Commit Graph

84 Commits

Author SHA1 Message Date
Pauli
c7468c17d7 CI: add builds covering a number of different compiler versions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16463)
2021-08-31 20:41:58 +10:00
Tomas Mraz
3f7ad402b0 ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)
2021-08-31 12:20:12 +02:00
Pauli
7587b5fd09 CI: remove spurious blank lines
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
ebe667b464 ci: specific gcc explicitly on the basic-gcc CI build
GitHub Actions default to clang not gcc so this is necessary now.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
7b917179d0 ci: separate the config dump from the configuration command
This avoids using the shell's `&&` and shortens the lines a bit.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)
2021-08-05 15:41:29 +10:00
Pauli
2a7855fb25 ci: disable async for the SH4 build and reenable the associated test
The platform doesn't seem to have support for this.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
1ad4350393 ci: get rid of no-asm flag to m68k cross compiles
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
cb7055fd5a ci: add the param conversion tests to the cross compiles.
There was a failure because an "inf" values was being read as a "NaN" not an
infinity.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Pauli
64d9b626aa QEMU: include test runs for most cross compilation targets
For the cross compiles where the tests couldn't be run, most are capable
of being run when statically linked.  For these, a shared with FIPS build
but not test run is also included to maximise compilation coverage.
The builds take a couple of minutes so the impact of these extra jobs
isn't great.

The test failures for test_includes, test_store and test_x509_store
across several platforms are related the the OPENSSL_DIR_read() call.
This gets a "Value too large for defined data type" error calling the
standard library's readdir() wrapper.  That is, the failure is during
the translation from the x86-64 structure to the 32 bit structure.
I've tried tweaking the include defines to use larger fields but couldn't
figure out how to make it work.  The most prudent fix is to ignore these
tests for these platforms.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16144)
2021-07-28 10:30:45 +10:00
Tomas Mraz
c9eb459870 Test ktls in non-default options CI build
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
2021-07-27 13:19:20 +10:00
Tomas Mraz
bdb65e2ba6 Drop no-ktls from runchecker daily build as it has no effect
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)
2021-07-27 13:19:20 +10:00
Pauli
034f9f4f6e ci: QEMU based cross compiled testing
With a little set up, Debian provides an ability to use QEMU to execute
programs compiled for other architectures. Using this, most of our cross
compilation CI builds can be executed.

This PR does this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16133)
2021-07-23 22:00:52 +10:00
Pauli
e6f0c8d3a7 ci: reinstate the passwd tests for the no-cached-fetch run.
By selectively skipping the high round test cases, the out of memory problem
can be avoided.

partially fixes #16127

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16132)
2021-07-23 18:01:03 +10:00
Pauli
c74188e86c ci: omit tests that consume too much memory
The SSL API tests and the passwd command test trigger memory leakage in the
address sanitizer.

Fixes #16116

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16125)
2021-07-21 20:04:36 +10:00
Tomas Mraz
ca638147c8 Drop daily run-checker build with just enable-acvp-tests
Having just enable-acvp-tests without enable-fips does not make
much sense as this just builds the test but it is skipped.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Tomas Mraz
f096691b91 CI: have enable-acvp-tests in some CI build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16076)
2021-07-16 11:23:18 +02:00
Pauli
a5a4dac988 ci: add a memory sanitiser test run
This omission noted in #15950

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15952)
2021-07-01 13:18:58 +10:00
Robbie Harwood
dd62ec2777 Update dependencies for krb5 external test
Dejagnu/TCL are no longer needed.  Installing kdcproxy enables krb5's
proxying tests, which exercise the krb5 TLS integration.

Signed-off-by: Robbie Harwood <rharwood@redhat.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15850)
2021-06-23 10:26:53 +02:00
Pauli
3614d94d5f ci: run the on pull request CIs on push to master
This will help catch problems caused by merging.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15711)
2021-06-12 23:06:22 +10:00
Richard Levitte
25eeab019c Windows GitHub CI: Introduce --strict-warnings
This involves making a more comprehensive matrix for the different
architectures we build for.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)
2021-06-12 14:41:51 +10:00
Richard Levitte
dd53c29793 Windows Github CI: test in Windows 2016 as well
This brings an older version of MSVC, which may bring some "interesting"
failures.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15709)
2021-06-12 14:41:51 +10:00
Tomas Mraz
451c2a95bd Windows CI: Enable fuzz test in plain build
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15672)
2021-06-11 09:50:55 +02:00
Rich Salz
43c2456f0f Add md-nits task
Assumes that Ruby is installed

