aws · Sep 15, 2023 · Sep 15, 2023 · Sep 16, 2023 · Sep 16, 2023 · Sep 16, 2023
Showing 4,986 changed files with 258,944 additions and 50,115 deletions.
diff --git a/.clang-format b/.clang-format
@@ -4,7 +4,6 @@ AllowShortIfStatementsOnASingleLine: false
 AllowShortLoopsOnASingleLine: false
 DerivePointerAlignment: false
 PointerAlignment: Right
-InsertBraces: true
 # TODO(davidben): The default for Google style is now Regroup, but the default
 # IncludeCategories does not recognize <openssl/header.h>. We should
 # reconfigure IncludeCategories to match. For now, keep it at Preserve.

diff --git a/.github/docker_images/alpine-linux/Dockerfile b/.github/docker_images/alpine-linux/Dockerfile
@@ -0,0 +1,26 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+# TODO(CryptoAlg-2491 & Issue#2010): latest pins to gcc-14, but it's broken with FIPS.
+FROM alpine:3.20
+
+ARG CC=gcc
+ARG CXX=g++
+
+VOLUME ["awslc"]
+
+RUN apk --no-cache add bash  \
+                       clang \
+                       build-base \
+                       cmake \
+                       ninja \
+                       go \
+                       perl \
+                       linux-headers
+
+WORKDIR /awslc
+
+ENV CC=${CC}
+ENV CXX=${CXX}
+
+ENTRYPOINT ["/bin/bash", "-c"]
diff --git a/.github/docker_images/cmake_build_versions/cmake_build.sh b/.github/docker_images/cmake_build_versions/cmake_build.sh
@@ -7,8 +7,10 @@ set -ex -o pipefail
 
 echo "Building CMake Version: ${CMAKE_VERSION:-unknown}"
 
+NUM_CPU_THREADS=$(grep -c ^processor /proc/cpuinfo)
+
 # At the moment this works fine for all versions, in the future build logic can be modified to
 # look at it ${CMAKE_VERSION}.
 ./configure --prefix=/opt/cmake --system-curl --system-libarchive
-make
+make -j"${NUM_CPU_THREADS}"
 make install
diff --git a/.github/docker_images/gcc-4.8/Dockerfile b/.github/docker_images/gcc-4.8/Dockerfile
@@ -0,0 +1,24 @@
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+FROM gcc:4.8.5
+
+VOLUME ["/awslc"]
+
+COPY awslc_build.sh /
+COPY entry.sh /
+
+WORKDIR /
+
+RUN curl -LOk "https://github.com/Kitware/CMake/releases/download/v3.6.3/cmake-3.6.3-Linux-x86_64.tar.gz"
+RUN sha256sum cmake-3.6.3-Linux-x86_64.tar.gz | grep -q "9d915d505c07d84b610e1be6242c7cad68b4b7a4090ce85ecf9cec5effa47c43"
+RUN tar -C /usr/local -xzf cmake-3.6.3-Linux-x86_64.tar.gz
+RUN rm cmake-3.6.3-Linux-x86_64.tar.gz
+RUN curl -LOk "https://go.dev/dl/go1.18.10.linux-amd64.tar.gz"
+RUN sha256sum go1.18.10.linux-amd64.tar.gz | grep -q "5e05400e4c79ef5394424c0eff5b9141cb782da25f64f79d54c98af0a37f8d49"
+RUN rm -rf /usr/local/go && tar -C /usr/local -xzf go1.18.10.linux-amd64.tar.gz
+RUN rm go1.18.10.linux-amd64.tar.gz
+
+ENV PATH="${PATH}:/usr/local/cmake-3.6.3-Linux-x86_64/bin:/usr/local/go/bin"
+
+ENTRYPOINT ["/entry.sh"]
diff --git a/.github/docker_images/gcc-4.8/awslc_build.sh b/.github/docker_images/gcc-4.8/awslc_build.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+set -ex -o pipefail
+
+echo "Building with GCC Version: $(gcc --version)"
+
+BUILD_DIR=$(mktemp -d)
+SRC_DIR="${SRC_DIR:-/awslc}"
+
+pushd "${BUILD_DIR}"
+
+cmake "${SRC_DIR}" "-DDISABLE_PERL=ON" "-DMY_ASSEMBLER_IS_TOO_OLD_FOR_512AVX=1"
+cmake --build "${BUILD_DIR}" --target run_tests
+
+popd # ${BUILD_DIR}
diff --git a/.github/docker_images/gcc-4.8/entry.sh b/.github/docker_images/gcc-4.8/entry.sh
@@ -0,0 +1,8 @@
+#!/usr/bin/env bash
+
+# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+# SPDX-License-Identifier: Apache-2.0 OR ISC
+
+set -ex -o pipefail
+
+/awslc_build.sh "${argv[@]}"
diff --git a/.github/workflows/abidiff.yml b/.github/workflows/abidiff.yml
@@ -19,12 +19,12 @@ jobs:
       - uses: actions/checkout@v3
         with:
           repository: aws/aws-lc
-          ref: ${{ github.ref }}
+          ref: ${{ github.event_name == 'push' && github.event.ref || github.event.pull_request.head.sha }}
           path: ${{ github.workspace }}/next
       - uses: actions/checkout@v3
         with:
           repository: aws/aws-lc
-          ref: ${{ github.base.ref }}
+          ref: ${{ github.event_name == 'push' && github.event.before || github.event.pull_request.base.sha }}
           path: ${{ github.workspace }}/previous
       - name: Build Docker Image
         working-directory: ${{ github.workspace }}/next/.github/docker_images/abidiff

