diff --git a/.github/workflows/asan.yml b/.github/workflows/asan.yml deleted file mode 100644 index af84ec01..00000000 --- a/.github/workflows/asan.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Asan Test - -# START OF COMMON SECTION -on: - push: - branches: [ '*' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - make_check: - name: asan test - runs-on: ubuntu-latest - # This should be a safe limit for the tests to run. - timeout-minutes: 10 - steps: - - uses: actions/checkout@v4 - name: Checkout wolfProvider - - - name: Test wolfProvider - run: | - WOLFPROV_CONFIG_CFLAGS="-static-libasan -fsanitize=address,undefined -g" ./scripts/build-wolfprovider.sh - - - name: Print errors - if: ${{ failure() }} - run: | - if [ -f test-suite.log ] ; then - cat test-suite.log - fi - diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml deleted file mode 100644 index eb3d80c2..00000000 --- a/.github/workflows/bind9.yml +++ /dev/null @@ -1,133 +0,0 @@ -name: Bind9 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_bind: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - bind_ref: [ 'v9.18.28' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install bind9 test dependencies - run: | - apt-get update - apt install -y build-essential automake libtool gnutls-bin \ - pkg-config make libidn2-dev libuv1-dev libnghttp2-dev libcap-dev \ - libjemalloc-dev zlib1g-dev libxml2-dev libjson-c-dev libcmocka-dev \ - python3-pytest python3-dnspython python3-hypothesis patch iproute2 \ - net-tools git - PERL_MM_USE_DEFAULT=1 cpan -i Net::DNS - - - name: Checkout bind9 - uses: actions/checkout@v4 - with: - repository: isc-projects/bind9 - path: bind9 - ref: ${{ matrix.bind_ref }} - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd bind9 - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/bind9/bind9-${{ matrix.bind_ref }}-wolfprov.patch - - - name: Build and test bind9 with wolfProvider - working-directory: bind9 - shell: bash - run: | - - set +o pipefail # ignore errors from make check - autoreconf -ivf - ./configure - make clean - make -j$(nproc) - ./bin/tests/system/ifconfig.sh up - - export ${{ matrix.force_fail }} - make -j$(nproc) check 2>&1 | tee bind9-test.log - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} bind9 diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml deleted file mode 100644 index c3f1d01b..00000000 --- a/.github/workflows/cjose.yml +++ /dev/null @@ -1,121 +0,0 @@ -name: cjose Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_cjose: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # Run inside Debian Bookworm to match packaging environment - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - # Dont test osp master since it might be unstable - cjose_ref: [ 'v0.6.2.1' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Install cjose dependencies - run: | - apt-get update - apt-get install -y git build-essential autoconf automake \ - libtool pkg-config libjansson-dev check ca-certificates dpkg-dev - - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Download cjose - uses: actions/checkout@v4 - with: - repository: OpenIDC/cjose - ref: ${{ matrix.cjose_ref }} - path: cjose - fetch-depth: 1 - - - name: Build cjose - working-directory: cjose - run: | - ./configure CFLAGS="-Wno-error=deprecated-declarations" - - # Build cjose - make - - - name: Run cjose tests - working-directory: cjose - run: | - export ${{ matrix.force_fail }} - - make test 2>&1 | tee cjose-test.log - TEST_RESULT=$(grep -q "FAIL: check_cjose" cjose-test.log && echo "1" || echo "0") - echo "TEST_RESULT = $TEST_RESULT" - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cjose diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml deleted file mode 100644 index 374e61bc..00000000 --- a/.github/workflows/codespell.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: Codespell test - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - codespell: - name: Check for spelling errors - runs-on: ubuntu-22.04 - timeout-minutes: 5 - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - - - name: Create exclude file if needed - run: | - if [ ! -f .codespellexcludelines ]; then - touch .codespellexcludelines - fi - - - name: Run codespell - uses: codespell-project/actions-codespell@v2.1 - with: - check_filenames: true - check_hidden: true - # Add comma separated list of words that occur multiple times that should be ignored (sorted alphabetically, case sensitive) - ignore_words_list: adin,addIn,aNULL,brunch,carryIn,chainG,ciph,cLen,cliKs,dout,emac,haveA,inCreated,inOut,inout,larg,LEAPYEAR,Merget,optionA,parm,parms,repid,rIn,userA,ser,siz,te,Te,toLen - # The exclude_file contains lines of code that should be ignored. This is useful for individual lines which have non-words that can safely be ignored. - exclude_file: '.codespellexcludelines' - # To skip files entirely from being processed, add it to the following list: - skip: '*.cproject,*.der,*.mtpj,*.pem,*.vcxproj,.git,*.launch,*.scfg,*.revoked,*.txt' - - - name: Print errors - if: ${{ failure() }} - run: | - if [ -f test-suite.log ] ; then - cat test-suite.log - fi diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml deleted file mode 100644 index 677bab46..00000000 --- a/.github/workflows/curl.yml +++ /dev/null @@ -1,127 +0,0 @@ -name: Curl Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_curl: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - curl_ref: [ 'curl-8_4_0', 'curl-7_88_1' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y nghttp2 libpsl5 libpsl-dev python3-impacket \ - build-essential autoconf automake libtool - - - name: Build curl - uses: wolfSSL/actions-build-autotools-project@v1 - with: - repository: curl/curl - path: curl - ref: ${{ matrix.curl_ref }} - configure: --with-openssl - check: false - - - name: Generate certificates for curl master force-fail tests - run: | - if [ "${{ matrix.force_fail }}" = "WOLFPROV_FORCE_FAIL=1" ] && - [ "${{ matrix.curl_ref }}" = "master" ]; then - cd curl/tests/certs - make test-ca.cacert - cd ../.. - fi - - name: Test curl with wolfProvider - working-directory: curl - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - export CURL_REF=${{ matrix.curl_ref }} - - # Tests rely on $USER being set - export USER=testuser - - # Run tests and save output to test.log - make -j$(nproc) test-ci 2>&1 | tee curl-test.log - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} curl diff --git a/.github/workflows/fips-ready.yml b/.github/workflows/fips-ready.yml deleted file mode 100644 index 9790a54b..00000000 --- a/.github/workflows/fips-ready.yml +++ /dev/null @@ -1,61 +0,0 @@ -name: FIPS Ready Bundle Test - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - fips_ready_test: - name: FIPS Ready Bundle Test - runs-on: ubuntu-22.04 - timeout-minutes: 20 - strategy: - matrix: - wolfssl_bundle_ref: [ '5.8.2' ] - openssl_ref: [ 'openssl-3.5.0' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Download FIPS Ready Bundle - run: | - # Download FIPS ready bundle from wolfSSL website - BUNDLE_URL="https://www.wolfssl.com/wolfssl-${{matrix.wolfssl_bundle_ref}}-gplv3-fips-ready.zip" - - wget -O wolfssl-fips-ready.zip "$BUNDLE_URL" - unzip wolfssl-fips-ready.zip - - # Find the extracted directory (build script requires directory, not zip) - BUNDLE_DIR=$(find . -maxdepth 1 -type d -name "*fips-ready*" | head -n 1) - if [ -z "$BUNDLE_DIR" ]; then - echo "ERROR: Could not find FIPS ready bundle directory after extraction" - ls -la - exit 1 - fi - - echo "FIPS_BUNDLE_PATH=$(pwd)/$BUNDLE_DIR" >> $GITHUB_ENV - echo "Found FIPS bundle directory at: $BUNDLE_DIR" - - - name: Build wolfProvider with FIPS Ready Bundle - run: | - ./scripts/build-wolfprovider.sh --fips-bundle="$FIPS_BUNDLE_PATH" \ - --fips-check=ready --wolfssl-ver=v${{matrix.wolfssl_bundle_ref}}-stable - - - name: Run FIPS Command Tests - run: | - # Run cmd tests to verify functionality - export WOLFSSL_ISFIPS=1 - export ${{matrix.force_fail}} - - ${{ matrix.force_fail }} ./scripts/cmd_test/do-cmd-tests.sh diff --git a/.github/workflows/git-ssh-dr.yml b/.github/workflows/git-ssh-dr.yml deleted file mode 100644 index ddbcda05..00000000 --- a/.github/workflows/git-ssh-dr.yml +++ /dev/null @@ -1,111 +0,0 @@ -name: Git SSH Default Replace Tests - -on: - push: - branches: [ 'master', 'main', 'release/**', ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - git-ssh-default-replace-test: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - key_type: [ 'rsa', 'ecdsa', 'ed25519', 'chacha20-poly1305' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - iterations: [ 10 ] # Total of 50 runs - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Set up environment - run: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y openssh-client openssh-server expect xxd git \ - net-tools git-all - - - name: Run git + replace default + ssh test - shell: bash - run: | - echo "=== Running Git + replace default + ssh Test ===" - echo "Using the local test script for consistent testing" - # Run the test with the matrix parameters - echo "Testing with key type: ${{ matrix.key_type }}" - echo "Running ${{ matrix.iterations }} iterations" - - # Run the scripts test - ${{ matrix.force_fail }} ./scripts/test-git-ssh-dr.sh \ - --key-types "${{ matrix.key_type }}" \ - --iterations "${{ matrix.iterations }}" \ - --verbose - - echo "=== Test completed for ${{ matrix.key_type }} ===" diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml deleted file mode 100644 index 19f38c12..00000000 --- a/.github/workflows/grpc.