors
macos-homebrew:
name: macos-homebrew
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
- uses: sfackler/actions/rustup@master
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
id: rust-version
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/index
key: index-${{ runner.os }}-${{ github.run_number }}
restore-keys: |
index-${{ runner.os }}-
- run: cargo generate-lockfile
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/cache
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo fetch
- run: cargo run -p systest
- run: cargo test -p openssl
- run: cargo test -p openssl-errors
linux:
strategy:
fail-fast: false
matrix:
target:
- x86_64-unknown-linux-gnu
- i686-unknown-linux-gnu
- arm-unknown-linux-gnueabihf
bindgen:
- true
- false
library:
- name: boringssl
version: 2db0eb3f96a5756298dcd7f9319e56a98585bd10
- name: openssl
version: vendored
- name: openssl
version: 3.3.0
- name: openssl
version: 3.2.0
dl-path: /
- name: openssl
version: 1.1.1w
dl-path: /
- name: openssl
version: 1.1.0l
dl-path: /old/1.1.0
- name: openssl
version: 1.0.2u
dl-path: /old/1.0.2
- name: openssl
version: 1.0.1u
dl-path: /old/1.0.1
include:
- target: x86_64-unknown-linux-gnu
bindgen: true
library:
name: libressl
version: 2.5.5
- target: x86_64-unknown-linux-gnu
bindgen: true
library:
name: libressl
version: 3.7.3
- target: x86_64-unknown-linux-gnu
bindgen: true
library:
name: libressl
version: 3.8.3
- target: x86_64-unknown-linux-gnu
bindgen: true
library:
name: libressl
version: 3.9.1
- target: x86_64-unknown-linux-gnu
bindgen: false
library:
name: libressl
version: 2.5.5
- target: x86_64-unknown-linux-gnu
bindgen: false
library:
name: libressl
version: 3.7.3
- target: x86_64-unknown-linux-gnu
bindgen: false
library:
name: libressl
version: 3.8.3
- target: x86_64-unknown-linux-gnu
bindgen: false
library:
name: libressl
version: 3.9.1
name: ${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ matrix.bindgen }}
runs-on: ubuntu-latest
env:
OPENSSL_DIR: /opt/openssl
CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_LINKER: arm-linux-gnueabihf-gcc
CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_AR: arm-linux-gnueabihf-ar
CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABIHF_RUNNER: qemu-arm -L /usr/arm-linux-gnueabihf
steps:
- uses: actions/checkout@v4
- uses: sfackler/actions/rustup@master
- run: echo "version=$(rustc --version)" >> $GITHUB_OUTPUT
id: rust-version
- run: rustup target add ${{ matrix.target }}
- name: Install packages
run: |
case "${{ matrix.target }}" in
"x86_64-unknown-linux-gnu")
exit 0
;;
"i686-unknown-linux-gnu")
packages="gcc-multilib g++-multilib"
;;
"arm-unknown-linux-gnueabihf")
packages="gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf qemu-user"
;;
esac
sudo apt-get update
sudo apt-get install -y $packages
- run: sudo apt-get remove -y libssl-dev
- uses: actions/cache@v4
with:
path: /opt/openssl
key: openssl-${{ matrix.target }}-${{ matrix.library.name }}-${{ matrix.library.version }}-6
if: matrix.library.version != 'vendored'
id: openssl-cache
- run: |
echo "RUST_TEST_THREADS=1" >> $GITHUB_ENV
echo BINDGEN_EXTRA_CLANG_ARGS="--sysroot /usr/arm-linux-gnueabihf" >> $GITHUB_ENV
if: matrix.target == 'arm-unknown-linux-gnueabihf'
- name: Build OpenSSL
run: |
case "${{ matrix.library.name }}" in
"openssl")
url="https://www.openssl.org/source${{ matrix.library.dl-path }}/openssl-${{ matrix.library.version }}.tar.gz"
tar_flags="--strip-components=1"
;;
"libressl")
url="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-${{ matrix.library.version }}.tar.gz"
tar_flags="--strip-components=1"
;;
"boringssl")
url="https://boringssl.googlesource.com/boringssl/+archive/${{ matrix.library.version }}.tar.gz"
