Skip to content

chore: update dependencies #345

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
reneleonhardt wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore: update dependencies #345

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/dependabot.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
version: 2
updates:
- package-ecosystem: docker
directories:
- /
- docker_test
schedule:
interval: weekly
- package-ecosystem: github-actions
directory: /
schedule:
interval: weekly
12 changes: 6 additions & 6 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,27 +10,27 @@ jobs:
matrix:
cc: [clang, gcc]
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- name: build with ${{ matrix.cc }}
run: |
# Since ubuntu-latest does not ship with OpenSSL >= v3.5, dynamic linking will fail unless we build and install it.
git clone -b openssl-3.5 https://github.com/openssl/openssl
git clone -b openssl-3.6 https://github.com/openssl/openssl
pushd openssl
git fetch --tags
git checkout openssl-3.5.0
./config --prefix=/opt/openssl35 shared
git checkout openssl-3.6.0
./config --prefix=/opt/openssl36 shared
make -j $(nproc --all)
make install
popd

make sslscan LDFLAGS=-L/opt/openssl35 CFLAGS=-I/opt/openssl35/include
make sslscan LDFLAGS=-L/opt/openssl36 CFLAGS=-I/opt/openssl36/include
make static
env:
CC: ${{ matrix.cc }}
build_mingw:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/checkout@v5
- name: install mingw-w64
run: |
sudo apt-get update -qq
Expand Down
22 changes: 11 additions & 11 deletions docker_test.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -131,15 +131,15 @@ function run_test_8 {
}


# OpenSSL v3.5.0, TLSv1.3 only, with all supported groups.
# OpenSSL v3.6.0, TLSv1.3 only, with all supported groups.
function run_test_9 {
run_test $1 '9' "/openssl_v3.5.0/openssl s_server -accept 443 -key /etc/ssl/key_3072.pem -cert /etc/ssl/cert_3072.crt -tls1_3 -groups secp256r1:secp384r1:secp521r1:x25519:x448:brainpoolP256r1tls13:brainpoolP384r1tls13:brainpoolP512r1tls13:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:MLKEM512:MLKEM768:MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:SecP384r1MLKEM1024" ""
run_test $1 '9' "/openssl_v3.6.0/openssl s_server -accept 443 -key /etc/ssl/key_3072.pem -cert /etc/ssl/cert_3072.crt -tls1_3 -groups secp256r1:secp384r1:secp521r1:x25519:x448:brainpoolP256r1tls13:brainpoolP384r1tls13:brainpoolP512r1tls13:ffdhe2048:ffdhe3072:ffdhe4096:ffdhe6144:ffdhe8192:MLKEM512:MLKEM768:MLKEM1024:SecP256r1MLKEM768:X25519MLKEM768:SecP384r1MLKEM1024" ""
}


# GnuTLS v3.8.9, TLSv1.3 only, with all supported groups.
# GnuTLS v3.8.10, TLSv1.3 only, with all supported groups.
function run_test_10 {
run_test $1 '10' "/gnutls-3.8.9/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+GROUP-SECP192R1:+GROUP-SECP224R1:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-X25519:+GROUP-GC256B:+GROUP-GC512A:+GROUP-X448:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192" ""
run_test $1 '10' "/gnutls-3.8.10/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem --priority=NORMAL:-VERS-TLS1.2:-VERS-TLS1.1:-VERS-TLS1.0:+GROUP-SECP192R1:+GROUP-SECP224R1:+GROUP-SECP256R1:+GROUP-SECP384R1:+GROUP-SECP521R1:+GROUP-X25519:+GROUP-GC256B:+GROUP-GC512A:+GROUP-X448:+GROUP-FFDHE2048:+GROUP-FFDHE3072:+GROUP-FFDHE4096:+GROUP-FFDHE6144:+GROUP-FFDHE8192" ""
}


Expand All @@ -155,21 +155,21 @@ function run_test_12 {
}


# GnuTLS 3.6.11.1, default options.
# GnuTLS 3.6.16, default options.
function run_test_13 {
run_test $1 '13' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
run_test $1 '13' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
}


# GnuTLS with only TLSv1.2 and TLSv1.3, and secp521r1 and ffdhe8192 groups.
function run_test_14 {
run_test $1 '14' "/gnutls-3.6.11.1/gnutls-serv -p 443 --priority=NORMAL:-VERS-TLS1.1:-VERS-TLS1.0:-GROUP-X25519:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-FFDHE2048:-GROUP-FFDHE3072:-GROUP-FFDHE4096:-GROUP-FFDHE6144 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
run_test $1 '14' "/gnutls-3.6.16/gnutls-serv -p 443 --priority=NORMAL:-VERS-TLS1.1:-VERS-TLS1.0:-GROUP-X25519:-GROUP-SECP256R1:-GROUP-SECP384R1:-GROUP-FFDHE2048:-GROUP-FFDHE3072:-GROUP-FFDHE4096:-GROUP-FFDHE6144 --x509certfile=/etc/ssl/cert_3072.crt --x509keyfile=/etc/ssl/key_3072.pem" ""
}


