Commit Graph

142 Commits

Author SHA1 Message Date
Tomas Mraz
ada6f0533d fips-label.yml: Fix the script after actions/github-script upgrade
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19636)
2022-11-09 13:56:05 +01:00
Sam James
e8cec34c39 CI: Add Alpine (musl)
I'm not intending to add every single possible combination of distros
to compiler-zoo, but I think this one is worthwhile.

musl tends to be Different Enough (TM) to allow problems to be found,
in particular (but not limited to) its malloc implementation ("mallocng").

It's also quite a common environment, especially in containers, so
I think it's worth testing on.

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19577)
2022-11-09 08:15:08 +01:00
Tomas Mraz
4ff66347f0 Update GitHub actions as suggested by dependabot
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19581)
2022-11-03 12:17:16 +01:00
slontis
41e4f72d4c Attempt to fix CI Daily build error
For some reason the newly introduced CI test
for sctp causes issues. It is unknown why this
seems to work when testing, but doesnt work
once it was merged.
The test has been put into its own file, with
skips on error if the setup fails..
This will need to be merged to test if this
works.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19511)
2022-11-02 09:25:53 +01:00
Tomas Mraz
950968982a Dependabot configuration is not a workflow
Moving it one level up so it does not confuse CI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19515)
2022-11-01 21:47:39 +01:00
Paul Kehrer
225f94e818 add dependabot to keep actions versions up-to-date
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19441)
2022-10-27 11:51:42 +02:00
Richard Levitte
76228352d8 Github Actions: Enable building QUIC on Windows
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19345)
2022-10-25 13:25:00 +02:00
Sam James
75ecda930e CI: add Clang 15
We have to use the PPA provided by LLVM because Clang 15 isn't
officially part of Ubuntu 22.04 (or any other Ubuntu release yet),
see https://apt.llvm.org/ for details.

Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19450)
2022-10-21 15:56:32 +02:00
Todd Short
b540aae97d Add CI to build with brotli and zstd
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
slontis
846975f367 Fix sctp compile errors
Fixes #19371

running config with 'enable-sctp' gave compiler errors.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19398)
2022-10-18 12:19:23 +01:00
Čestmír Kalina
b137219749 ci: add thread-pool and default-thread-pool
Signed-off-by: Čestmír Kalina <ckalina@redhat.com>

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12255)
2022-10-17 09:42:08 +01:00
Richard Levitte
0747f94b5f OpenSSL::config: determine the MSVC target architecture by asking cl
Since cl knows what architecture it builds fore, all depending on what
the user set up, it makes sense to ask it, and use that result primarly,
and only use the POSIX::uname() MACHINE value as a fallback.

Also, this does indeed determine if cl is present or not.

We drop the explicit names in .github/workflows/windows.yml as proof
of concept.

Fixes #19281

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19285)
2022-09-29 12:59:00 +01:00
Pauli
65080a3e1e Add CI to test old FIPS provider versions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/19201)
2022-09-16 08:34:53 +10:00
Matt Caswell
200d9521a0 Drop the optimisation level for ppc64le cross-compile
The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems
buggy and causes a seg fault in sslapitest. This doesn't impact any other
CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross
compiler.

We just drop the optimisation level on that platform.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19056)
2022-08-24 16:07:30 +01:00
Tomas Mraz
83529f07ca Always automatically add -DPEDANTIC with enable-ubsan
To avoid reports like: #19028

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19029)
2022-08-23 10:16:06 +10:00
Matt Caswell
17b94de3df Ensure we build ub sanitizer builds with -DPEDANTIC
Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this define that ub
sanitizer will complain about.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)
2022-08-17 16:46:33 +01:00
Todd Short
0113ec8460 Implement AES-GCM-SIV (RFC8452)
Fixes #16721

This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could
not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally,
there would be separate polyval assembly implementation(s), but the only one
I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed.

This implementation lives only in the default provider; there is no legacy
implementation.

The code offered in #16721 is not used; that implementation sits on top of
OpenSSL, this one is embedded inside OpenSSL.

Full test vectors from RFC8452 are included, except the 0 length plaintext;
that is not supported; and I'm not sure it's worthwhile to do so.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18693)
2022-07-29 08:32:16 -04:00
Varun Sharma
c6e7f427c8 ci: add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)
2022-07-13 10:14:09 +10:00
Tomas Mraz
c267588fd4 Increase test coverage by enabling more build options
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18606)
2022-07-01 11:38:25 +02:00
Sam James
712c13c57b CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14
Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet
until this commit - in OpenSSL's CI.