diff --git a/.github/workflows/actions-ci.yml b/.github/workflows/actions-ci.yml
@@ -9,8 +9,8 @@ concurrency:
   cancel-in-progress: true
 env:
   GOPROXY: https://proxy.golang.org,direct
-  SDE_MIRROR_URL: "https://downloadmirror.intel.com/813591/sde-external-9.33.0-2024-01-07-win.tar.xz"
-  SDE_VERSION_TAG: sde-external-9.33.0-2024-01-07-win
+  SDE_MIRROR_URL: "https://downloadmirror.intel.com/831748/sde-external-9.44.0-2024-08-22-win.tar.xz"
+  SDE_VERSION_TAG: sde-external-9.44.0-2024-08-22-win
   PACKAGE_NAME: aws-lc
   # Used to enable ASAN test dimension.
   AWSLC_NO_ASM_FIPS: 1
@@ -24,7 +24,7 @@ jobs:
         uses: actions/checkout@v3
       - name: Sanity Test Run
         run: |
-          sudo apt-get update
+          sudo apt-get update -o Acquire::Languages=none -o Acquire::Translation=none
           sudo apt-get install ninja-build
           cmake -GNinja -Btest_build_dir
           ninja -C test_build_dir run_tests
@@ -39,7 +39,6 @@ jobs:
         os:
           - "macos-14-large"
           - "macos-13-large"
-          - "macos-12-large"
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
@@ -59,7 +58,6 @@ jobs:
         os:
           - "macos-14-large"
           - "macos-13-large"
-          - "macos-12-large"
     steps:
       - uses: actions/checkout@v3
       - uses: actions/setup-go@v4
@@ -281,18 +279,23 @@ jobs:
       - name: Build SSL
         run: cmake --build ./build --target ssl
 
-  clang-18-pedantic:
+  clang-19-pedantic:
     if: github.repository_owner == 'aws'
     needs: [ sanity-test-run ]
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v3
+      - name: Install clang-19
+        run: |
+          wget https://apt.llvm.org/llvm.sh
+          chmod u+x llvm.sh
+          sudo ./llvm.sh 19
       - name: Setup CMake
         uses: threeal/cmake-action@v1.3.0
         with:
           generator: Ninja
-          c-compiler: clang-18
-          cxx-compiler: clang++-18
+          c-compiler: clang-19
+          cxx-compiler: clang++-19
           options: CMAKE_BUILD_TYPE=Release CMAKE_C_FLAGS=-pedantic CMAKE_CXX_FLAGS=-pedantic
       - name: Build Crypto
         run: cmake --build ./build --target crypto
@@ -392,27 +395,61 @@ jobs:
       - name: Run tests
         run: cmake --build ./build --target run_tests
 