# GnuTLS with an ECDSA certificate (secp256r1 / NIST P-256).
function run_test_15 {
run_test $1 '15' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem" ""
run_test $1 '15' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem" ""
}


Expand All @@ -187,19 +187,19 @@ function run_test_17 {

# TLSv1.2 with ECDSA-SHA1 signature only.
function run_test_18 {
run_test $1 '18' "/gnutls-3.6.11.1/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NONE:-VERS-TLS1.0:-VERS-TLS1.1:+VERS-TLS1.2:-VERS-TLS1.3:+MAC-ALL:+GROUP-ALL:+SIGN-ECDSA-SHA1:+COMP-NULL:+CTYPE-SRV-ALL:+KX-ALL:+CHACHA20-POLY1305:+CAMELLIA-128-GCM:+AES-128-GCM" ""
run_test $1 '18' "/gnutls-3.6.16/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NONE:-VERS-TLS1.0:-VERS-TLS1.1:+VERS-TLS1.2:-VERS-TLS1.3:+MAC-ALL:+GROUP-ALL:+SIGN-ECDSA-SHA1:+COMP-NULL:+CTYPE-SRV-ALL:+KX-ALL:+CHACHA20-POLY1305:+CAMELLIA-128-GCM:+AES-128-GCM" ""
}


# Mbed TLS, default settings.
function run_test_19 {
run_test $1 '19' "/mbedtls_v3.6.3.1/ssl_server2 server_port=443 crt_file=/etc/ssl/cert_3072.crt key_file=/etc/ssl/key_3072.pem" ""
run_test $1 '19' "/mbedtls_v3.6.4/ssl_server2 server_port=443 crt_file=/etc/ssl/cert_3072.crt key_file=/etc/ssl/key_3072.pem" ""
}


# Many unique algorithms only present in GnuTLS.
function run_test_20 {
run_test $1 '20' "/gnutls-3.8.9/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NORMAL:+GOST28147-TC26Z-CFB:+GOST28147-CPA-CFB:+GOST28147-CPB-CFB:+GOST28147-CPC-CFB:+GOST28147-CPD-CFB:+AES-128-XTS:+AES-256-XTS:+AES-128-SIV:+AES-256-SIV:+AES-128-SIV-GCM:+AES-256-SIV-GCM:+GOST28147-TC26Z-CNT:+MAGMA-CTR-ACPKM:+KUZNYECHIK-CTR-ACPKM:+GOSTR341194:+STREEBOG-256:+STREEBOG-512:+VKO-GOST-12:+RSA-EXPORT:+GROUP-GC256B:+GROUP-GC512A:+SIGN-ECDSA-SHA3-224:+SIGN-ECDSA-SHA3-256:+SIGN-ECDSA-SHA3-384:+SIGN-ECDSA-SHA3-512:+SIGN-RSA-SHA3-224:+SIGN-RSA-SHA3-256:+SIGN-RSA-SHA3-384:+SIGN-RSA-SHA3-512:+SIGN-DSA-SHA3-224:+SIGN-DSA-SHA3-256:+SIGN-DSA-SHA3-384:+SIGN-DSA-SHA3-512:+SIGN-RSA-RAW:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+SIGN-DSA-SHA384:+SIGN-DSA-SHA512" ""
run_test $1 '20' "/gnutls-3.8.10/gnutls-serv -p 443 --x509certfile=/etc/ssl/cert_ecdsa_prime256v1.crt --x509keyfile=/etc/ssl/key_ecdsa_prime256v1.pem --priority=NORMAL:+GOST28147-TC26Z-CFB:+GOST28147-CPA-CFB:+GOST28147-CPB-CFB:+GOST28147-CPC-CFB:+GOST28147-CPD-CFB:+AES-128-XTS:+AES-256-XTS:+AES-128-SIV:+AES-256-SIV:+AES-128-SIV-GCM:+AES-256-SIV-GCM:+GOST28147-TC26Z-CNT:+MAGMA-CTR-ACPKM:+KUZNYECHIK-CTR-ACPKM:+GOSTR341194:+STREEBOG-256:+STREEBOG-512:+VKO-GOST-12:+RSA-EXPORT:+GROUP-GC256B:+GROUP-GC512A:+SIGN-ECDSA-SHA3-224:+SIGN-ECDSA-SHA3-256:+SIGN-ECDSA-SHA3-384:+SIGN-ECDSA-SHA3-512:+SIGN-RSA-SHA3-224:+SIGN-RSA-SHA3-256:+SIGN-RSA-SHA3-384:+SIGN-RSA-SHA3-512:+SIGN-DSA-SHA3-224:+SIGN-DSA-SHA3-256:+SIGN-DSA-SHA3-384:+SIGN-DSA-SHA3-512:+SIGN-RSA-RAW:+SIGN-GOSTR341012-512:+SIGN-GOSTR341012-256:+SIGN-GOSTR341001:+SIGN-DSA-SHA384:+SIGN-DSA-SHA512" ""
}


