summaryrefslogtreecommitdiff
path: root/.github
Commit message (Collapse)AuthorAgeFilesLines
* CI: Checkout submodules to make the regression fuzz tests runTomas Mraz2023-04-1110-0/+70
| | | | | | | | Otherwise the fuzz/corpora won't be present. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20683)
* Bump coverallsapp/github-action from 1.2.4 to 2.1.0dependabot[bot]2023-04-111-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.2.4 to 2.1.0. - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](https://github.com/coverallsapp/github-action/compare/v1.2.4...v2.1.0) --- updated-dependencies: - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20699)
* Remove FIPS cross version check of 3.0.0 provider against currentPauli2023-04-111-74/+0
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20552)
* Remove old FIPS provider cross version checkPauli2023-04-111-97/+0
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20552)
* Add action to cross validate FIPS providersPauli2023-04-111-0/+228
| | | | | | | | | Tests all released FIPS approved (or in progress) versions against all development branches and each other. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20552)
* Add simple interoperability test with Cloudflare quicheTomas Mraz2023-03-221-0/+18
| | | | | | | | | | | | This is an external test which requires recursive checkout of the cloudflare-quiche submodule. We simply run a client against the example quiche-server serving HTTP/0.9 requests. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20527)
* Add "make help" optionTodd Short2023-03-061-0/+2
| | | | | | | | Based on kubernetes controller Makefile help. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20407)
* Include supported branches in coverallsPauli2023-03-031-5/+28
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20383)
* Bump coverallsapp/github-action from 1.2.3 to 1.2.4dependabot[bot]2023-03-021-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.2.3 to 1.2.4. - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](https://github.com/coverallsapp/github-action/compare/v1.2.3...v1.2.4) --- updated-dependencies: - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20417)
* Bump coverallsapp/github-action from 1.1.3 to 1.2.3dependabot[bot]2023-03-011-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 1.1.3 to 1.2.3. - [Release notes](https://github.com/coverallsapp/github-action/releases) - [Commits](https://github.com/coverallsapp/github-action/compare/1.1.3...v1.2.3) --- updated-dependencies: - dependency-name: coverallsapp/github-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20405)
* CI: add Clang 16Sam James2023-02-231-0/+4
| | | | | | | | | | Clang 16 will be released shortly (beginning of March). Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20346)
* ci: Add djgpp buildJ.W. Jagersma2023-02-081-0/+11
| | | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19307)
* Revert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"Christoph Müllner2023-01-261-9/+0
| | | | | | | | | | | | | | | | This reverts commit e787c57c538d0922004e49a10be0d403af773272. The current CI host system is Ubuntu 22.04, which ships with QEMU 6.2. This QEMU release is too old for the required RISC-V extensions. We would need at least QEMU 7.1 (Aug 2022) for this patch. Let's revert the patch. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20139)
* CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*Christoph Müllner2023-01-241-0/+9
| | | | | | | | | | | | | | | | | | | RISC-V already has a couple of routines to accelerate cryptographic calculations using ISA extensions. Let's add a cross-compile target that allows the CI to test this code. The new defined machine is a rv64gc machine with * all Bitmanip extensions (Zb*) * all Scalar Crypto extensions (Zk*) This selection matches the supported RISC-V extensions in OpenSSL. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20107)
* CI: cross-compile: Allow to set CPU capabilitiesChristoph Müllner2023-01-241-0/+18
| | | | | | | | | | | | | | | | | | | | | The cross-compile CI tests use cross-compilers for building and QEMU for testing. This implies that testing of ISA extension for HW accelerated cryptographic calculations is undefined (it depends on arch-specific QEMU defaults and arch-specific detection mechanisms in OpenSSL). Let's add a mechanism to set two environment variables, that allow to control the ISA extensions: * QEMU_CPU: used by QEMU to specify CPU capabilities of the emulation * OPENSSL_*: used by OpenSSL (on some architectures) to enable ISA extensions. Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20107)
* Bump actions/setup-python from 4.4.0 to 4.5.0dependabot[bot]2023-01-161-1/+1
| | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... CLA: trivial Signed-off-by: dependabot[bot] <support@github.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20046)
* Bump actions/setup-python from 4.3.1 to 4.4.0dependabot[bot]2022-12-281-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19961)
* Run-checker merge CI: Memleak test does not work without ubsanTomas Mraz2022-12-121-1/+1
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19874)
* Revert "Run-checker merge CI: Replace no-shared with no-modules"Tomas Mraz2022-12-121-1/+1
| | | | | | | | This reverts commit d5696547e46e9ea85fcb7581b9d49c58b7c24eeb. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19874)
* Run-checker merge CI: Replace no-shared with no-modulesTomas Mraz2022-12-091-1/+1
| | | | | | | | | ASAN otherwise fails to detect memleaks. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19860)
* Cross compiles CI: Disable stringop-overflow warning on s390x and m68kTomas Mraz2022-12-091-3/+3
| | | | | | | | | | These warnings trigger on false positives on these platforms with recent compiler update. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19860)
* Fuzz checker CI: Use more generic include dir for fuzzer includesTomas Mraz2022-12-091-2/+2
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19860)
* Bump actions/setup-python from 4.3.0 to 4.3.1dependabot[bot]2022-12-091-1/+1
| | | | | | | | | | | | | | | | | | | | | Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v4.3.0...v4.3.1) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19866)
* fips-label.yml: Fix the script after actions/github-script upgradeTomas Mraz2022-11-091-5/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19636)
* CI: Add Alpine (musl)Sam James2022-11-091-0/+37
