Commit Graph

278 Commits

Author SHA1 Message Date
Tomas Mraz
83529f07ca Always automatically add -DPEDANTIC with enable-ubsan
To avoid reports like: #19028

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19029)
2022-08-23 10:16:06 +10:00
Matt Caswell
17b94de3df Ensure we build ub sanitizer builds with -DPEDANTIC
Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this define that ub
sanitizer will complain about.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)
2022-08-17 16:46:33 +01:00
Todd Short
0113ec8460 Implement AES-GCM-SIV (RFC8452)
Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)
2022-07-29 08:32:16 -04:00
Varun Sharma
c6e7f427c8 ci: add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)
2022-07-13 10:14:09 +10:00
Tomas Mraz
c267588fd4 Increase test coverage by enabling more build options
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18606)
2022-07-01 11:38:25 +02:00
Sam James
712c13c57b CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14
Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet
until this commit - in OpenSSL's CI.

It makes sense to ensure CI tests compilers used in newer Linux distributions:
* Fedora 36 ships with GCC 12
* Ubuntu 22.04 ships with Clang 14

We switch from 'ubuntu-latest' (which can change meaning but currently points
to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and
ubuntu-22.04 for the newer ones added by this commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18639)
2022-06-27 11:43:39 +10:00
Sam James
6332f4c4a2 CI: add GCC 11
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18639)
2022-06-27 11:43:33 +10:00
Bernd Edlinger
a09adac311 Add a CI workflow for no-rfc3779
Currently this configurations seem to be failing.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
2022-06-23 19:24:57 +02:00
Tomas Mraz
b7873f92b0 CI: Add enable-quic to some of the builds
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
2022-06-03 12:07:18 +10:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Dmitry Belyavskiy
c29cf39449 Minimal test checking we can get public key in Turkish locale
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
2022-04-22 11:34:42 +02:00
Todd Short
40fb5a4ce3 Fix -no-tls1_2 in tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/18019)
2022-04-11 10:28:55 -04:00
Tomas Mraz
fecae608a9 Disable the test_afalg on cross compile targets
The afalg engine does not work when run through qemu.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17945)
2022-03-23 12:46:08 +01:00
Todd Short
a3e53d5683 Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
2022-03-10 10:42:43 -05:00
Michael Baentsch
fa66f62ebb Add external testing with oqsprovider
Including running the oqsprovider external test in the
CI external test build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17832)
2022-03-09 17:57:37 +01:00
Tomas Mraz
0c47b8a879 Add test of FIPS provider from the master branch with 3.0 build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
2022-02-11 09:06:07 +01:00
Tomas Mraz
3fdf4b9365 Add test of FIPS provider from the 3.0 branch with master build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
2022-02-11 09:05:30 +01:00
Bernd Edlinger
fd84b9c3e9 Fix copyright year issues
Fixes: #13765

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)
2022-01-06 09:27:02 +01:00
Dmitry Belyavskiy
e66c41725f Run TLSfuzzer tests for CI
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
2022-01-05 11:24:51 +01:00
Tomas Mraz
c37ebbd6f9 Windows CI: explicitly use windows-2019 instead of using windows-latest
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17234)
2021-12-10 08:27:03 +01:00
Tomas Mraz
c87a4dd7a7 CI: Replace windows-2016 with windows-2022
Windows 2016 environment is going to be discontinued.

Fixes #17177

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17183)
2021-12-06 12:21:04 +01:00
Pauli
d362db7cd1 run-checker: add CI to test safe_math without compiler support.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)
2021-11-12 19:49:46 +10:00
Pauli
7267769c28 coverity: add a daily coverity build
The weekly build got lost when we stopped using Travis.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16988)
2021-11-09 16:50:23 +10:00
Pauli
a16ba5f375 ci: add additional operating system specific builds
These are an attempt to cover off on older OS versions that the main CIs
do not cover.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16669)
2021-09-27 08:40:38 +10:00
Dmitry Belyavskiy
a5d8a2f8f1 FIPS and KTLS may interfere
New Linux kernels (>= 5.11) enable KTLS CHACHA which is not
FIPS-suitable.

Fixes #16657

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16658)
2021-09-24 11:06:51 +02:00
Pauli
08d8c2d87e ci: add copyright header to CI scripts
There is quite a bit of creative effort in these and even more trouble-
shooting effort.  I.e. they are non-trivial from a copyright perspective.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16628)
2021-09-21 18:02:58 +10:00
Pauli
f92bfddc1d CI: add last run-checker fuzzing CIs to Actions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16438)
2021-09-02 19:23:32 +10:00
a1346054
473664aafd always use the same perl in $PATH
Different tests may use unexpectedly different versions of perl,
depending on whether they hardcode the path to the perl executable or if
they resolve the path from the environment. This fixes it so that the
same perl is always used.

