Skip to content

Refactor openssl.FIPS to support third-party FIPS providers #815

Refactor openssl.FIPS to support third-party FIPS providers

Refactor openssl.FIPS to support third-party FIPS providers #815

Workflow file for this run

on: [push, pull_request]
name: Test
jobs:
test:
strategy:
fail-fast: false
matrix:
go-version: [1.22.x]
openssl-version: [1.0.2, 1.1.0, 1.1.1, 3.0.1, 3.0.13, 3.1.5, 3.2.1, 3.3.0, 3.3.1]
runs-on: ubuntu-20.04
steps:
- name: Install build tools
run: sudo apt-get install -y build-essential
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v3
- name: Install OpenSSL
run: sudo sh ./scripts/openssl.sh ${{ matrix.openssl-version }}
- name: Check headers
working-directory: ./cmd/checkheader
run: go run . --ossl-include /usr/local/src/openssl-${{ matrix.openssl-version }}/include -shim ../../shims.h
- name: Set OpenSSL config and prove FIPS
run: |
sudo cp ./scripts/openssl-3.cnf /usr/local/ssl/openssl.cnf
go test -v -count 0 . | grep -q "FIPS enabled: true"
if: ${{ matrix.openssl-version == '3.0.1' }}
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
- name: Run Test
# Run each test 10 times so the garbage collector chimes in
# and exercises the multiple finalizers we use.
# This can detect use-after-free and double-free issues.
run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
- name: Run Test with address sanitizer
run: |
ok=true
for t in $(go test ./... -list=. | grep '^Test'); do
go test ./... -gcflags=all=-d=checkptr -asan -run ^$t$ -v || ok=false
done
$ok
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
wintest:
runs-on: windows-2022
strategy:
fail-fast: false
matrix:
go-version: [1.22.x]
openssl-version: [libcrypto-1_1-x64.dll, libcrypto-3-x64.dll]
steps:
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v3
- name: Run Test
run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
mactest:
strategy:
fail-fast: false
matrix:
go-version: [1.22.x]
openssl-version: [libcrypto.3.dylib]
runs-on: macos-12
steps:
- name: Install Go
uses: actions/setup-go@v3
with:
go-version: ${{ matrix.go-version }}
- name: Checkout code
uses: actions/checkout@v3
- name: Run Test
run: go test -gcflags=all=-d=checkptr -count 10 -v ./...
env:
GO_OPENSSL_VERSION_OVERRIDE: ${{ matrix.openssl-version }}
azurelinux:
runs-on: ubuntu-latest
container: mcr.microsoft.com/oss/go/microsoft/golang:1.23-azurelinux3.0
steps:
- name: Checkout code
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: Run Test
run: go test -v ./...