It makes sense to ensure CI tests compilers used in newer Linux distributions:
* Fedora 36 ships with GCC 12
* Ubuntu 22.04 ships with Clang 14

We switch from 'ubuntu-latest' (which can change meaning but currently points
to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and
ubuntu-22.04 for the newer ones added by this commit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18639)
2022-06-27 11:43:39 +10:00
Sam James
6332f4c4a2 CI: add GCC 11
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18639)
2022-06-27 11:43:33 +10:00
Bernd Edlinger
a09adac311 Add a CI workflow for no-rfc3779
Currently this configurations seem to be failing.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18634)
2022-06-23 19:24:57 +02:00
Tomas Mraz
b7873f92b0 CI: Add enable-quic to some of the builds
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
2022-06-03 12:07:18 +10:00
Matt Caswell
fecb3aae22 Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
2022-05-03 13:34:51 +01:00
Dmitry Belyavskiy
c29cf39449 Minimal test checking we can get public key in Turkish locale
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)
2022-04-22 11:34:42 +02:00
Todd Short
40fb5a4ce3 Fix -no-tls1_2 in tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/18019)
2022-04-11 10:28:55 -04:00
Tomas Mraz
fecae608a9 Disable the test_afalg on cross compile targets
The afalg engine does not work when run through qemu.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17945)
2022-03-23 12:46:08 +01:00
Todd Short
a3e53d5683 Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
2022-03-10 10:42:43 -05:00
Michael Baentsch
fa66f62ebb Add external testing with oqsprovider
Including running the oqsprovider external test in the
CI external test build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17832)
2022-03-09 17:57:37 +01:00
Tomas Mraz
0c47b8a879 Add test of FIPS provider from the master branch with 3.0 build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
2022-02-11 09:06:07 +01:00
Tomas Mraz
3fdf4b9365 Add test of FIPS provider from the 3.0 branch with master build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17671)
2022-02-11 09:05:30 +01:00
Bernd Edlinger
fd84b9c3e9 Fix copyright year issues
Fixes: #13765

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)
2022-01-06 09:27:02 +01:00
Dmitry Belyavskiy
e66c41725f Run TLSfuzzer tests for CI
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)
2022-01-05 11:24:51 +01:00
Tomas Mraz
c37ebbd6f9 Windows CI: explicitly use windows-2019 instead of using windows-latest
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/17234)
2021-12-10 08:27:03 +01:00
Tomas Mraz
c87a4dd7a7 CI: Replace windows-2016 with windows-2022
Windows 2016 environment is going to be discontinued.

Fixes #17177

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17183)
2021-12-06 12:21:04 +01:00
Pauli
d362db7cd1 run-checker: add CI to test safe_math without compiler support.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)
2021-11-12 19:49:46 +10:00
Pauli
7267769c28 coverity: add a daily coverity build
The weekly build got lost when we stopped using Travis.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16988)
2021-11-09 16:50:23 +10:00
Pauli
a16ba5f375 ci: add additional operating system specific builds
These are an attempt to cover off on older OS versions that the main CIs
do not cover.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16669)
2021-09-27 08:40:38 +10:00
Dmitry Belyavskiy
a5d8a2f8f1 FIPS and KTLS may interfere
New Linux kernels (>= 5.11) enable KTLS CHACHA which is not
FIPS-suitable.

Fixes #16657

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16658)
2021-09-24 11:06:51 +02:00
Pauli
08d8c2d87e ci: add copyright header to CI scripts
There is quite a bit of creative effort in these and even more trouble-
shooting effort.  I.e. they are non-trivial from a copyright perspective.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16628)
2021-09-21 18:02:58 +10:00
Pauli
f92bfddc1d CI: add last run-checker fuzzing CIs to Actions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16438)
2021-09-02 19:23:32 +10:00
a1346054
473664aafd always use the same perl in $PATH
Different tests may use unexpectedly different versions of perl,
depending on whether they hardcode the path to the perl executable or if
they resolve the path from the environment. This fixes it so that the
same perl is always used.

Fix some trailing whitespace and spelling mistakes as well.

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16362)
2021-09-02 12:55:39 +10:00
Pauli
4f8e0272c1 Add additional test to thread sanitizer build
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)
2021-08-31 20:44:16 +10:00
Pauli
c7468c17d7 CI: add builds covering a number of different compiler versions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16463)
2021-08-31 20:41:58 +10:00
Tomas Mraz
3f7ad402b0 ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
2021-08-31 12:20:12 +02:00
Pauli
7587b5fd09 CI: remove spurious blank lines
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
ebe667b464 ci: specific gcc explicitly on the basic-gcc CI build
GitHub Actions default to clang not gcc so this is necessary now.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
7b917179d0 ci: separate the config dump from the configuration command
This avoids using the shell's `&&` and shortens the lines a bit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
2a7855fb25 ci: disable async for the SH4 build and reenable the associated test
The platform doesn't seem to have support for this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
1ad4350393 ci: get rid of no-asm flag to m68k cross compiles
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00