From 8a7642023884ccfbb17a929698dab8e3fc03cdc9 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Fri, 30 Jun 2023 15:56:13 +0100 Subject: [PATCH] Enable QUIC by default Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/21332) --- .github/workflows/ci.yml | 25 +++++++++++++------------ .github/workflows/coveralls.yml | 2 +- .github/workflows/os-zoo.yml | 6 +++--- .github/workflows/run-checker-ci.yml | 1 + .github/workflows/windows.yml | 10 +++++----- CHANGES.md | 4 ++++ Configure | 4 +--- INSTALL.md | 5 ++--- NEWS.md | 1 + 9 files changed, 31 insertions(+), 27 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 030a8df9ce..913d4244bf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -33,7 +33,7 @@ jobs: with: fetch-depth: 0 - name: config - run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump - name: make build_generated run: make -s build_generated - name: make update @@ -46,7 +46,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: config - run: ./config --banner=Configured --strict-warnings enable-fips enable-quic && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings enable-fips && perl configdata.pm --dump - name: make build_generated run: make -s build_generated - name: make doc-nits @@ -66,7 +66,7 @@ jobs: steps: - uses: actions/checkout@v3 - name: config - run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips enable-quic --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump + run: CPPFLAGS=-ansi ./config --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump - name: make run: make -s -j4 @@ -79,6 +79,7 @@ jobs: - name: localegen run: sudo locale-gen tr_TR.UTF-8 - name: config + # enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere run: CC=gcc ./config --banner=Configured enable-fips enable-quic --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 @@ -118,7 +119,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips enable-quic && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-deprecated enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -160,7 +161,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump + run: ./config --banner=Configured --debug enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -174,7 +175,7 @@ jobs: run: git submodule update --init --depth 1 fuzz/corpora - name: config # --debug -O1 is to produce a debug build that runs in a reasonable amount of time - run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-quic && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured --debug -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -187,7 +188,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread enable-quic && perl configdata.pm --dump + run: CC=clang ./config --banner=Configured no-fips --strict-warnings -fsanitize=thread && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -202,7 +203,7 @@ jobs: - name: modprobe tls run: sudo modprobe tls - name: config - run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips enable-quic no-threads && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-crypto-mdebug-backtrace enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -217,7 +218,7 @@ jobs: - name: modprobe tls run: sudo modprobe tls - name: config - run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips enable-quic && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings enable-ktls enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -321,7 +322,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: ./config --banner=Configured --strict-warnings no-legacy enable-fips enable-quic && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings no-legacy enable-fips && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -350,7 +351,7 @@ jobs: - name: checkout fuzz/corpora submodule run: git submodule update --init --depth 1 fuzz/corpora - name: config - run: CC=gcc ./config --banner=Configured enable-tfo enable-quic --strict-warnings && perl configdata.pm --dump + run: CC=gcc ./config --banner=Configured enable-tfo --strict-warnings && perl configdata.pm --dump - name: make run: make -s -j4 - name: make test @@ -460,7 +461,7 @@ jobs: with: submodules: recursive - name: Configure OpenSSL - run: ./config --banner=Configured --strict-warnings enable-external-tests enable-quic && perl configdata.pm --dump + run: ./config --banner=Configured --strict-warnings enable-external-tests && perl configdata.pm --dump - name: make run: make -s -j4 - uses: actions-rs/toolchain@v1 diff --git a/.github/workflows/coveralls.yml b/.github/workflows/coveralls.yml index 23cc6b6c23..1163e47da7 100644 --- a/.github/workflows/coveralls.yml +++ b/.github/workflows/coveralls.yml @@ -34,7 +34,7 @@ jobs: extra_config: enable-fips }, { branch: master, - extra_config: no-afalgeng enable-fips enable-tfo enable-quic + extra_config: no-afalgeng enable-fips enable-tfo } ] runs-on: ubuntu-latest diff --git a/.github/workflows/os-zoo.yml b/.github/workflows/os-zoo.yml index ebdc20f4a5..09a2499556 100644 --- a/.github/workflows/os-zoo.yml +++ b/.github/workflows/os-zoo.yml @@ -44,7 +44,7 @@ jobs: fi CC=${{ matrix.cc }} ./config --banner=Configured no-shared \ - -Wall -Werror enable-fips enable-quic --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags} + -Wall -Werror enable-fips --strict-warnings -DOPENSSL_USE_IPV6=0 ${extra_cflags} - name: config dump run: ./configdata.pm --dump @@ -71,7 +71,7 @@ jobs: - name: config run: | CC=${{ matrix.zoo.cc }} ./config --banner=Configured \ - -Wall -Werror --strict-warnings enable-fips enable-quic + -Wall -Werror --strict-warnings enable-fips - name: config dump run: ./configdata.pm --dump - name: make @@ -99,7 +99,7 @@ jobs: - name: config working-directory: _build run: | - perl ..\Configure --banner=Configured no-makedepend enable-fips enable-quic + perl ..\Configure --banner=Configured no-makedepend enable-fips - name: config dump working-directory: _build run: ./configdata.pm --dump diff --git a/.github/workflows/run-checker-ci.yml b/.github/workflows/run-checker-ci.yml index d56b0202f7..88cd79662b 100644 --- a/.github/workflows/run-checker-ci.yml +++ b/.github/workflows/run-checker-ci.yml @@ -37,6 +37,7 @@ jobs: no-tls1_3, enable-trace enable-fips, no-ui, + no-quic ] runs-on: ubuntu-latest steps: diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml index d37b7b75f5..b2b969dddf 100644 --- a/.github/workflows/windows.yml +++ b/.github/workflows/windows.yml @@ -22,9 +22,9 @@ jobs: - windows-2022 platform: - arch: win64 - config: enable-fips enable-quic + config: enable-fips - arch: win32 - config: --strict-warnings no-fips enable-quic + config: --strict-warnings no-fips runs-on: ${{matrix.os}} steps: - uses: actions/checkout@v3 @@ -101,7 +101,7 @@ jobs: - name: config working-directory: _build run: | - perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm no-threads enable-quic -DOPENSSL_SMALL_FOOTPRINT + perl ..\Configure --banner=Configured no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT perl configdata.pm --dump - name: build working-directory: _build @@ -119,10 +119,10 @@ jobs: # - windows-2022 platform: - arch: win64 - config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-quic + config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips # are we really learning sth new from win32? So let's save some CO2 for now disabling this # - arch: win32 -# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips enable-quic +# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips runs-on: ${{matrix.os}} env: CYGWIN_NOWINPATH: 1 diff --git a/CHANGES.md b/CHANGES.md index 4fffd324ee..bb4b410ae6 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -25,6 +25,10 @@ OpenSSL 3.2 ### Changes between 3.1 and 3.2 [xx XXX xxxx] + * Added client side support for QUIC + + *Hugo Landau* + * Added SHA256/192 algorithm support. *Fergus Dall* diff --git a/Configure b/Configure index 5e9e6bfd5c..49bd868ab4 100755 --- a/Configure +++ b/Configure @@ -94,8 +94,7 @@ EOF # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded at run-time by the OpenSSL library. # sctp include SCTP support -# enable-quic include QUIC support (currently just for developers as the -# implementation is by no means complete and usable) +# no-quic disable QUIC support # no-uplink Don't build support for UPLINK interface. # enable-weak-ssl-ciphers # Enable weak ciphers that are disabled by default. @@ -570,7 +569,6 @@ our %disabled = ( # "what" => "comment" "ktls" => "default", "md2" => "default", "msan" => "default", - "quic" => "default", "rc5" => "default", "sctp" => "default", "ssl3" => "default", diff --git a/INSTALL.md b/INSTALL.md index 3a73e56ec6..fb6f4be60a 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -971,10 +971,9 @@ Don't build test programs or run any tests. Build with support for TCP Fast Open (RFC7413). Supported on Linux, macOS and FreeBSD. -### enable-quic +### no-quic -Build with QUIC support. This is currently just for developers as the -implementation is by no means complete and usable. +Don't build with QUIC support. ### no-threads diff --git a/NEWS.md b/NEWS.md index 8bfc98aed3..f537762483 100644 --- a/NEWS.md +++ b/NEWS.md @@ -22,6 +22,7 @@ OpenSSL 3.2 ### Major changes between OpenSSL 3.1 and OpenSSL 3.2 [under development] + * Added client side support for QUIC. * Add Raw Public Key (RFC7250) support. * Added support for certificate compression (RFC8879), including library support for Brotli and Zstandard compression. -- 2.39.2