Add simple interoperability test with Cloudflare quiche

This is an external test which requires recursive checkout
of the cloudflare-quiche submodule.

We simply run a client aga

Add simple interoperability test with Cloudflare quiche

This is an external test which requires recursive checkout
of the cloudflare-quiche submodule.

We simply run a client against the example quiche-server
serving HTTP/0.9 requests.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20527)

show more ...

Add "make help" option

Based on kubernetes controller Makefile help.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fr

Add "make help" option

Based on kubernetes controller Makefile help.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20407)

show more ...

Bump actions/setup-python from 4.4.0 to 4.5.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setu

Bump actions/setup-python from 4.4.0 to 4.5.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...

CLA: trivial
Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20046)

show more ...

Bump actions/setup-python from 4.3.1 to 4.4.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setu

Bump actions/setup-python from 4.3.1 to 4.4.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.1 to 4.4.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.1...v4.4.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19961)

show more ...

Bump actions/setup-python from 4.3.0 to 4.3.1

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setu

Bump actions/setup-python from 4.3.0 to 4.3.1

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.3.0 to 4.3.1.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.3.0...v4.3.1)

---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

CLA: trivial

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19866)

show more ...

Update GitHub actions as suggested by dependabot

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/opens

Update GitHub actions as suggested by dependabot

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19581)

show more ...

Add CI to build with brotli and zstd

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Add CI to build with brotli and zstd

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)

show more ...

Always automatically add -DPEDANTIC with enable-ubsan

To avoid reports like: #19028

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(

Always automatically add -DPEDANTIC with enable-ubsan

To avoid reports like: #19028

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19029)

show more ...

Ensure we build ub sanitizer builds with -DPEDANTIC

Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this defin

Ensure we build ub sanitizer builds with -DPEDANTIC

Otherwise we may get spurious results from ub sanitizer. For example we
assume we can tolerate some unaligned write without this define that ub
sanitizer will complain about.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18983)

show more ...

ci: add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <p

ci: add GitHub token permissions for workflows

Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)

show more ...

CI: Add enable-quic to some of the builds

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

CI: Add enable-quic to some of the builds

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)

show more ...

Update copyright year

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes

Minimal test checking we can get public key in Turkish locale

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/op

Minimal test checking we can get public key in Turkish locale

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18069)

show more ...

Add TFO support to socket BIO and s_client/s_server

Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <ma

Add TFO support to socket BIO and s_client/s_server

Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)

show more ...

Add external testing with oqsprovider

Including running the oqsprovider external test in the
CI external test build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Revie

Add external testing with oqsprovider

Including running the oqsprovider external test in the
CI external test build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17832)

show more ...

Fix copyright year issues

Fixes: #13765

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17427)

Run TLSfuzzer tests for CI

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17340)

FIPS and KTLS may interfere

New Linux kernels (>= 5.11) enable KTLS CHACHA which is not
FIPS-suitable.

Fixes #16657

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merg

FIPS and KTLS may interfere

New Linux kernels (>= 5.11) enable KTLS CHACHA which is not
FIPS-suitable.

Fixes #16657

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16658)

show more ...

ci: add copyright header to CI scripts

There is quite a bit of creative effort in these and even more trouble-
shooting effort. I.e. they are non-trivial from a copyright perspective.

ci: add copyright header to CI scripts

There is quite a bit of creative effort in these and even more trouble-
shooting effort. I.e. they are non-trivial from a copyright perspective.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16628)

show more ...

Add additional test to thread sanitizer build

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16469)

ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https

ci: Add -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION to asan build

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16433)

show more ...

ci: specific gcc explicitly on the basic-gcc CI build

GitHub Actions default to clang not gcc so this is necessary now.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from

ci: specific gcc explicitly on the basic-gcc CI build

GitHub Actions default to clang not gcc so this is necessary now.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16174)

show more ...

Test ktls in non-default options CI build

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/opens

Test ktls in non-default options CI build

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16120)

show more ...

ci: reinstate the passwd tests for the no-cached-fetch run.

By selectively skipping the high round test cases, the out of memory problem
can be avoided.

partially fixes #16127

ci: reinstate the passwd tests for the no-cached-fetch run.

By selectively skipping the high round test cases, the out of memory problem
can be avoided.

partially fixes #16127

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16132)

show more ...

ci: omit tests that consume too much memory

The SSL API tests and the passwd command test trigger memory leakage in the
address sanitizer.

Fixes #16116

Reviewed-by: Tom

ci: omit tests that consume too much memory

The SSL API tests and the passwd command test trigger memory leakage in the
address sanitizer.

Fixes #16116

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16125)

show more ...