| | | | | | | | | | | | | | | | | | I'm not intending to add every single possible combination of distros to compiler-zoo, but I think this one is worthwhile. musl tends to be Different Enough (TM) to allow problems to be found, in particular (but not limited to) its malloc implementation ("mallocng"). It's also quite a common environment, especially in containers, so I think it's worth testing on. Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19577)
* Update GitHub actions as suggested by dependabotTomas Mraz2022-11-0318-55/+55
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19581)
* Attempt to fix CI Daily build errorslontis2022-11-022-7/+46
| | | | | | | | | | | | | | | For some reason the newly introduced CI test for sctp causes issues. It is unknown why this seems to work when testing, but doesnt work once it was merged. The test has been put into its own file, with skips on error if the setup fails.. This will need to be merged to test if this works. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19511)
* Dependabot configuration is not a workflowTomas Mraz2022-11-011-0/+0
| | | | | | | | | Moving it one level up so it does not confuse CI. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19515)
* add dependabot to keep actions versions up-to-datePaul Kehrer2022-10-271-0/+6
| | | | | | Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19441)
* Github Actions: Enable building QUIC on WindowsRichard Levitte2022-10-251-2/+2
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19345)
* CI: add Clang 15Sam James2022-10-211-1/+26
| | | | | | | | | | | | | We have to use the PPA provided by LLVM because Clang 15 isn't officially part of Ubuntu 22.04 (or any other Ubuntu release yet), see https://apt.llvm.org/ for details. Signed-off-by: Sam James <sam@gentoo.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19450)
* Add CI to build with brotli and zstdTodd Short2022-10-182-0/+152
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Fix sctp compile errorsslontis2022-10-181-1/+7
| | | | | | | | | | | Fixes #19371 running config with 'enable-sctp' gave compiler errors. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19398)
* ci: add thread-pool and default-thread-poolČestmír Kalina2022-10-171-0/+2
| | | | | | | | Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* OpenSSL::config: determine the MSVC target architecture by asking clRichard Levitte2022-09-291-3/+3
| | | | | | | | | | | | | | | | | Since cl knows what architecture it builds fore, all depending on what the user set up, it makes sense to ask it, and use that result primarly, and only use the POSIX::uname() MACHINE value as a fallback. Also, this does indeed determine if cl is present or not. We drop the explicit names in .github/workflows/windows.yml as proof of concept. Fixes #19281 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19285)
* Add CI to test old FIPS provider versionsPauli2022-09-161-0/+74
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19201)
* Drop the optimisation level for ppc64le cross-compileMatt Caswell2022-08-241-1/+4
| | | | | | | | | | | | | The default cross compiler (gcc 9.4.0) for ppc64le on Ubunut 20.04 seems buggy and causes a seg fault in sslapitest. This doesn't impact any other CI cross compile platforms and does not seem to impact the gcc 10.3.0 cross compiler. We just drop the optimisation level on that platform. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19056)
* Always automatically add -DPEDANTIC with enable-ubsanTomas Mraz2022-08-233-4/+4
| | | | | | | | To avoid reports like: #19028 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19029)
* Ensure we build ub sanitizer builds with -DPEDANTICMatt Caswell2022-08-171-1/+1
| | | | | | | | | | | Otherwise we may get spurious results from ub sanitizer. For example we assume we can tolerate some unaligned write without this define that ub sanitizer will complain about. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18983)
* Implement AES-GCM-SIV (RFC8452)Todd Short2022-07-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | Fixes #16721 This uses AES-ECB to create a counter mode AES-CTR32 (32bit counter, I could not get AES-CTR to work as-is), and GHASH to implement POLYVAL. Optimally, there would be separate polyval assembly implementation(s), but the only one I could find (and it was SSE2 x86_64 code) was not Apache 2.0 licensed. This implementation lives only in the default provider; there is no legacy implementation. The code offered in #16721 is not used; that implementation sits on top of OpenSSL, this one is embedded inside OpenSSL. Full test vectors from RFC8452 are included, except the 0 length plaintext; that is not supported; and I'm not sure it's worthwhile to do so. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18693)
* ci: add GitHub token permissions for workflowsVarun Sharma2022-07-1315-0/+51
| | | | | | | | Signed-off-by: Varun Sharma <varunsh@stepsecurity.io> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18766)
* Increase test coverage by enabling more build optionsTomas Mraz2022-07-011-2/+12
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18606)
* CI: Upgrade to Ubuntu 22.04 to add GCC 12, Clang 13, Clang 14Sam James2022-06-271-20/+38
| | | | | | | | | | | | | | | | | Notably, this might have caught #18225, as Clang 14 wasn't - and is not yet until this commit - in OpenSSL's CI. It makes sense to ensure CI tests compilers used in newer Linux distributions: * Fedora 36 ships with GCC 12 * Ubuntu 22.04 ships with Clang 14 We switch from 'ubuntu-latest' (which can change meaning but currently points to ubuntu-20.04) to ubuntu-20.04 for the older existing compilers, and ubuntu-22.04 for the newer ones added by this commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18639)
* CI: add GCC 11Sam James2022-06-271-0/+8
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18639)
* Add a CI workflow for no-rfc3779Bernd Edlinger2022-06-231-0/+1
| | | | | | | | | Currently this configurations seem to be failing. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18634)
* CI: Add enable-quic to some of the buildsTomas Mraz2022-06-031-11/+11
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
* Update copyright yearMatt Caswell2022-05-034-4/+4
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Minimal test checking we can get public key in Turkish localeDmitry Belyavskiy2022-04-221-0/+2
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18069)
* Fix -no-tls1_2 in testsTodd Short2022-04-111-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/18019)
* Disable the test_afalg on cross compile targetsTomas Mraz2022-03-231-1/+2
| | | | | | | | The afalg engine does not work when run through qemu. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17945)
View Lorry Controller Status