-
Notifications
You must be signed in to change notification settings - Fork 114
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
52 changed files
with
26,678 additions
and
4,580 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
name: OpenSSL CLI Comparison Tests | ||
on: | ||
push: | ||
branches: [ '*' ] | ||
pull_request: | ||
branches: [ '*' ] | ||
|
||
jobs: | ||
openssl_comparison_tests: | ||
if: github.repository_owner == 'aws' | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
|
||
- name: Install OS Dependencies | ||
run: | | ||
sudo apt-get update | ||
sudo apt-get -y --no-install-recommends install \ | ||
cmake gcc ninja-build golang make autoconf pkg-config openssl | ||
- name: Make the script executable | ||
run: chmod +x ./tests/ci/run_openssl_comparison_tests.sh | ||
|
||
- name: Build AWS-LC & OpenSSL and Run Comparison Tests | ||
run: | | ||
./tests/ci/run_openssl_comparison_tests.sh |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
23 changes: 0 additions & 23 deletions
23
tests/ci/integration/openvpn_patch/aws-lc-openvpn-cert.patch
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,82 @@ | ||
#!/usr/bin/env bash | ||
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 OR ISC | ||
|
||
set -exu | ||
|
||
source tests/ci/common_posix_setup.sh | ||
|
||
# Set up environment. | ||
|
||
# SYS_ROOT | ||
# - SRC_ROOT(aws-lc) | ||
# - SCRATCH_FOLDER | ||
# - OPENVPN_SRC_FOLDER | ||
# - AWS_LC_BUILD_FOLDER | ||
# - AWS_LC_INSTALL_FOLDER | ||
|
||
# Assumes script is executed from the root of aws-lc directory | ||
SCRATCH_FOLDER="${SRC_ROOT}/OPENVPN_BUILD_ROOT" | ||
OPENVPN_SRC_FOLDER="${SCRATCH_FOLDER}/openvpn" | ||
OPENVPN_BUILD_PREFIX="${OPENVPN_SRC_FOLDER}/build/install" | ||
OPENVPN_BUILD_EPREFIX="${OPENVPN_SRC_FOLDER}/build/exec-install" | ||
OPENVPN_PATCH_BUILD_FOLDER="${SRC_ROOT}/tests/ci/integration/openvpn_patch" | ||
|
||
AWS_LC_BUILD_FOLDER="${SCRATCH_FOLDER}/aws-lc-build" | ||
AWS_LC_INSTALL_FOLDER="${SCRATCH_FOLDER}/aws-lc-install" | ||
|
||
|
||
mkdir -p ${SCRATCH_FOLDER} | ||
rm -rf "${SCRATCH_FOLDER:?}"/* | ||
cd ${SCRATCH_FOLDER} | ||
|
||
function openvpn_build() { | ||
autoreconf -ivf | ||
|
||
OPENSSL_CFLAGS="-I/${AWS_LC_INSTALL_FOLDER}/include" \ | ||
OPENSSL_LIBS="-L/${AWS_LC_INSTALL_FOLDER}/lib -lssl -lcrypto" \ | ||
./configure \ | ||
--prefix="$OPENVPN_BUILD_PREFIX" \ | ||
--exec-prefix="$OPENVPN_BUILD_EPREFIX" \ | ||
--with-crypto-library=openssl \ | ||
--with-openssl-engine=no \ | ||
--disable-management | ||
|
||
make -j install | ||
|
||
export LD_LIBRARY_PATH="${AWS_LC_INSTALL_FOLDER}/lib" | ||
|
||
local openvpn_executable="${OPENVPN_SRC_FOLDER}/build/exec-install/sbin/openvpn" | ||
ldd ${openvpn_executable} \ | ||
| grep "${AWS_LC_INSTALL_FOLDER}/lib/libcrypto.so" || exit 1 | ||
} | ||
|
||
# TODO: Remove this when we make an upstream contribution. | ||
function openvpn_patch_build() { | ||
