name: Linux tests permissions: contents: read on: [workflow_call, workflow_dispatch] jobs: linux: strategy: fail-fast: false matrix: include: - name: arm64 runner: ubuntu-24.04-arm container: openquantumsafe/ci-ubuntu-latest:latest PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py CMAKE_ARGS: -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_ENABLE_SIG_STFL_LMS=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON - name: arm64-slhdsa runner: ubuntu-24.04-arm container: openquantumsafe/ci-ubuntu-latest:latest PYTEST_ARGS: --maxprocesses=10 --ignore=tests/test_kat_all.py CMAKE_ARGS: -DOQS_MINIMAL_BUILD=SIG_slh_dsa - name: alpine runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-slhdsa runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_MINIMAL_BUILD=SIG_slh_dsa PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-libjade runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}" PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-no-stfl-key-sig-gen runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-openssl-all runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-noopenssl runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-openssl-all-slhdsa runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON -DOQS_MINIMAL_BUILD=SIG_slh_dsa PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: alpine-noopenssl-slhdsa runner: ubuntu-latest container: openquantumsafe/ci-alpine-amd64:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_USE_OPENSSL=OFF -DOQS_MINIMAL_BUILD=SIG_slh_dsa PYTEST_ARGS: --ignore=tests/test_alg_info.py --ignore=tests/test_kat_all.py - name: noble-nistr4-openssl runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_R4 PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: noble-nistonramp-openssl runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=NIST_SIG_ONRAMP PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: noble-noopenssl runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: noble-noopenssl-libjade runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_USE_OPENSSL=OFF -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}" PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: noble-shared-noopenssl runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_DIST_BUILD=OFF -DOQS_USE_OPENSSL=OFF -DBUILD_SHARED_LIBS=ON PYTEST_ARGS: --ignore=tests/test_namespace.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: jammy-clang runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang PYTEST_ARGS: --ignore=tests/test_kat_all.py - name: noble-clang runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DCMAKE_C_COMPILER=clang PYTEST_ARGS: --ignore=tests/test_kat_all.py -k 'not (leaks and ML-DSA)' - name: jammy-std-openssl3 runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: jammy-std-openssl3-libjade runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}" PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: jammy-std-openssl3-dlopen runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: jammy-std-openssl3-dlopen-libjade runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-jammy:latest CMAKE_ARGS: -DOQS_STRICT_WARNINGS=ON -DOQS_ALGS_ENABLED=STD -DBUILD_SHARED_LIBS=ON -DOQS_DLOPEN_OPENSSL=ON -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}" PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py - name: address-sanitizer runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=ON -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 - name: address-sanitizer-no-stfl-key-sig-gen runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_ENABLE_SIG_SLH_DSA=OFF -DOQS_HAZARDOUS_EXPERIMENTAL_ENABLE_SIG_STFL_KEY_SIG_GEN=OFF -DOQS_ENABLE_SIG_STFL_XMSS=ON -DOQS_ENABLE_SIG_STFL_LMS=ON PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 - name: address-sanitizer-libjade runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DCMAKE_C_COMPILER=clang -DCMAKE_BUILD_TYPE=Debug -DUSE_SANITIZER=Address -DOQS_LIBJADE_BUILD=ON -DOQS_MINIMAL_BUILD="${{ vars.LIBJADE_ALG_LIST }}" -DOQS_ENABLE_SIG_SLH_DSA=OFF PYTEST_ARGS: --ignore=tests/test_distbuild.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py --maxprocesses=10 - name: noble-no-sha3-avx512vl runner: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest CMAKE_ARGS: -DOQS_USE_SHA3_AVX512VL=OFF PYTEST_ARGS: --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py runs-on: ${{ matrix.runner }} timeout-minutes: 85 # max + 3*std over the last thousands of successful runs container: image: ${{ matrix.container }} steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build run: ninja working-directory: build - name: Check the library artifacts if: matrix.name == 'jammy-std-openssl3-dlopen' run: | nm -gu lib/liboqs.so | sed -n 's/^[[:space:]]*[Uw] \([^_].