Fix some trailing whitespace and spelling mistakes as well.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16362)
2021-09-02 12:55:39 +10:00
Pauli
4f8e0272c1 Add additional test to thread sanitizer build
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)
2021-08-31 20:44:16 +10:00
Pauli
c7468c17d7 CI: add builds covering a number of different compiler versions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16463)
2021-08-31 20:41:58 +10:00
Tomas Mraz
3f7ad402b0 ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
2021-08-31 12:20:12 +02:00
Pauli
7587b5fd09 CI: remove spurious blank lines
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
ebe667b464 ci: specific gcc explicitly on the basic-gcc CI build
GitHub Actions default to clang not gcc so this is necessary now.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
7b917179d0 ci: separate the config dump from the configuration command
This avoids using the shell's `&&` and shortens the lines a bit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
2a7855fb25 ci: disable async for the SH4 build and reenable the associated test
The platform doesn't seem to have support for this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
1ad4350393 ci: get rid of no-asm flag to m68k cross compiles
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
cb7055fd5a ci: add the param conversion tests to the cross compiles.
There was a failure because an "inf" values was being read as a "NaN" not an
infinity.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
64d9b626aa QEMU: include test runs for most cross compilation targets
For the cross compiles where the tests couldn't be run, most are capable
of being run when statically linked.  For these, a shared with FIPS build
but not test run is also included to maximise compilation coverage.
The builds take a couple of minutes so the impact of these extra jobs
isn't great.

The test failures for test_includes, test_store and test_x509_store
across several platforms are related the the OPENSSL_DIR_read() call.
This gets a "Value too large for defined data type" error calling the
standard library's readdir() wrapper.  That is, the failure is during
the translation from the x86-64 structure to the 32 bit structure.
I've tried tweaking the include defines to use larger fields but couldn't
figure out how to make it work.  The most prudent fix is to ignore these
tests for these platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Tomas Mraz
c9eb459870 Test ktls in non-default options CI build
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
2021-07-27 13:19:20 +10:00
Tomas Mraz
bdb65e2ba6 Drop no-ktls from runchecker daily build as it has no effect
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
2021-07-27 13:19:20 +10:00
Pauli
034f9f4f6e ci: QEMU based cross compiled testing
With a little set up, Debian provides an ability to use QEMU to execute
programs compiled for other architectures. Using this, most of our cross
compilation CI builds can be executed.

This PR does this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16133)
2021-07-23 22:00:52 +10:00
Pauli
e6f0c8d3a7 ci: reinstate the passwd tests for the no-cached-fetch run.
By selectively skipping the high round test cases, the out of memory problem
can be avoided.

partially fixes #16127

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16132)
2021-07-23 18:01:03 +10:00
Pauli
c74188e86c ci: omit tests that consume too much memory
The SSL API tests and the passwd command test trigger memory leakage in the
address sanitizer.

Fixes #16116

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16125)
2021-07-21 20:04:36 +10:00
Tomas Mraz
ca638147c8 Drop daily run-checker build with just enable-acvp-tests
Having just enable-acvp-tests without enable-fips does not make
much sense as this just builds the test but it is skipped.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Tomas Mraz
f096691b91 CI: have enable-acvp-tests in some CI build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Pauli
a5a4dac988 ci: add a memory sanitiser test run
This omission noted in #15950

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)
2021-07-01 13:18:58 +10:00
Robbie Harwood
dd62ec2777 Update dependencies for krb5 external test
Dejagnu/TCL are no longer needed.  Installing kdcproxy enables krb5's
proxying tests, which exercise the krb5 TLS integration.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15850)
2021-06-23 10:26:53 +02:00
Pauli
3614d94d5f ci: run the on pull request CIs on push to master
This will help catch problems caused by merging.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15711)
2021-06-12 23:06:22 +10:00
Richard Levitte
25eeab019c Windows GitHub CI: Introduce --strict-warnings
This involves making a more comprehensive matrix for the different
architectures we build for.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)
2021-06-12 14:41:51 +10:00
Richard Levitte
dd53c29793 Windows Github CI: test in Windows 2016 as well
This brings an older version of MSVC, which may bring some "interesting"
failures.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)
2021-06-12 14:41:51 +10:00
Tomas Mraz
451c2a95bd Windows CI: Enable fuzz test in plain build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)
2021-06-11 09:50:55 +02:00
Rich Salz
43c2456f0f Add md-nits task
Assumes that Ruby is installed

