Skip to content

Commit

Permalink
Merge commit '564a4f0619a5df0773d0ec4b5891aca80931eee5'
Browse files Browse the repository at this point in the history
  • Loading branch information
@Futaura
Futaura committed Sep 3, 2024
2 parents 2a4858e + 564a4f0 commit a32d8e7
Show file tree
Hide file tree
Showing 232 changed files with 3,310 additions and 982 deletions.
2 changes: 1 addition & 1 deletion openssl/.github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -608,7 +608,7 @@ jobs:
- name: make
run: make -s -j4
- name: Setup Python
uses: actions/[email protected].0
uses: actions/[email protected].1
with:
python-version: ${{ matrix.PYTHON }}
- uses: dtolnay/rust-toolchain@master
Expand Down
23 changes: 23 additions & 0 deletions openssl/.github/workflows/deploy-docs-openssl-org.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
name: "Trigger docs.openssl.org deployment"

on:
push:
branches:
- "openssl-3.[0-9]+"
- "master"
paths:
- "doc/man*/**"

jobs:
trigger:
runs-on: ubuntu-latest
steps:
- name: "Trigger deployment workflow"
run: |
gh workflow run -f branch=${{ github.ref_name }} deploy-site.yaml
sleep 3
RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
gh run watch ${RUN_ID} --exit-status
env:
GH_REPO: "openssl/openssl-docs"
GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}
266 changes: 266 additions & 0 deletions openssl/.github/workflows/prov-compat-label.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,266 @@
# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

# This verifies that FIPS and legacy providers built against some earlier
# released versions continue to run against the current branch.

name: Provider compatibility for PRs

on: [pull_request]

permissions:
contents: read

env:
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib

jobs:
fips-releases:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
strategy:
matrix:
release: [
# Formally released versions should be added here.
# `dir' it the directory inside the tarball.
# `tgz' is the name of the tarball.
# `url' is the download URL.
{
dir: openssl-3.0.0,
tgz: openssl-3.0.0.tar.gz,
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
},
{
dir: openssl-3.0.8,
tgz: openssl-3.0.8.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
},
{
dir: openssl-3.0.9,
tgz: openssl-3.0.9.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
},
{
dir: openssl-3.1.2,
tgz: openssl-3.1.2.tar.gz,
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
},
]

runs-on: ubuntu-latest
steps:
- name: create download directory
run: mkdir downloads
- name: download release source
run: wget --no-verbose ${{ matrix.release.url }}
working-directory: downloads
- name: unpack release source
run: tar xzf downloads/${{ matrix.release.tgz }}

- name: localegen
run: sudo locale-gen tr_TR.UTF-8

- name: config release
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.release.dir }}
- name: config dump release
run: ./configdata.pm --dump
working-directory: ${{ matrix.release.dir }}

- name: make release
run: make -s -j4
working-directory: ${{ matrix.release.dir }}

- name: create release artifacts
run: |
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
- name: show module versions from release
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.release.dir }}

- uses: actions/upload-artifact@v3
with:
name: ${{ matrix.release.tgz }}
path: ${{ matrix.release.tgz }}
retention-days: 7

development-branches:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
strategy:
matrix:
branch: [
# Currently supported FIPS capable branches should be added here.
# `name' is the branch name used to checkout out.
# `dir' directory that will be used to build and test in.
# `tgz' is the name of the tarball use to keep the artifacts of
# the build.
{
name: '',
dir: PR,
tgz: PR.tar.gz,
}, {
name: openssl-3.0,
dir: branch-3.0,
tgz: branch-3.0.tar.gz,
}, {
name: openssl-3.1,
dir: branch-3.1,
tgz: branch-3.1.tar.gz,
}, {
name: openssl-3.2,
dir: branch-3.2,
tgz: branch-3.2.tar.gz,
}, {
name: openssl-3.3,
dir: branch-3.3,
tgz: branch-3.3.tar.gz,
}, {
name: master,
dir: branch-master,
tgz: branch-master.tar.gz,
},
]

runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
path: ${{ matrix.branch.dir }}
repository: openssl/openssl
ref: ${{ matrix.branch.name }}
- name: localegen
run: sudo locale-gen tr_TR.UTF-8