Expand Down
16 changes: 9 additions & 7 deletions docker_test/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@ FROM ubuntu:24.04 AS builder
COPY build_test_apps.sh /build/build_test_apps.sh

# Update base image and install prerequisites for building.
RUN apt update; apt install -y build-essential zlib1g zlib1g-dev nettle-dev git wget m4 pkg-config python3 python3-pip python3-virtualenv python3-venv
RUN apt update && \
DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends build-essential zlib1g zlib1g-dev nettle-dev git wget m4 pkg-config python3 python3-pip python3-virtualenv python3-venv && \
rm -rf /var/lib/apt/lists/*

# Build all applications.
RUN /bin/bash /build/build_test_apps.sh
Expand All @@ -17,18 +19,18 @@ FROM ubuntu:24.04
COPY --from=builder /build/libhogweed.so.5 /usr/lib/libhogweed.so.5
COPY --from=builder /build/libnettle.so.7 /usr/lib/libnettle.so.7

COPY --from=builder /build/gnutls-cli-v3.6.11.1 /gnutls-3.6.11.1/gnutls-cli
COPY --from=builder /build/gnutls-serv-v3.6.11.1 /gnutls-3.6.11.1/gnutls-serv
COPY --from=builder /build/gnutls-cli-v3.6.16 /gnutls-3.6.16/gnutls-cli
COPY --from=builder /build/gnutls-serv-v3.6.16 /gnutls-3.6.16/gnutls-serv

COPY --from=builder /build/gnutls-cli-v3.8.9 /gnutls-3.8.9/gnutls-cli
COPY --from=builder /build/gnutls-serv-v3.8.9 /gnutls-3.8.9/gnutls-serv
COPY --from=builder /build/gnutls-cli-v3.8.10 /gnutls-3.8.10/gnutls-cli
COPY --from=builder /build/gnutls-serv-v3.8.10 /gnutls-3.8.10/gnutls-serv

COPY --from=builder /build/openssl_prog_v1.0.0 /openssl_v1.0.0/openssl
COPY --from=builder /build/openssl_prog_v1.0.2 /openssl_v1.0.2/openssl
COPY --from=builder /build/openssl_prog_v1.1.1 /openssl_v1.1.1/openssl
COPY --from=builder /build/openssl_prog_v3.5.0 /openssl_v3.5.0/openssl
COPY --from=builder /build/openssl_prog_v3.6.0 /openssl_v3.6.0/openssl

COPY --from=builder /build/mbedtls_ssl_server2_v3.6.3.1 /mbedtls_v3.6.3.1/ssl_server2
COPY --from=builder /build/mbedtls_ssl_server2_v3.6.4 /mbedtls_v3.6.4/ssl_server2

# Copy certificates, keys, and DH parameters.
COPY *.pem /etc/ssl/
Expand Down
56 changes: 28 additions & 28 deletions docker_test/build_test_apps.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,14 @@ fi

# Compile all version of GnuTLS.
function compile_gnutls_all {
compile_gnutls '3.6.11.1'
compile_gnutls '3.8.9'
compile_gnutls '3.6.16'
compile_gnutls '3.8.10'
}


# Compile all versions of Mbed TLS.
function compile_mbedtls_all {
compile_mbedtls '3.6.3.1'
compile_mbedtls '3.6.4'
}


Expand All @@ -41,7 +41,7 @@ function compile_openssl_all {
compile_openssl '1.0.0'
compile_openssl '1.0.2'
compile_openssl '1.1.1'
compile_openssl '3.5.0'
compile_openssl '3.6.0'
}