for patchfile in $(find -L "${OPENVPN_PATCH_BUILD_FOLDER}" -type f -name '*.patch'); do | ||
echo "Apply patch $patchfile..." | ||
patch -p1 --quiet -i "$patchfile" | ||
done | ||
} | ||
|
||
function openvpn_run_tests() { | ||
# Explicitly running as sudo and passing in LD_LIBRARY_PATH as some OpenVPN | ||
# tests run as sudo and LD_LIBRARY_PATH doesn't get inherited. | ||
sudo LD_LIBRARY_PATH="${AWS_LC_INSTALL_FOLDER}/lib" make check | ||
} | ||
|
||
git clone https://github.com/OpenVPN/openvpn.git ${OPENVPN_SRC_FOLDER} | ||
|
||
# anchoring to tip of minor release 2.6.x for OpenVPN, currently not compatible | ||
# with tip of main | ||
cd ${OPENVPN_SRC_FOLDER} && git checkout release/2.6 | ||
mkdir -p ${AWS_LC_BUILD_FOLDER} ${AWS_LC_INSTALL_FOLDER} | ||
ls | ||
|
||
aws_lc_build "$SRC_ROOT" "$AWS_LC_BUILD_FOLDER" "$AWS_LC_INSTALL_FOLDER" -DBUILD_TESTING=OFF -DBUILD_TOOL=OFF -DCMAKE_BUILD_TYPE=Debug -DBUILD_SHARED_LIBS=1 | ||
|
||
# Build openvpn from source. | ||
pushd ${OPENVPN_SRC_FOLDER} | ||
openvpn_patch_build | ||
openvpn_build | ||
openvpn_run_tests |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,45 @@ | ||
#!/usr/bin/env bash | ||
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# SPDX-License-Identifier: Apache-2.0 OR ISC | ||
|
||
set -ex | ||
|
||
source tests/ci/common_posix_setup.sh | ||
|
||
scratch_folder=${SYS_ROOT}/"openssl-scratch" | ||
install_dir="${scratch_folder}/libcrypto_install_dir" | ||
openssl_url='https://github.com/openssl/openssl.git' | ||
openssl_1_1_1_branch='OpenSSL_1_1_1-stable' | ||
openssl_1_0_2_branch='OpenSSL_1_0_2-stable' | ||
openssl_3_1_branch='openssl-3.1' | ||
openssl_3_2_branch='openssl-3.2' | ||
openssl_master_branch='master' | ||
|
||
mkdir -p "${scratch_folder}" | ||
rm -rf "${scratch_folder:?}"/* | ||
|
||
build_openssl $openssl_1_0_2_branch | ||
build_openssl $openssl_1_1_1_branch | ||
build_openssl $openssl_3_1_branch | ||
build_openssl $openssl_3_2_branch | ||
build_openssl $openssl_master_branch | ||
|
||
run_build -DCMAKE_BUILD_TYPE=RelWithDebInfo -DCMAKE_C_STANDARD=11 -DENABLE_DILITHIUM=ON | ||
|
||
# OpenSSL 3.1.0 on switches from lib folder to lib64 folder | ||
declare -A openssl_branches=( | ||
["$openssl_1_0_2_branch"]="lib" | ||
["$openssl_1_1_1_branch"]="lib" | ||
["$openssl_3_1_branch"]="lib64" | ||
["$openssl_3_2_branch"]="lib64" | ||
["$openssl_master_branch"]="lib64" | ||
) | ||
|
||
# Run X509 Comparison Tests against all OpenSSL branches | ||
export AWSLC_TOOL_PATH="${BUILD_ROOT}/tool-openssl/openssl" | ||
for branch in "${!openssl_branches[@]}"; do | ||
export OPENSSL_TOOL_PATH="${install_dir}/openssl-${branch}/bin/openssl" | ||
echo "Running X509ComparisonTests against OpenSSL ${branch}" | ||
LD_LIBRARY_PATH="${install_dir}/openssl-${branch}/${openssl_branches[$branch]}" "${BUILD_ROOT}/tool-openssl/tool_openssl_test" --gtest_filter=X509ComparisonTest.* | ||
done | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.