Skip to content

Commit 847ae38

Browse files
kassanekassane
committed
Merge branch 'upstream' of github.com:kassane/openssl-zig into zig-pkg
2 parents b763054 + 52dba1c commit 847ae38

File tree

1,311 files changed

+136818
-11360
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,311 files changed

+136818
-11360
lines changed

.gitattributes

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,8 @@
22
*.der binary
33
/fuzz/corpora/** binary
44
*.pfx binary
5+
test/recipes/15-test_ml_dsa_codecs_data/*.dat binary
6+
test/recipes/15-test_ml_kem_codecs_data/*.dat binary
57

68
# For git archive
79
fuzz/corpora/** export-ignore

.github/dependabot.yml

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,5 @@ updates:
1111
- "dependencies"
1212
- "cla: trivial"
1313
- "approval: review pending"
14-
- "approval: otc review pending"
1514
reviewers:
1615
- "openssl/committers"

.github/workflows/build_quic_interop_container.yml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,12 @@ name: "Build openssl interop container from master"
22

33
on:
44
schedule:
5-
- cron: '20 0 * * *'
5+
- cron: '40 02 * * *'
66
workflow_dispatch:
77

88
jobs:
99
update_quay_container:
10+
if: github.repository == 'openssl/openssl'
1011
runs-on: ubuntu-latest
1112
steps:
1213
- uses: actions/checkout@v4

.github/workflows/deploy-docs-openssl-org.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ on:
1010

1111
jobs:
1212
trigger:
13+
if: github.repository == 'openssl/openssl'
1314
runs-on: ubuntu-latest
1415
steps:
1516
- name: "Trigger deployment workflow"

.github/workflows/interop-tests.yml

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,14 @@
66
name: Interoperability tests with GnuTLS and NSS
77
on:
88
schedule:
9-
- cron: '0 6 * * *'
9+
- cron: '55 02 * * *'
10+
workflow_dispatch:
11+
1012
jobs:
1113
test:
1214
runs-on: ubuntu-22.04
1315
container:
14-
image: docker.io/fedora:39
16+
image: docker.io/fedora:40
1517
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
1618
timeout-minutes: 90
1719
strategy:
@@ -48,6 +50,6 @@ jobs:
4850
- name: Run interop tests
4951
run: |
5052
cd interop
51-
tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local execute -h tmt --interactive
53+
tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
5254
openssl version
5355
echo "Finished - important to prevent unwanted output truncating"

.github/workflows/make-release.yml

Lines changed: 42 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,42 @@
1+
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
2+
#
3+
# Licensed under the Apache License 2.0 (the "License"). You may not use
4+
# this file except in compliance with the License. You can obtain a copy
5+
# in the file LICENSE in the source distribution or at
6+
# https://www.openssl.org/source/license.html
7+
8+
name: "Make release"
9+
10+
on:
11+
push:
12+
tags:
13+
- "openssl-*"
14+
15+
jobs:
16+
release:
17+
runs-on: "releaser"
18+
steps:
19+
- name: "Checkout"
20+
uses: "actions/checkout@v4"
21+
with:
22+
fetch-depth: 1
23+
ref: ${{ github.ref_name }}
24+
github-server-url: "https://github.openssl.org/"
25+
repository: "openssl/openssl"
26+
token: ${{ secrets.GHE_TOKEN }}
27+
path: ${{ github.ref_name }}
28+
- name: "Prepare assets"
29+
run: |
30+
cd ${{ github.ref_name }}
31+
./util/mktar.sh
32+
mkdir assets && mv ${{ github.ref_name }}.tar.gz assets/ && cd assets
33+
openssl sha1 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha1
34+
openssl sha256 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha256
35+
gpg -u ${{ vars.signing_key_uid }} -o ${{ github.ref_name }}.tar.gz.asc -sba ${{ github.ref_name }}.tar.gz
36+
- name: "Create release"
37+
env:
38+
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
39+
run: |
40+
VERSION=$(echo ${{ github.ref_name }} | cut -d "-" -f 2-)
41+
PRE_RELEASE=$([[ ${{ github.ref_name }} =~ alpha|beta ]] && echo "-p" || echo "")
42+
gh release create ${{ github.ref_name }} $PRE_RELEASE -t "OpenSSL $VERSION" -d --notes " " -R ${{ github.repository }} ${{ github.ref_name }}/assets/*

.github/workflows/make-test

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,6 @@ echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
3838
echo "::endgroup::"
3939

