Merge branch 'openssl:master' into dev

.github/ISSUE_TEMPLATE/question.md

@@ -1,56 +1,10 @@
 ---
 name: Question
 labels: 'issue: question'
-about: Ask a question about OpenSSL
+about: Please use Q&A in Discussions instead
 ---
 
-<!--
-Thank you for your interest in OpenSSL. If this is your first question,
-please take the time to read the following lines before posting it.
+Please do NOT use issues to ask questions about OpenSSL.
 
-For general questions about *using* OpenSSL:
-
-    If you have questions about how to use OpenSSL for specific tasks
-    or how to solve certain problems you have when using it, you might
-    want to ask them on the [email protected] mailing list.
-    There you can get help from a great community of OpenSSL users,
-    not only (but including) the OpenSSL developers. For more information
-    about our mailing lists, see
-    https://www.openssl.org/community/mailinglists.html.
-
-For questions related to build issues:
-
-    Please use the 'Bug report' template.
-
-For other questions:
-
-    Please describe your problem as concisely as possible while giving
-    us enough information to understand your problem. Example code
-    or example commands are highly appreciated if they help us to
-    better understand what you are trying to achieve.
-
-    Also, please remember to tell us which OpenSSL version you are
-    using and whether it is system provided or you built it yourself.
-    In the latter case, please also send us your build configuration.
-    With OpenSSL before 1.1.1, the configuration output comes from the
-    configuration command.  With OpenSSL 1.1.1 and on, you can obtain
-    the information by running the command `perl configdata.pm --dump`
-    in the root directory of the source tree.
-
-Please remember to put ``` lines before and after any commands plus
-output and code, like this:
-
-    ```
-    $ echo output output output
-    output output output
-    ```
-
-    ```
-    #include <stdio.h>
-
-    int main() {
-        int foo = 1;
-        printf("%d\n", foo);
-    }
-    ```
--->
+Instead, please use the [Q&A category in Discussions](<https://github.com/openssl/openssl/discussions/new?category=q-a>)
+to ask your question.

.github/workflows/ci.yml

@@ -33,7 +33,7 @@ jobs:
       with:
         fetch-depth: 0
     - name: config
-      run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
     - name: make update
@@ -46,7 +46,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: config
-      run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump
     - name: make build_generated
       run: make -s build_generated
     - name: make doc-nits
@@ -66,7 +66,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
     - name: config
-      run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
+      run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
     - name: make
       run: make -s -j4
 
@@ -79,6 +79,7 @@ jobs:
     - name: localegen
       run: sudo locale-gen tr_TR.UTF-8
     - name: config
+      # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
       run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump
     - name: make
       run: make -s -j4
@@ -118,7 +119,7 @@ jobs:
     - name: checkout fuzz/corpora submodule
       run: git submodule update --init --depth 1 fuzz/corpora
     - name: config
-      run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -160,7 +161,7 @@ jobs:
     - name: checkout fuzz/corpora submodule
       run: git submodule update --init --depth 1 fuzz/corpora
     - name: config
-      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
+      run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -174,7 +175,7 @@ jobs:
       run: git submodule update --init --depth 1 fuzz/corpora
     - name: config
       # --debug -O1 is to produce a debug build that runs in a reasonable amount of time
-      run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -187,7 +188,7 @@ jobs:
     - name: checkout fuzz/corpora submodule
       run: git submodule update --init --depth 1 fuzz/corpora
     - name: config
-      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread enable-quic && perl configdata.pm --dump
+      run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -202,7 +203,7 @@ jobs:
     - name: modprobe tls
       run: sudo modprobe tls
     - name: config
-      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic no-threads && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -217,7 +218,7 @@ jobs:
     - name: modprobe tls
       run: sudo modprobe tls
     - name: config
-      run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -321,7 +322,7 @@ jobs:
     - name: checkout fuzz/corpora submodule
       run: git submodule update --init --depth 1 fuzz/corpora
     - name: config
-      run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -350,7 +351,7 @@ jobs:
     - name: checkout fuzz/corpora submodule
       run: git submodule update --init --depth 1 fuzz/corpora
     - name: config
-      run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump
+      run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - name: make test
@@ -441,7 +442,7 @@ jobs:
     - name: make
       run: make -s -j4
     - name: Setup Python
-      uses: actions/setup-python@v4.6.1
+      uses: actions/setup-python@v4.7.0
       with:
         python-version: ${{ matrix.PYTHON }}
     - uses: actions-rs/toolchain@v1
@@ -460,7 +461,7 @@ jobs:
       with:
         submodules: recursive
     - name: Configure OpenSSL
-      run: ./config --banner=Configured --strict-warnings enable-external-tests enable-quic && perl configdata.pm --dump
+      run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump
     - name: make
       run: make -s -j4
     - uses: actions-rs/toolchain@v1

.github/workflows/compiler-zoo.yml

@@ -36,6 +36,10 @@ jobs:
           }, {
             cc: gcc-12,
             distro: ubuntu-22.04
+          }, {
+            cc: gcc-13,
+            distro: ubuntu-22.04,
+            gcc-ppa-name: ubuntu-toolchain-r/test
           }, {
             cc: clang-6.0,
             distro: ubuntu-20.04
@@ -80,11 +84,18 @@ jobs:
     steps:
     - name: install packages
       run: |
+        gcc_ppa_name="${{ matrix.zoo.gcc-ppa-name }}"
         llvm_ppa_name="${{ matrix.zoo.llvm-ppa-name }}"
 
