Skip to content
Draft
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 3 additions & 11 deletions .github/workflows/openldap.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,9 +16,6 @@ jobs:
strategy:
matrix:
include:
- os: ubuntu-latest
openldap_ref: 'master'
use_container: true
- os: ubuntu-latest
openldap_ref: 'OPENLDAP_REL_ENG_2_5_13'
use_container: true
Expand Down Expand Up @@ -67,7 +64,6 @@ jobs:
sudo mkdir -p /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper /opt/nettle
sudo chown -R $USER:$USER /opt/gnutls /opt/wolfssl /opt/wolfssl-gnutls-wrapper /opt/nettle

# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
- name: Restore cached gnutls-wolfssl
id: cache-gnutls
uses: actions/cache@v4
Expand Down Expand Up @@ -108,7 +104,6 @@ jobs:
else
GNUTLS_INSTALL=/opt/gnutls WOLFSSL_INSTALL=/opt/wolfssl ./setup.sh
fi
# For native runner: also save to cache location
if [[ "${{ matrix.use_container }}" == "false" ]]; then
mkdir -p ~/cache
sudo cp -a /opt/gnutls ~/cache/
Expand Down Expand Up @@ -143,11 +138,8 @@ jobs:

- name: Build OpenLDAP at ${{ matrix.openldap_ref }}
run: |
git clone https://git.openldap.org/openldap/openldap.git
cd openldap
if [ "${{ matrix.openldap_ref }}" != "master" ]; then
git checkout ${{ matrix.openldap_ref }}
fi
git clone --depth 1 --branch "${{ matrix.openldap_ref }}" \
https://git.openldap.org/openldap/openldap.git
- name: Configure OpenLDAP
working-directory: openldap
run: |
Expand Down Expand Up @@ -196,7 +188,7 @@ jobs:
working-directory: openldap
run: |
make depend
make
make -j$(nproc)
- name: Test OpenLDAP
working-directory: openldap
run: |
Expand Down
7 changes: 2 additions & 5 deletions .github/workflows/samba-libs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,11 +76,8 @@ jobs:

- name: Clone Samba
run: |
git clone https://gitlab.com/samba-team/samba.git samba
cd samba
if [ "${{ matrix.samba_ref }}" != "master" ]; then
git checkout ${{ matrix.samba_ref }}
fi
git clone --depth=1 --branch "${{ matrix.samba_ref }}" \
https://gitlab.com/samba-team/samba.git

- name: Configure & build Samba-libs
working-directory: samba
Expand Down
14 changes: 10 additions & 4 deletions .github/workflows/wget.yml
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,6 @@ jobs:
libtasn1-bin libtasn1-6-dev libunistring-dev libp11-kit-dev libunbound-dev \
wget git flex autoconf-archive libhttp-daemon-perl

# ───────────── cache the wolfssl/gnutls tool-chain ─────────────
- name: Restore cached gnutls-wolfssl
id: cache-gnutls
uses: actions/cache@v4
Expand Down Expand Up @@ -174,6 +173,13 @@ jobs:
run: |
make -j $(nproc)
# Get python 3.11 for old versions of wget
- name: Cache pyenv Python 3.11.9
id: cache-pyenv
if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
uses: actions/cache@v4
with:
path: ~/.pyenv
key: pyenv-3.11.9-${{ matrix.os }}-${{ matrix.use_container }}
- name: Install pyenv dependencies
if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
run: |
Expand All @@ -183,7 +189,7 @@ jobs:
libncursesw5-dev xz-utils tk-dev libxml2-dev libxmlsec1-dev \
libffi-dev liblzma-dev
- name: Install pyenv
if: matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4'
if: (matrix.wget_ref == 'v1.21.3' || matrix.wget_ref == 'v1.21.4') && steps.cache-pyenv.outputs.cache-hit != 'true'
run: |
curl https://pyenv.run | bash
- name: Test wget
Expand All @@ -195,7 +201,7 @@ jobs:
export PATH="$PYENV_ROOT/bin:$PATH"
eval "$(pyenv init --path)"
eval "$(pyenv virtualenv-init -)"
pyenv install 3.11.9
pyenv install -s 3.11.9
pyenv global 3.11.9
python --version
fi
Expand All @@ -205,5 +211,5 @@ jobs:
export LD_LIBRARY_PATH=/opt/nettle/lib64:/opt/nettle/lib:/opt/gnutls/lib:/opt/wolfssl/lib:/opt/wolfssl-gnutls-wrapper/lib:$LD_LIBRARY_PATH
fi
export WGW_LOGGING=1
make check
make check -j"$(nproc)"
find . -name '*.log' | xargs grep wgw
2 changes: 1 addition & 1 deletion wolfssl-gnutls-wrapper/src/cipher.c
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ int wolfssl_cipher_setkey(void *_ctx, const void *key, size_t keysize)
}

#ifdef WOLFSSL_AES_XTS
if (ctx->mode == XTS && gnutls_fips140_mode_enabled()) {
if (ctx->mode == XTS) {
/* XTS has two AES keys that are no allowed to be the same. */
if (XMEMCMP(key, key + exp_key_size / 2, exp_key_size / 2) == 0) {
WGW_ERROR("XTS keys are the same");
Expand Down
20 changes: 11 additions & 9 deletions wolfssl-gnutls-wrapper/tests/test_aesxts.c
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@

#include <gnutls/crypto.h>
#include <stdlib.h>

#include "test_util.h"

Expand Down Expand Up @@ -97,15 +98,16 @@ static int test_aesxts(gnutls_cipher_algorithm_t cipher,
/* Copy plaintext to a non-const buffer for GnuTLS */
memcpy(plaintext, plaintext_data, sizeof(plaintext_data));

/* Try bad key - same data for both keys or key too small. */
ret = gnutls_cipher_init(&encrypt_handle, cipher, &bad_key, &iv);
if (gnutls_fips140_mode_enabled() && ret == 0) {
print_gnutls_error("initializing cipher with bad key", ret);
return 1;
}
if (!gnutls_fips140_mode_enabled() && ret != 0) {
print_gnutls_error("initializing cipher with bad key", ret);
return 1;
/* Try bad key - same data for both keys. The wolfSSL provider rejects
* identical XTS key halves in all modes; native GnuTLS/Nettle (used when
* GNUTLS_NO_PROVIDER=1) accepts them in non-FIPS mode, so only enforce the
* rejection when the provider is in use. */
if (!getenv("GNUTLS_NO_PROVIDER")) {
ret = gnutls_cipher_init(&encrypt_handle, cipher, &bad_key, &iv);
if (ret == 0) {
print_gnutls_error("initializing cipher with bad key", ret);
return 1;
}
}

/********** ENCRYPTION TEST **********/
Expand Down
Loading