mirror of
https://github.com/openssl/openssl.git
synced 2025-12-20 01:22:19 +08:00
9968040194
Some checks failed
GitHub CI / check_update (push) Has been cancelled
GitHub CI / check_docs (push) Has been cancelled
GitHub CI / check-c99 (push) Has been cancelled
GitHub CI / basic_gcc (push) Has been cancelled
GitHub CI / basic_clang (push) Has been cancelled
GitHub CI / linux-arm64 (push) Has been cancelled
GitHub CI / freebsd-x86_64 (push) Has been cancelled
GitHub CI / minimal (push) Has been cancelled
GitHub CI / no-deprecated (push) Has been cancelled
GitHub CI / no-shared-ubuntu (push) Has been cancelled
GitHub CI / no-shared-macos (macos-13) (push) Has been cancelled
GitHub CI / no-shared-macos (macos-14) (push) Has been cancelled
GitHub CI / non-caching (push) Has been cancelled
GitHub CI / address_ub_sanitizer (push) Has been cancelled
GitHub CI / fuzz_tests (push) Has been cancelled
GitHub CI / memory_sanitizer (push) Has been cancelled
GitHub CI / threads_sanitizer (push) Has been cancelled
GitHub CI / enable_non-default_options (push) Has been cancelled
GitHub CI / full_featured (push) Has been cancelled
GitHub CI / no-legacy (push) Has been cancelled
GitHub CI / legacy (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Has been cancelled
GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Has been cancelled
GitHub CI / external-tests-misc (push) Has been cancelled
GitHub CI / external-tests-oqs-provider (push) Has been cancelled
GitHub CI / external-tests-pkcs11-provider (push) Has been cancelled
GitHub CI / external-tests-pyca (3.9) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Has been cancelled
Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Has been cancelled
Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Has been cancelled
Trigger docs.openssl.org deployment / trigger (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=al… (push) Has been cancelled
Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Has been cancelled
CIFuzz / Fuzzing (push) Has been cancelled
Perl-minimal-checker CI / perl-minimal-checker (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_inlineasm opensslcapsname:riscvcap qemucpu:rv64,zbb=true,zbkb=true,zknh=true,zksh=true target:-march=rv64gc_zbb_zbkb_zknh_zksh linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zbb opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zbb=true,zvbb=false,zvkb=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zvkb_zvbc opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zvbb=true,zvbc=true,zvkg=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zvkg opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zvkg=true,zvbb=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_v_zvkned opensslcapsname:riscvcap qemucpu:rv64,v=true,vlen=128,zvkned=true,zvbb=false,zvkb=false,zvkg=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zba_zbb_zbc_zbs_zbkb_zbkc_zbkx_zknd_zkne_zknh_zksed_zksh_zkr_zkt_v_zvbb_zvbc_zvkb_zvkg_zvkned_zvknha_zvknhb_zvksed_zvksh opensslcapsname:riscvca… (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zbb_zbc_zbkb_zknd_zkne opensslcapsname:riscvcap qemucpu:rv64,zbb=true,zbc=true,zbkb=true,zknd=true,zkne=true target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zbc opensslcapsname:riscvcap qemucpu:rv64,zbc=true,zbb=false,zbkb=false target:linux64-riscv64]) (push) Has been cancelled
Cross Compile for RISC-V Extensions / cross-compilation-riscv (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross opensslcaps:rv64gc_zbc_zbb opensslcapsname:riscvcap qemucpu:rv64,zbc=true,zbb=true,zbkb=false target:linux64-riscv64]) (push) Has been cancelled
Run-checker CI / run-checker (enable-trace enable-fips) (push) Has been cancelled
Run-checker CI / run-checker (no-cmp) (push) Has been cancelled
Run-checker CI / run-checker (no-cms) (push) Has been cancelled
Run-checker CI / run-checker (no-default-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-dgram) (push) Has been cancelled
Run-checker CI / run-checker (no-dh) (push) Has been cancelled
Run-checker CI / run-checker (no-dtls) (push) Has been cancelled
Run-checker CI / run-checker (no-ec) (push) Has been cancelled
Run-checker CI / run-checker (no-ecx) (push) Has been cancelled
Run-checker CI / run-checker (no-http) (push) Has been cancelled
Run-checker CI / run-checker (no-legacy) (push) Has been cancelled
Run-checker CI / run-checker (no-ml-dsa) (push) Has been cancelled
Run-checker CI / run-checker (no-ml-kem) (push) Has been cancelled
Run-checker CI / run-checker (no-quic) (push) Has been cancelled
Run-checker CI / run-checker (no-sm2) (push) Has been cancelled
Run-checker CI / run-checker (no-sock) (push) Has been cancelled