4040
echo "Archive artifacts"
41-
tar -czvf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
41+
tar -czf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
4242

4343
exit $RESULT

.github/workflows/prov-compat-label.yml

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -113,10 +113,6 @@ jobs:
113113
name: openssl-3.0,
114114
dir: branch-3.0,
115115
tgz: branch-3.0.tar.gz,
116-
}, {
117-
name: openssl-3.1,
118-
dir: branch-3.1,
119-
tgz: branch-3.1.tar.gz,
120116
}, {
121117
name: openssl-3.2,
122118
dir: branch-3.2,
@@ -125,6 +121,14 @@ jobs:
125121
name: openssl-3.3,
126122
dir: branch-3.3,
127123
tgz: branch-3.3.tar.gz,
124+
}, {
125+
name: openssl-3.4,
126+
dir: branch-3.4,
127+
tgz: branch-3.4.tar.gz,
128+
}, {
129+
name: openssl-3.5,
130+
dir: branch-3.5,
131+
tgz: branch-3.5.tar.gz,
128132
}, {
129133
name: master,
130134
dir: branch-master,
@@ -193,18 +197,20 @@ jobs:
193197
# Note that releases are not used as a test environment for
194198
# later providers. Problems in these situations ought to be
195199
# caught by cross branch testing before the release.
196-
tree_a: [ branch-3.3, branch-3.2, branch-3.1, branch-3.0,
200+
tree_a: [ branch-3.5, branch-3.4, branch-3.3, branch-3.2, branch-3.0,
197201
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
198202
tree_b: [ PR ]
199203
include:
200204
- tree_a: PR
201205
tree_b: branch-master
206+
- tree_a: PR
207+
tree_b: branch-3.5
208+
- tree_a: PR
209+
tree_b: branch-3.4
202210
- tree_a: PR
203211
tree_b: branch-3.3
204212
- tree_a: PR
205213
tree_b: branch-3.2
206-
- tree_a: PR
207-
tree_b: branch-3.1
208214
- tree_a: PR
209215
tree_b: branch-3.0
210216
steps:

.github/workflows/run_quic_interop.yml

Lines changed: 99 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -7,33 +7,119 @@ on:
77
workflow_dispatch:
88