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: gRPC Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_grpc: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 30 - strategy: - fail-fast: false - matrix: - include: - - grpc_ref: v1.60.0 # TODO: Add master - tests: >- - bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test - crl_ssl_transport_security_test server_ssl_test - ssl_transport_security_test ssl_transport_security_utils_test - test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test - h2_ssl_cert_test h2_ssl_session_reuse_test - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install prerequisites - run: | - apt-get update - apt-get install -y build-essential autoconf libtool pkg-config clang \ - libc++-dev iproute2 net-tools git python3-six - - - name: Confirm IPv4 and IPv6 support - run: | - ip addr list lo | grep 'inet ' - ip addr list lo | grep 'inet6 ' - - - name: Setup cmake version - uses: jwlawson/actions-setup-cmake@v2 - with: - cmake-version: '3.25.x' - - - name: Checkout grpc - uses: actions/checkout@v4 - with: - repository: grpc/grpc - path: grpc - ref: ${{ matrix.grpc_ref }} - - - name: Build grpc with wolfProvider - working-directory: ./grpc - run: | - # Initialize submodules - git submodule update --init - - # Build - mkdir -p cmake/build - cd cmake/build - - # Configure with OpenSSL and wolfProvider - cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=package ../.. - - # Build the tests - make -j $(nproc) ${{ matrix.tests }} - - - name: Run grpc tests with wolfProvider - working-directory: ./grpc - run: | - - # Start the port server - ./tools/run_tests/start_port_server.py - - # Run the tests - for t in ${{ matrix.tests }} ; do - ./cmake/build/$t - done diff --git a/.github/workflows/hostap.yml b/.github/workflows/hostap.yml deleted file mode 100644 index a3982366..00000000 --- a/.github/workflows/hostap.yml +++ /dev/null @@ -1,264 +0,0 @@ -name: hostap and wpa supplicant Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**'] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - - test_hostap: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # Run inside Debian Bookworm with privileged access for UML - container: - image: debian:bookworm - options: --privileged --cap-add=ALL -v /dev:/dev - env: - DEBIAN_FRONTEND: noninteractive - # This should be a safe limit for the tests to run. - timeout-minutes: 90 - strategy: - matrix: - hostap_ref: [ 'main' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - # Checkout the source so we can run the check-workflow-result script. - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Show OpenSSL version - run: | - echo "OpenSSL version:" - openssl version -a || true - - - name: Test OpenSSL providers before hostap installation - run: | - echo "Testing OpenSSL providers before hostap installation..." - openssl list -providers - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install hostap dependencies - run: | - apt-get update - apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \ - libnl-3-dev binutils-dev libiberty-dev libnl-genl-3-dev libnl-route-3-dev \ - libdbus-1-dev bridge-utils tshark python3-pycryptodome libsqlite3-dev \ - libzstd1 wireless-tools iw build-essential autoconf automake libtool \ - pkg-config git wget ca-certificates flex bison bc libxml2-dev zlib1g-dev \ - python3-pip psmisc iproute2 procps net-tools systemd kmod wireless-regdb - apt-get remove -y python3-cryptography 2>/dev/null || true - pip install --no-cache-dir --force-reinstall --break-system-packages cryptography - - - name: Checkout hostap - run: | - test -d hostap || git clone https://w1.fi/hostap.git - cd hostap/tests/hwsim/vm && git checkout inside.sh 2>/dev/null || true - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - - name: Apply hostap patches for wolfProvider - run: | - cd hostap - if [ -f "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch" ]; then - echo "Applying OSP hostap patch..." - patch -p1 < "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch" - else - echo "No OSP patch found for hostap-${{ matrix.hostap_ref }}" - fi - - - name: Checkout linux - uses: actions/checkout@v4 - with: - repository: torvalds/linux - path: linux - ref: master - - - name: Compile linux - run: | - cp $GITHUB_WORKSPACE/hostap/tests/hwsim/vm/kernel-config.uml linux/.config - cd linux - yes "" | ARCH=um make -j $(nproc) - - - name: Update config - working-directory: hostap/tests/hwsim - run: | - cat << EOF >> example-hostapd.config - CFLAGS += -I/usr/include/openssl - LDFLAGS += -L/usr/lib/x86_64-linux-gnu - LIBS += -lssl -lcrypto - EOF - cat << EOF >> example-wpa_supplicant.config - CFLAGS += -I/usr/include/openssl - LDFLAGS += -L/usr/lib/x86_64-linux-gnu - LIBS += -lssl -lcrypto - EOF - - - name: Setup non-WPFF environment - working-directory: hostap/tests/hwsim - if: matrix.force_fail == '' - run: | - cd vm && git checkout inside.sh 2>/dev/null || true && cd .. - sed -i '115 r /dev/stdin' vm/inside.sh <<'ENVEOF' - cat > /tmp/bin/halt << 'HALTEOF' - #!/bin/sh - sync - exit 0 - HALTEOF - chmod +x /tmp/bin/halt - OPENSSL_MODULES_PATH=$(find /usr -name "libwolfprov.so" -exec dirname {} \; 2>/dev/null | head -1) - [ -n "$OPENSSL_MODULES_PATH" ] && export OPENSSL_MODULES="$OPENSSL_MODULES_PATH" - export OPENSSL_CONF="/etc/ssl/openssl.cnf" - export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 - ENVEOF - - - name: Setup WPFF environment - working-directory: hostap/tests/hwsim - if: matrix.force_fail == 'WOLFPROV_FORCE_FAIL=1' - run: | - cd vm && git checkout inside.sh 2>/dev/null || true && cd .. - sed -i '115 r /dev/stdin' vm/inside.sh <<'ENVEOF' - cat > /tmp/bin/halt << 'HALTEOF' - #!/bin/sh - sync - exit 0 - HALTEOF - chmod +x /tmp/bin/halt - OPENSSL_MODULES_PATH=$(find /usr -name "libwolfprov.so" -exec dirname {} \; 2>/dev/null | head -1) - [ -n "$OPENSSL_MODULES_PATH" ] && export OPENSSL_MODULES="$OPENSSL_MODULES_PATH" - export OPENSSL_CONF="/etc/ssl/openssl.cnf" - export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 - export WOLFPROV_FORCE_FAIL=1 - ENVEOF - - - name: Update certs - working-directory: hostap/tests/hwsim/auth_serv - run: ./update.sh - - - name: Build hostap and wpa_supplicant - working-directory: hostap/tests/hwsim/ - run: ./build.sh - - - name: Verify openssl binaries linked - working-directory: hostap - run: | - ldd hostapd/hostapd | grep ssl - ldd wpa_supplicant/wpa_supplicant | grep ssl - - - name: Run focused tests - id: testing - working-directory: hostap/tests/hwsim/ - continue-on-error: true - run: | - set +e - - echo "KERNELDIR=$GITHUB_WORKSPACE/linux" >> vm/vm-config - - # Run smoke tests - SMOKE_TESTS="ap_open ap_wpa2_psk discovery" - timeout 3m ./vm/parallel-vm.py --nocurses $(nproc) $SMOKE_TESTS || SMOKE_RES=$? - - # Run EAP tests (excluding MSCHAPv2 - requires MD4/DES not in wolfSSL) - TLS_EAP_TESTS="ap_wpa2_eap_tls ap_wpa2_eap_ttls_eap_gtc ap_wpa2_eap_peap_eap_tls" - timeout 5m ./vm/parallel-vm.py --nocurses $(nproc) $TLS_EAP_TESTS || TLS_RES=$? - - # Evaluate results - FINAL_RES=0 - if [ "${SMOKE_RES:-0}" -ne "0" ] || [ "${TLS_RES:-0}" -ne "0" ]; then - FINAL_RES=1 - fi - - # Check for connection failures (common with WOLFPROV_FORCE_FAIL) - WPA_CONNECT_FAILS=$(grep -h "Could not connect to /tmp/wpas" /tmp/hwsim-test-logs/*-parallel.log 2>/dev/null | wc -l || echo "0") - - # Ignore NOT-FOUND errors (test files missing/require special params) - NOT_FOUND=$(grep -h "NOT-FOUND" /tmp/hwsim-test-logs/*-parallel.log 2>/dev/null | wc -l || echo "0") - REAL_FAILS=$(grep -h "Failed:" /tmp/hwsim-test-logs/*-parallel.log 2>/dev/null | grep -v "NOT-FOUND" | wc -l || echo "0") - if [ "$FINAL_RES" -ne "0" ] && [ "$REAL_FAILS" -eq "0" ] && [ "$NOT_FOUND" -gt "0" ]; then - FINAL_RES=0 - fi - - # Check results based on test mode - if [ "${{ matrix.force_fail }}" = "WOLFPROV_FORCE_FAIL=1" ]; then - # With force fail, we expect failures or connection issues - if [ $FINAL_RES -ne 0 ] || [ "$WPA_CONNECT_FAILS" -gt "0" ]; then - echo "✓ EXPECTED: Tests failed/crashed with WOLFPROV_FORCE_FAIL=1" - exit 0 - else - echo "✗ UNEXPECTED: Tests passed with WOLFPROV_FORCE_FAIL=1" - exit 1 - fi - else - if [ $FINAL_RES -eq 0 ]; then - echo "✓ SUCCESS: wolfProvider tests passed" - exit 0 - else - echo "✗ FAILURE: wolfProvider tests failed" - exit 1 - fi - fi diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml deleted file mode 100644 index 58e26d0f..00000000 --- a/.github/workflows/iperf.yml +++ /dev/null @@ -1,147 +0,0 @@ -name: iperf Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_iperf: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - iperf_ref: [ '3.12' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y build-essential autoconf libtool pkg-config clang \ - libc++-dev - - - name: Checkout iperf - uses: actions/checkout@v4 - with: - repository: esnet/iperf - ref: ${{ matrix.iperf_ref }} - path: iperf - - - name: Build iperf - working-directory: iperf - run: | - # Configure with OpenSSL - ./configure - - # Build iperf - make -j - - - name: Generate RSA keys - run: | - export KEY_DIR=$GITHUB_WORKSPACE/test-keys - mkdir -p $KEY_DIR - cd $KEY_DIR - # Generate RSA keys for iperf tests - openssl genrsa -out rsa_private_unprotected.pem 2048 - openssl rsa -in rsa_private_unprotected.pem -out rsa_private.pem -aes256 -passout 'pass:password' - openssl rsa -in rsa_private.pem -pubout -out rsa_public.pem -passin 'pass:password' - # Create a credentials file for iperf - # Username: mario, Password: rossi - echo "mario,bf7a49a846d44b454a5d11e7acfaf13d138bbe0b7483aa3e050879700572709b" > credentials.csv - - - name: Run tests - working-directory: iperf - run: | - export ${{ matrix.force_fail }} - - # Test variables for iperf - export IPERF3_EXECUTABLE=$GITHUB_WORKSPACE/iperf/src/iperf3 - export IPERF3_LIB=$GITHUB_WORKSPACE/iperf/src/.libs/libiperf.so - export IPERF3_TEST_INTERVAL=0.1 - export IPERF3_TEST_DURATION=10 - export IPERF3_TEST_LOG=iperf-test.log - export IPERF3_USER=mario - export IPERF3_PASSWORD=rossi - export KEY_DIR=$GITHUB_WORKSPACE/test-keys - - # Launch the iperf server in the background - $IPERF3_EXECUTABLE -s \ - --rsa-private-key-path $KEY_DIR/rsa_private_unprotected.pem \ - --authorized-users-path $KEY_DIR/credentials.csv & - - # Run the client - $IPERF3_EXECUTABLE -c localhost -i $IPERF3_TEST_INTERVAL -t $IPERF3_TEST_DURATION \ - --rsa-public-key-path $KEY_DIR/rsa_public.pem \ - --user $IPERF3_USER | tee $IPERF3_TEST_LOG \ diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml deleted file mode 100644 index 43adaebe..00000000 --- a/.github/workflows/ipmitool.yml +++ /dev/null @@ -1,112 +0,0 @@ -name: IPMItool Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_ipmitool: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - ipmitool_ref: [ 'IPMITOOL_1_8_19' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y libreadline-dev build-essential autoconf \ - automake libtool pkg-config autoconf-archive wget - - - name: Build ipmitool with wolfProvider - uses: wolfSSL/actions-build-autotools-project@v1 - with: - repository: ipmitool/ipmitool - ref: ${{ matrix.ipmitool_ref }} - path: ipmitool - check: false - - - name: Confirm built with OpenSSL and test with wolfProvider - working-directory: ipmitool - run: | - - # Verify ipmitool was built and linked correctly with OpenSSL - ldd src/ipmitool | grep -E '(libssl|libcrypto)' - ldd src/ipmievd | grep -E '(libssl|libcrypto)' - - # Run a simple command to verify functionality - ./src/ipmitool -V diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml deleted file mode 100644 index e5e9b6ed..00000000 --- a/.github/workflows/krb5.yml +++ /dev/null @@ -1,141 +0,0 @@ -name: KRB5 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_krb5: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 30 - strategy: - matrix: - krb5_ref: [ 'krb5-1.20.1-final' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install KRB5 dependencies - run: | - apt-get update - apt-get install -y \ - build-essential autoconf automake libtool \ - bison flex libldap2-dev libkeyutils-dev \ - libverto-dev libcom-err2 comerr-dev \ - libss2 ss-dev - - - name: Checkout KRB5 - uses: actions/checkout@v4 - with: - repository: krb5/krb5 - path: krb5 - ref: ${{ matrix.krb5_ref }} - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd krb5 - # Apply the wolfProvider patch - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/krb5/krb5-1.20.1-final-wolfprov.patch - - - name: Build and test KRB5 with wolfProvider - working-directory: krb5 - shell: bash - run: | - - set +o pipefail # ignore errors from make check - # Build KRB5 - cd src - autoreconf -fiv - ./configure \ - --prefix=$GITHUB_WORKSPACE/krb5-install \ - --with-crypto-impl=openssl \ - --disable-pkinit \ - CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" \ - LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64" - - make -j$(nproc) - make install - - export ${{ matrix.force_fail }} - - # Run tests and save output - make check 2>&1 | tee krb5-test.log - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} krb5 diff --git a/.github/workflows/libcryptsetup.yml b/.github/workflows/libcryptsetup.yml deleted file mode 100644 index 4ff27c54..00000000 --- a/.github/workflows/libcryptsetup.yml +++ /dev/null @@ -1,147 +0,0 @@ -name: Libcryptsetup Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_cryptsetup: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - cryptsetup_ref: ['v2.6.1'] - wolfssl_ref: ['v5.8.2-stable'] - openssl_ref: ['openssl-3.5.2'] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y \ - build-essential autoconf asciidoctor gettext autopoint libtool \ - pkg-config uuid-dev libdevmapper-dev libpopt-dev libjson-c-dev \ - libargon2-dev libblkid-dev bsdextrautils kmod util-linux cryptsetup-bin - - - name: Checkout cryptsetup - uses: actions/checkout@v4 - with: - repository: mbroz/cryptsetup - path: cryptsetup - ref: ${{ matrix.cryptsetup_ref }} - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd cryptsetup - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libcryptsetup/libcryptsetup-${{ matrix.cryptsetup_ref }}-wolfprov.patch - - - name: Build cryptsetup - working-directory: cryptsetup - run: | - ./autogen.sh - ./configure --enable-static \ - --with-crypto-backend=openssl \ - --disable-ssh-token - make -j$(nproc) - - # According to ChatGPT, the following tests are excluded since they use - # crypto kernel rather than openssl: - # bitlk-compat-test → does activation via dm-crypt (kernel). - # reencryption-compat-test → kernel dm-crypt online reencryption. - # verity-compat-test → dm-verity (kernel). - # integrity-compat-test → dm-integrity (kernel). - # blockwise-compat-test / luks2-*reencryption* → scsi_debug / kernel paths. - # unit-wipe-test → direct I/O expectations that depend on kernel/devices. - # Instead, only run the following tests: - # - vectors-test - # - run-all-symbols - # - unit-utils-crypt-test - - name: Run cryptsetup tests - working-directory: cryptsetup - run: | - export ${{ matrix.force_fail }} - - # from the cryptsetup source root - make -j$(nproc) - make -C tests check TESTS="vectors-test run-all-symbols unit-utils-crypt-test" VERBOSE=1 2>&1 | tee cryptsetup-test.log - TEST_RESULT=$(grep -q "All 3 tests passed" cryptsetup-test.log && echo "0" || echo "1") - printf "TEST_RESULT: $TEST_RESULT\n" - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cryptsetup diff --git a/.github/workflows/libeac3.yml b/.github/workflows/libeac3.yml deleted file mode 100644 index 7e2a64ad..00000000 --- a/.github/workflows/libeac3.yml +++ /dev/null @@ -1,135 +0,0 @@ -name: libeac3 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_libeac3: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - openpace_ref: [ '1.1.3' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - # Checkout the source so we can run the check-workflow-result script. - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install libeac3 dependencies - run: | - apt-get update - apt-get install -y autoconf automake libtool libc6 help2man gengetopt \ - pkg-config m4 patch autoconf automake libtool pkg-config build-essential - - - name: Checkout openpace - uses: actions/checkout@v4 - with: - repository: frankmorgner/openpace - ref: ${{ matrix.openpace_ref }} - path: openpace - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfSSL/osp - path: osp - fetch-depth: 1 - - run: | - cd openpace - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openpace/openpace-${{ matrix.openpace_ref }}-wolfprov.patch - - - name: Build openpace - working-directory: openpace - run: | - autoreconf --verbose --install - ./configure - make - make install - - - name: Run libeac3 tests - working-directory: openpace - run: | - export ${{ matrix.force_fail }} - ./src/eactest > libeac3-test.log || echo "eactest failed with exit code $?" - cat libeac3-test.log - - if grep -q "Everything works as expected." libeac3-test.log; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libeac3 diff --git a/.github/workflows/libfido2.yml b/.github/workflows/libfido2.yml deleted file mode 100644 index af4dc5a4..00000000 --- a/.github/workflows/libfido2.yml +++ /dev/null @@ -1,125 +0,0 @@ -name: libfido2 Tests -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_libfido2: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 15 - strategy: - matrix: - libfido2_ref: [ '1.15.0' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install test dependencies - run: | - apt-get update - apt-get install -y build-essential cmake pkg-config libudev-dev \ - zlib1g-dev libcbor-dev libpcsclite-dev pcscd - - - name: Checkout libfido2 - uses: actions/checkout@v4 - with: - repository: Yubico/libfido2 - path: libfido2_repo - ref: ${{ matrix.libfido2_ref }} - fetch-depth: 1 - - - name: Build and install libfido2 - working-directory: libfido2_repo - run: | - mkdir build - cd build - cmake -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install .. - make -j$(nproc) - make install - - - name: Run libfido2 tests - working-directory: libfido2_repo/build - run: | - export ${{ matrix.force_fail }} - - # Run tests, excluding regress_dev which requires hardware/fails in CI - ctest --exclude-regex "regress_dev" 2>&1 | tee libfido2-test.log - - # Check test results directly in YAML - if grep -q "100% tests passed" libfido2-test.log; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libfido2 - - - diff --git a/.github/workflows/libhashkit2.yml b/.github/workflows/libhashkit2.yml deleted file mode 100644 index a3b17975..00000000 --- a/.github/workflows/libhashkit2.yml +++ /dev/null @@ -1,124 +0,0 @@ -name: libhashkit2 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_libhashkit2: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - libhashkit2_ref: [ '1.1.4' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install libmemcached dependencies - run: | - apt-get update - apt-get install -y cmake build-essential bison flex memcached libc6 - - - name: Download libmemcached - uses: actions/checkout@v4 - with: - repository: awesomized/libmemcached - ref: ${{ matrix.libhashkit2_ref }} - path: libmemcached - fetch-depth: 1 - - - name: Build libmemcached - working-directory: libmemcached - run: | - # Build libmemcached with OpenSSL support - mkdir build - cd build - cmake -DBUILD_TESTING=ON -DCMAKE_BUILD_TYPE=Debug -DENABLE_OPENSSL_CRYPTO=ON .. - make - - - name: Run libhashkit2 tests - working-directory: libmemcached/build - run: | - export ${{ matrix.force_fail }} - # Run tests - make test 2>&1 | tee libhashkit2-test.log - if grep -q "(Failed)" libhashkit2-test.log; then - TEST_RESULT=1 - else - TEST_RESULT=0 - fi - echo "TEST_RESULT = $TEST_RESULT" - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libhashkit2 diff --git a/.github/workflows/libnice.yml b/.github/workflows/libnice.yml deleted file mode 100644 index 06e47012..00000000 --- a/.github/workflows/libnice.yml +++ /dev/null @@ -1,119 +0,0 @@ -name: libnice Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_libnice: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 20 - strategy: - matrix: - libnice_ref: [ '0.1.21' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt update - apt install -y \ - build-essential pkg-config meson ninja-build libglib2.0-dev \ - libgstreamer1.0-dev libunwind-dev gstreamer1.0-plugins-base-apps - - - name: Download libnice - uses: actions/checkout@v4 - with: - repository: libnice/libnice - ref: ${{ matrix.libnice_ref }} - path: libnice - - - name: Build libnice - working-directory: libnice - run: | - meson setup builddir -Dcrypto-library=openssl - - - name: Test libnice with wolfProvider - working-directory: libnice - shell: bash - run: | - set +o pipefail # ignore errors from ninja test - export ${{ matrix.force_fail }} - - # Run tests and save output to test.log - ninja -C builddir test 2>&1 | tee libnice_test.log - - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libnice diff --git a/.github/workflows/liboauth2.yml b/.github/workflows/liboauth2.yml deleted file mode 100644 index 77e94286..00000000 --- a/.github/workflows/liboauth2.yml +++ /dev/null @@ -1,131 +0,0 @@ -name: liboauth2 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_liboauth2: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 20 - strategy: - matrix: - liboauth2_ref: [ 'v1.4.5.4' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install liboauth2 dependencies - run: | - apt-get update - apt-get install -y libcurl4-openssl-dev libjansson-dev \ - libcjose-dev pkg-config build-essential apache2-dev libhiredis-dev \ - libmemcached-dev autotools-dev autoconf automake libtool check patch - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - - name: Checkout liboauth2 - uses: actions/checkout@v4 - with: - repository: OpenIDC/liboauth2 - ref: ${{ matrix.liboauth2_ref }} - path: liboauth2 - fetch-depth: 1 - - - name: Build liboauth2 - working-directory: liboauth2 - run: | - # Apply patch from OSP repo - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/liboauth2/liboauth2-${{ matrix.liboauth2_ref }}-wolfprov.patch - - autoreconf -fiv - ./configure - make -j$(nproc) - - - name: Run liboauth2 tests - working-directory: liboauth2 - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Build and run tests - make check 2>&1 | tee liboauth2-test.log - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} liboauth2 diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml deleted file mode 100644 index cee0ffa1..00000000 --- a/.github/workflows/libssh2.yml +++ /dev/null @@ -1,134 +0,0 @@ -name: libssh2 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_libssh2: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 20 - strategy: - matrix: - libssh2_ref: [ 'libssh2-1.10.0' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y git sudo build-essential autoconf automake \ - libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \ - clang libc++-dev python3-impacket openssh-client openssh-server - - - name: Download libssh2 - uses: actions/checkout@v4 - with: - repository: libssh2/libssh2 - ref: ${{ matrix.libssh2_ref }} - path: libssh2 - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd libssh2 - # Apply the wolfProvider patch - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libssh2/libssh2-${{ matrix.libssh2_ref }}-debian-wolfprov.patch - - - name: Build libssh2 - working-directory: libssh2 - run: | - autoreconf -fi - ./configure --with-crypto=openssl - make -j$(nproc) - - - name: Run libssh2 tests - working-directory: libssh2 - shell: bash - run: | - export ${{ matrix.force_fail }} - # Always continue on errors to ensure we show test results - set +e - - # Run the tests and capture the result - set -o pipefail - make check 2>&1 | tee libssh2-test.log - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libssh2 diff --git a/.github/workflows/libtss2.yml b/.github/workflows/libtss2.yml deleted file mode 100644 index 9d15ab90..00000000 --- a/.github/workflows/libtss2.yml +++ /dev/null @@ -1,92 +0,0 @@ -name: tpm2-tss Tests -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - test_tpm2_tss: - runs-on: ubuntu-22.04 - timeout-minutes: 30 - strategy: - matrix: - tpm2_tss_ref: [ '4.1.3'] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Install test dependencies - run: | - sudo apt-get update - sudo apt-get install -y pkg-config libcunit1-dev autoconf-archive \ - gettext libcmocka-dev build-essential autoconf automake libtool \ - libjson-c-dev libcurl4-openssl-dev acl libusb-1.0-0-dev git \ - pkg-config uuid-dev - - # ensure libssl-dev is not installed - - name: Ensure libssl-dev is not installed - run: | - if dpkg -l | grep -q libssl-dev; then - echo "libssl-dev is installed, removing it to avoid conflicts" - sudo apt-get remove -y libssl-dev - else - echo "libssl-dev is not installed, no action needed" - fi - - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Build wolfProvider - run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh - - - name: Checkout tpm2-tss - uses: actions/checkout@v4 - with: - repository: tpm2-software/tpm2-tss - path: tpm2_tss_repo - ref: ${{ matrix.tpm2_tss_ref }} - fetch-depth: 1 - - # Apply patch to fix missing stdint.h includes in test files - # TODO: use patch from OSP repo - - name: Apply patch for test source files - working-directory: tpm2_tss_repo - if: ${{ matrix.tpm2_tss_ref }} == '4.1.3' - run: | - perl -pi -e 's|(#include )|#include \n$1|' ./test/unit/*.c - - - name: Build and install tpm2-tss - working-directory: tpm2_tss_repo - run: | - source $GITHUB_WORKSPACE/scripts/env-setup - ./bootstrap - ./configure --prefix=$PWD/tpm2-tss-install --with-crypto=ossl \ - --enable-unit - make -j$(nproc) - make install - - - name: Run tpm2-tss tests - working-directory: tpm2_tss_repo - run: | - source $GITHUB_WORKSPACE/scripts/env-setup - export ${{ matrix.force_fail }} - make check 2>&1 || true - if $(grep -q "FAIL: test/unit" test-suite.log); then - TEST_RESULT=1 - echo "Expected zero failures" - else - TEST_RESULT=0 - fi - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tpm2-tss diff --git a/.github/workflows/libwebsockets.yml b/.github/workflows/libwebsockets.yml deleted file mode 100644 index 0a8c9b73..00000000 --- a/.github/workflows/libwebsockets.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: libwebsockets Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_libwebsockets: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - libwebsockets_ref: [ 'v4.3.3' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - # Checkout the source so we can run the check-workflow-result script - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Install libwebsockets dependencies - run: | - apt-get update - apt-get install -y libc6 libcap2 zlib1g cmake build-essential dpkg-dev - - - name: Download libwebsockets - uses: actions/checkout@v4 - with: - repository: warmcat/libwebsockets - ref: ${{ matrix.libwebsockets_ref }} - path: libwebsockets - - - name: Build libwebsockets - working-directory: libwebsockets - run: | - mkdir build - cd build - cmake .. -DLWS_WITH_SSL=ON -DCMAKE_POLICY_VERSION_MINIMUM=3.5 - make -j$(nproc) - - - name: Run libwebsockets tests - working-directory: libwebsockets - shell: bash - run: | - export ${{ matrix.force_fail }} - - ./build/bin/libwebsockets-test-server --port=11111 --ssl > server.log 2>&1 & SERVER_PID=$! - sleep 5 - timeout 10 ./build/bin/libwebsockets-test-client 127.0.0.1 --port=11111 --ssl > client.log 2>&1 || echo "Client exited with error $?" - ldd ./build/bin/libwebsockets-test-server | grep wolfProvider || echo "wolfProvider not found in server" - ldd ./build/bin/libwebsockets-test-client | grep wolfProvider || echo "wolfProvider not found in client" - kill $SERVER_PID || echo "Server already exited" - cat server.log || echo "Missing server.log" - cat client.log || echo "Missing client.log" - cat server.log client.log > libwebsockets-test.log - if grep -q "error:03080006" libwebsockets-test.log || grep -q "Failed to create default vhost" libwebsockets-test.log; then - TEST_RESULT=1 - else - TEST_RESULT=0 - fi - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libwebsockets diff --git a/.github/workflows/multi-compiler.yml b/.github/workflows/multi-compiler.yml deleted file mode 100644 index 8619977f..00000000 --- a/.github/workflows/multi-compiler.yml +++ /dev/null @@ -1,143 +0,0 @@ -name: Multi-Compiler Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - name: Build with compiler ${{ matrix.CC }}, wolfssl ${{ matrix.wolfssl_ref }}, OpenSSL ${{ matrix.openssl_ref }} - runs-on: ${{ matrix.OS }} - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - include: - - CC: gcc-9 - CXX: g++-9 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: gcc-10 - CXX: g++-10 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: gcc-10 - CXX: g++-10 - OS: ubuntu-latest - wolfssl_ref: v5.8.0-stable - openssl_ref: master - - CC: gcc-11 - CXX: g++-11 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: gcc-12 - CXX: g++-12 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: gcc-13 - CXX: g++-13 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: gcc-14 - CXX: g++-14 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: clang-12 - CXX: clang++-12 - OS: ubuntu-22.04 - wolfssl_ref: master - openssl_ref: master - - CC: clang-13 - CXX: clang++-13 - OS: ubuntu-22.04 - wolfssl_ref: master - openssl_ref: master - - CC: clang-14 - CXX: clang++-14 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - - CC: clang-15 - CXX: clang++-15 - OS: ubuntu-latest - wolfssl_ref: master - openssl_ref: master - steps: - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install -y ${{ matrix.CC }} ${{ matrix.CXX }} automake libtool - - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Get OpenSSL commit hash - id: openssl-ref - run: | - sha=$(./scripts/resolve-ref.sh "${{ matrix.openssl_ref }}" "openssl/openssl") - echo "ref=$sha" >> "$GITHUB_OUTPUT" - env: - # Used token to bypass rate limits - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - name: Get WolfSSL commit hash - id: wolfssl-ref - run: | - sha=$(./scripts/resolve-ref.sh "${{ matrix.wolfssl_ref }}" "wolfssl/wolfssl") - echo "ref=$sha" >> "$GITHUB_OUTPUT" - env: - # Used token to bypass rate limits - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - # Look for a cached version of OpenSSL -- with this compiler version - - name: Checking OpenSSL in cache - uses: actions/cache@v4 - id: openssl-cache - with: - path: | - openssl-install - key: openssl-depends-${{ matrix.CC }}-${{ steps.openssl-ref.outputs.ref }} - lookup-only: false - - # Look for a cached version of WolfSSL -- with this compiler version - - name: Checking WolfSSL in cache - uses: actions/cache@v4 - id: wolfssl-cache - with: - path: | - wolfssl-install - key: wolfssl-depends-${{ matrix.CC }}-${{ steps.wolfssl-ref.outputs.ref }} - lookup-only: false - - - name: Build wolfProvider - env: - CC: ${{ matrix.CC }} - CXX: ${{ matrix.CXX }} - run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh - - - name: Print errors - if: ${{ failure() }} - run: | - if [ -f test-suite.log ]; then - cat test-suite.log - fi - if [ -f config.log ]; then - cat config.log - fi diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml deleted file mode 100644 index b9c84436..00000000 --- a/.github/workflows/net-snmp.yml +++ /dev/null @@ -1,120 +0,0 @@ -name: Net-SNMP Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_net_snmp: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - net_snmp_ref: [ 'v5.9.3' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y libperl-dev build-essential autoconf \ - libtool pkg-config gettext net-tools - - - name: Build net-snmp with wolfProvider - uses: wolfSSL/actions-build-autotools-project@v1 - with: - repository: net-snmp/net-snmp - ref: ${{ matrix.net_snmp_ref }} - path: net-snmp - configure: >- - --disable-shared - --with-default-snmp-version="3" --with-sys-contact="@@no.where" - --with-sys-location="Unknown" --with-logfile="/var/log/snmpd.log" - --with-persistent-directory="/var/net-snmp" - check: false - - - name: Run tests - working-directory: net-snmp - shell: bash - run: | - set +o pipefail # ignore errors from make test - export ${{ matrix.force_fail }} - - autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version - make -j test TESTOPTS="-e agentxperl" 2>&1 | tee net-snmp-test.log - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} net-snmp diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml deleted file mode 100644 index d8437b62..00000000 --- a/.github/workflows/nginx.yml +++ /dev/null @@ -1,126 +0,0 @@ -name: Nginx Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_nginx: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - nginx_ref: [ 'release-1.27.4' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update && \ - apt-get install -y perl build-essential autoconf automake libtool \ - pkg-config libpcre3-dev zlib1g-dev - cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL - - - name: Checkout nginx - uses: actions/checkout@v4 - with: - repository: nginx/nginx - path: nginx - ref: ${{ matrix.nginx_ref }} - - - name: Build nginx - working-directory: nginx - run: | - ./auto/configure --with-http_ssl_module --with-stream \ - --with-stream_ssl_module --with-stream_ssl_preread_module \ - --with-http_v2_module --with-mail --with-mail_ssl_module - make -j - - - name: Checkout nginx-tests - uses: actions/checkout@v4 - with: - repository: nginx/nginx-tests - path: nginx-tests - ref: master - - - name: Run nginx-tests with wolfProvider - working-directory: nginx-tests - run: | - export ${{ matrix.force_fail }} - - # Run tests and save result - TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y TEST_NGINX_BINARY=../nginx/objs/nginx prove -v . 