Merge pull request gost-engine#526 from Mironenko/support-openssl-4

Enable building the provider with OpenSSL 4.0

Author: chipitsine

.github/script.sh

@@ -2,13 +2,17 @@
 
 PREFIX=$HOME/opt
 PATH=$PREFIX/bin:$PATH
+BUILD_ENGINE=${GOST_BUILD_ENGINE:+-DGOST_BUILD_ENGINE=$GOST_BUILD_ENGINE}
+BUILD_PROVIDER=${GOST_BUILD_PROVIDER:+-DGOST_BUILD_PROVIDER=$GOST_BUILD_PROVIDER}
 
 mkdir build
 cd build
-cmake -DTLS13_PATCHED_OPENSSL=$PATCH_OPENSSL -DOPENSSL_ROOT_DIR=$PREFIX -DOPENSSL_ENGINES_DIR=$PREFIX/engines ${ASAN-} ..
+cmake -DTLS13_PATCHED_OPENSSL=$PATCH_OPENSSL -DOPENSSL_ROOT_DIR=$PREFIX \
+    -DOPENSSL_ENGINES_DIR=$PREFIX/engines ${ASAN-} \
+    $BUILD_ENGINE $BUILD_PROVIDER ..
+
 make
 make test CTEST_OUTPUT_ON_FAILURE=1
 if [ -z "${ASAN-}" ]; then
-    make tcl_tests_engine
-    make tcl_tests_provider
+    make tcl_tests
 fi

.github/workflows/ci.yml

@@ -12,48 +12,89 @@ env:
     GOST_PROVIDER_ENABLE_ONLINE_TESTS: 1
 
 jobs:
-    gcc-openssl-stable:
+    gcc-engine-openssl-3-6-0:
+        runs-on: ubuntu-latest
+        if: ${{ github.event_name != 'schedule' }}
+        env:
+            GOST_BUILD_PROVIDER: OFF
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - run: .github/before_script.sh
+            - run: .github/script.sh
+
+    clang-engine-openssl-3-6-0:
+        runs-on: ubuntu-latest
+        if: ${{ github.event_name != 'schedule' }}
+        env:
+            CC: clang
+            GOST_BUILD_PROVIDER: OFF
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - run: .github/before_script.sh
+            - run: .github/script.sh
+
+    macos-engine-openssl-3-6-0:
+        runs-on: macos-latest
+        if: ${{ github.event_name != 'schedule' }}
+        env:
+            USE_RPATH:
+            GOST_PROVIDER_ENABLE_ONLINE_TESTS: 0 # macOS runner has no network access to infotecs TLS1.3 server
+            GOST_BUILD_PROVIDER: OFF
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - run: .github/before_script.sh
+            - run: .github/script.sh
+
+    gcc-provider-openssl-3-6-0-patch:
         runs-on: ubuntu-latest
         if: ${{ github.event_name != 'schedule' }}
         env:
             PATCH_OPENSSL: 1
+            GOST_BUILD_ENGINE: OFF
         steps:
             - uses: actions/checkout@v2
               with:
                   submodules: true
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    clang-openssl-stable:
+    clang-provider-openssl-3-6-0-patch:
         runs-on: ubuntu-latest
         if: ${{ github.event_name != 'schedule' }}
         env:
             CC: clang
             PATCH_OPENSSL: 1
+            GOST_BUILD_ENGINE: OFF
         steps:
             - uses: actions/checkout@v2
               with:
                   submodules: true
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    macos-openssl-stable:
+    macos-provider-openssl-3-6-0-patch:
         runs-on: macos-latest
         if: ${{ github.event_name != 'schedule' }}
         env:
             USE_RPATH:
-            PATCH_OPENSSL: 1
             GOST_PROVIDER_ENABLE_ONLINE_TESTS: 0 # macOS runner has no network access to infotecs TLS1.3 server
+            PATCH_OPENSSL: 1
+            GOST_BUILD_ENGINE: OFF
         steps:
             - uses: actions/checkout@v2
               with:
                   submodules: true
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    gcc-openssl-master:
+    gcc-provider-openssl-master:
         runs-on: ubuntu-latest
-        if: ${{ github.event_name == 'schedule' }}
         env:
             OPENSSL_BRANCH: master
         steps:
@@ -63,24 +104,37 @@ jobs:
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    macos-openssl-master:
+    clang-provider-openssl-4-0-0:
+        runs-on: ubuntu-latest
+        if: ${{ github.event_name != 'schedule' }}
+        env:
+            CC: clang
+            OPENSSL_BRANCH: openssl-4.0.0
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - run: .github/before_script.sh
+            - run: .github/script.sh
+
+    macos-provider-openssl-4-0-0:
         runs-on: macos-latest
-        if: ${{ github.event_name == 'schedule' }}
+        if: ${{ github.event_name != 'schedule' }}
         env:
-            OPENSSL_BRANCH: master
+            OPENSSL_BRANCH: openssl-4.0.0
             USE_RPATH:
+            GOST_PROVIDER_ENABLE_ONLINE_TESTS: 0 # macOS runner has no network access to infotecs TLS1.3 server
         steps:
             - uses: actions/checkout@v2
               with:
                   submodules: true
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    gcc-asan-openssl-master:
+    gcc-asan-openssl-4-0-0:
         runs-on: ubuntu-latest
-        if: ${{ github.event_name == 'schedule' }}
         env:
-            OPENSSL_BRANCH: master
+            OPENSSL_BRANCH: openssl-4.0.0
             ASAN: -DASAN=1
         steps:
             - uses: actions/checkout@v2
@@ -89,11 +143,10 @@ jobs:
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    macos-asan-openssl-master:
+    macos-asan-openssl-4-0-0:
         runs-on: macos-latest
-        if: ${{ github.event_name == 'schedule' }}
         env:
-            OPENSSL_BRANCH: master
+            OPENSSL_BRANCH: openssl-4.0.0
             ASAN: -DASAN=1
             USE_RPATH:
         steps:
@@ -103,7 +156,7 @@ jobs:
             - run: .github/before_script.sh
             - run: .github/script.sh
 