Run-checker CI / run-checker (no-stdio) (push) Has been cancelled
Run-checker CI / run-checker (no-thread-pool) (push) Has been cancelled
Run-checker CI / run-checker (no-threads) (push) Has been cancelled
Run-checker CI / run-checker (no-tls) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_2) (push) Has been cancelled
Run-checker CI / run-checker (no-tls1_3) (push) Has been cancelled
Run-checker CI / run-checker (no-ui) (push) Has been cancelled
Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-pie) (push) Has been cancelled
Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Has been cancelled
Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (enable-zlib) (push) Has been cancelled
Run-checker merge / run-checker (no-dso) (push) Has been cancelled
Run-checker merge / run-checker (no-dynamic-engine) (push) Has been cancelled
Run-checker merge / run-checker (no-ec2m enable-fips) (push) Has been cancelled
Run-checker merge / run-checker (no-engine no-shared) (push) Has been cancelled
Run-checker merge / run-checker (no-err) (push) Has been cancelled
Run-checker merge / run-checker (no-filenames) (push) Has been cancelled
Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Has been cancelled
Run-checker merge / run-checker (no-module) (push) Has been cancelled
Run-checker merge / run-checker (no-ocsp) (push) Has been cancelled
Run-checker merge / run-checker (no-pinshared) (push) Has been cancelled
Run-checker merge / run-checker (no-srp) (push) Has been cancelled
Run-checker merge / run-checker (no-srtp) (push) Has been cancelled
Run-checker merge / run-checker (no-ts) (push) Has been cancelled
Run-checker merge / jitter (push) Has been cancelled
Run-checker merge / threads_sanitizer_atomic_fallback (push) Has been cancelled
Windows GitHub CI / shared (map[arch:amd64 config:enable-lms enable-fips no-thread-pool no-quic os:windows-2025 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:amd64 config:enable-lms enable-fips os:windows-2022 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat]) (push) Has been cancelled
Windows GitHub CI / shared (map[arch:x86 config:--strict-warnings no-fips enable-lms os:windows-2022 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat]) (push) Has been cancelled
Windows GitHub CI / plain (push) Has been cancelled
Windows GitHub CI / minimal (push) Has been cancelled
Windows GitHub CI / cygwin (windows-2022, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Has been cancelled
Windows Compression GitHub CI / zstd (push) Has been cancelled
Windows Compression GitHub CI / brotli (push) Has been cancelled
Provider compatibility across versions / fips-releases (map[dir:openssl-3.0.0 tgz:openssl-3.0.0.tar.gz url:https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / fips-releases (map[dir:openssl-3.0.8 tgz:openssl-3.0.8.tar.gz url:https://www.openssl.org/source/openssl-3.0.8.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / fips-releases (map[dir:openssl-3.0.9 tgz:openssl-3.0.9.tar.gz url:https://www.openssl.org/source/openssl-3.0.9.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / fips-releases (map[dir:openssl-3.1.2 tgz:openssl-3.1.2.tar.gz url:https://www.openssl.org/source/openssl-3.1.2.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / development-branches (map[dir:branch-3.0 extra_config: name:openssl-3.0 tgz:branch-3.0.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / development-branches (map[dir:branch-3.2 extra_config: name:openssl-3.2 tgz:branch-3.2.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / development-branches (map[dir:branch-3.3 extra_config: name:openssl-3.3 tgz:branch-3.3.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / development-branches (map[dir:branch-3.4 extra_config: name:openssl-3.4 tgz:branch-3.4.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / development-branches (map[dir:branch-3.5 extra_config: name:openssl-3.5 tgz:branch-3.5.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / development-branches (map[dir:branch-master extra_config:enable-lms name:master