2>&1 | tee nginx-test.log - TEST_RESULT=$? - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} nginx diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml deleted file mode 100644 index fb83e3ff..00000000 --- a/.github/workflows/openldap.yml +++ /dev/null @@ -1,151 +0,0 @@ -name: OpenLDAP Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_openldap: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - openldap_ref: [ 'OPENLDAP_REL_ENG_2_6_7' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y git sudo build-essential autoconf automake \ - libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \ - groff libsasl2-dev - - - name: Checkout openldap - uses: actions/checkout@v4 - with: - repository: openldap/openldap - path: openldap - ref: ${{ matrix.openldap_ref }} - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd openldap - # Apply the wolfProvider patch - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openldap/openldap-${{ matrix.openldap_ref }}-debian-wolfprov.patch - - - name: Build and test OpenLDAP with wolfProvider - working-directory: openldap - shell: bash - run: | - set -o pipefail - - # Generate configure script - rm -f aclocal.m4 - autoreconf -ivf - - # Configure with OpenSSL - ./configure --with-tls=openssl --disable-bdb --disable-hdb - - # Build OpenLDAP - make -j depend - make -j - - export ${{ matrix.force_fail }} - if [ -n "${{ matrix.force_fail }}" ]; then - set +e - fi - - if [ "${{ matrix.force_fail }}" = "WOLFPROV_FORCE_FAIL=1" ]; then - # Run with a 15 minute timeout for WPFF since it breaks on test 067 - timeout 15m make -j check 2>&1 | tee openldap-test.log - TEST_RESULT=${PIPESTATUS[0]} - if [ $TEST_RESULT -eq 124 ]; then - echo "make -j check timed out after 15 minutes with WOLFPROV_FORCE_FAIL=1" - echo "Tests failed to complete as expected" - TEST_RESULT=1 - fi - else - make -j check 2>&1 | tee openldap-test.log - TEST_RESULT=${PIPESTATUS[0]} - fi - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} openldap diff --git a/.github/workflows/opensc.yml b/.github/workflows/opensc.yml deleted file mode 100644 index 10fc6be8..00000000 --- a/.github/workflows/opensc.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: OpenSC Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_opensc: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 30 - strategy: - matrix: - opensc_ref: [ '0.25.1' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install OpenSC dependencies - run: | - apt-get update - apt-get install -y \ - autotools-dev libtool automake autoconf make pkg-config \ - libeac-dev gengetopt libpcsclite-dev libreadline-dev \ - zlib1g-dev docbook-xsl xsltproc pcscd softhsm2 opensc pcsc-tools \ - vim libcmocka-dev libjson-c-dev libp11-dev patch - - - name: Download OpenSC - uses: actions/checkout@v4 - with: - repository: OpenSC/OpenSC - ref: ${{ matrix.opensc_ref }} - path: opensc - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd opensc - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/opensc/opensc-${{ matrix.opensc_ref }}-wolfprovider.patch - - - name: Build OpenSC - working-directory: opensc - run: | - # Configure with custom OpenSSL and wolfProvider - ./bootstrap - ./configure \ - --enable-openssl \ - --enable-pcsc \ - --disable-doc \ - --prefix=$GITHUB_WORKSPACE/opensc-install \ - --with-completiondir="$GITHUB_WORKSPACE/opensc-install/share/completions" \ - CFLAGS="-Wno-error" - - # Build OpenSC - make -j$(nproc) - make install - - - name: Run OpenSC tests - working-directory: opensc - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Run tests and save output - make check | tee opensc-test.log - - # Check for expected test results in the test log (18 passes, 2 expected failures, with WPFF we expect 6 failures) - TEST_RESULT=$(((grep -q "# PASS: 10" opensc-test.log) && (grep -q "# PASS: 8" opensc-test.log) && (grep -q "# XFAIL: 2" opensc-test.log)) && echo "0" || echo "1") - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} opensc diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml deleted file mode 100644 index 1aad0ea4..00000000 --- a/.github/workflows/openssh.yml +++ /dev/null @@ -1,175 +0,0 @@ -name: openssh Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_openssh: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - # Extra permissions needed for Debian Bookworm - options: >- - --privileged - --cap-add=SYS_ADMIN - --device=/dev/mapper/control - --device=/dev/loop-control - --device=/dev/loop0 - --device=/dev/loop1 - --device=/dev/loop2 - -v /lib/modules:/lib/modules:ro - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - openssh_ref: [ 'V_10_0_P2', 'V_9_9_P1' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y build-essential autoconf automake libtool \ - pkg-config patch zlib1g-dev kmod util-linux cryptsetup-bin - - - name: Ensure kernel modules are present - run: | - # loop + device-mapper (dm-crypt); scsi_debug is optional and may still be unavailable on the host kernel - modprobe loop || true - modprobe dm_mod || true - modprobe dm_crypt || true - modprobe scsi_debug || true - losetup -f || true - ls -l /dev/loop* /dev/mapper || true - - - name: Checkout openssh - uses: actions/checkout@v4 - with: - repository: openssh/openssh-portable - path: openssh-portable - ref: ${{ matrix.openssh_ref }} - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - # Apply the patch for the correct version of OpenSSH - cd openssh-portable - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openssh/openssh-${{ matrix.openssh_ref }}-wolfprov.patch - - - name: Build and Test openssh-portable - working-directory: openssh-portable - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Enable unsafe permissions for testing - export TEST_SSH_UNSAFE_PERMISSIONS=1 - - # Priv-sep user/group (idempotent) - getent group sshd >/dev/null || addgroup --system sshd - id -u sshd >/dev/null 2>&1 || adduser --system --no-create-home \ - --ingroup sshd --home /nonexistent --shell /usr/sbin/nologin sshd - - # Priv-sep runtime dirs - install -d -m 0755 /run/sshd - - # The required chroot for privilege separation - # Must exist, be owned by root, and not be writable by group/world. - install -d -o root -g root -m 0755 /var/empty - - # Ensure the privsep user/group exist (idempotent) - if ! getent group sshd >/dev/null; then - addgroup --system sshd - fi - if ! id -u sshd >/dev/null 2>&1; then - adduser --system --no-create-home --ingroup sshd \ - --home /nonexistent --shell /usr/sbin/nologin sshd - fi - - autoreconf -ivf - ./configure --with-prngd-socket=/tmp/prngd \ - --with-ldflags=-Wl,--export-dynamic - make -j - - export LD_LIBRARY_PATH=".:openbsd-compat:$LD_LIBRARY_PATH" # Include build dirs for symbol resolution - - # Run all the tests except (t-exec) as it takes too long - make file-tests interop-tests extra-tests unit 2>&1 | tee openssh-test.log - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} openssh diff --git a/.github/workflows/openssl-version.yml b/.github/workflows/openssl-version.yml deleted file mode 100644 index 2e687db9..00000000 --- a/.github/workflows/openssl-version.yml +++ /dev/null @@ -1,81 +0,0 @@ -name: OpenSSL Version Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - openssl_version_test: - name: OpenSSL Version Test - runs-on: ubuntu-22.04 - timeout-minutes: 30 - strategy: - matrix: - wolfssl_ref: ['v5.8.2-stable'] - openssl_ref: [ - 'openssl-3.0.3', - 'openssl-3.0.4', - 'openssl-3.0.5', - 'openssl-3.0.6', - 'openssl-3.0.7', - 'openssl-3.0.8', - 'openssl-3.0.9', - 'openssl-3.0.10', - 'openssl-3.0.11', - 'openssl-3.0.12', - 'openssl-3.0.13', - 'openssl-3.0.14', - 'openssl-3.0.15', - 'openssl-3.0.16', - 'openssl-3.0.17', - 'openssl-3.1.0', - 'openssl-3.1.1', - 'openssl-3.1.2', - 'openssl-3.1.3', - 'openssl-3.1.4', - 'openssl-3.1.5', - 'openssl-3.1.6', - 'openssl-3.1.7', - 'openssl-3.1.8', - 'openssl-3.2.0', - 'openssl-3.2.1', - 'openssl-3.2.2', - 'openssl-3.2.3', - 'openssl-3.2.4', - 'openssl-3.2.5', - 'openssl-3.3.0', - 'openssl-3.3.1', - 'openssl-3.3.2', - 'openssl-3.3.3', - 'openssl-3.3.4', - 'openssl-3.4.0', - 'openssl-3.4.1', - 'openssl-3.4.2', - 'openssl-3.5.0', - 'openssl-3.5.1'] - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Build and test wolfProvider - run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} \ - WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \ - ./scripts/build-wolfprovider.sh - - - name: Print errors - if: ${{ failure() }} - run: | - if [ -f test-suite.log ] ; then - cat test-suite.log - fi diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml deleted file mode 100644 index fe8b143e..00000000 --- a/.github/workflows/openvpn.yml +++ /dev/null @@ -1,146 +0,0 @@ -name: OpenVPN Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_openvpn: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - strategy: - fail-fast: true - matrix: - # Dont test master since it might be too unstable - openvpn_ref: [ 'v2.6.12' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Set