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15590)
2021-06-04 13:04:18 +10:00
Dr. David von Oheimb
d0196ddcba CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15594)
2021-06-04 09:39:09 +10:00
Jon Spillett
8a5bd05da8 Add enable-fips to CI configuration
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537)
2021-06-03 07:33:13 +10:00
Tomas Mraz
86825c9917 Windows CI: enable fips on shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
2021-06-01 15:07:51 +02:00
Pauli
d11dd381c5 add some cross compilation builds
Add some cross compiling builds to test things aren't broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
2021-06-01 15:04:05 +10:00
Tomas Mraz
365d207faa FIPS Checksums: checkout the head of the base repo as pristine
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15503)
2021-05-28 09:11:18 +10:00
Tomas Mraz
07fb85cf61 FIPS Checksums CI: use separate directories for the checkouts
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15481)
2021-05-27 15:30:58 +02:00
Tomas Mraz
349fd92429 FIPS checksums CI: use merge checkout to compute the new checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
057fc59a89 Windows CI: properly drop test_fuzz* tests to speed up things
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
3113192705 Windows CI: Add make install step on the shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
69d8cf70ef Windows CI: use nasm on 32bit and 64bit shared builds
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15349)
2021-05-24 09:47:05 +02:00
Tomas Mraz
d7c18395bf Add some basic Windows builds to the Windows CI workflow
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15349)
2021-05-24 09:47:05 +02:00
Tomas Mraz
9ad400f788 FIPS label CI: Save PR number and use it
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15345)
2021-05-21 09:43:04 +02:00
Tomas Mraz
0a281eefb6 Exchange no-siv and no-ec2m between daily and ci workflows
The no-ec2m with ec enabled is much more likely to show
regressions such as #15170 than the no-siv build.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15355)
2021-05-21 10:03:07 +10:00
Dr. David von Oheimb
5bac37cb14 unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)
2021-05-19 14:13:12 +02:00
Pauli
c4fca3f705 fips: remove unnecessary commas to get CI working
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15337)
2021-05-19 13:15:14 +10:00
Tomas Mraz
753f1f24ac Avoid failing label removal if label is not there
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Tomas Mraz
a51ccd5be7 Separate FIPS checksum and labelling into different workflows
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Dr. David von Oheimb
4a14ae9dc8 ci.yml: Add cmd-nits to the doc-nits CI run
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
2021-05-18 13:02:23 +02:00
Pauli
e2daf6f140 ci: remove the checksum CI script
This script introduces a security vulnerability where the OpenSSL github
repository can be modified which opens a window for an attacker.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

Reported-by: Nikita Stupin
2021-05-16 10:23:54 +10:00
Rich Salz
d0364dcc42 Add --banner config option
Use it in the automated workflows.

Fixes: #15247

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15248)
2021-05-14 08:35:11 +02:00
Tomas Mraz
ca6197ca3c Ensure the pristine checksums are not recomputed
When switching between the pristine and PR checkouts we must
ensure the pristine checksums are not recomputed.

Also ignore errors (such as trying to remove a label that
is not set) when setting or removing labels.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15266)
2021-05-13 12:05:36 +02:00
Tomas Mraz
9ce2ef9ba0 The FIPS Checksums job must be run on pull_request_target
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15265)
2021-05-13 11:41:56 +02:00
Tomas Mraz
16e00da2c9 Remove the severity: fips change label if fips checksum unchanged
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Tomas Mraz
220927071e Set the severity: fips change label if fips checksum changed
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Tomas Mraz
b17e799298 Add checksums github CI action
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Pauli
ab6db11e63 Run-checker converted to GitHub Actions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)
2021-05-12 17:12:16 +10:00
Pauli
4da44374d1 coveralls: fix comment to indicate daily not weekly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)
2021-05-12 17:12:16 +10:00
Tomas Mraz
e3188bae04 Run coveralls daily and not exactly at midnight
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)
2021-05-04 12:59:49 +02:00
Tomas Mraz
9deb202e6a coveralls: Enable fips as it is disabled by default
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15121)
2021-05-04 12:59:49 +02:00
Richard Levitte
f97bc7c424 [TEMPORARY] make 'make update' verbose in ci.yml
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)
2021-05-04 11:32:16 +02:00
Richard Levitte
49f699b54d GitHub CI: ensure that unifdef is installed
This is required for 'make update' and fips checksums

