Merge branch 'main' into ec-parsed-pub-key

aws · Dec 16, 2024 · 9132154 · 9132154
2 parents e79faab + ca788c7
commit 9132154
Show file tree

Hide file tree

Showing 204 changed files with 159,104 additions and 331,873 deletions.
diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
@@ -72,6 +72,8 @@ jobs:
   apidiff:
     if: github.repository_owner == 'aws'
     runs-on: ubuntu-latest
+    env:
+      AWS_LC_SYS_CMAKE_BUILDER: 1
     strategy:
       fail-fast: false
       matrix:
@@ -147,7 +149,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
+        os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
     steps:
       - uses: actions/checkout@v3
         with:
@@ -178,7 +180,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macos-12, macos-13-xlarge, windows-latest ]
+        os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
     steps:
       - uses: actions/checkout@v3
         with:
@@ -203,44 +205,13 @@ jobs:
             exit 0
           }
 
-  mirai-analysis:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-        with:
-          submodules: 'recursive'
-          lfs: true
-
-      - uses: dtolnay/rust-toolchain@master
-        id: toolchain
-        with:
-          toolchain: ${{ env.MIRAI_TOOLCHAIN }}
-          components: rust-src, rustc-dev, llvm-tools-preview
-      - name: Set Rust toolchain override
-        run: rustup override set ${{ steps.toolchain.outputs.name }}
-
-      # https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md#installing-mirai-into-cargo
-      - name: Install MIRAI
-        run: |
-          MIRAI_TMP_SRC=$(mktemp -d)
-          git clone --depth 1 --branch ${{ env.MIRAI_TAG }} https://github.com/facebookexperimental/MIRAI.git ${MIRAI_TMP_SRC}
-          pushd ${MIRAI_TMP_SRC}
-          cargo install --locked --force --path ./checker --no-default-features
-          popd
-          rm -rf ${MIRAI_TMP_SRC}
-
-      - name: Run MIRAI
-        working-directory: ./aws-lc-rs
-        run: |
-          cargo update
-          cargo update -p clap --precise 4.4.18
-          cargo mirai
-
   minimal-versions:
     if: github.repository_owner == 'aws'
     name: Resolve the dependencies to the minimum SemVer version
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        crate: [ 'aws-lc-rs', 'aws-lc-sys', 'aws-lc-fips-sys' ]
     steps:
       - uses: actions/checkout@v3
         with:
@@ -253,22 +224,12 @@ jobs:
       - name: Set Rust toolchain override
         run: rustup override set ${{ steps.toolchain.outputs.name }}
       - name: Setup to use minimal versions
-        working-directory: ./aws-lc-rs
+        working-directory: ./${{ matrix.crate }}
         run: cargo update -Z minimal-versions
       - name: Build with minimal versions
-        working-directory: ./aws-lc-rs
+        working-directory: ./${{ matrix.crate }}
         run: cargo --locked check
 
