| #
20bf3fe2 |
| 31-Jul-2024 |
Dimitri John Ledkov |
github: fix quoting in github workflow for jitter tests
Nested quoting got ignore previously. And this way one can specify
string name directly.
Successfully run with Jitter at
github: fix quoting in github workflow for jitter tests
Nested quoting got ignore previously. And this way one can specify
string name directly.
Successfully run with Jitter at
https://github.com/xnox/openssl/actions/runs/10223149419/job/28289017013
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25053)
show more ...
|
| #
1e7ff7be |
| 11-Jul-2024 |
Dimitri John Ledkov |
JITTER: excercise all tests in CI with JITTER seed source under certain build configuration
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
JITTER: excercise all tests in CI with JITTER seed source under certain build configuration
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
show more ...
|
| #
b28b3128 |
| 10-Jul-2024 |
Dimitri John Ledkov |
jitter: add a new provider containing a jitter entropy source alone
This entropy source can be used instead of SEED-SRC. Sample
openssl.cnf configuration is provided. It is built as a se
jitter: add a new provider containing a jitter entropy source alone
This entropy source can be used instead of SEED-SRC. Sample
openssl.cnf configuration is provided. It is built as a separate
provider, because it is likely to require less frequent updates than
fips provider. The same build likely can span multiple generations of
FIPS 140 standard revisions.
Note that rand-instances currently chain from public/private instances
to primary, prior to consuming the seed. Thus currently a unique ESV
needs to be obtained, and resue of jitterentropy.a certificate is not
possible as is. Separately a patch will be sent to allow for
unchaining public/private RAND instances for the purpose of reusing
ESV.
Also I do wonder if it makes sense to create a fips variant of stock
SEED-SRC entropy source, which in addition to using getrandom() also
verifies that the kernel is operating in FIPS mode and thus is likely
a validated entropy source. As in on Linux, check that
/proc/sys/crypto/fips_enabled is set to 1, and similar checks on
Windows / MacOS and so on.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24844)
show more ...
|
| #
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
ada9d8c7 |
| 01-Mar-2024 |
Dmitry Misharov |
Add M1 macOS runner to some workflows
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/
Add M1 macOS runner to some workflows
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23724)
show more ...
|
| #
37cd49f5 |
| 14-Mar-2024 |
Neil Horman |
Fix ASLR to be smaller during asan/tsan/ubsan runs
Recently asan/tsan/ubsan runs have been failing randomly. It appears
that a recent runner update may have led to the Address Space Lay
Fix ASLR to be smaller during asan/tsan/ubsan runs
Recently asan/tsan/ubsan runs have been failing randomly. It appears
that a recent runner update may have led to the Address Space Layout
Randomization setting in the linux kernel of ubuntu-latest runner
getting set to too high a value (it defaults to 30). Such a setting
leads to the possibility that a given application will have memory
mapped to an address space that the sanitizer code typically uses to do
its job. Lowering this value allows a/t/ubsan to work consistently
again
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23842)
show more ...
|
| #
99fb31c1 |
| 25-Jan-2024 |
Randall S. Becker |
Add atexit configuration option to using atexit() in libcrypto at build-time.
This fixes an issue with a mix of atexit() usage in DLL and statically linked
libcrypto that came out in the
Add atexit configuration option to using atexit() in libcrypto at build-time.
This fixes an issue with a mix of atexit() usage in DLL and statically linked
libcrypto that came out in the test suite on NonStop, which has slightly
different DLL unload processing semantics compared to Linux. The change
allows a build configuration to select whether to register OPENSSL_cleanup()
with atexit() or not, so avoid situations where atexit() registration causes
SIGSEGV.
INSTALL.md and CHANGES.md have been modified to include and describe this
option.
The no-atexit option has been added to .github/workflows/run-checker-daily.yml.
Fixes: #23135
Signed-of-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/23394)
show more ...
|
| #
5ccd4dec |
| 12-Dec-2023 |
Matt Caswell |
Add a daily test for an alternative value for SSL3_ALIGN_PAYLOAD
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://githu
Add a daily test for an alternative value for SSL3_ALIGN_PAYLOAD
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)
show more ...
|
| #
456b32ba |
| 10-Nov-2023 |
Tomas Mraz |
Rearrange some CI jobs
Those less useful should be in daily or on-push runs.