99
jobs:
10-
run_quic_interop:
10+
run_quic_interop_openssl_client:
1111
strategy:
1212
matrix:
13-
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing]
13+
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
1414
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy]
15+
exclude:
16+
- servers: msquic
17+
tests: retry
1518
fail-fast: false
16-
runs-on: ubuntu-latest
19+
runs-on: ubuntu-latest
1720
steps:
1821
- uses: actions/checkout@v4
1922
with:
2023
repository: 'quic-interop/quic-interop-runner'
2124
fetch-depth: 0
22-
- name: Install dependencies
25+
- name: Install python requirements
2326
run: |
24-
pip install -r requirements.txt
25-
sudo add-apt-repository ppa:wireshark-dev/stable
26-
sudo apt-get update
27-
sudo apt-get install -y tshark
27+
for i in {1..3}; do pip install -r requirements.txt && break; sleep 10; done
28+
- name: Add tshark repo
29+
run: |
30+
for i in {1..3}; do sudo add-apt-repository ppa:wireshark-dev/stable && break; sleep 10; done
31+
- name: Update apt repos
32+
run: |
33+
for i in {1..3}; do sudo apt-get update && break; sleep 10; done
34+
- name: Install tshark
35+
run: |
36+
for i in {1..3}; do sudo apt-get install -y tshark && break; sleep 10; done
2837
- name: Patch implementations file
2938
run: |
3039
jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
3140
, url: "https://github.com/openssl/openssl"
32-
, role: "client"
41+
, role: "both"
3342
}' ./implementations.json > ./implementations.tmp
3443
mv ./implementations.tmp implementations.json
35-
- name: "run interop"
44+
- name: "Update to docker-compose 2.36 and docker engine 28.1.1"
3645
run: |
37-
python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs -d
38-
39-
46+
mkdir -p ~/.docker/cli-plugins/
47+
curl -SL https://github.com/docker/compose/releases/download/v2.36.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
48+
curl -SL "https://download.docker.com/linux/static/stable/x86_64/docker-28.1.1.tgz" -o ./docker-28.1.1.tgz
49+
tar --strip-components=1 -xvzf docker-28.1.1.tgz
50+
echo "$PWD" >> $GITHUB_PATH
51+
chmod 755 ~/.docker/cli-plugins/docker-compose
52+
chmod 755 ./docker
53+
sudo mv ./dockerd $(which dockerd)
54+
sudo systemctl restart docker
55+
- name: Check docker version
56+
run: |
57+
docker version
58+
docker compose version
59+
- name: Patch Docker compose file
60+
run: |
61+
yq -i '.services.sim.networks.leftnet += {"interface_name" : "eth0"}
62+
| .services.sim.networks.rightnet += {"interface_name" : "eth1"}
63+
| .services.server.networks.rightnet += {"interface_name" : "eth0"}
64+
| .services.client.networks.leftnet += {"interface_name" : "eth0"}' docker-compose.yml
65+
- name: "run interop with openssl client"
66+
run: |
67+
python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs-client -d
68+
run_quic_interop_openssl_server:
69+
strategy:
70+
matrix:
71+
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
72+
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome]
73+
exclude:
74+
- clients: mvfst
75+
tests: amplificationlimit
76+
fail-fast: false
77+
runs-on: ubuntu-latest
78+
steps:
79+
- uses: actions/checkout@v4
80+
with:
81+
repository: 'quic-interop/quic-interop-runner'
82+
fetch-depth: 0
83+
- name: Install python requirements
84+
run: |
85+
for i in {1..3}; do pip install -r requirements.txt && break; sleep 10; done
86+
- name: Add tshark repo
87+
run: |
88+
for i in {1..3}; do sudo add-apt-repository ppa:wireshark-dev/stable && break; done
89+
- name: Update apt repos
90+
run: |
91+
for i in {1..3}; do sudo apt-get update && break; done
92+
- name: Install tshark
93+
run: |
94+
for i in {1..3}; do sudo apt-get install -y tshark && break; done
95+
- name: Patch implementations file
96+
run: |
97+
jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
98+
, url: "https://github.com/openssl/openssl"
99+
, role: "both"
100+
}' ./implementations.json > ./implementations.tmp
101+
mv ./implementations.tmp implementations.json
102+
- name: "Update to docker-compose 2.36 and docker engine 28.1.1"
103+
run: |
104+
mkdir -p ~/.docker/cli-plugins/
105+
curl -SL https://github.com/docker/compose/releases/download/v2.36.0/docker-compose-linux-x86_64 -o ~/.docker/cli-plugins/docker-compose
106+
curl -SL "https://download.docker.com/linux/static/stable/x86_64/docker-28.1.1.tgz" -o ./docker-28.1.1.tgz
107+
tar --strip-components=1 -xvzf docker-28.1.1.tgz
108+
echo "$PWD" >> $GITHUB_PATH
109+
chmod 755 ~/.docker/cli-plugins/docker-compose
110+
chmod 755 ./docker
111+
sudo mv ./dockerd $(which dockerd)
112+
sudo systemctl restart docker
113+
- name: Check docker version
114+
run: |
115+
docker version
116+
docker compose version
117+
- name: Patch Docker compose file
118+
run: |
119+
yq -i '.services.sim.networks.leftnet += {"interface_name" : "eth0"}
120+
| .services.sim.networks.rightnet += {"interface_name" : "eth1"}
121+
| .services.server.networks.rightnet += {"interface_name" : "eth0"}
122+
| .services.client.networks.leftnet += {"interface_name" : "eth0"}' docker-compose.yml
123+
- name: "run interop with openssl server"
124+
run: |
125+
python3 ./run.py -s openssl -t ${{ matrix.tests }} -c ${{ matrix.clients }} --log-dir ./logs-server -d

.github/workflows/static-analysis-on-prem.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,14 +9,15 @@ name: Static Analysis On Prem
99

1010
on:
1111
schedule:
12-
- cron: '20 0 * * *'
12+
- cron: '25 02 * * *'
1313
workflow_dispatch:
1414

1515
permissions:
1616
contents: read
1717

1818
jobs:
1919
coverity-analysis:
20+
if: github.repository == 'openssl/openssl'
2021
runs-on: ubuntu-latest
2122
container: quay.io/openssl-ci/coverity-analysis:2024.3.1
2223
steps:
@@ -28,7 +29,7 @@ jobs:
2829
chmod 0600 /auth_key_file.txt
2930
- uses: actions/checkout@v4
3031
- name: Config
31-
run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
32+
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
3233
- name: Config dump
3334
run: ./configdata.pm --dump
3435
- name: Make

0 commit comments

Comments
 (0)