Add ML-KEM and ML-DSA support #1379
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: tnftp Tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| build_wolfprovider: | |
| uses: ./.github/workflows/build-wolfprovider.yml | |
| with: | |
| wolfssl_ref: ${{ matrix.wolfssl_ref }} | |
| openssl_ref: ${{ matrix.openssl_ref }} | |
| fips_ref: ${{ matrix.fips_ref }} | |
| replace_default: ${{ matrix.replace_default }} | |
| strategy: | |
| matrix: | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| replace_default: [ true ] | |
| test_tnftp: | |
| runs-on: ubuntu-22.04 | |
| needs: build_wolfprovider | |
| container: | |
| image: debian:bookworm | |
| env: | |
| DEBIAN_FRONTEND: noninteractive | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 20 | |
| strategy: | |
| matrix: | |
| tnftp_ref: [ 'tnftp-20210827' ] | |
| wolfssl_ref: [ 'v5.8.4-stable' ] | |
| openssl_ref: [ 'openssl-3.5.4' ] | |
| fips_ref: [ 'FIPS', 'non-FIPS' ] | |
| force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] | |
| replace_default: [ true ] | |
| env: | |
| WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages | |
| OPENSSL_PACKAGES_PATH: /tmp/openssl-packages | |
| WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages | |
| steps: | |
| - name: Checkout wolfProvider | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 1 | |
| - name: Download packages from build job | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} | |
| path: /tmp | |
| - name: Install wolfSSL/OpenSSL/wolfprov packages | |
| run: | | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ | |
| ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb | |
| apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ | |
| ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb | |
| # Prevent later 'apt-get install' of test dependencies from | |
| # replacing the wolfprov-patched libssl3, which breaks | |
| # replace-default mode. | |
| apt-mark hold libssl3 libssl-dev openssl libwolfssl libwolfprov | |
| - name: Verify wolfProvider is properly installed | |
| run: | | |
| $GITHUB_WORKSPACE/scripts/verify-install.sh \ | |
| ${{ matrix.replace_default && '--replace-default' || '' }} \ | |
| ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} | |
| - name: Install dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y build-essential autoconf libtool pkg-config \ | |
| vsftpd wget libncurses5-dev libncursesw5-dev | |
| - name: Download and extract tnftp | |
| run: | | |
| # Fetch from the Debian source archive rather than ftp.netbsd.org | |
| # or its CDN; both of those rate-limit or time-out requests from | |
| # GitHub Actions egress. Debian mirrors the identical upstream | |
| # tarball under a slightly different filename, and deb.debian.org | |
| # is already the reliable source used by other workflows here. | |
| # Translate 'tnftp-<date>' ref to Debian's 'tnftp_<date>.orig'. | |
| ref="${{ matrix.tnftp_ref }}" | |
| version="${ref#tnftp-}" | |
| wget -4 "https://deb.debian.org/debian/pool/main/t/tnftp/tnftp_${version}.orig.tar.gz" \ | |
| -O "${ref}.tar.gz" | |
| tar xvf ${ref}.tar.gz | |
| cd ${ref} | |
| - name: Build and test tnftp | |
| working-directory: ${{ matrix.tnftp_ref }} | |
| shell: bash | |
| run: | | |
| set +o pipefail # ignore errors from make check | |
| export ${{ matrix.force_fail }} | |
| # Configure with OpenSSL | |
| ./configure | |
| # Build tnftp | |
| make -j | |
| # Run all tests and capture output | |
| { | |
| echo "Testing tnftp basic functionality..." | |
| # Test help command | |
| if ./src/tnftp -? 2>&1 | grep -q "usage:"; then | |
| echo "tnftp help command works" | |
| else | |
| echo "tnftp help command failed" | |
| exit 1 | |
| fi | |
| # Test that tnftp can start (even if it fails to connect) | |
| echo "Testing tnftp connection attempt..." | |
| timeout 10 ./src/tnftp -n 192.0.2.1 2>&1 | head -10 | |
| echo "tnftp can attempt connections" | |
| # Test SSL/TLS functionality | |
| echo "Testing SSL/TLS connection..." | |
| timeout 15 ./src/tnftp -n https://httpbin.org/get 2>&1 | |
| echo "SSL/TLS test completed" | |
| } 2>&1 | tee tnftp-test.log | |
| # Capture result and check for expected failure | |
| TEST_RESULT=$(grep -q "SSL context creation failed" tnftp-test.log && echo "1" || echo "0") | |
| $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tnftp |