-  OpenBSD-x86-64:
+  clang-19-sanity:
+    if: github.repository_owner == 'aws'
+    needs: [ sanity-test-run ]
+    strategy:
+      fail-fast: false
+      matrix:
+        fips:
+          - "0"
+          - "1"
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: '>=1.18'
+      - name: Install clang-19
+        run: |
+          wget https://apt.llvm.org/llvm.sh
+          chmod u+x llvm.sh
+          sudo ./llvm.sh 19
+      - name: Setup CMake
+        uses: threeal/cmake-action@v1.3.0
+        with:
+          generator: Ninja
+          c-compiler: clang-19
+          cxx-compiler: clang++-19
+          options: FIPS=${{ matrix.fips }} CMAKE_BUILD_TYPE=Release
+      - name: Build Project
+        run: cmake --build ./build --target all
+      - name: Run tests
+        run: cmake --build ./build --target run_tests
+
+  OpenBSD:
     needs: [sanity-test-run]
     runs-on: ubuntu-latest
+    name: OpenBSD ${{ matrix.version }} (${{ matrix.arch }}) test
     strategy:
+      fail-fast: false
       matrix:
-        args: ["", "-f"]
-        version: ["7.4", "7.5"]
+        arch: ["x86-64", "arm64"]
+        version: ["7.5", "7.6"]
     steps:
       - uses: actions/checkout@v3
       - name: OpenBSD
-        uses: cross-platform-actions/action@v0.24.0
+        uses: cross-platform-actions/action@595d543e5d1aeb6d48c0a176965028afe56c7018
         env:
           AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5
           AWS_LC_GO_TEST_TIMEOUT: 120m
         with:
           environment_variables: AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT
           operating_system: openbsd
-          cpu_count: 4
-          memory: 16G
-          architecture: x86-64
-          version: '7.4'
+          cpu_count: 3
+          memory: 12G
+          architecture: ${{ matrix.arch }}
+          version: "${{ matrix.version }}"
           shell: bash
           run: |
             set -x
@@ -445,8 +482,49 @@ jobs:
             cd $(pwd)
             export PATH="${HOME}/bin:${PATH}"
             env
-            tests/ci/run_openbsd_tests.sh ${{ matrix.args }}
+            tests/ci/run_bsd_tests.sh
             EOF
+  gcc-4_8:
+    needs: [sanity-test-run]
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker Image
+        working-directory: .github/docker_images/gcc-4.8
+        run: |
+          docker build -t "gcc-4.8"  .
+      - name: Build using pre-generated assembly
+        run: |
+          docker run -v "${{ github.workspace }}:/awslc" "gcc-4.8"
+
+  alpine-linux-x86:
+    needs: [sanity-test-run]
+    strategy:
+      fail-fast: false
+      matrix:
+        tests: [
+          /awslc/tests/ci/run_fips_tests.sh,
+          /awslc/tests/ci/run_posix_tests.sh
+        ]
+        compiler: [
+          --build-arg CC=clang --build-arg CXX=clang++,
+          --build-arg CC=gcc --build-arg CXX=g++
+        ]
+    runs-on: ubuntu-latest
+    env:
+      DOCKER_BUILDKIT: 1
+    steps:
+      - uses: actions/checkout@v4
+      - name: Build Docker Image
+        working-directory: .github/docker_images/alpine-linux
+        run: |
+          docker build -t alpine_linux ${{ matrix.compiler }} .
+      - name: Run tests
+        run: |
+          docker run -v "${{ github.workspace }}:/awslc" \
+          alpine_linux ${{ matrix.tests }}
 
     # TODO: Investigate sudden hanging tests and failures in GHA runners (P114059413)
 #  MSVC-SDE-32-bit:
@@ -476,3 +554,38 @@ jobs:
 #          echo ${env:SDEROOT}
 #          .\tests\ci\run_windows_tests.bat "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" x86 true
 #
+  freebsd:
+    if: github.repository_owner == 'aws'
+    needs: [sanity-test-run]
+    name: FreeBSD ${{ matrix.version }} (${{ matrix.arch }}) test
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        arch:
+          - 'x86-64'
+          - 'arm64'
+        version:
+          - '13.3'
+          - '14.1'
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: 'recursive'
+      - name: Prepare VM
+        uses: cross-platform-actions/action@v0.25.0
+        env:
+          AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS: 5
+          AWS_LC_GO_TEST_TIMEOUT: 90m
+          GOFLAGS: "-buildvcs=false"
+        with:
+          environment_variables: 'AWS_LC_SSL_TEST_RUNNER_PEEK_ROUNDS AWS_LC_GO_TEST_TIMEOUT GOFLAGS'
+          operating_system: freebsd
+          architecture: ${{ matrix.arch }}
+          version: ${{ matrix.version }}
+          shell: bash
+          memory: 12G
+          cpu_count: 3
+          run: |
+            sudo pkg install -y git gmake cmake go ninja
+            tests/ci/run_bsd_tests.sh