*\)/\1/p' > undefined-syms.txt && ! (grep '^\(CRYPTO\|ERR\|EVP\|OPENSSL\|RAND\)_' undefined-syms.txt) working-directory: build - name: Run tests timeout-minutes: 60 run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --numprocesses=auto ${{ matrix.PYTEST_ARGS }} - name: Package .deb if: matrix.name == 'jammy-std-openssl3' run: cpack working-directory: build - name: Retain .deb file if: matrix.name == 'jammy-std-openssl3' uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # pin@v4 with: name: liboqs-openssl3-shared-x64 path: build/*.deb - name: Check STD algorithm and alias if: matrix.name == 'jammy-std-openssl3' run: 'tests/dump_alg_info | grep -zoP "ML-DSA-44:\n isnull: false" && tests/dump_alg_info | grep -zoP "ML-KEM-512:\n isnull: false"' working-directory: build linux_cross_compile: runs-on: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest strategy: fail-fast: false matrix: include: - name: windows-binaries CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake - name: windows-dll CMAKE_ARGS: -DCMAKE_TOOLCHAIN_FILE=../.CMake/toolchain_windows-amd64.cmake -DBUILD_SHARED_LIBS=ON steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build run: ninja working-directory: build linux_openssl330-dev: runs-on: ubuntu-latest container: image: openquantumsafe/ci-ubuntu-jammy:latest steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Retrieve OpenSSL330 from cache id: cache-openssl330 uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4 with: path: .localopenssl330 key: ${{ runner.os }}-openssl330 - name: Checkout the OpenSSL v3.3.0 commit if: steps.cache-openssl330.outputs.cache-hit != 'true' uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 with: repository: 'openssl/openssl' ref: 'openssl-3.3.0-beta1' path: openssl - name: Prepare the OpenSSL build directory if: steps.cache-openssl330.outputs.cache-hit != 'true' run: mkdir .localopenssl330 working-directory: openssl - name: Build openssl3 if not cached if: steps.cache-openssl330.outputs.cache-hit != 'true' run: | ./config --prefix=`pwd`/../.localopenssl330 && make -j 4 && make install_sw install_ssldirs working-directory: openssl - name: Save OpenSSL id: cache-openssl-save if: steps.cache-openssl330.outputs.cache-hit != 'true' uses: actions/cache/save@d4323d4df104b026a6aa633fdb11d772146be0bf # pin@v4 with: path: | .localopenssl330 key: ${{ runner.os }}-openssl330 - name: Configure run: mkdir build && cd build && cmake -GNinja -DOQS_STRICT_WARNINGS=ON -DOPENSSL_ROOT_DIR=../.localopenssl330 -DOQS_USE_OPENSSL=ON -DBUILD_SHARED_LIBS=ON -DOQS_USE_AES_OPENSSL=ON -DOQS_USE_SHA2_OPENSSL=ON -DOQS_USE_SHA3_OPENSSL=ON .. && cmake -LA -N .. - name: Build run: ninja working-directory: build - name: Run tests timeout-minutes: 60 run: mkdir -p tmp && python3 -m pytest --verbose --ignore=tests/test_code_conventions.py --ignore=tests/test_leaks.py --ignore=tests/test_kat_all.py scan_build: runs-on: ubuntu-latest container: openquantumsafe/ci-ubuntu-latest:latest steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Configure run: mkdir build && cd build && scan-build --status-bugs cmake -GNinja .. - name: Build run: scan-build --status-bugs ninja working-directory: build linux_x86_emulated: runs-on: ubuntu-latest container: image: openquantumsafe/ci-ubuntu-latest:latest strategy: fail-fast: false matrix: include: - name: avx512-ml-kem_ml-dsa SDE_ARCH: -skx CMAKE_ARGS: -DOQS_MINIMAL_BUILD="KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024;SIG_ml_dsa_44;SIG_ml_dsa_65;SIG_ml_dsa_87" PYTEST_ARGS: tests/test_hash.py::test_sha3 tests/test_kat.py tests/test_acvp_vectors.py env: SDE_URL: https://downloadmirror.intel.com/850782/sde-external-9.53.0-2025-03-16-lin.tar.xz steps: - name: Checkout code uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # pin@v4 - name: Setup Intel SDE run: | wget -O sde.tar.xz "$SDE_URL" && \ mkdir sde && tar -xf sde.tar.xz -C sde --strip-components=1 && \ echo "$(pwd)/sde" >> $GITHUB_PATH - name: Configure run: mkdir build && cd build && cmake -GNinja ${{ matrix.CMAKE_ARGS }} .. && cmake -LA -N .. - name: Build run: ninja working-directory: build - name: Run tests timeout-minutes: 60 run: | mkdir -p tmp && sde64 ${{ matrix.SDE_ARCH }} -- \ python3 -m pytest --verbose --numprocesses=auto ${{ matrix.PYTEST_ARGS }}