aboutsummaryrefslogtreecommitdiffstats
path: root/.github
Commit message (Collapse)AuthorAgeFilesLines
* OpenSSL::config: determine the MSVC target architecture by asking clRichard Levitte2022-09-291-3/+3
| | | | | | | | | | | | | | | | | Since cl knows what architecture it builds fore, all depending on what the user set up, it makes sense to ask it, and use that result primarly, and only use the POSIX::uname() MACHINE value as a fallback. Also, this does indeed determine if cl is present or not. We drop the explicit names in .github/workflows/windows.yml as proof of concept. Fixes #19281 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19285)
* Add CI to test old FIPS provider versionsPauli2022-09-161-0/+74
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19201)
* Drop the optimisation level for ppc64le cross-compileMatt Caswell2022-08-241-1/+4
| | | | | | | | | | | | | The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems buggy and causes a seg fault in sslapitest. This doesn't impact any other CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross compiler. We just drop the optimisation level on that platform. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19056)
* Always automatically add -DPEDANTIC with enable-ubsanTomas Mraz2022-08-233-4/+4
| | | | | | | | To avoid reports like: #19028 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19029)
* Ensure we build ub sanitizer builds with -DPEDANTICMatt Caswell2022-08-171-1/+1
| | | | | | | | | | | Otherwise we may get spurious results from ub sanitizer. For example we assume we can tolerate some unaligned write without this define that ub sanitizer will complain about. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18983)
* Implement AES-GCM-SIV (RFC8452)Todd Short2022-07-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
* ci: add GitHub token permissions for workflowsVarun Sharma2022-07-1315-0/+51
| | | | | | | | Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18766)
* Increase test coverage by enabling more build optionsTomas Mraz2022-07-011-2/+12
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18606)
* CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14Sam James2022-06-271-20/+38
| | | | | | | | | | | | | | | | | Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet until this commit - in OpenSSL's CI. It makes sense to ensure CI tests compilers used in newer Linux distributions: * Fedora 36 ships with GCC 12 * Ubuntu 22.04 ships with Clang 14 We switch from 'ubuntu-latest' (which can change meaning but currently points to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and ubuntu-22.04 for the newer ones added by this commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18639)
* CI: add GCC 11Sam James2022-06-271-0/+8
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18639)
* Add a CI workflow for no-rfc3779Bernd Edlinger2022-06-231-0/+1
| | | | | | | | | Currently this configurations seem to be failing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18634)
* CI: Add enable-quic to some of the buildsTomas Mraz2022-06-031-11/+11
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
* Update copyright yearMatt Caswell2022-05-034-4/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Minimal test checking we can get public key in Turkish localeDmitry Belyavskiy2022-04-221-0/+2
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Fix -no-tls1_2 in testsTodd Short2022-04-111-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/18019)
* Disable the test_afalg on cross compile targetsTomas Mraz2022-03-231-1/+2
| | | | | | | | The afalg engine does not work when run through qemu. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17945)
* Add TFO support to socket BIO and s_client/s_serverTodd Short2022-03-102-0/+16
| | | | | | | | | | | Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
* Add external testing with oqsproviderMichael Baentsch2022-03-091-0/+2
| | | | | | | | | | Including running the oqsprovider external test in the CI external test build. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17832)
* Add test of FIPS provider from the master branch with 3.0 buildTomas Mraz2022-02-111-1/+43
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17671)
* Add test of FIPS provider from the 3.0 branch with master buildTomas Mraz2022-02-111-0/+52
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17671)
* Fix copyright year issuesBernd Edlinger2022-01-061-0/+2
| | | | | | | Fixes: #13765 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17427)
* Run TLSfuzzer tests for CIDmitry Belyavskiy2022-01-051-0/+2
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17340)
* Windows CI: explicitly use windows-2019 instead of using windows-latestTomas Mraz2021-12-101-3/+3
| | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/17234)
* CI: Replace windows-2016 with windows-2022Tomas Mraz2021-12-062-5/+8
| | | | | | | | | Windows 2016 environment is going to be discontinued. Fixes #17177 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17183)
* run-checker: add CI to test safe_math without compiler support.Pauli2021-11-121-0/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16930)
* coverity: add a daily coverity buildPauli2021-11-091-0/+42
| | | | | | | | The weekly build got lost when we stopped using Travis. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16988)
* ci: add additional operating system specific buildsPauli2021-09-271-0/+66
| | | | | | | | | These are an attempt to cover off on older OS versions that the main CIs do not cover. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16669)
* FIPS and KTLS may interfereDmitry Belyavskiy2021-09-241-0/+13