Expand All @@ -51,16 +51,16 @@ function compile_mbedtls {

git_tag=
output_dir=
if [[ $version == '3.6.3.1' ]]; then
git_tag="v3.6.3.1"
output_dir="mbedtls_v3.6.3.1_dir"
if [[ $version == '3.6.4' ]]; then
git_tag="v3.6.4"
output_dir="mbedtls_v3.6.4_dir"
else
echo -e "${REDB}Error: Mbed TLS v${version} is unknown!${CLR}"
exit 1
fi

echo -e "\n${YELLOWB}Downloading Mbed TLS v${version}...${CLR}\n"
git clone --depth 1 -b ${git_tag} https://github.com/Mbed-TLS/mbedtls ${output_dir}
git clone --depth 1 --recurse-submodules -b ${git_tag} https://github.com/Mbed-TLS/mbedtls ${output_dir}

echo -e "\n${YELLOWB}Compiling Mbed TLS v${version}...${CLR}\n"
pushd ${output_dir}
Expand Down Expand Up @@ -113,10 +113,10 @@ function compile_openssl {
git_tag="OpenSSL_1_1_1-stable"
compile_args="enable-weak-ssl-ciphers no-shared zlib"
output_dir="openssl_v1.1.1_dir"
elif [[ $version == '3.5.0' ]]; then
git_tag="openssl-3.5.0"
elif [[ $version == '3.6.0' ]]; then
git_tag="openssl-3.6.0"
compile_args="enable-weak-ssl-ciphers no-shared zlib"
output_dir="openssl_v3.5.0_dir"
output_dir="openssl_v3.6.0_dir"
else
echo -e "${REDB}Error: OpenSSL v${version} is unknown!${CLR}"
exit 1
Expand Down Expand Up @@ -163,23 +163,23 @@ function compile_gnutls {
nettle_version=
compile_num_procs=${NUM_PROCS}
compile_nettle=0
if [[ "${gnutls_version}" == "3.6.11.1" ]]; then
gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.11.1.tar.xz
gnutls_expected_sha256=fbba12f3db9a55dbf027e14111755817ec44b57eabec3e8089aac8ac6f533cf8
gnutls_filename=gnutls-3.6.11.1.tar.xz
gnutls_source_dir=gnutls-3.6.11.1
nettle_version=3.5.1
nettle_url=https://ftp.gnu.org/gnu/nettle/nettle-3.5.1.tar.gz
nettle_expected_sha256=75cca1998761b02e16f2db56da52992aef622bf55a3b45ec538bc2eedadc9419
nettle_filename=nettle-3.5.1.tar.gz
nettle_source_dir=nettle-3.5.1
compile_nettle=1
elif [[ "${gnutls_version}" == "3.8.9" ]]; then
if [[ "${gnutls_version}" == "3.6.16" ]]; then
gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.6/gnutls-3.6.16.tar.xz
gnutls_expected_sha256=1b79b381ac283d8b054368b335c408fedcb9b7144e0c07f531e3537d4328f3b3
gnutls_filename=gnutls-3.6.16.tar.xz
gnutls_source_dir=gnutls-3.6.16
nettle_version=3.10.2
nettle_url=https://ftp.gnu.org/gnu/nettle/nettle-3.10.2.tar.gz
nettle_expected_sha256=fe9ff51cb1f2abb5e65a6b8c10a92da0ab5ab6eaf26e7fc2b675c45f1fb519b5
nettle_filename=nettle-3.10.2.tar.gz
nettle_source_dir=nettle-3.10.2
compile_nettle=1
elif [[ "${gnutls_version}" == "3.8.10" ]]; then
echo "Using platform's nettle library."
gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.9.tar.xz
gnutls_expected_sha256=69e113d802d1670c4d5ac1b99040b1f2d5c7c05daec5003813c049b5184820ed
gnutls_filename=gnutls-3.8.9.tar.xz
gnutls_source_dir=gnutls-3.8.9
gnutls_url=https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.10.tar.xz
gnutls_expected_sha256=db7fab7cce791e7727ebbef2334301c821d79a550ec55c9ef096b610b03eb6b7
gnutls_filename=gnutls-3.8.10.tar.xz
gnutls_source_dir=gnutls-3.8.10
else
echo -e "${REDB}Error: GnuTLS v${gnutls_version} is unknown!${CLR}"
exit 1
Expand Down Expand Up @@ -262,7 +262,7 @@ function compile_gnutls {
exit 1
fi

# Copy the gnutls-cli and gnutls-serv apps to the top-level docker building dir as, e.g. 'gnutls-cli-v3.6.11.1'. Then we can delete the source code directory and move on.
# Copy the gnutls-cli and gnutls-serv apps to the top-level docker building dir as, e.g. 'gnutls-cli-v3.6.16'. Then we can delete the source code directory and move on.
cp "src/gnutls-cli" "/build/gnutls-cli-v${gnutls_version}"
cp "src/gnutls-serv" "/build/gnutls-serv-v${gnutls_version}"

Expand Down