- name: config branch
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.branch.dir }}
- name: config dump current
run: ./configdata.pm --dump
working-directory: ${{ matrix.branch.dir }}

- name: make branch
run: make -s -j4
working-directory: ${{ matrix.branch.dir }}

- name: create branch artifacts
run: |
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
- name: show module versions from branch
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.branch.dir }}

- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.branch.dir }}

- uses: actions/upload-artifact@v3
with:
name: ${{ matrix.branch.tgz }}
path: ${{ matrix.branch.tgz }}
retention-days: 7

cross-testing:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
needs: [fips-releases, development-branches]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# These can't be figured out earlier and included here as a variable
# substitution.
#
# Note that releases are not used as a test environment for
# later providers. Problems in these situations ought to be
# caught by cross branch testing before the release.
tree_a: [ branch-master, branch-3.3, branch-3.2, branch-3.1, branch-3.0,
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
tree_b: [ PR ]
include:
- tree_a: PR
tree_b: branch-master
- tree_a: PR
tree_b: branch-3.3
- tree_a: PR
tree_b: branch-3.2
- tree_a: PR
tree_b: branch-3.1
- tree_a: PR
tree_b: branch-3.0
steps:
- name: early exit checks
id: early_exit
run: |
if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; \
then \
echo "Skipping because both are the same version"; \
exit 1; \
fi
continue-on-error: true

- uses: actions/download-artifact@v3
if: steps.early_exit.outcome == 'success'
with:
name: ${{ matrix.tree_a }}.tar.gz
- name: unpack first build
if: steps.early_exit.outcome == 'success'
run: tar xzf "${{ matrix.tree_a }}.tar.gz"

- uses: actions/download-artifact@v3
if: steps.early_exit.outcome == 'success'
with:
name: ${{ matrix.tree_b }}.tar.gz
- name: unpack second build
if: steps.early_exit.outcome == 'success'
run: tar xzf "${{ matrix.tree_b }}.tar.gz"

- name: set up cross validation of FIPS from A with tree from B
if: steps.early_exit.outcome == 'success'
run: |
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
working-directory: ${{ matrix.tree_a }}

- name: show module versions from cross validation
if: steps.early_exit.outcome == 'success'
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.tree_b }}

- name: get cpu info
if: steps.early_exit.outcome == 'success'
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.tree_b }}

- name: run cross validation tests of FIPS from A with tree from B
if: steps.early_exit.outcome == 'success'
run: |
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.tree_b }}
55 changes: 55 additions & 0 deletions openssl/.github/workflows/style-checks.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

name: Coding style validation

on: [pull_request]

env:
PR_NUMBER: ${{ github.event.number }}
GH_TOKEN: ${{ github.token }}

permissions:
contents: read

jobs:
check-style:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
path: openssl
- name: check style for each commit
working-directory: openssl
shell: bash
run: |
ERRORS_FOUND=0
git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF
REFSTART=$(git rev-parse $GITHUB_BASE_REF)
REFEND=$(git rev-parse HEAD)
echo "Checking from $REFSTART to $REFEND"
for i in $(git log --no-merges --format=%H $REFSTART..$REFEND)
do
echo "::group::Style report for commit $i"
set +e
./util/check-format-commit.sh $i
if [ $? -ne 0 ]
then
ERRORS_FOUND=1
fi
set -e
echo "::endgroup::"
done
SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name')
if [ -z "$SKIP_TEST" ]
then
exit $ERRORS_FOUND
else
echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors"
exit 0
fi
3 changes: 3 additions & 0 deletions openssl/.gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,6 +147,9 @@ providers/common/include/prov/der_sm2.h
/apps/progs.c
/apps/progs.h

# macOS
.DS_Store

# Windows (legacy)
/tmp32
/tmp32.dbg
Expand Down
Loading

0 comments on commit a32d8e7

Please sign in to comment.