ci: enable LMS in a number of different builds

author Pauli <ppzgs1@gmail.com>

Mon, 30 Jun 2025 22:43:54 +0000 (08:43 +1000)

committer Pauli <ppzgs1@gmail.com>

Thu, 10 Jul 2025 09:04:37 +0000 (19:04 +1000)
author Pauli <ppzgs1@gmail.com>
Mon, 30 Jun 2025 22:43:54 +0000 (08:43 +1000)
committer Pauli <ppzgs1@gmail.com>
Thu, 10 Jul 2025 09:04:37 +0000 (19:04 +1000)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml

index 04b2fed521843a78556fa2a661df01f7b6bccd3f..4eb1fd13d01b162768c2b2712e250bcb03d2167e 100644 (file)
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -69,7 +69,7 @@ jobs:
      steps:
      - uses: actions/checkout@v4
      - name: config
-      run: CPPFLAGS='-std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips && perl configdata.pm --dump
+      run: CPPFLAGS='-std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips enable-lms && perl configdata.pm --dump
      - name: make
        run: make -s -j4
  
@@ -86,7 +86,7 @@ jobs:
        run: echo "FIPS_VENDOR=CI" >> VERSION.dat
      - name: config
        # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
-      run: CC=gcc ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic && perl configdata.pm --dump
+      run: CC=gcc ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic enable-lms && perl configdata.pm --dump
      - name: make
        run: make -s -j4
      - name: get cpu info
@@ -133,7 +133,7 @@ jobs:
      steps:
      - uses: actions/checkout@v4
      - name: config
-      run: ./config --strict-warnings enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+      run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
      - name: config dump
        run: ./configdata.pm --dump
      - name: make
@@ -163,7 +163,7 @@ jobs:
          shutdown_vm: false
          run: |
            sudo pkg install -y gcc perl5
-          ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
+          ./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
      - name: config dump
        uses: cross-platform-actions/action@v0.26.0
        with:
@@ -200,7 +200,7 @@ jobs:
      - name: checkout fuzz/corpora submodule
        run: git submodule update --init --depth 1 fuzz/corpora
      - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
+      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-bulk no-pic no-asm no-lms -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
      - name: make
        run: make -j4 # verbose, so no -s here
      - name: get cpu info
@@ -327,7 +327,7 @@ jobs:
          sudo cat /proc/sys/vm/mmap_rnd_bits
          sudo sysctl -w vm.mmap_rnd_bits=28
      - name: config
-      run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
+      run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-lms && perl configdata.pm --dump
      - name: make
        run: make -s -j4
      - name: get cpu info
@@ -383,7 +383,7 @@ jobs:
          sudo sysctl -w vm.mmap_rnd_bits=28
      - name: config
        # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips no-slh-dsa && perl configdata.pm --dump
+      run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-lms no-slh-dsa && perl configdata.pm --dump
      - name: make
        run: make -s -j4
      - name: get cpu info
@@ -435,7 +435,7 @@ jobs:
      - name: modprobe tls
        run: sudo modprobe tls
      - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
+      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips enable-lms no-threads && perl configdata.pm --dump
      - name: make
        run: make -s -j4
      - name: get cpu info
@@ -466,7 +466,7 @@ jobs:
      - name: install extra config support
        run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
      - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
+      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
      - name: make
        run: make -s -j4
      - name: get cpu info
@@ -489,7 +489,7 @@ jobs:
      - name: checkout fuzz/corpora submodule
        run: git submodule update --init --depth 1 fuzz/corpora
      - name: config
-      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-legacy enable-fips && perl configdata.pm --dump
+      run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-legacy enable-fips enable-lms && perl configdata.pm --dump
      - name: make
        run: make -s -j4
      - name: get cpu info
@@ -550,7 +550,7 @@ jobs:
          mkdir ./install
      - name: config
        run: |
-        ../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
+        ../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-lms enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
          perl configdata.pm --dump
        working-directory: ./build
      - name: make
@@ -595,7 +595,7 @@ jobs:
          mkdir ./install
      - name: config
        run: |
-        ../source/config --banner=Configured enable-fips enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
+        ../source/config --banner=Configured enable-fips enable-lms enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
          perl configdata.pm --dump
        working-directory: ./build
      - name: make
diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml

index c3a1069a2242af14fe5001673d9f5eadc3d4c77b..9dc41080abbaf1ac4d2db4881bfb2f416497cc30 100644 (file)
--- a/.github/workflows/coveralls.yml
+++ b/.github/workflows/coveralls.yml
@@ -99,7 +99,7 @@ jobs:
      - name: setup hostname workaround
        run: sudo hostname localhost
      - name: config
-      run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
+      run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-lms enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
      - name: config dump
        run: ./configdata.pm --dump
      - name: make
diff --git a/.github/workflows/cross-compiles.yml b/.github/workflows/cross-compiles.yml