tgz:branch-master.tar.gz]) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.0, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.0, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.0, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.0, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.0, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.0, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.2, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.2, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.2, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.2, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.2, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.2, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.3, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.3, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.3, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.3, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.3, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.3, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.4, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.4, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.4, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.4, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.4, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.4, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.5, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.5, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.5, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.5, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.5, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-3.5, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-master, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-master, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-master, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-master, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-master, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (branch-master, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-master) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.0) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.2) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.3) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.4) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.5) (push) Has been cancelled
Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-master) (push) Has been cancelled
Coverage / define-matrix (push) Has been cancelled
Coverage / coverage (push) Has been cancelled
Static Analysis / coverity (push) Has been cancelled
Static Analysis On Prem / coverity-analysis (push) Has been cancelled
Run-checker daily / run-checker (-DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING) (push) Has been cancelled
Run-checker daily / run-checker (-DOPENSSL_PEDANTIC_ZEROIZATION enable-fips) (push) Has been cancelled
Run-checker daily / run-checker (-DOPENSSL_PEDANTIC_ZEROIZATION) (push) Has been cancelled
Run-checker daily / run-checker (-DOPENSSL_TLS_SECURITY_LEVEL=0) (push) Has been cancelled
Run-checker daily / run-checker (-DSSL3_ALIGN_PAYLOAD=4) (push) Has been cancelled
Run-checker daily / run-checker (386) (push) Has been cancelled
Run-checker daily / run-checker (enable-crypto-mdebug) (push) Has been cancelled
Run-checker daily / run-checker (enable-crypto-mdebug-backtrace) (push) Has been cancelled
Run-checker daily / run-checker (enable-demos) (push) Has been cancelled
Run-checker daily / run-checker (enable-ec_nistp_64_gcc_128) (push) Has been cancelled
Run-checker daily / run-checker (enable-egd) (push) Has been cancelled
Run-checker daily / run-checker (enable-fips enable-acvp-tests) (push) Has been cancelled
Run-checker daily / run-checker (enable-fips no-des no-dsa no-ec2m) (push) Has been cancelled
Run-checker daily / run-checker (enable-fips no-tls1_3) (push) Has been cancelled
Run-checker daily / run-checker (enable-fips) (push) Has been cancelled
Run-checker daily / run-checker (enable-h3demo) (push) Has been cancelled
Run-checker daily / run-checker (enable-heartbeats) (push) Has been cancelled
Run-checker daily / run-checker (enable-hqinterop) (push) Has been cancelled
Run-checker daily / run-checker (enable-lms) (push) Has been cancelled
Run-checker daily / run-checker (enable-md2) (push) Has been cancelled
Run-checker daily / run-checker (enable-rc5) (push) Has been cancelled
Run-checker daily / run-checker (enable-ssl3) (push) Has been cancelled
Run-checker daily / run-checker (enable-ssl3-method) (push) Has been cancelled
Run-checker daily / run-checker (enable-sslkeylog) (push) Has been cancelled
Run-checker daily / run-checker (enable-tfo) (push) Has been cancelled
Run-checker daily / run-checker (enable-trace) (push) Has been cancelled
Run-checker daily / run-checker (enable-unit-test) (push) Has been cancelled
Run-checker daily / run-checker (enable-zlib-dynamic) (push) Has been cancelled
Run-checker daily / run-checker (no-afalgeng) (push) Has been cancelled
Run-checker daily / run-checker (no-apps) (push) Has been cancelled
Run-checker daily / run-checker (no-aria) (push) Has been cancelled