-    gcc-openssl-stable-x86:
+    gcc-openssl-3-6-0-x86:
         runs-on: ubuntu-latest
         if: ${{ github.event_name == 'schedule' }}
         env:
@@ -119,3 +172,18 @@ jobs:
             - run: .github/before_script.sh
             - run: .github/script.sh
 
+    gcc-openssl-4-0-0-x86:
+        runs-on: ubuntu-latest
+        if: ${{ github.event_name == 'schedule' }}
+        env:
+            CFLAGS: -m32
+            LDFLAGS: -m32
+            SETARCH: "setarch i386"
+            APT_INSTALL: gcc-multilib
+            OPENSSL_BRANCH: openssl-4.0.0
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - run: .github/before_script.sh
+            - run: .github/script.sh

.github/workflows/windows.yml

@@ -2,10 +2,10 @@ name: CI (windows)
 on: [push, pull_request]
 
 jobs:
-    msvc-openssl:
+    msvc-openssl-3-6-0-patch:
         runs-on: windows-latest
         outputs:
-            openssl-head: ${{ steps.openssl.outputs.head }}
+            openssl-head: ${{ steps.openssl.outputs.head }}-${{ steps.patches.outputs.id }}
         steps:
             - uses: actions/checkout@v2
             - uses: actions/checkout@v2
@@ -16,11 +16,13 @@ jobs:
                   fetch-depth: 0
             - run: echo "::set-output name=head::$(git -C openssl describe --always --long)"
               id: openssl
+            - run: echo "::set-output name=id::$(git rev-parse HEAD:patches)"
+              id: patches
             - uses: actions/cache@v4
               id: cache
               with:
                   path: openssl/_dest
-                  key: ${{ runner.os }}-openssl-${{ steps.openssl.outputs.head }}
+                  key: ${{ runner.os }}-openssl-${{ steps.openssl.outputs.head }}-${{ steps.patches.outputs.id }}
             - name: Apply patches
               run: |
                   git apply patches/openssl-tls1.3.patch
@@ -36,8 +38,155 @@ jobs:
                   nmake /S build_libs build_programs
                   nmake /S install_sw DESTDIR=_dest
 