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8871)
2021-05-04 11:32:16 +02:00
Tomas Mraz
50c096ebb0 Explicitly enable or disable fips if it is or is not relevant for the test
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15027)
2021-04-28 12:06:08 +02:00
Paul Kehrer
94471ccfda add verbosity for pyca job
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Paul Kehrer
a938f0045e re-add pyca/cryptography testing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15018)
2021-04-27 19:09:03 +10:00
Tomas Mraz
cd0aca5320 Update krb5 module to latest release
Fixes #14902

Also add workaround of `sudo hostname localhost` for the
intermittent test failures seen in CI.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/14872)
2021-04-19 11:46:39 -07:00
Richard Levitte
4a95b70d1e Github workflows: re-implement a no-shared build
We do this both on Ubuntu and MacOS X

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14753)
2021-04-15 19:55:25 +02:00
Shane Lontis
9754665d6b Add macosx build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14738)
2021-04-01 16:46:42 +10:00
Shane Lontis
6ec37db540 Test miminal windows build using Github actions
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14737)
2021-04-01 09:11:34 +10:00
Richard Levitte
a350e3ef38 Re-implement ANSI C building with a Github workflow
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14729)
2021-03-31 13:28:46 +10:00
Tomas Mraz
cede07dc51 Remove the external BoringSSL test
Fixes #14424

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14682)
2021-03-26 14:24:06 +01:00
Shane Lontis
1f085af02c Add coveralls to CI
Fixes #14013

Coverage reports were no longer generated when travis stopped being used.
This github action workflow schedules a coverage report once a week.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14526)
2021-03-24 18:31:11 +10:00
Pauli
11c7874d0c ci: add a no-legacy build
Fixes #12091

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/14563)
2021-03-18 09:03:06 +10:00
Tomas Mraz
bd55a0be1b Use --debug with no-caching build as sanitizers need it
The memleak test otherwise fails.

Also disable async, dtls, and old tls versions to test some
different combination of disableables and speed up tests.

Fixes #14337

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14536)
2021-03-16 07:56:10 +10:00
Tomas Mraz
a7a041c230 CI external tests: separate each external test into its own phase
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
2021-03-05 14:27:46 +01:00
Tomas Mraz
1ddea35bd4 CI external test: for now run only the krb5 and gost_engine tests
The boringssl (https://github.com/openssl/openssl/issues/14424)
and pyca-cryptography (https://github.com/openssl/openssl/issues/14425)
tests are currently broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
2021-03-05 14:27:46 +01:00
Tomas Mraz
b414c8118d gost_engine test: Run also perl and tcl tests
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
2021-03-05 14:27:46 +01:00
Tomas Mraz
996d2693e2 CI: add job with external tests
Update gost-engine submodule.
Update pyca-cryptography submodule.

Fix condition for skipping krb5 test.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/14416)
2021-03-05 14:27:46 +01:00
Pauli
499f2ae9e9 CI: add a non-caching CI loop
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14126)
2021-02-12 12:28:55 +10:00
Matt Caswell
f94a91698b Add a CI job to run the threads test with threads sanitizer on
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13987)
2021-02-02 12:21:33 +00:00
Richard Levitte
4605b34d56 Github CI: Add a job for out-of-source build + install
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13935)
2021-01-25 13:38:38 +01:00
Tomas Mraz
adcaebc314 CI: Add some legacy stuff that we do not test in GitHub CI yet
There are some options that seem to belong to the legacy build.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/13903)
2021-01-21 17:08:26 +01:00
Richard Levitte
e3577adddf GitHub CI: Separate no-deprecated job from minimal job
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13706)
2020-12-19 17:02:12 +01:00
Richard Levitte
8175476b81 GitHub CI: Add 'check-update' and 'check-docs'
'check-update' runs a 'make update' to check that it wasn't forgotten.