tar_flags=""
;;
esac
case "${{ matrix.target}}" in
"x86_64-unknown-linux-gnu")
OS_COMPILER=linux-x86_64
OS_FLAGS=""
;;
"i686-unknown-linux-gnu")
OS_COMPILER=linux-elf
OS_FLAGS="-m32 -msse2"
;;
"arm-unknown-linux-gnueabihf")
OS_COMPILER=linux-armv4
OS_FLAGS=""
export AR=arm-linux-gnueabihf-ar
export CC=arm-linux-gnueabihf-gcc
export CXX=arm-linux-gnueabihf-g++
;;
esac
mkdir /tmp/build
cd /tmp/build
curl -L $url | tar $tar_flags -xzf -
case "${{ matrix.library.name }}" in
"openssl")
./Configure --prefix=$OPENSSL_DIR --libdir=lib $OS_COMPILER -fPIC -g $OS_FLAGS no-shared
make
make install_sw
;;
"libressl")
./configure --prefix=$OPENSSL_DIR --disable-shared --with-pic
make
make install_sw
;;
"boringssl")
mkdir build
cd build
echo "set(CMAKE_SYSTEM_NAME Linux)" > toolchain.cmake
echo "set(CMAKE_SYSTEM_PROCESSOR $cpu)" >> toolchain.cmake
echo "set(triple ${{ matrix.target }})" >> toolchain.cmake
echo 'set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} '$OS_FLAGS '" CACHE STRING "c++ flags")' >> toolchain.cmake
echo 'set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} '$OS_FLAGS '" CACHE STRING "c flags")' >> toolchain.cmake
echo 'set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} '$OS_FLAGS '" CACHE STRING "asm flags")' >> toolchain.cmake
cmake .. -DCMAKE_POSITION_INDEPENDENT_CODE=ON -DRUST_BINDINGS="${{ matrix.target }}" -DCMAKE_INSTALL_PREFIX="${OPENSSL_DIR}" -DCMAKE_TOOLCHAIN_FILE=toolchain.cmake
make -j "$(nproc)"
make install
# Copy stuff around so it's all as the build system expects.
cp -r ../rust/ "$OPENSSL_DIR/rust"
cp -r ./ "$OPENSSL_DIR/build"
esac
if: matrix.library.version != 'vendored' && !steps.openssl-cache.outputs.cache-hit
- run: |
mkdir -p .cargo
echo '[patch.crates-io]' > .cargo/config.toml
echo 'bssl-sys = { path = "'$OPENSSL_DIR'/rust/bssl-sys" }' >> .cargo/config.toml
if: matrix.library.name == 'boringssl' && !matrix.bindgen
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/index
key: index-${{ runner.os }}-${{ github.run_number }}
restore-keys: |
index-${{ runner.os }}-
- run: cargo generate-lockfile
- uses: actions/cache@v4
with:
path: ~/.cargo/registry/cache
key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- run: cargo fetch
- uses: actions/cache@v4
with:
path: target
key: target-${{ matrix.target }}-${{ matrix.bindgen }}-${{ matrix.library.name }}-${{ matrix.library.version }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }}
- name: Run systest
run: |
if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
features="--features vendored"
fi
if [[ "${{ matrix.bindgen }}" == "true" && "${{ matrix.library.name }}" != "boringssl" ]]; then
features="$features --features bindgen"
fi
cargo run --manifest-path=systest/Cargo.toml --target ${{ matrix.target }} $features
if: matrix.library.name != 'boringssl'
- name: Test openssl
run: |
if [[ "${{ matrix.library.name }}" == "boringssl" && "${{ matrix.bindgen }}" != "true" ]]; then
features="--features unstable_boringssl"
BORINGSSL_BUILD_DIR="$OPENSSL_DIR/build/"
fi
if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
features="--features vendored"
fi
if [[ "${{ matrix.bindgen }}" == "true" ]]; then
features="$features --features bindgen"
fi
cargo test --manifest-path=openssl/Cargo.toml --target ${{ matrix.target }} $features
- name: Test openssl-errors
run: |
if [[ "${{ matrix.library.version }}" == "vendored" ]]; then
features="--features openssl-sys/vendored"
fi
if [[ "${{ matrix.bindgen }}" == "true" ]]; then
features="$features --features openssl-sys/bindgen"
fi
cargo test --manifest-path=openssl-errors/Cargo.toml --target ${{ matrix.target }} $features
if: matrix.library.name != 'boringssl'