-    msvc-engine:
-        needs: msvc-openssl
+    msvc-openssl-3-6-0:
+        runs-on: windows-latest
+        outputs:
+            openssl-head: ${{ steps.openssl.outputs.head }}
+        steps:
+            - uses: actions/checkout@v2
+            - uses: actions/checkout@v2
+              with:
+                  repository: openssl/openssl
+                  path: openssl
+                  ref: openssl-3.6.0
+                  fetch-depth: 0
+            - run: echo "::set-output name=head::$(git -C openssl describe --always --long)"
+              id: openssl
+            - uses: actions/cache@v4
+              id: cache
+              with:
+                  path: openssl/_dest
+                  key: ${{ runner.os }}-openssl-${{ steps.openssl.outputs.head }}
+            - uses: ilammy/msvc-dev-cmd@v1
+            - name: Build OpenSSL
+              if: steps.cache.outputs.cache-hit != 'true'
+              working-directory: openssl
+              run: |
+                  perl Configure no-makedepend no-tests no-asm VC-WIN64A
+                  perl configdata.pm --dump
+                  nmake /S build_libs build_programs
+                  nmake /S install_sw DESTDIR=_dest
+
+    msvc-openssl-4-0-0:
+        runs-on: windows-latest
+        outputs:
+            openssl-head: ${{ steps.openssl.outputs.head }}
+        steps:
+            - uses: actions/checkout@v2
+            - uses: actions/checkout@v2
+              with:
+                  repository: openssl/openssl
+                  path: openssl
+                  ref: openssl-4.0.0
+                  fetch-depth: 0
+            - run: echo "::set-output name=head::$(git -C openssl describe --always --long)"
+              id: openssl
+            - uses: actions/cache@v4
+              id: cache
+              with:
+                  path: openssl/_dest
+                  key: ${{ runner.os }}-openssl-${{ steps.openssl.outputs.head }}
+            - uses: ilammy/msvc-dev-cmd@v1
+            - name: Build OpenSSL
+              if: steps.cache.outputs.cache-hit != 'true'
+              working-directory: openssl
+              run: |
+                  perl Configure no-makedepend no-tests no-asm VC-WIN64A
+                  perl configdata.pm --dump
+                  nmake /S build_libs build_programs
+                  nmake /S install_sw DESTDIR=_dest
+
+    msvc-openssl-master:
+        runs-on: windows-latest
+        outputs:
+            openssl-head: ${{ steps.openssl.outputs.head }}
+        steps:
+            - uses: actions/checkout@v2
+            - uses: actions/checkout@v2
+              with:
+                  repository: openssl/openssl
+                  path: openssl
+                  ref: master
+                  fetch-depth: 0
+            - run: echo "::set-output name=head::$(git -C openssl describe --always --long)"
+              id: openssl
+            - uses: actions/cache@v4
+              id: cache
+              with:
+                  path: openssl/_dest
+                  key: ${{ runner.os }}-openssl-${{ steps.openssl.outputs.head }}
+            - uses: ilammy/msvc-dev-cmd@v1
+            - name: Build OpenSSL
+              if: steps.cache.outputs.cache-hit != 'true'
+              working-directory: openssl
+              run: |
+                  perl Configure no-makedepend no-tests no-asm VC-WIN64A
+                  perl configdata.pm --dump