Run-checker daily / run-checker (no-asan) (push) Has been cancelled
Run-checker daily / run-checker (no-asm) (push) Has been cancelled
Run-checker daily / run-checker (no-async) (push) Has been cancelled
Run-checker daily / run-checker (no-atexit) (push) Has been cancelled
Run-checker daily / run-checker (no-autoalginit) (push) Has been cancelled
Run-checker daily / run-checker (no-autoerrinit) (push) Has been cancelled
Run-checker daily / run-checker (no-autoload-config) (push) Has been cancelled
Run-checker daily / run-checker (no-bf) (push) Has been cancelled
Run-checker daily / run-checker (no-blake2) (push) Has been cancelled
Run-checker daily / run-checker (no-buildtest-c++) (push) Has been cancelled
Run-checker daily / run-checker (no-bulk) (push) Has been cancelled
Run-checker daily / run-checker (no-cached-fetch) (push) Has been cancelled
Run-checker daily / run-checker (no-camellia) (push) Has been cancelled
Run-checker daily / run-checker (no-capieng) (push) Has been cancelled
Run-checker daily / run-checker (no-cast) (push) Has been cancelled
Run-checker daily / run-checker (no-chacha) (push) Has been cancelled
Run-checker daily / run-checker (no-cmac) (push) Has been cancelled
Run-checker daily / run-checker (no-comp) (push) Has been cancelled
Run-checker daily / run-checker (no-ct) (push) Has been cancelled
Run-checker daily / run-checker (no-deprecated) (push) Has been cancelled
Run-checker daily / run-checker (no-des) (push) Has been cancelled
Run-checker daily / run-checker (no-docs) (push) Has been cancelled
Run-checker daily / run-checker (no-dsa) (push) Has been cancelled
Run-checker daily / run-checker (no-dtls1) (push) Has been cancelled
Run-checker daily / run-checker (no-dtls1-method) (push) Has been cancelled
Run-checker daily / run-checker (no-dtls1_2) (push) Has been cancelled
Run-checker daily / run-checker (no-dtls1_2-method) (push) Has been cancelled
Run-checker daily / run-checker (no-ecdh) (push) Has been cancelled
Run-checker daily / run-checker (no-ecdsa) (push) Has been cancelled
Run-checker daily / run-checker (no-engine) (push) Has been cancelled
Run-checker daily / run-checker (no-gost) (push) Has been cancelled
Run-checker daily / run-checker (no-hw) (push) Has been cancelled
Run-checker daily / run-checker (no-hw-padlock) (push) Has been cancelled
Run-checker daily / run-checker (no-idea) (push) Has been cancelled
Run-checker daily / run-checker (no-makedepend) (push) Has been cancelled
Run-checker daily / run-checker (no-md4) (push) Has been cancelled
Run-checker daily / run-checker (no-mdc2) (push) Has been cancelled
Run-checker daily / run-checker (no-msan) (push) Has been cancelled
Run-checker daily / run-checker (no-multiblock) (push) Has been cancelled
Run-checker daily / run-checker (no-nextprotoneg) (push) Has been cancelled
Run-checker daily / run-checker (no-ocb) (push) Has been cancelled
Run-checker daily / run-checker (no-padlockeng) (push) Has been cancelled
Run-checker daily / run-checker (no-pic) (push) Has been cancelled
Run-checker daily / run-checker (no-poly1305) (push) Has been cancelled
Run-checker daily / run-checker (no-posix-io) (push) Has been cancelled
Run-checker daily / run-checker (no-psk) (push) Has been cancelled
Run-checker daily / run-checker (no-rc2) (push) Has been cancelled
Run-checker daily / run-checker (no-rdrand) (push) Has been cancelled
Run-checker daily / run-checker (no-rfc3779) (push) Has been cancelled
Run-checker daily / run-checker (no-ripemd) (push) Has been cancelled
Run-checker daily / run-checker (no-rmd160) (push) Has been cancelled
Run-checker daily / run-checker (no-scrypt) (push) Has been cancelled
Run-checker daily / run-checker (no-secure-memory) (push) Has been cancelled
Run-checker daily / run-checker (no-seed) (push) Has been cancelled
Run-checker daily / run-checker (no-shared) (push) Has been cancelled
Run-checker daily / run-checker (no-siphash) (push) Has been cancelled
Run-checker daily / run-checker (no-siv) (push) Has been cancelled
Run-checker daily / run-checker (no-sm2-precomp) (push) Has been cancelled
Run-checker daily / run-checker (no-sm3) (push) Has been cancelled
Run-checker daily / run-checker (no-sm4) (push) Has been cancelled
Run-checker daily / run-checker (no-sock) (push) Has been cancelled
Run-checker daily / run-checker (no-sse2) (push) Has been cancelled
Run-checker daily / run-checker (no-ssl) (push) Has been cancelled
Run-checker daily / run-checker (no-ssl-trace) (push) Has been cancelled
Run-checker daily / run-checker (no-static-engine no-shared) (push) Has been cancelled
Run-checker daily / run-checker (no-tests) (push) Has been cancelled
Run-checker daily / run-checker (no-tls1) (push) Has been cancelled