index 928dd30734f756666184f71b4b90447669216848..c6b758ec931049553b9f657e69a834a44c052165 100644 (file)
--- a/.github/workflows/cross-compiles.yml
+++ b/.github/workflows/cross-compiles.yml
@@ -175,13 +175,13 @@ jobs:
      - name: config with FIPS
        if: matrix.platform.fips != 'no'
        run: |
-        ./config --banner=Configured --strict-warnings enable-fips \
+        ./config --banner=Configured --strict-warnings enable-fips enable-lms \
                   --cross-compile-prefix=${{ matrix.platform.arch }}- \
                   ${{ matrix.platform.target }}
      - name: config without FIPS
        if: matrix.platform.fips == 'no'
        run: |
-        ./config --banner=Configured --strict-warnings \
+        ./config --banner=Configured --strict-warnings enable-lms \
                   --cross-compile-prefix=${{ matrix.platform.arch }}- \
                   ${{ matrix.platform.target }}
      - name: config dump
diff --git a/.github/workflows/fuzz-checker.yml b/.github/workflows/fuzz-checker.yml

index a280b410e5d6d9202734470d173a5f3f240a2395..b7e3cf51eed6f3af7e529cb16cb584c051480ca7 100644 (file)
--- a/.github/workflows/fuzz-checker.yml
+++ b/.github/workflows/fuzz-checker.yml
@@ -35,7 +35,7 @@ jobs:
              name: libFuzzer+,
              config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
              libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
-            extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
+            extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
              install: libfuzzer-18-dev,
              cc: clang-18,
              linker: clang++-18,
diff --git a/.github/workflows/provider-compatibility.yml b/.github/workflows/provider-compatibility.yml

index 76ef9e1cff753296a4b6d4cd16407fefe3f9e257..b035ac4233f57bafa41f6cf4cdf10bf6510a4e4a 100644 (file)
--- a/.github/workflows/provider-compatibility.yml
+++ b/.github/workflows/provider-compatibility.yml
@@ -24,7 +24,7 @@ permissions:
    contents: read
  
  env:
-  opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
+  opts: enable-lms enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
  
  jobs:
    fips-releases:
diff --git a/.github/workflows/run-checker-daily.yml b/.github/workflows/run-checker-daily.yml

index 02bc7c6962819f879c070629df16a23f0afd7541..8a2bf0871380e9d0cafe20e02df4906faa12eba2 100644 (file)
--- a/.github/workflows/run-checker-daily.yml
+++ b/.github/workflows/run-checker-daily.yml
@@ -76,6 +76,7 @@ jobs:
            no-hw,
            no-hw-padlock,
            no-idea,
+          enable-lms,
            no-makedepend,
            enable-md2,
            no-md4,
diff --git a/.github/workflows/static-analysis-on-prem.yml b/.github/workflows/static-analysis-on-prem.yml

index 735af6581a7ddb7e501c80d4689fc6d5d4958bad..bb6a48c2d15550594934b37bfd3e8b6edc45560b 100644 (file)
--- a/.github/workflows/static-analysis-on-prem.yml
+++ b/.github/workflows/static-analysis-on-prem.yml
@@ -29,7 +29,7 @@ jobs:
          chmod 0600 /auth_key_file.txt
      - uses: actions/checkout@v4
      - name: Config
-      run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
+      run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
      - name: Config dump
        run: ./configdata.pm --dump
      - name: Make
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml

index 7acae4ddff0223426c702b5a3eb30ca8cff21482..2d679f04cc2d0e1c4ca7687fd36c5897c61c23db 100644 (file)
--- a/.github/workflows/static-analysis.yml
+++ b/.github/workflows/static-analysis.yml
@@ -28,7 +28,7 @@ jobs:
               --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
               --progress=dot:giga -O coverity_tool.tgz
      - name: config
-      run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
+      run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
      - name: config dump
        run: ./configdata.pm --dump
      - name: tool install
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml

index 1e62801440d0c2c1716d28ad3ed90fb2b299788d..22f1fbf3c5fa2627c41a87ae13c14b13e60020cd 100644 (file)
--- a/.github/workflows/windows.yml
+++ b/.github/workflows/windows.yml
@@ -20,13 +20,13 @@ jobs:
          platform:
            - arch: win64
              os: windows-2022
-            config: enable-fips
+            config: enable-lms enable-fips
            - arch: win64
              os: windows-2025
-            config: enable-fips no-thread-pool no-quic
+            config: enable-lms enable-fips no-thread-pool no-quic
            - arch: win32
              os: windows-2025
-            config: --strict-warnings no-fips
+            config: --strict-warnings enable-lms no-fips
      runs-on: ${{ matrix.platform.os }}
      steps:
      - uses: actions/checkout@v4
author	Pauli <ppzgs1@gmail.com>
	Mon, 30 Jun 2025 22:43:54 +0000 (08:43 +1000)
committer	Pauli <ppzgs1@gmail.com>
	Thu, 10 Jul 2025 09:04:37 +0000 (19:04 +1000)
.github/workflows/ci.yml		patch \| blob \| blame \| history
.github/workflows/coveralls.yml		patch \| blob \| blame \| history
.github/workflows/cross-compiles.yml		patch \| blob \| blame \| history
.github/workflows/fuzz-checker.yml		patch \| blob \| blame \| history
.github/workflows/provider-compatibility.yml		patch \| blob \| blame \| history
.github/workflows/run-checker-daily.yml		patch \| blob \| blame \| history
.github/workflows/static-analysis-on-prem.yml		patch \| blob \| blame \| history
.github/workflows/static-analysis.yml		patch \| blob \| blame \| history
.github/workflows/windows.yml		patch \| blob \| blame \| history