Those more likely triggering CI failure that do not
take too much time should be in main on pull req
Rearrange some CI jobs
Those less useful should be in daily or on-push runs.
Those more likely triggering CI failure that do not
take too much time should be in main on pull request CI.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22693)
show more ...
|
| #
bde54110 |
| 19-Oct-2023 |
Tomas Mraz |
run-checker-daily.yml: If the openssl app is not built do not run it
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https
run-checker-daily.yml: If the openssl app is not built do not run it
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22443)
show more ...
|
| #
2d374e1c |
| 28-Sep-2023 |
Dmitry Misharov |
GH action workflows: Add cpu report before 'make test'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@op
GH action workflows: Add cpu report before 'make test'
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22232)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
d4231af6 |
| 05-Sep-2023 |
dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> |
Bump actions/checkout from 2 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Change
Bump actions/checkout from 2 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21953)
show more ...
|
| #
6399d785 |
| 23-Aug-2023 |
Xu Yizhou |
Optimize SM2 on aarch64
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merge
Optimize SM2 on aarch64
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20754)
show more ...
|
| #
6497ad58 |
| 30-Jun-2023 |
Tomas Mraz |
Reorganize runchecker jobs
Put jobs that are more likely to fail to on pull request CI.
To compensate move some less likely to fail jobs to on push and
daily CI jobs.
Review
Reorganize runchecker jobs
Put jobs that are more likely to fail to on pull request CI.
To compensate move some less likely to fail jobs to on push and
daily CI jobs.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21336)
show more ...
|
| #
956b4c75 |
| 19-Jun-2023 |
Vladimír Kotal |
add no-docs option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21240)
|
| #
ff88545e |
| 15-Jun-2023 |
Vladimír Kotal |
Allow to disable apps building with no-apps
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Allow to disable apps building with no-apps
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21212)
show more ...
|
| #
1ac0464d |
| 05-Apr-2023 |
Tomas Mraz |
CI: Checkout submodules to make the regression fuzz tests run
Otherwise the fuzz/corpora won't be present.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul D
CI: Checkout submodules to make the regression fuzz tests run
Otherwise the fuzz/corpora won't be present.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20683)
show more ...
|
| #
4ff66347 |
| 02-Nov-2022 |
Tomas Mraz |
Update GitHub actions as suggested by dependabot
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/opens
Update GitHub actions as suggested by dependabot
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19581)
show more ...
|
| #
41e4f72d |
| 27-Oct-2022 |
slontis |
Attempt to fix CI Daily build error
For some reason the newly introduced CI test
for sctp causes issues. It is unknown why this
seems to work when testing, but doesnt work
once i
Attempt to fix CI Daily build error
For some reason the newly introduced CI test
for sctp causes issues. It is unknown why this
seems to work when testing, but doesnt work
once it was merged.
The test has been put into its own file, with
skips on error if the setup fails..
This will need to be merged to test if this
works.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19511)
show more ...
|
| #
846975f3 |
| 12-Oct-2022 |
slontis |
Fix sctp compile errors
Fixes #19371
running config with 'enable-sctp' gave compiler errors.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt
Fix sctp compile errors
Fixes #19371
running config with 'enable-sctp' gave compiler errors.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19398)
show more ...
|
| #
c6e7f427 |
| 09-Jul-2022 |
Varun Sharma |
ci: add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <p
ci: add GitHub token permissions for workflows
Signed-off-by: Varun Sharma <varunsh@stepsecurity.io>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18766)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
a3e53d56 |
| 08-Sep-2021 |
Todd Short |
Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests
Reviewed-by: Matt Caswell <ma
Add TFO support to socket BIO and s_client/s_server
Supports Linux, MacOS and FreeBSD
Disabled by default, enabled via `enabled-tfo`
Some tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8692)
show more ...
|
| #
d362db7c |
| 10-Nov-2021 |
Pauli |
run-checker: add CI to test safe_math without compiler support.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16930)
|