Run-checker daily / run-checker (no-tls1-method) (push) Has been cancelled
Run-checker daily / run-checker (no-tls1_1) (push) Has been cancelled
Run-checker daily / run-checker (no-tls1_1-method) (push) Has been cancelled
Run-checker daily / run-checker (no-tls1_2-method) (push) Has been cancelled
Run-checker daily / run-checker (no-ubsan) (push) Has been cancelled
Run-checker daily / run-checker (no-ui-console) (push) Has been cancelled
Run-checker daily / run-checker (no-uplink) (push) Has been cancelled
Run-checker daily / run-checker (no-weak-ssl-ciphers) (push) Has been cancelled
Run-checker daily / run-checker (no-whirlpool) (push) Has been cancelled
Run-checker daily / run-checker-sctp (push) Has been cancelled
Run-checker daily / enable_brotli_dynamic (push) Has been cancelled
Run-checker daily / enable_zstd_dynamic (push) Has been cancelled
Run-checker daily / enable_brotli_and_zstd_dynamic (push) Has been cancelled
Run-checker daily / malloc_failure_testing (push) Has been cancelled
Run-checker daily / enable_brotli_and_asan_ubsan (push) Has been cancelled
Run-checker daily / enable_zstd_and_asan_ubsan (push) Has been cancelled
Run-checker daily / enable_tfo (macos-13) (push) Has been cancelled
Run-checker daily / enable_tfo (macos-14) (push) Has been cancelled
Run-checker daily / enable_tfo (ubuntu-latest) (push) Has been cancelled
Run-checker daily / enable_buildtest (push) Has been cancelled
Run-checker daily / memory_sanitizer_slh_dsa (push) Has been cancelled
Build openssl interop containers / update_quay_container (push) Has been cancelled
Build openssl interop containers / update_msquic_quay_container (push) Has been cancelled
OS Zoo CI / alpine (clang, edge) (push) Has been cancelled
OS Zoo CI / alpine (clang, latest) (push) Has been cancelled
OS Zoo CI / alpine (gcc, edge) (push) Has been cancelled
OS Zoo CI / alpine (gcc, latest) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/centos:8 install:sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
dnf install -y gcc make… (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/debian:11 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/debian:12 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/debian:trixie install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/fedora:41 install:dnf install -y gcc make perl-core]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/fedora:42 install:dnf install -y gcc make perl-core]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/rockylinux:8 install:dnf install -y gcc make perl-core]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/rockylinux:9 install:dnf install -y gcc make perl-core]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/ubuntu:20.04 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/ubuntu:22.04 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled
OS Zoo CI / linux (map[image:docker.io/library/ubuntu:24.04 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled
OS Zoo CI / macos (macos-13) (push) Has been cancelled
OS Zoo CI / macos (macos-14) (push) Has been cancelled
OS Zoo CI / macos (macos-15) (push) Has been cancelled
OS Zoo CI / windows (map[os:windows-2022 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat]) (push) Has been cancelled
OS Zoo CI / windows (map[os:windows-2025 vcvars:C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat]) (push) Has been cancelled
OS Zoo CI / linux-arm64 (push) Has been cancelled
OS Zoo CI / linux-ppc64le (push) Has been cancelled
OS Zoo CI / linux-s390x (push) Has been cancelled
OS Zoo CI / linux-riscv64 (push) Has been cancelled
OS Zoo CI / freebsd-x86_64 (push) Has been cancelled
Interoperability tests with GnuTLS and NSS / test (gnutls) (push) Has been cancelled
Interoperability tests with GnuTLS and NSS / test (nss) (push) Has been cancelled
Added "the" before "use" Add missing whitespace Removed unnecessary apostrophe in FIPS.md CLA: trivial Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28362)
202 lines
8.3 KiB
Markdown
202 lines
8.3 KiB
Markdown
OpenSSL FIPS support
|
|
====================
|
|
|
|
This release of OpenSSL includes a cryptographic module that can be
|
|
FIPS validated. The module is implemented as an OpenSSL provider.
|
|
A provider is essentially a dynamically loadable module which implements
|
|
cryptographic algorithms, see the [README-PROVIDERS](README-PROVIDERS.md) file
|
|
for further details.
|
|
|
|
A cryptographic module is only FIPS validated after it has gone through the complex
|
|
FIPS 140 validation process. As this process takes a very long time, it is not
|
|
possible to validate every minor release of OpenSSL.