| | | | | | | | | | New Linux kernels (>= 5.11) enable KTLS CHACHA which is not FIPS-suitable. Fixes #16657 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16658)
* ci: add copyright header to CI scriptsPauli2021-09-2112-0/+84
| | | | | | | | There is quite a bit of creative effort in these and even more trouble- shooting effort. I.e. they are non-trivial from a copyright perspective. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16628)
* CI: add last run-checker fuzzing CIs to ActionsPauli2021-09-021-0/+61
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16438)
* always use the same perl in $PATHa13460542021-09-025-9/+8
| | | | | | | | | | | | | | | Different tests may use unexpectedly different versions of perl, depending on whether they hardcode the path to the perl executable or if they resolve the path from the environment. This fixes it so that the same perl is always used. Fix some trailing whitespace and spelling mistakes as well. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16362)
* Add additional test to thread sanitizer buildPauli2021-08-311-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16469)
* CI: add builds covering a number of different compiler versionsPauli2021-08-311-0/+53
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16463)
* ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan buildTomas Mraz2021-08-311-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/16433)
* CI: remove spurious blank linesPauli2021-08-055-8/+0
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16174)
* ci: specific gcc explicitly on the basic-gcc CI buildPauli2021-08-051-1/+1
| | | | | | | GitHub Actions default to clang not gcc so this is necessary now. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16174)
* ci: separate the config dump from the configuration commandPauli2021-08-055-6/+28
| | | | | | | This avoids using the shell's `&&` and shortens the lines a bit. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16174)
* ci: disable async for the SH4 build and reenable the associated testPauli2021-07-281-2/+2
| | | | | | | The platform doesn't seem to have support for this. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16144)
* ci: get rid of no-asm flag to m68k cross compilesPauli2021-07-281-2/+2
| | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16144)
* ci: add the param conversion tests to the cross compiles.Pauli2021-07-281-1/+1
| | | | | | | | There was a failure because an "inf" values was being read as a "NaN" not an infinity. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16144)
* QEMU: include test runs for most cross compilation targetsPauli2021-07-281-9/+49
| | | | | | | | | | | | | | | | | | | | For the cross compiles where the tests couldn't be run, most are capable of being run when statically linked. For these, a shared with FIPS build but not test run is also included to maximise compilation coverage. The builds take a couple of minutes so the impact of these extra jobs isn't great. The test failures for test_includes, test_store and test_x509_store across several platforms are related the the OPENSSL_DIR_read() call. This gets a "Value too large for defined data type" error calling the standard library's readdir() wrapper. That is, the failure is during the translation from the x86-64 structure to the 32 bit structure. I've tried tweaking the include defines to use larger fields but couldn't figure out how to make it work. The most prudent fix is to ignore these tests for these platforms. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16144)
* Test ktls in non-default options CI buildTomas Mraz2021-07-271-1/+3
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16120)
* Drop no-ktls from runchecker daily build as it has no effectTomas Mraz2021-07-271-1/+0
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16120)
* ci: QEMU based cross compiled testingPauli2021-07-231-30/+88
| | | | | | | | | | | With a little set up, Debian provides an ability to use QEMU to execute programs compiled for other architectures. Using this, most of our cross compilation CI builds can be executed. This PR does this. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16133)
* ci: reinstate the passwd tests for the no-cached-fetch run.Pauli2021-07-231-1/+1
| | | | | | | | | | By selectively skipping the high round test cases, the out of memory problem can be avoided. partially fixes #16127 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16132)
* ci: omit tests that consume too much memoryPauli2021-07-211-1/+1
| | | | | | | | | | The SSL API tests and the passwd command test trigger memory leakage in the address sanitizer. Fixes #16116 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16125)
* Drop daily run-checker build with just enable-acvp-testsTomas Mraz2021-07-161-1/+0
| | | | | | | | Having just enable-acvp-tests without enable-fips does not make much sense as this just builds the test but it is skipped. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
* CI: have enable-acvp-tests in some CI buildTomas Mraz2021-07-161-1/+1
| | | | | Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16076)
* ci: add a memory sanitiser test runPauli2021-07-011-1/+13
| | | | | | | | This omission noted in #15950 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15952)
* Update dependencies for krb5 external testRobbie Harwood2021-06-231-1/+1
| | | | | | | | | | | Dejagnu/TCL are no longer needed. Installing kdcproxy enables krb5's proxying tests, which exercise the krb5 TLS integration. Signed-off-by: Robbie Harwood <rharwood@redhat.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15850)