+                  nmake /S build_libs build_programs
+                  nmake /S install_sw DESTDIR=_dest
+
+    msvc-engine-openssl-3-6-0:
+        needs: msvc-openssl-3-6-0
+        runs-on: windows-latest
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - uses: actions/cache@v4
+              with:
+                  path: openssl/_dest
+                  key: ${{ runner.os }}-openssl-${{ needs.msvc-openssl-3-6-0.outputs.openssl-head }}
+            - run: cmake -DOPENSSL_ROOT_DIR="openssl\_dest\Program Files\OpenSSL" -DOPENSSL_ENGINES_DIR=bin -DGOST_BUILD_PROVIDER=0 .
+            - run: cmake --build .
+            - name: Run tests
+              run: |
+                  $env:OPENSSL_ENGINES = "$pwd\bin\Debug"
+                  $env:OPENSSL_MODULES = "$pwd\bin\Debug"
+                  Copy-Item -Path "$pwd\openssl\_dest\Program Files\OpenSSL\bin\*.dll" -Destination "$pwd\bin\Debug"
+                  ctest -C Debug --output-on-failure
+
+    msvc-provider-openssl-3-6-0-patch:
+        needs: msvc-openssl-3-6-0-patch
+        runs-on: windows-latest
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - uses: actions/cache@v4
+              with:
+                  path: openssl/_dest
+                  key: ${{ runner.os }}-openssl-${{ needs.msvc-openssl-3-6-0-patch.outputs.openssl-head }}
+            - run: cmake -DOPENSSL_ROOT_DIR="openssl\_dest\Program Files\OpenSSL" -DOPENSSL_ENGINES_DIR=bin -DGOST_BUILD_ENGINE=OFF .
+            - run: cmake --build .
+            - name: Run tests
+              run: |
+                  $env:OPENSSL_ENGINES = "$pwd\bin\Debug"
+                  $env:OPENSSL_MODULES = "$pwd\bin\Debug"
+                  Copy-Item -Path "$pwd\openssl\_dest\Program Files\OpenSSL\bin\*.dll" -Destination "$pwd\bin\Debug"
+                  ctest -C Debug --output-on-failure
+
+    msvc-provider-openssl-4-0-0:
+        needs: msvc-openssl-4-0-0
+        runs-on: windows-latest
+        steps:
+            - uses: actions/checkout@v2
+              with:
+                  submodules: true
+            - uses: actions/cache@v4
+              with:
+                  path: openssl/_dest
+                  key: ${{ runner.os }}-openssl-${{ needs.msvc-openssl-4-0-0.outputs.openssl-head }}
+            - run: cmake -DOPENSSL_ROOT_DIR="openssl\_dest\Program Files\OpenSSL" -DOPENSSL_ENGINES_DIR=bin .
+            - run: cmake --build .
+            - name: Run tests
+              run: |
+                  $env:OPENSSL_ENGINES = "$pwd\bin\Debug"
+                  $env:OPENSSL_MODULES = "$pwd\bin\Debug"
+                  Copy-Item -Path "$pwd\openssl\_dest\Program Files\OpenSSL\bin\*.dll" -Destination "$pwd\bin\Debug"
+                  ctest -C Debug --output-on-failure
+
+    msvc-provider-openssl-master:
+        needs: msvc-openssl-master
         runs-on: windows-latest
         steps:
             - uses: actions/checkout@v2
@@ -46,7 +195,7 @@ jobs:
             - uses: actions/cache@v4
               with:
                   path: openssl/_dest
-                  key: ${{ runner.os }}-openssl-${{ needs.msvc-openssl.outputs.openssl-head }}
+                  key: ${{ runner.os }}-openssl-${{ needs.msvc-openssl-master.outputs.openssl-head }}
             - run: cmake -DOPENSSL_ROOT_DIR="openssl\_dest\Program Files\OpenSSL" -DOPENSSL_ENGINES_DIR=bin .
             - run: cmake --build .
             - name: Run tests