|
|
If you need a FIPS validated module then you must ONLY generate a FIPS provider
|
|
using OpenSSL versions that have valid FIPS certificates. A FIPS certificate
|
|
contains a link to a Security Policy, and you MUST follow the instructions
|
|
in the Security Policy in order to be FIPS compliant.
|
|
See <https://www.openssl.org/source/> for information related to OpenSSL
|
|
FIPS certificates and Security Policies.
|
|
|
|
Newer OpenSSL Releases that include security or bug fixes can be used to build
|
|
all other components (such as the core APIs, TLS and the default, base and
|
|
legacy providers) without any restrictions, but the FIPS provider must be built
|
|
as specified in the Security Policy (normally with a different version of the
|
|
source code).
|
|
|
|
The OpenSSL FIPS provider is a shared library called `fips.so` (on Unix), or
|
|
resp. `fips.dll` (on Windows). The FIPS provider does not get built and
|
|
installed automatically. To enable it, you need to configure OpenSSL using
|
|
the `enable-fips` option.
|
|
|
|
Installing the FIPS provider
|
|
============================
|
|
|
|
In order to be FIPS compliant you must only use FIPS validated source code.
|
|
Refer to <https://www.openssl.org/source/> for information related to
|
|
which versions are FIPS validated. The instructions given below build OpenSSL
|
|
just using the FIPS validated source code. Any FIPS validated version may be
|
|
used with any other openssl library. Please see <https://www.openssl.org/source/>
|
|
To determine which FIPS validated library version may be appropriate for you.
|
|
|
|
If you want to use a validated FIPS provider, but also want to use the latest
|
|
OpenSSL release to build everything else, then refer to the next section.
|
|
|
|
The following is only a guide.
|
|
Please read the Security Policy for up to date installation instructions.
|
|
|
|
If the FIPS provider is enabled, it gets installed automatically during the
|
|
normal installation process. Simply follow the normal procedure (configure,
|
|
make, make test, make install) as described in the [INSTALL](INSTALL.md) file.
|
|
|
|
For example, on Unix the final command
|
|
|
|
$ make install
|
|
|
|
effectively executes the following install targets
|
|
|
|
$ make install_sw
|
|
$ make install_ssldirs
|
|
$ make install_docs
|
|
$ make install_fips # for `enable-fips` only
|
|
|
|
The `install_fips` make target can also be invoked explicitly to install
|
|
the FIPS provider independently, without installing the rest of OpenSSL.
|
|
|
|
The Installation of the FIPS provider consists of two steps. In the first step,
|
|
the shared library is copied to its installed location, which by default is
|
|
|
|
/usr/local/lib/ossl-modules/fips.so on Unix, and
|
|
C:\Program Files\OpenSSL\lib\ossl-modules\fips.dll on Windows.
|
|
|
|
In the second step, the `openssl fipsinstall` command is executed, which completes
|
|
the installation by doing the following two things:
|
|
|
|
- Runs the FIPS module self tests
|
|
- Generates the so-called FIPS module configuration file containing information
|
|
about the module such as the module checksum (and for OpenSSL 3.1.2 the
|
|
self test status).
|
|
|
|
The FIPS module must have the self tests run, and the FIPS module config file
|
|
output generated on every machine that it is to be used on. For OpenSSL 3.1.2
|
|
you must not copy the FIPS module config file output data from one machine to another.
|
|
|
|
On Unix, the `openssl fipsinstall` command will be invoked as follows by default:
|
|
|
|
$ openssl fipsinstall -out /usr/local/ssl/fipsmodule.cnf -module /usr/local/lib/ossl-modules/fips.so
|
|
|
|
If you configured OpenSSL to be installed to a different location, the paths will
|
|
vary accordingly. In the rare case that you need to install the fipsmodule.cnf
|
|
to a non-standard location, you can execute the `openssl fipsinstall` command manually.
|
|
|
|
Installing the FIPS provider and using it with the latest release
|
|
=================================================================
|
|
|
|
This normally requires you to download 2 copies of the OpenSSL source code.
|
|
|
|
Download and build a validated FIPS provider
|
|
--------------------------------------------
|
|
|
|
Refer to <https://www.openssl.org/source/> for information related to
|
|
which versions are FIPS validated. For this example we use OpenSSL 3.1.2.