up environment - run: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y git sudo build-essential autoconf automake \ - libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \ - liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \ - linux-libc-dev man2html libcmocka-dev python3-docutils \ - iproute2 libtool automake autoconf libnl-genl-3-dev \ - libnl-genl-3-200 - - - name: Find ossl headers - run: | - find / -name ssl.h 2>/dev/null || true - - - name: Download OpenVPN - uses: actions/checkout@v4 - with: - repository: OpenVPN/openvpn - path: openvpn - ref: ${{ matrix.openvpn_ref }} - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - run: | - cd openvpn - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openvpn/openvpn-${{ matrix.openvpn_ref }}-wolfprov.patch - - - name: Build OpenVPN - working-directory: openvpn - run: | - autoreconf -ivf - ./configure - make -j$(nproc) - - - name: Test OpenVPN with wolfProvider - working-directory: openvpn - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - if [ -n "${{ matrix.force_fail }}" ]; then - set +e - fi - - # Run tests and save result - make check 2>&1 | tee openvpn-test.log - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} openvpn diff --git a/.github/workflows/pam-pkcs11.yml b/.github/workflows/pam-pkcs11.yml deleted file mode 100644 index 999fa2ce..00000000 --- a/.github/workflows/pam-pkcs11.yml +++ /dev/null @@ -1,121 +0,0 @@ -name: pam-pkcs11 Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_pam_pkcs11: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - pam_pkcs11_ref: [ 'pam_pkcs11-0.6.12' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Install git and basic dependencies - run: | - apt-get update - apt-get install -y git - - # Avoid "detected dubious ownership" warning - - name: Ensure the working directory safe - run: | - git config --global --add safe.directory "$GITHUB_WORKSPACE" - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install test dependencies - run: | - apt-get update - apt-get install -y pkg-config build-essential autoconf automake libtool - - - name: Run pam_pkcs11 tests - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - export PAM_PKCS11_REF=${{ matrix.pam_pkcs11_ref }} - - # Run tests - if timeout 300 $GITHUB_WORKSPACE/.github/scripts/pam-pkcs11-test.sh; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - - echo "TEST_RESULT: $TEST_RESULT" - - # Capture result - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} pam_pkcs11 diff --git a/.github/workflows/ppp.yml b/.github/workflows/ppp.yml deleted file mode 100644 index 4f93151d..00000000 --- a/.github/workflows/ppp.yml +++ /dev/null @@ -1,140 +0,0 @@ -name: PPP Tests - -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_ppp: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 15 - strategy: - matrix: - # Switched to v2.5.2 due to significant limitations with v2.4.9, - # specifically the lack of a test suite, necessary configure options, - # and compatibility with newer versions of openssl - ppp_ref: [ 'v2.5.2' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - # Checkout the source so we can run the check-workflow-result script - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Install dependencies - run: | - apt-get update - apt-get install -y build-essential autoconf libtool patch - - - name: Checkout PPP - uses: actions/checkout@v4 - with: - repository: ppp-project/ppp - path: ppp_repo - ref: ${{ matrix.ppp_ref }} - fetch-depth: 1 - - # TODO: use patch from OSP repo - - name: Apply PPP compatibility fixes for OpenSSL 3.x - working-directory: ppp_repo - run: | - # Disable testing of legacy algorithms - for fn in PPP_crypto_init PPP_crypto_deinit test_md4 test_des_encrypt test_des_decrypt; do - perl -0777 -pi -e ' - s/\bint\s+'$fn'\s*\([^)]*\)/int '$fn'() { return 1; }\nint __attribute__((unused)) __replaced_'$fn'()/g - ' pppd/crypto.c - done - - - name: Build and install PPP - working-directory: ppp_repo - run: | - if [ -f ./autogen.sh ]; then - ./autogen.sh - elif [ ! -f ./configure ]; then - autoreconf -fiv - fi - ./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions - make -j$(nproc) - make install - - - name: Run PPP tests - working-directory: ppp_repo - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Run tests - make check 2>&1 | tee ppp-test.log - - # Check test results directly in YAML - if grep -q "# FAIL: 0" pppd/test-suite.log; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} ppp diff --git a/.github/workflows/python3-ntp.yml b/.github/workflows/python3-ntp.yml deleted file mode 100644 index d34eb283..00000000 --- a/.github/workflows/python3-ntp.yml +++ /dev/null @@ -1,131 +0,0 @@ -name: python3-ntp Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_python3-ntp: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - container: - image: debian:bookworm - options: --user root - env: - DEBIAN_FRONTEND: noninteractive - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - strategy: - matrix: - python3-ntp_ref: [ 'NTPsec_1_2_2' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install python3-ntp dependencies - run: | - apt-get update - apt-get install -y build-essential bison libcap-dev libseccomp-dev \ - libavahi-compat-libdnssd-dev pps-tools python-dev-is-python3 - - - name: Checkout python3-ntp - uses: actions/checkout@v4 - with: - repository: ntpsec/ntpsec - ref: ${{ matrix.python3-ntp_ref }} - path: ntpsec - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfSSL/osp - path: osp - fetch-depth: 1 - - run: | - cd ntpsec - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/python3-ntp/python3-ntp-${{ matrix.python3-ntp_ref }}-wolfprov.patch - - - name: Build ntpsec - working-directory: ntpsec - run: | - ./waf configure - ./waf build - - - name: Run python3-ntp tests - working-directory: ntpsec - run: | - export ${{ matrix.force_fail }} - - # Run tests - ./waf check | tee python3-ntp-test.log - if grep -q "'check' finished successfully" python3-ntp-test.log; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} python3-ntp diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml deleted file mode 100644 index 5c4c7367..00000000 --- a/.github/workflows/qt5network5.yml +++ /dev/null @@ -1,148 +0,0 @@ -name: qtbase Network Tests -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_qtbase_network: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 40 - strategy: - matrix: - qt_ref: [ 'v5.15.8-lts-lgpl' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install Qt dependencies - run: | - apt-get update - apt-get install -y build-essential pkg-config dpkg-dev \ - python3 perl libpcre2-dev zlib1g-dev cmake ninja-build \ - bison flex libpng-dev libjpeg-dev git ca-certificates - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - - name: Checkout Qt - uses: actions/checkout@v4 - with: - repository: qt/qtbase - path: qt5_repo - ref: ${{ matrix.qt_ref }} - fetch-depth: 1 - - - name: Configure Qt - working-directory: qt5_repo - run: | - # Configure Qt with GUI support to avoid test dependency issues - # Build with GUI support but skip examples and DBus - ./configure -opensource -confirm-license -developer-build \ - -nomake examples -no-dbus -no-opengl \ - -openssl-linked - - - name: Build Qt (v5.15.8 - qmake) - if: matrix.qt_ref != 'dev' - working-directory: qt5_repo - run: | - # Force C++14 to avoid C++17 compatibility issues - echo 'QMAKE_CXXFLAGS += -std=c++14' >> mkspecs/linux-g++/qmake.conf - - make -k -j$(nproc) - - - name: Add test server to hosts - run: | - sh -c 'echo "127.0.0.1 qt-test-server.qt-test-net" >> /etc/hosts' - - - name: Run QSSLSocket test - working-directory: qt5_repo - shell: bash - run: | - set +e - export ${{ matrix.force_fail }} - - # Run the QSSLSocket test, the make check takes too long - QTEST_ENVIRONMENT=ci ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log - - # Check test results based on qt_ref - if grep -q "521 passed" qsslsocket-test.log; then - TEST_RESULT=0 - echo "SUCCESS: Found 521 passed tests as expected" - else - TEST_RESULT=1 - echo "Tests failed unexpectedly for 'v5.15.8-lts-lgpl' branch." - fi - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} qtbase-qsslsocket diff --git a/.github/workflows/rsync.yml b/.github/workflows/rsync.yml deleted file mode 100644 index 4cd26f4b..00000000 --- a/.github/workflows/rsync.yml +++ /dev/null @@ -1,128 +0,0 @@ -name: rsync Tests -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_rsync: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - timeout-minutes: 15 - container: - image: debian:bookworm - options: --user root - env: - DEBIAN_FRONTEND: noninteractive - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - strategy: - matrix: - rsync_ref: [ 'v3.2.7' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install rsync dependencies - run: | - apt-get update - apt-get install -y gcc g++ gawk autoconf automake python3-cmarkgfm \ - acl libacl1-dev attr libattr1-dev libxxhash-dev \ - libzstd-dev liblz4-dev build-essential - - - name: Checkout rsync - uses: actions/checkout@v4 - with: - repository: RsyncProject/rsync - path: rsync_repo - ref: ${{ matrix.rsync_ref }} - fetch-depth: 1 - - - name: Build and install rsync - working-directory: rsync_repo - run: | - ./configure --disable-xxhash - - # Run the patch script from wolfProvider - $GITHUB_WORKSPACE/.github/scripts/add-rsync-sha-test.sh - - make -j$(nproc) - #export RSYNC_CHECKSUM_LIST="none" - #This can disable file checksums which currently use rsycs own implementation of MD4 and MD5 - #Causes a lot of tests in the make check to fail so im keeping it disabled - - - name: Run rsync tests - working-directory: rsync_repo - run: | - export ${{ matrix.force_fail }} - - # Run rsync test suite including our SHA test - make check 2>&1 | tee rsync-test.log - - # Check test results - look for "0 failed" in the output - if grep -q "overall result is 0" rsync-test.log; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} rsync diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml deleted file mode 100644 index c7eadde0..00000000 --- a/.github/workflows/simple.