'check-docs' runs 'make doc-nits'.  We have that as a separate job to
make it more prominent.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/13701)
2020-12-17 22:06:38 +01:00
Tomas Mraz
4159ebca3c Github CI: run also on repository pushes
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13686)
2020-12-17 11:26:22 +01:00
Matt Caswell
a67c70107c Don't use no-asm in the Github CIs
no-asm has proven to be too slow, therefore we don't use it in the Github
CI builds and instead rely on it being covered by run-checker.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13607)
2020-12-11 10:54:40 +00:00
Dr. David von Oheimb
06f81af8fc {.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv
This works nicely by addin a new no-bulk option to Configure.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13110)
2020-12-04 16:20:53 +01:00
Dr. David von Oheimb
ae290d8f0c ci.yml: Let 'make' run silently (-s) with build (gcc) runs in parallel (-j4)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13580)
2020-12-03 15:38:28 +01:00
Dr. David von Oheimb
6a7848bc9e ci.yml: Add 'perl configdata.pm --dump' to each config
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13580)
2020-12-03 15:38:28 +01:00
Matt Caswell
9524a3089c Turn on Github CI
As an interim measure until we work out our longer term CI strategy
this PR enables some basic CI tests using the Github CI capability.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13489)
2020-11-24 12:02:53 +00:00
Richard Levitte
322d56cd64 Fix a few github file references
https://github.com/openssl/openssl/blob/master/.github/SUPPORT.md ->
https://github.com/openssl/openssl/blob/master/SUPPORT.md

Fixes #13396

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13397)
2020-11-14 12:01:28 +01:00
Gustaf Neumann
8c1cbc7210 Fix typos and repeated words
CLA: trivial

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/12320)
2020-07-05 01:49:20 +02:00
Kurt Roeckx
6985b0e3de Add github sponsor button
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #12035
2020-06-04 21:04:13 +02:00
Leo Neat
e4ec769eb9 CIFuzz turning dry_run off
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11339)
2020-05-04 08:51:56 +01:00
Leo Neat
2ae925f6fe Add CIFuzz action
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11140)
2020-03-05 17:34:11 +00:00
Vladimir Panteleev
922241de76 .github/PULL_REQUEST_TEMPLATE.md: Fix link to contributors guide
The file was converted to Markdown and renamed appropriately in
2e07506a12.

CLA: trivial

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11223)
2020-03-05 08:55:52 +10:00
Dr. Matthias St. Pierre
2e07506a12 doc: convert standard project docs to markdown
In the first step, we just add the .md extension and move some
files around, without changing any content. These changes will
occur in the following commits.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10545)
2020-02-26 21:04:38 +01:00
Dr. Matthias St. Pierre
d9b8c7237c Add a GitHub issue template for documentation issues
This template automatically adds the [issue: documentation] label.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
2019-10-30 17:46:00 +01:00
Dr. Matthias St. Pierre
a71779dee6 Add a GitHub issue template for questions
Actually, we would rather see general questions posted to the
openssl-users mailing list. But habits have changed and more and
more users ask questions on GitHub. Many of them are currently tagged
as bug reports or feature requests, because there is no appropriate
template for questions. This commit adds the missing template.

This template automatically adds the [issue: question] label.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10051)
2019-10-30 17:46:00 +01:00
Dr. Matthias St. Pierre
cfa71c5dc8 github: switch issue templates to new labels
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10266)
2019-10-26 00:12:23 +02:00
Kurt Roeckx
e3a0d36729 Auto add a label depending on the type of issue they report.
Reviewed-by: Richard Levitte <levitte@openssl.org>
GH: #9319
2019-07-16 20:33:01 +02:00
Richard Levitte
7dc6875c55 Remove markdown links from HTML comments in issue templates
HTML comments aren't rendered, so markdown link syntax is irrelevant
inside them, and more confusing than useful.

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/7632)
2018-11-13 17:01:41 +01:00
Richard Levitte
7136833933 Add issue templates and a user support page
This will hopefully help directing our users to better user support
resources as well as give some relevant advice in issue templates.

https://help.github.com/articles/setting-up-your-project-for-healthy-contributions/

Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7623)
2018-11-13 16:58:06 +01:00
Richard Levitte
92e2ed5689 Remind people to have 'Fixes #XXXX' in the commit message
It's of course also possible to just add them to the PR description,
but having these lines in the commit messages provide better
automation.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3104)
2017-04-02 21:51:47 +02:00
Richard Levitte
3c12582e8f Fixup the github pull request template
When creating a single commit PR, github will now automatically
include the commit comment first in the pull request description, and
add the template content last.  That makes the description section at
the end useless.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3104)
2017-04-02 21:51:47 +02:00
Rich Salz
ec6750194a Don't need the checkbox; the hook does it
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2317)
2017-01-28 17:26:56 -05:00
Kurt Roeckx
2f6e46dc85 Add a github pull request template
Reviewed-by: Richard Levitte <levitte@openssl.org>

GH: #1770
2016-10-22 14:53:11 +02:00