|
|
|
|
$ wget https://www.openssl.org/source/openssl-3.1.2.tar.gz
|
|
$ tar -xf openssl-3.1.2.tar.gz
|
|
$ cd openssl-3.1.2
|
|
$ ./Configure enable-fips
|
|
$ make
|
|
$ cd ..
|
|
|
|
Download and build the latest release of OpenSSL
|
|
------------------------------------------------
|
|
|
|
We use OpenSSL 3.5.0 here, (but you could also use the latest 3.5.X)
|
|
|
|
$ wget https://www.openssl.org/source/openssl-3.5.0.tar.gz
|
|
$ tar -xf openssl-3.5.0.tar.gz
|
|
$ cd openssl-3.5.0
|
|
$ ./Configure enable-fips
|
|
$ make
|
|
|
|
Use the OpenSSL FIPS provider for testing
|
|
-----------------------------------------
|
|
|
|
We do this by replacing the artifact for the OpenSSL 3.5.0 FIPS provider.
|
|
Note that the OpenSSL 3.5.0 FIPS provider has not been validated
|
|
so it must not be used for FIPS purposes.
|
|
|
|
$ cp ../openssl-3.1.2/providers/fips.so providers/.
|
|
$ cp ../openssl-3.1.2/providers/fipsmodule.cnf providers/.
|
|
// Note that for OpenSSL 3.1.2 that the `fipsmodule.cnf` file should not
|
|
// be copied across multiple machines if it contains an entry for
|
|
// `install-status`. (Otherwise the self tests would be skipped).
|
|
|
|
// Validate the output of the following to make sure we are using the
|
|
// OpenSSL 3.1.2 FIPS provider
|
|
$ ./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
|
-provider fips -providers
|
|
|
|
// Now run the current tests using the OpenSSL 3.1.2 FIPS provider.
|
|
$ make tests
|
|
|
|
Copy the FIPS provider artifacts (`fips.so` & `fipsmodule.cnf`) to known locations
|
|
-------------------------------------------------------------------------------------
|
|
|
|
$ cd ../openssl-3.1.2
|
|
$ sudo make install_fips
|
|
|
|
Check that the correct FIPS provider is being used
|
|
--------------------------------------------------
|
|
|
|
$ cd ../openssl-3.5.0
|
|
$./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
|
-provider fips -providers
|
|
|
|
// This should produce the following output
|
|
Providers:
|
|
base
|
|
name: OpenSSL Base Provider
|
|
version: 3.5.0
|
|
status: active
|
|
fips
|
|
name: OpenSSL FIPS Provider
|
|
version: 3.1.2
|
|
status: active
|
|
|
|
Using the FIPS Module in applications
|
|
=====================================
|
|
|
|
Documentation about using the FIPS module is available on the [fips_module(7)]
|
|
manual page.
|
|
|
|
[fips_module(7)]: https://docs.openssl.org/master/man7/fips_module
|
|
|
|
Entropy Source
|
|
==============
|
|
|
|
The FIPS provider typically relies on an external entropy source,
|
|
specified during OpenSSL build configuration (default: `os`). However, by
|
|
enabling the `enable-fips-jitter` option during configuration, an internal
|
|
jitter entropy source will be used instead. Note that this will cause
|
|
the FIPS provider to operate in a non-compliant mode unless an entropy
|
|
assessment [ESV] and validation through the [CMVP] are additionally conducted.
|
|
|
|
Note that the `enable-fips-jitter` option is only available in OpenSSL
|
|
versions 3.5 and later.
|
|
|
|
[CMVP]: https://csrc.nist.gov/projects/cryptographic-module-validation-program
|
|
[ESV]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/entropy-validations
|
|
|
|
3rd-Party Vendor Builds
|
|
=====================================
|
|
|
|
Some Vendors choose to patch/modify/build their own FIPS provider,
|
|
test it with a Security Laboratory and submit it under their own CMVP
|
|
certificate, instead of using OpenSSL Project submissions. When doing
|
|
so, FIPS provider should uniquely identify its own name and version
|
|
number. The build infrastructure allows to customize FIPS provider
|
|
build information via changes to strings in `VERSION.dat`.
|
|
|
|
Setting "PRE_RELEASE_TAG" (dashed suffix), "BUILD_METADATA" (plus
|
|
suffix), and "FIPS_VENDOR" allow to control reported FIPS provider
|
|
name and build version as required for CMVP submission.
|