-  copyright:
-    if: github.repository_owner == 'aws'
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Check
-        run: |
-          ./scripts/tools/copyright_check.sh
-
   semver-checks:
     if: github.repository_owner == 'aws'
     runs-on: ubuntu-latest
@@ -307,3 +268,13 @@ jobs:
           VERSION=$(scripts/tools/cargo-dig.rs aws-lc-rs/Cargo.toml -v)
           LINKS_LINE=$(echo links = \"aws_lc_rs_${VERSION//./_}_sys\")
           grep "${LINKS_LINE}" aws-lc-rs/Cargo.toml
+      - name: aws-lc-sys links
+        run: |
+          VERSION=$(scripts/tools/cargo-dig.rs aws-lc-sys/Cargo.toml -v)
+          LINKS_LINE=$(echo links = \"aws_lc_${VERSION//./_}\")
+          grep "${LINKS_LINE}" aws-lc-sys/Cargo.toml
+      - name: aws-lc-fips-sys links
+        run: |
+          VERSION=$(scripts/tools/cargo-dig.rs aws-lc-fips-sys/Cargo.toml -v)
+          LINKS_LINE=$(echo links = \"aws_lc_fips_${VERSION//./_}\")
+          grep "${LINKS_LINE}" aws-lc-fips-sys/Cargo.toml
diff --git a/.github/workflows/compilers.yml b/.github/workflows/compilers.yml
@@ -0,0 +1,154 @@
+name: compilers
+
+on:
+  push:
+    branches:
+      - '*'
+      - '!generate/aws-lc-*'
+  pull_request:
+    branches:
+      - '*'
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref_name }}
+  cancel-in-progress: true
+
+env:
+  RUST_BACKTRACE: 1
+  # We can pin the version if nightly is too unstable.
+  # Otherwise, we test against the latest version.
+  RUST_NIGHTLY_TOOLCHAIN: nightly
+
+jobs:
+
+  aws-lc-rs-2004-gcc:
+    if: github.repository_owner == 'aws'
+    name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }}
+    runs-on: ubuntu-20.04
+    env:
+      AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }}
+    strategy:
+      fail-fast: false
+      matrix:
+        cmake: [ '0', '1' ]
+        gcc_version: [ '7', '8' ]
+        fips: [ '0', '1' ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@master
+        id: toolchain
+        with:
+          toolchain: stable
+      - name: Set up GCC
+        uses: egor-tensin/setup-gcc@v1.3
+        with:
+          version: ${{ matrix.gcc_version }}
+          platform: x64
+      - if: matrix.fips == '1'
+        uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.18'
+      - name: Run cargo test (debug)
+        run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
+      - name: Run cargo test (release)
+        run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
+      # The steps below verify that we're successfully using `-ffile-prefix-map`
+      # to remove build environment paths from the resulting library.
+      - if: ${{ matrix.gcc_version == '8' }}
+        name: Verify paths found in debug build
+        run: |
+          DEBUG_LIBCRYPTO=$(find ./target/debug -name "libaws_lc_*_crypto.a")
+          if strings ${DEBUG_LIBCRYPTO} | grep runner; then 
+            exit 0; # SUCCESS
+          else
+            exit 1; # FAIL - we expected to find "runner"  (i.e., a path)
+          fi
+      # TODO: Due to the nature of the FIPS build (e.g., its dynamic generation of
+      # assembly files and its custom compilation commands within CMake), not all
+      # source paths are stripped from the resulting binary.
+      - if: ${{ matrix.gcc_version == '8' && matrix.fips == '0' }}
+        name: Verify paths not found in release build
+        run: |
+          RELEASE_LIBCRYPTO=$(find ./target/release -name "libaws_lc_*_crypto.a")
+          if strings ${RELEASE_LIBCRYPTO} | grep runner; then 
+            exit 1; # FAIL - we did not expect to find "runner" (i.e., a path)
+          else
+            exit 0; # SUCCESS
+          fi
+
+  aws-lc-rs-1804-gcc:
+    if: github.repository_owner == 'aws'
+    name: GCC ${{ matrix.gcc_version }} - CMake ${{ matrix.cmake }} - FIPS ${{ matrix.fips }}
+    runs-on: ubuntu-20.04
+    container:
+      image: ubuntu:18.04
+    env:
+      AWS_LC_SYS_CMAKE_BUILDER: ${{ matrix.cmake }}
+    strategy:
+      fail-fast: false
+      matrix:
+        cmake: [ '0', '1' ]
+        gcc_version: [ '4.8', '5', '6' ]
+        fips: [ '0', '1' ]
+    steps:
+      - run: |
+          apt-get update
+          apt-get install -y ca-certificates
+          apt-get install -y cmake curl sudo
+          apt-get install -y --no-install-recommends gpg-agent software-properties-common
+          apt-add-repository --yes ppa:git-core/ppa
+          add-apt-repository --yes ppa:longsleep/golang-backports
+          apt-get update
+          apt-get install -y build-essential git golang-go
+          curl -L -O -J https://github.com/PowerShell/PowerShell/releases/download/v7.2.23/powershell_7.2.23-1.deb_amd64.deb
+          dpkg -i powershell_7.2.23-1.deb_amd64.deb
+          apt-get install -f
+          rm powershell_7.2.23-1.deb_amd64.deb
+      - name: Checkout
+        run: |
+          git config --global --add safe.directory '*'
+          git clone --recursive ${{ github.server_url }}/${{ github.repository }}.git .
+          git fetch origin ${{ github.sha }}
+          git checkout --recurse-submodules -b ci-job ${{ github.sha }}
+      - uses: dtolnay/rust-toolchain@master
+        id: toolchain
+        with:
+          toolchain: stable
+      - name: Set up GCC
+        uses: egor-tensin/setup-gcc@v1.3
+        with:
+          version: ${{ matrix.gcc_version }}
+          platform: x64
+      - name: Run cargo test (debug)
+        run: cargo test -p aws-lc-rs --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
+      - name: Run cargo test (release)
+        run: cargo test -p aws-lc-rs --release --all-targets --no-default-features --features ${{ (matrix.fips == '0' && 'unstable,aws-lc-sys') || 'unstable,fips' }}
+
+  aws-lc-rs-c-std-test:
+    if: github.repository_owner == 'aws'
+    name: C-std ${{ matrix.os }} - ${{ matrix.c_std }} - Force CMake ${{ matrix.cmake }}
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        rust: [ stable ]
+        os: [ ubuntu-latest, macos-13, macos-14-xlarge, windows-latest ]
+        c_std: [ "11", "99" ]
+        cmake: [ '0', '1' ]
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@master
+        id: toolchain
+        with:
+          toolchain: stable
+      - run: |
+          echo 'export AWS_LC_SYS_CMAKE_BUILDER=${{ matrix.cmake }}' >> "$GITHUB_ENV"
+      - name: Run cargo test
+        working-directory: ./aws-lc-rs
+        env:
+          AWS_LC_SYS_PREBUILT_NASM: 1
+          AWS_LC_SYS_C_STD: ${{ matrix.c_std }}
+        run: cargo test --all-targets --features unstable
diff --git a/.github/workflows/cross.yml b/.github/workflows/cross.yml
@@ -70,10 +70,43 @@ jobs:
       - name: Cross-compilation (test release)
         run: cross test -p aws-lc-rs --release --features unstable --target ${{ matrix.target }}
 