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Simple Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - simple_test: - name: Simple Test - runs-on: ubuntu-22.04 - timeout-minutes: 20 - strategy: - matrix: - wolfssl_ref: [ - 'master', - 'v5.8.2-stable'] - # Test against the newest of each minor version - openssl_ref: [ - 'openssl-3.5.2', - 'openssl-3.4.2', - 'openssl-3.3.4', - 'openssl-3.2.5', - 'openssl-3.1.8', - 'openssl-3.0.17'] - debug: ['', 'WOLFPROV_DEBUG=1'] - - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Build and test wolfProvider - run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ${{ matrix.debug }} ./scripts/build-wolfprovider.sh - - - name: Print errors - if: ${{ failure() }} - run: | - if [ -f test-suite.log ] ; then - cat test-suite.log - fi diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml deleted file mode 100644 index 7a4c34ff..00000000 --- a/.github/workflows/socat.yml +++ /dev/null @@ -1,123 +0,0 @@ -name: Socat Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_socat: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y git sudo build-essential autoconf automake \ - libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \ - clang libc++-dev curl net-tools netcat-openbsd procps - - - name: Download socat - run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz - - - name: Build socat - working-directory: ./socat-1.8.0.0 - run: | - # Configure with OpenSSL - ./configure - - # Build socat - make - - - name: Run socat tests - working-directory: ./socat-1.8.0.0 - shell: bash - env: - SHELL: /bin/bash - PATH: /sbin:/usr/sbin:/usr/bin:/bin - run: | - # Create missing device file for vsock tests - mkdir -p /dev - touch /dev/vsock - - - # Show socat version (includes OpenSSL version info) - ./socat -V - - # Run the tests with expected failures - SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,410,418,453,459,460,467,468,475,478,491,492,528,529,530 diff --git a/.github/workflows/sscep.yml b/.github/workflows/sscep.yml deleted file mode 100644 index b9523028..00000000 --- a/.github/workflows/sscep.yml +++ /dev/null @@ -1,114 +0,0 @@ -name: sscep Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_sscep: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - timeout-minutes: 10 - container: - image: debian:bookworm - options: --user root - env: - DEBIAN_FRONTEND: noninteractive - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - strategy: - matrix: - sscep_ref: [ 'v0.10.0' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install sscep dependencies - run: | - apt-get update - apt-get install -y scep psmisc build-essential autoconf libtool pkg-config - - - name: Download sscep - uses: actions/checkout@v4 - with: - repository: certnanny/sscep - ref: ${{ matrix.sscep_ref }} - path: sscep - - - name: Build sscep - working-directory: sscep - run: | - autoreconf -vfi - ./configure - make -j $(nproc) - make install - - - name: Run sscep tests - run: | - export ${{ matrix.force_fail }} - export WOLFPROV_FORCE_FAIL_STR="${{ matrix.force_fail }}" - - cd sscep && $GITHUB_WORKSPACE/.github/scripts/test_sscep.sh diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml deleted file mode 100644 index af538233..00000000 --- a/.github/workflows/sssd.yml +++ /dev/null @@ -1,104 +0,0 @@ -name: SSSD Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - test_sssd: - runs-on: ubuntu-22.04 - timeout-minutes: 20 - container: - image: quay.io/sssd/ci-client-devel:ubuntu-latest - env: - LD_LIBRARY_PATH: /usr/local/lib:/github/home/wolfssl-install/lib:/github/home/openssl-install/lib64 - strategy: - fail-fast: false - matrix: - sssd_ref: [ 'master', '2.9.1' ] - wolfssl_ref: [ 'master', 'v5.8.0-stable' ] - openssl_ref: [ 'openssl-3.5.0' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - exclude: - - sssd_ref: 'master' - force_fail: 'WOLFPROV_FORCE_FAIL=1' - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Build wolfProvider - run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh - - - name: Install dependencies - run: | - # Don't prompt for anything - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y build-essential autoconf libldb-dev \ - libldb2 python3-ldb bc libcap-dev libutf8proc-dev - - - name: Setup env - run: | - ln -s samba-4.0/ldb.h /usr/include/ldb.h - ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h - ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h - ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h - ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - - name: Build and test sssd with wolfProvider - run: | - # Clone SSSD - git clone https://github.com/SSSD/sssd.git - cd sssd - git checkout ${{ matrix.sssd_ref }} - - # Apply patch for testing - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/sssd/sssd-${{ matrix.sssd_ref }}-wolfprov.patch - - # Configure and build SSSD with wolfProvider - autoreconf -ivf - ./configure --without-samba --disable-cifs-idmap-plugin \ - --without-nfsv4-idmapd-plugin --with-oidc-child=no - make -j - - - name: Run tests - working-directory: sssd - shell: bash - run: | - # Set environment variables - export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 - export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf - export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib - export ${{ matrix.force_fail }} - - echo "Checking OpenSSL providers:" - $GITHUB_WORKSPACE/openssl-install/bin/openssl list -providers | tee provider-list.log - grep -q libwolfprov provider-list.log || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1) - - # If force fail is enabled dont exit with error - if [ "${{ matrix.force_fail }}" == "WOLFPROV_FORCE_FAIL=1" ]; then - set +e - fi - - # Run tests and save result - make check 2>&1 | tee sssd-test.log - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} sssd diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml deleted file mode 100644 index 38d77482..00000000 --- a/.github/workflows/stunnel.yml +++ /dev/null @@ -1,163 +0,0 @@ -name: Stunnel Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_stunnel: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 10 - strategy: - matrix: - stunnel_ref: [ 'stunnel-5.67' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y build-essential autoconf automake \ - autoconf-archive libtool libwrap0-dev pkg-config python3-venv \ - python3-cryptography patch git - - - name: Check Python version - run: python3 --version - - - name: Checkout Stunnel - uses: actions/checkout@v4 - with: - repository: mtrojnar/stunnel - ref: ${{ matrix.stunnel_ref }} - path: stunnel - fetch-depth: 1 - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfssl/osp - path: osp - fetch-depth: 1 - - - name: Apply OSP patch to Stunnel - if : ${{ matrix.stunnel_ref == 'stunnel-5.67' }} - working-directory: ./stunnel - run: | - # Apply patch for WOLFPROV_FORCE_FAIL - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/stunnel/stunnel-WPFF-5.67-wolfprov.patch - - - name: Build Stunnel - working-directory: ./stunnel - run: | - autoreconf -ivf - ./configure - make -j - - - name: Update python cryptography module - working-directory: ./stunnel - shell: bash - run: | - python3 -m venv myenv - source myenv/bin/activate - - - name: Verify stunnel with wolfProvider - working-directory: ./stunnel - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # enter venv - source myenv/bin/activate - - # Set this variable to prevent attempts to load the legacy OpenSSL - # provider, which we don't support. - # This is necessary for OpenSSL 3.0+ to avoid errors related to legacy - # algorithms that are not supported by wolfProvider. - export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 - - # Verify stunnel - ./src/stunnel -version - - # Run tests - # Results captured in tests/logs/results.log - # Use `timeout` since the tests hang with WOLFPROV_FORCE_FAIL=1 - timeout 10 make check 2>&1 || true - - # grep for "failed: 0" in the results log, indicating success - TEST_RESULT=$(grep -c "failed: 0" tests/logs/results.log || echo 1) - echo "Test result: $TEST_RESULT" - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} stunnel diff --git a/.github/workflows/systemd.yml b/.github/workflows/systemd.yml deleted file mode 100644 index 542b6d06..00000000 --- a/.github/workflows/systemd.yml +++ /dev/null @@ -1,134 +0,0 @@ -name: systemd Tests - -# START OF COMMON SECTION -on: - push: - branches: ['master', 'main', 'release/**'] - pull_request: - branches: ['*'] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: ['v5.8.2-stable'] - openssl_ref: ['openssl-3.5.2'] - replace_default: [ true ] - fips: [ false ] - - test_systemd: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - strategy: - fail-fast: false - matrix: - systemd_ref: ['v254'] - wolfssl_ref: ['v5.8.2-stable'] - openssl_ref: ['openssl-3.5.2'] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - export DEBIAN_FRONTEND=noninteractive - apt-get update - apt-get install -y build-essential meson ninja-build \ - libmount-dev gperf python3-pytest python3-jinja2 python3-pip \ - libuv1-dev libnghttp2-dev libcap-dev uuid-dev libdevmapper-dev \ - libpopt-dev libjson-c-dev libargon2-dev libblkid-dev asciidoctor \ - pkgconf zlib1g-dev libgcrypt20-dev libgpg-error-dev libgnutls28-dev \ - libp11-kit-dev libfido2-dev libtss2-dev libdw-dev libbz2-dev \ - liblzma-dev liblz4-dev libzstd-dev libxkbcommon-dev libglib2.0-dev \ - libdbus-1-dev python3-setuptools python3-wheel git - - - name: Checkout systemd - uses: actions/checkout@v4 - with: - repository: systemd/systemd - path: systemd - fetch-depth: 1 - ref: ${{ matrix.systemd_ref }} - - - name: Build systemd - working-directory: systemd - run: | - meson setup -Dnobody-group=nogroup build - ninja -C build - - - name: Run systemd tests - working-directory: systemd - shell: bash - run: | - set +e - # The following test cases link directly to libcrypto. - TEST_CASES="fuzz-dns-packet fuzz-etc-hosts fuzz-resource-record \ - resolvectl systemd-resolved test-cryptolib \ - test-dns-packet test-dnssec test-resolve-tables \ - test-resolved-etc-hosts test-resolved-packet \ - test-resolved-stream" - export ${{ matrix.force_fail }} - meson test -C build $TEST_CASES - TEST_RESULT=$? - if [ $TEST_RESULT -ne 0 ]; then - cat build/meson-logs/testlog.txt - fi - - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} systemd diff --git a/.github/workflows/tcpdump.yml b/.github/workflows/tcpdump.yml deleted file mode 100644 index a4e90d3a..00000000 --- a/.github/workflows/tcpdump.yml +++ /dev/null @@ -1,137 +0,0 @@ -name: tcpdump Tests - -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_tcpdump: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 15 - strategy: - matrix: - tcpdump_ref: [ 'tcpdump-4.99.3' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install