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15590)
2021-06-04 13:04:18 +10:00
Dr. David von Oheimb
d0196ddcba CI windows.yml: Silence 'nmake' builds except 'minimal'; ci.yml: make 'minimal' build verbose
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15594)
2021-06-04 09:39:09 +10:00
Jon Spillett
8a5bd05da8 Add enable-fips to CI configuration
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15537)
2021-06-03 07:33:13 +10:00
Tomas Mraz
86825c9917 Windows CI: enable fips on shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15550)
2021-06-01 15:07:51 +02:00
Pauli
d11dd381c5 add some cross compilation builds
Add some cross compiling builds to test things aren't broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15535)
2021-06-01 15:04:05 +10:00
Tomas Mraz
365d207faa FIPS Checksums: checkout the head of the base repo as pristine
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15503)
2021-05-28 09:11:18 +10:00
Tomas Mraz
07fb85cf61 FIPS Checksums CI: use separate directories for the checkouts
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15481)
2021-05-27 15:30:58 +02:00
Tomas Mraz
349fd92429 FIPS checksums CI: use merge checkout to compute the new checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
057fc59a89 Windows CI: properly drop test_fuzz* tests to speed up things
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
3113192705 Windows CI: Add make install step on the shared 64 bit build
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15433)
2021-05-25 11:53:36 +02:00
Tomas Mraz
69d8cf70ef Windows CI: use nasm on 32bit and 64bit shared builds
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15349)
2021-05-24 09:47:05 +02:00
Tomas Mraz
d7c18395bf Add some basic Windows builds to the Windows CI workflow
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15349)
2021-05-24 09:47:05 +02:00
Tomas Mraz
9ad400f788 FIPS label CI: Save PR number and use it
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15345)
2021-05-21 09:43:04 +02:00
Tomas Mraz
0a281eefb6 Exchange no-siv and no-ec2m between daily and ci workflows
The no-ec2m with ec enabled is much more likely to show
regressions such as #15170 than the no-siv build.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15355)
2021-05-21 10:03:07 +10:00
Dr. David von Oheimb
5bac37cb14 unix-Makefile.tmpl and ci.yml: Merge cmd-nits into doc-nits
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15329)
2021-05-19 14:13:12 +02:00
Pauli
c4fca3f705 fips: remove unnecessary commas to get CI working
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15337)
2021-05-19 13:15:14 +10:00
Tomas Mraz
753f1f24ac Avoid failing label removal if label is not there
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Tomas Mraz
a51ccd5be7 Separate FIPS checksum and labelling into different workflows
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15309)
2021-05-19 13:08:27 +10:00
Dr. David von Oheimb
4a14ae9dc8 ci.yml: Add cmd-nits to the doc-nits CI run
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15298)
2021-05-18 13:02:23 +02:00
Pauli
e2daf6f140 ci: remove the checksum CI script
This script introduces a security vulnerability where the OpenSSL github
repository can be modified which opens a window for an attacker.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>

Reported-by: Nikita Stupin
2021-05-16 10:23:54 +10:00
Rich Salz
d0364dcc42 Add --banner config option
Use it in the automated workflows.

Fixes: #15247

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15248)
2021-05-14 08:35:11 +02:00
Tomas Mraz
ca6197ca3c Ensure the pristine checksums are not recomputed
When switching between the pristine and PR checkouts we must
ensure the pristine checksums are not recomputed.

Also ignore errors (such as trying to remove a label that
is not set) when setting or removing labels.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15266)
2021-05-13 12:05:36 +02:00
Tomas Mraz
9ce2ef9ba0 The FIPS Checksums job must be run on pull_request_target
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15265)
2021-05-13 11:41:56 +02:00
Tomas Mraz
16e00da2c9 Remove the severity: fips change label if fips checksum unchanged
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Tomas Mraz
220927071e Set the severity: fips change label if fips checksum changed
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Tomas Mraz
b17e799298 Add checksums github CI action
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15229)
2021-05-13 10:24:33 +02:00
Pauli
ab6db11e63 Run-checker converted to GitHub Actions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)
2021-05-12 17:12:16 +10:00
Pauli
4da44374d1 coveralls: fix comment to indicate daily not weekly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15129)
2021-05-12 17:12:16 +10:00