-        # In the Matrix above, we set llvm-ppa-name if an LLVM version isn't
-        # part of the Ubuntu version we're using. See https://apt.llvm.org/.
-        if [[ -n ${llvm_ppa_name} ]] ; then
+        # In the Matrix above:
+        # - we set gcc-ppc-name if the GCC version isn't part of the Ubuntu version we're using (see https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test).
+        # - we set llvm-ppa-name if an LLVM version isn't part of the Ubuntu version we're using (see https://apt.llvm.org/).
+        # This is especially needed because even new Ubuntu LTSes aren't available
+        # until a while after release on Github Actions.
+        if [[ -n ${gcc_ppa_name} ]] ; then
+          sudo add-apt-repository ppa:ubuntu-toolchain-r/test
+          sudo apt-get update
+        elif [[ -n ${llvm_ppa_name} ]] ; then
             wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key |\
                 gpg --dearmor |\
                 sudo tee /usr/share/keyrings/llvm-snapshot.gpg.key > /dev/null

.github/workflows/coveralls.yml

@@ -34,7 +34,7 @@ jobs:
             extra_config: enable-fips
           }, {
             branch: master,
-            extra_config: no-afalgeng enable-fips enable-tfo enable-quic
+            extra_config: no-afalgeng enable-fips enable-tfo
           }
         ]
     runs-on: ubuntu-latest
@@ -68,7 +68,7 @@ jobs:
     - name: generate coverage info
       run: lcov -d . -c -o ./lcov.info
     - name: Coveralls upload
-      uses: coverallsapp/[email protected].0
+      uses: coverallsapp/[email protected].1
       with:
         github-token: ${{ secrets.github_token }}
         git-branch: ${{ matrix.branches.branch }}

.github/workflows/cross-compiles.yml

@@ -126,7 +126,7 @@ jobs:
           }, {
             arch: m68k-linux-gnu,
             libs: libc6-dev-m68k-cross,
-            target: -mcfv4e linux-latomic -Wno-stringop-overflow,
+            target: -mcfv4e linux-latomic -Wno-stringop-overflow no-quic,
             tests: none
           }, {
             arch: mips-linux-gnu,

.github/workflows/os-zoo.yml

@@ -44,7 +44,7 @@ jobs:
         fi
 
         CC=${{ matrix.cc }} ./config --banner=Configured no-shared \
-            -Wall -Werror enable-fips enable-quic --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags}
+            -Wall -Werror enable-fips --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags}
 
     - name: config dump
       run: ./configdata.pm --dump
@@ -71,7 +71,7 @@ jobs:
     - name: config
       run: |
         CC=${{ matrix.zoo.cc }} ./config --banner=Configured \
-            -Wall -Werror --strict-warnings enable-fips enable-quic
+            -Wall -Werror --strict-warnings enable-fips
     - name: config dump
       run: ./configdata.pm --dump
     - name: make
@@ -99,7 +99,7 @@ jobs:
     - name: config
       working-directory: _build
       run: |
-        perl ..\Configure --banner=Configured no-makedepend enable-fips enable-quic
+        perl ..\Configure --banner=Configured no-makedepend enable-fips
     - name: config dump
       working-directory: _build
       run: ./configdata.pm --dump

.github/workflows/run-checker-ci.yml

@@ -19,27 +19,25 @@ jobs:
         opt: [
           no-cmp,
           no-cms,
-          no-ct,
+          no-dgram,
+          no-dh,
           no-dtls,
           no-ec,
           no-ec2m,
+          no-ecx,
           no-http,
-          no-siv,
           no-legacy,
           no-sock,
-          no-srp,
-          no-srtp,
           enable-ssl-trace,
-          no-tests,
           no-threads,
           no-thread-pool,
           no-default-thread-pool,
           no-tls,
           no-tls1_2,
           no-tls1_3,
           enable-trace enable-fips,
-          no-ts,
           no-ui,
+          no-quic
         ]
     runs-on: ubuntu-latest
     steps:

.github/workflows/run-checker-daily.yml

@@ -22,6 +22,7 @@ jobs:
         opt: [
           386,
           no-afalgeng,
+          no-apps,
           no-aria,
           no-asan,
           no-asm,
@@ -47,7 +48,7 @@ jobs:
           no-deprecated,
           no-des,
           no-devcryptoeng,
-          no-dh,
+          no-docs,
           no-dsa,
           no-dtls1,
           no-dtls1_2,
@@ -77,15 +78,12 @@ jobs:
           no-md2,
           no-md4,
           no-mdc2,
-          no-module,
           no-msan,
           no-multiblock,
           no-nextprotoneg,
           no-ocb,
-          no-ocsp,
           no-padlockeng,
           no-pic,
-          no-pinshared,
           no-poly1305,
           no-posix-io,
           no-psk,
@@ -114,16 +112,17 @@ jobs:
           no-ssl-trace,
           no-static-engine no-shared,
           no-stdio,
+          no-tests,
           enable-tfo,
           no-tls1,
           no-tls1_1,
           no-tls1_1-method,
-          no-tls1_2,
           no-tls1_2-method,
           no-tls1-method,
           no-trace,
           no-ubsan,
           no-ui-console,
+          no-unit-test,
           enable-unit-test,
           no-uplink,
           no-weak-ssl-ciphers,

.github/workflows/run-checker-merge.yml

@@ -19,14 +19,19 @@ jobs:
       matrix:
         opt: [
           enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT,
-          no-dgram,
+          no-ct,
           no-dso,
           no-dynamic-engine,
           no-engine no-shared,
           no-err,
           no-filenames,
           enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=alignment,
-          no-unit-test,
+          no-module,
+          no-ocsp,
+          no-pinshared,
+          no-srp,
+          no-srtp,
+          no-ts,
           enable-weak-ssl-ciphers,
           enable-zlib,
         ]