+
+  aws-lc-rs-cross-0_2_5-test:
+    if: github.repository_owner == 'aws'
+    name: cross tests ${{ matrix.target }}
+    runs-on: ubuntu-latest
+    env:
+      CROSS_CONFIG: './Cross.toml.x86_64-unknown-linux-gnu'
+    strategy:
+      fail-fast: false
+      matrix:
+        target:
+          - x86_64-unknown-linux-gnu
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: 'stable'
+      - name: Install cross
+        run: cargo install cross --locked --version 0.2.5
+      - uses: dtolnay/rust-toolchain@master
+        id: toolchain
+        with:
+          toolchain: 'stable'
+          target: ${{ matrix.target }}
+      - name: Set Rust toolchain override
+        run: rustup override set ${{ steps.toolchain.outputs.name }}
+      - name: Cross-compilation (build debug)
+        run: cross build -p aws-lc-rs --features unstable --target ${{ matrix.target }}
+      - name: Cross-compilation (test release)
+        run: cross test -p aws-lc-rs --release --features unstable --target ${{ matrix.target }}
+
   aws-lc-rs-ios-aarch64:
     if: github.repository_owner == 'aws'
     name: iOS aarch64 cross-platform build
-    runs-on: macos-13-xlarge
+    runs-on: macos-14-xlarge
     steps:
       - uses: actions/checkout@v3
         with:
@@ -95,7 +128,7 @@ jobs:
   aws-lc-rs-ios-x86_64:
     if: github.repository_owner == 'aws'
     name: iOS x86-64 cross-platform build
-    runs-on: macos-13-xlarge
+    runs-on: macos-14-xlarge
     steps:
       - uses: actions/checkout@v3
         with:
@@ -120,6 +153,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Install build dependencies
+        # cargo-xwin apparently require ninja-build
         run: |
           sudo apt-get update && sudo apt-get install --assume-yes nasm clang ninja-build llvm
       - uses: actions/checkout@v3
@@ -149,9 +183,7 @@ jobs:
       matrix:
         target:
           - 'x86_64-pc-windows-gnu'
-          # TODO: Fails in GitHub CI.  Appears to be related to bindgen.
-          # .../base.h:61:10: fatal error: 'stdlib.h' file not found
-          # - 'i686-pc-windows-gnu'
+          - 'i686-pc-windows-gnu'
     steps:
       - uses: ilammy/setup-nasm@v1
       - uses: actions/checkout@v4
@@ -162,6 +194,11 @@ jobs:
         with:
           toolchain: stable
           target: ${{ matrix.target }}
+      - if: ${{ matrix.target == 'i686-pc-windows-gnu' }}
+        name: Install mingw
+        uses: bwoodsend/setup-winlibs-action@v1
+        with:
+          architecture: i686
       - name: Debug Test on `${{ matrix.target }}`
         run: cargo test -p aws-lc-rs --target ${{ matrix.target }} --features bindgen
       - name: Release test on `${{ matrix.target }}`
@@ -215,20 +252,41 @@ jobs:
     if: github.repository_owner == 'aws'
     name: aws-lc-rs freebsd test
     runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        target: [ 13.4, 14.1 ]
     steps:
       - uses: actions/checkout@v4
         with:
           submodules: 'recursive'
       - name: Prepare VM
         uses: vmactions/freebsd-vm@v1
         with:
-          release: 13.2
+          release: ${{ matrix.target }}
           usesh: true
           copyback: false
           prepare: |
-            pkg install -y git gmake bash sudo cmake-core llvm-devel-lite curl rust-bindgen-cli go
+            pkg install -y git gmake bash sudo cmake-core llvm-devel-lite curl go
           run: |
             curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
              . "$HOME/.cargo/env"
             cargo test -p aws-lc-rs
             cargo test -p aws-lc-rs --no-default-features --features=fips
+  cross-x86_64-pc-windows-gnu:
+    if: github.repository_owner == 'aws'
+    name: cross (prebuilt nasm) - x86_64-pc-windows-gnu
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - uses: dtolnay/rust-toolchain@stable
+        id: toolchain
+        with:
+          toolchain: 'stable'
+          target: x86_64-pc-windows-gnu
+      - name: Install mingw
+        run: sudo apt-get update && sudo apt-get install --assume-yes mingw-w64
+      - name: Run cargo test
+        run: cargo build -p aws-lc-rs --features prebuilt-nasm --target x86_64-pc-windows-gnu