test dependencies - run: | - apt-get update - apt-get install -y build-essential flex bison autoconf libtool\ - libpcap-dev - - - name: Checkout libpcap - uses: actions/checkout@v4 - with: - repository: the-tcpdump-group/libpcap - path: libpcap_repo - # Compiling tcpdump from source explicitly requires a built libpcap installation - - name: Build and install libpcap - working-directory: libpcap_repo - run: | - ./autogen.sh - ./configure --prefix=$GITHUB_WORKSPACE/libpcap-install - make -j$(nproc) - make install - - - name: Checkout tcpdump - uses: actions/checkout@v4 - with: - repository: the-tcpdump-group/tcpdump - path: tcpdump_repo - ref: ${{ matrix.tcpdump_ref }} - - - name: Build and install tcpdump - working-directory: tcpdump_repo - run: | - if [ -f ./autogen.sh ]; then - ./autogen.sh - elif [ ! -f ./configure ]; then - autoreconf -fiv - fi - export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/libpcap-install/lib/pkgconfig:$PKG_CONFIG_CONFIG:$PKG_CONFIG_PATH - ./configure --prefix=$GITHUB_WORKSPACE/tcpdump-install --with-pcap=$GITHUB_WORKSPACE/libpcap-install - make -j$(nproc) - make install - - - name: Run tcpdump tests - working-directory: tcpdump_repo - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Run tests - make check 2>&1 | tee tcpdump-test.log - # Capture the test result using PIPESTATUS (Bash only) - TEST_RESULT=${PIPESTATUS[0]} - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tcpdump - diff --git a/.github/workflows/tnftp.yml b/.github/workflows/tnftp.yml deleted file mode 100644 index 6590d9f5..00000000 --- a/.github/workflows/tnftp.yml +++ /dev/null @@ -1,139 +0,0 @@ -name: tnftp Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_tnftp: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - tnftp_ref: [ 'tnftp-20210827' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y build-essential autoconf libtool pkg-config \ - vsftpd wget libncurses5-dev libncursesw5-dev - - - name: Download and extract tnftp - run: | - wget http://ftp.netbsd.org/pub/NetBSD/misc/tnftp/${{ matrix.tnftp_ref }}.tar.gz - tar xvf ${{ matrix.tnftp_ref }}.tar.gz - cd ${{ matrix.tnftp_ref }} - - - name: Build and test tnftp - working-directory: ${{ matrix.tnftp_ref }} - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Configure with OpenSSL - ./configure - - # Build tnftp - make -j - - # Run all tests and capture output - { - echo "Testing tnftp basic functionality..." - - # Test help command - if ./src/tnftp -? 2>&1 | grep -q "usage:"; then - echo "tnftp help command works" - else - echo "tnftp help command failed" - exit 1 - fi - - # Test that tnftp can start (even if it fails to connect) - echo "Testing tnftp connection attempt..." - timeout 10 ./src/tnftp -n 192.0.2.1 2>&1 | head -10 - echo "tnftp can attempt connections" - - # Test SSL/TLS functionality - echo "Testing SSL/TLS connection..." - timeout 15 ./src/tnftp -n https://httpbin.org/get 2>&1 - echo "SSL/TLS test completed" - } 2>&1 | tee tnftp-test.log - - # Capture result and check for expected failure - TEST_RESULT=$(grep -q "SSL context creation failed" tnftp-test.log && echo "1" || echo "0") - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tnftp diff --git a/.github/workflows/tpm2-tools.yml b/.github/workflows/tpm2-tools.yml deleted file mode 100644 index d713052f..00000000 --- a/.github/workflows/tpm2-tools.yml +++ /dev/null @@ -1,134 +0,0 @@ -name: tpm2-tools Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_tpm2_tools: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - tpm2_tools_ref: [ '5.7' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install tpm2-tools test dependencies - run: | - apt-get update - apt-get install -y git build-essential expect vim dbus vim-common \ - autoconf-archive python3 python3-yaml python3-pip libefivar-dev \ - libcmocka-dev automake libtool pkg-config build-essential pandoc \ - libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev - - - name: Download tpm2-tools - uses: actions/checkout@v4 - with: - repository: tpm2-software/tpm2-tools - ref: ${{ matrix.tpm2_tools_ref }} - path: tpm2-tools - fetch-depth: 1 - - - name: Build tpm2-tools - working-directory: tpm2-tools - run: | - ./bootstrap - ./configure \ - --prefix="$GITHUB_WORKSPACE/tpm2-tools-install" \ - --enable-unit - make -j$(nproc) - - - name: Run tpm2-tools tests - working-directory: tpm2-tools - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - - # Run only unit tests and integration tests that dont need TPM2 hardware/simulator - make check TESTS="test/unit/test_string_bytes test/unit/test_files \ - test/unit/test_tpm2_header test/unit/test_tpm2_attr_util test/unit/test_tpm2_alg_util \ - test/unit/test_pcr test/unit/test_tpm2_auth_util test/unit/test_tpm2_errata \ - test/unit/test_tpm2_session test/unit/test_tpm2_policy test/unit/test_tpm2_util \ - test/unit/test_options test/unit/test_cc_util test/unit/test_tpm2_eventlog \ - test/unit/test_tpm2_eventlog_yaml test/unit/test_object \ - test/integration/tests/X509certutil test/integration/tests/toggle_options \ - test/integration/tests/rc_decode test/integration/tests/X509certutil" 2>&1 | tee tpm2-tools-test.log - - # Capture result - Fails test/unit/test_tpm2_policy and test/unit/test_tpm2_eventlog with WPFF - TEST_RESULT=$(grep -q "# PASS: 20" tpm2-tools-test.log && echo "0" || echo "1") - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tpm2-tools diff --git a/.github/workflows/x11vnc.yml b/.github/workflows/x11vnc.yml deleted file mode 100644 index 7ad6d2ec..00000000 --- a/.github/workflows/x11vnc.yml +++ /dev/null @@ -1,152 +0,0 @@ -name: x11vnc Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_x11vnc: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - timeout-minutes: 10 - strategy: - matrix: - x11vnc_ref: [ '0.9.17' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install x11vnc dependencies - run: | - apt-get update - - # common build dependencies - apt-get install -y build-essential autoconf automake libtool \ - pkg-config gcc make ca-certificates - - # x11vnc dependencies - apt-get install -y libc6-dev libjpeg-dev x11proto-core-dev \ - libxss-dev zlib1g-dev libavahi-client-dev libvncserver-dev \ - libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev \ - libxinerama-dev libxrandr-dev libxtst-dev - - # packages for testing script - apt-get install -y xvfb tigervnc-viewer psmisc expect curl - - - name: Download x11vnc - uses: actions/checkout@v4 - with: - repository: LibVNC/x11vnc - ref: ${{ matrix.x11vnc_ref }} - path: x11vnc - - - name: Build x11vnc - working-directory: x11vnc - run: | - # change certs from being hashed with MD5 to SHA256 - perl -pi -e 's/default_md\s*=\s*md5/default_md = SHA256/' src/ssltools.h - - # change encryption for cert keys from des3 to aes256 - perl -pi -e 's/-des3/-aes256/' src/ssltools.h - - autoreconf -vfi - ./configure - make -j $(nproc) - make install - - - name: Run x11vnc tests - shell: bash - run: | - export ${{ matrix.force_fail }} - export WOLFPROV_FORCE_FAIL_STR="${{ matrix.force_fail }}" - export X11VNC_TEST_LOG=/tmp/x11vnc-test.log - export X11VNC_TEST_STATUS=0 - if ! $GITHUB_WORKSPACE/.github/scripts/x11vnc/test_x11vnc.sh $X11VNC_TEST_LOG; then - X11VNC_TEST_STATUS=1 - fi - - if $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $X11VNC_TEST_STATUS "$WOLFPROV_FORCE_FAIL_STR" x11vnc; then - X11VNC_TEST_STATUS=0 - else - X11VNC_TEST_STATUS=1 - fi - - - name: Show x11vnc test log on failure - run: | - if [ $X11VNC_TEST_STATUS -ne 0 ]; then - cat $X11VNC_TEST_LOG - fi - exit $X11VNC_TEST_STATUS - - $GITHUB_WORKSPACE/.github/scripts/x11vnc/test_x11vnc.sh - diff --git a/.github/workflows/xmlsec.yml b/.github/workflows/xmlsec.yml deleted file mode 100644 index 39cd5d50..00000000 --- a/.github/workflows/xmlsec.yml +++ /dev/null @@ -1,139 +0,0 @@ -name: xmlsec Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_xmlsec: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # Run inside Debian Bookworm to match packaging environment - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - xmlsec_ref: [ 'xmlsec-1_2_37' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install xmlsec dependencies - run: | - apt-get update - apt-get install -y automake autoconf libtool libtool-bin \ - libltdl-dev libltdl7 libxml2-dev patch build-essential \ - pkg-config libxml2-dev - - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfSSL/osp - path: osp - fetch-depth: 1 - - - name: Download xmlsec - uses: actions/checkout@v4 - with: - repository: lsh123/xmlsec - ref: ${{ matrix.xmlsec_ref }} - path: xmlsec - fetch-depth: 1 - - - name: Build xmlsec - working-directory: xmlsec - env: - XMLSEC_REF: ${{ matrix.xmlsec_ref }} - run: | - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/xmlsec/xmlsec-${{ matrix.xmlsec_ref }}-wolfprov.patch - ./autogen.sh --disable-openssl3-engines --disable-dsa --without-nss \ - --without-gnutls --without-gcrypt --disable-xmldsig \ - --disable-crypto-dl --disable-apps-crypto-dl \ - --disable-concatkdf --disable-tmpl-tests - make -j$(nproc) - # Remove the bundled openssl3.cnf since we use the default - rm -f tests/openssl3.cnf - - - name: Run xmlsec tests - working-directory: xmlsec - shell: bash - run: | - set +o pipefail # ignore errors from make check - export ${{ matrix.force_fail }} - make check-keys | tee xmlsec-keys.log - make check-enc | tee xmlsec-enc.log - if grep -q "TOTAL FAILED: 0" xmlsec-enc.log && grep -q "TOTAL FAILED: 0" xmlsec-keys.log; then - TEST_RESULT=0 - else - TEST_RESULT=1 - fi - $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} xmlsec diff --git a/scripts/cmd_test/req-cmd-test.sh b/scripts/cmd_test/req-cmd-test.sh index 1278f398..173fa9fc 100755 --- a/scripts/cmd_test/req-cmd-test.sh +++ b/scripts/cmd_test/req-cmd-test.sh @@ -63,7 +63,7 @@ test_cert_creation() { # Create certificate with specified provider echo "Creating self-signed certificate with ${hash_alg} using ${req_provider_name}..." if $OPENSSL_BIN req -x509 -new -key "$key_file" -${hash_alg} -days 365 \ - -out "$cert_file" -subj "/CN=test-${curve}-${hash_alg}" ${req_provider_args} 2>/dev/null; then + -out "$cert_file" -subj "/CN=test-${curve}-${hash_alg}" ${req_provider_args}; then echo "[PASS] Certificate creation successful" # Only call check_force_fail for wolfProvider operations, or when not in force fail mode if [[ "$req_provider_args" == *"libwolfprov"* ]] || [ "${WOLFPROV_FORCE_FAIL}" != "1" ]; then