use DHUK to wrap/unwrap seed value used for token #214
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: wolfPKCS11 NSS gtests | |
| on: | |
| push: | |
| branches: [ main, master, nss ] | |
| pull_request: | |
| branches: [ main, master, nss ] | |
| workflow_dispatch: | |
| env: | |
| NSPR_VERSION: NSPR_4_36_BRANCH | |
| NSS_VERSION: NSS_3_112_RTM | |
| WOLFSSL_VERSION: v5.8.0-stable | |
| #NSS_DEBUG_PKCS11_MODULE: wolfPKCS11 | |
| #NSPR_LOG_MODULES: all:5 | |
| #NSPR_LOG_FILE: /logs/nss.log | |
| #NSS_OUTPUT_FILE: /logs/stats.log | |
| #NSS_STRICT_NOFORK: 1 | |
| #NSS_DEBUG: all | |
| HOST: localhost | |
| DOMSUF: localdomain | |
| NSS_TESTS: ssl_gtests | |
| jobs: | |
| nss-test: | |
| runs-on: ubuntu-24.04 | |
| if: github.repository_owner == 'wolfssl' | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install system dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo DEBIAN_FRONTEND=noninteractive apt-get install -y \ | |
| mercurial \ | |
| python3 \ | |
| python-is-python3 \ | |
| python3-pip \ | |
| gyp \ | |
| ninja-build \ | |
| build-essential \ | |
| automake \ | |
| libtool \ | |
| git \ | |
| pkg-config \ | |
| poppler-utils \ | |
| wget \ | |
| enscript \ | |
| ghostscript \ | |
| gdb \ | |
| vim \ | |
| hexedit \ | |
| openssl \ | |
| ca-certificates | |
| - name: Cache NSPR | |
| id: cache-nspr | |
| uses: actions/cache@v4 | |
| with: | |
| path: nspr | |
| key: nspr-${{ env.NSPR_VERSION }} | |
| - name: Clone NSPR | |
| if: steps.cache-nspr.outputs.cache-hit != 'true' | |
| run: hg clone https://hg.mozilla.org/projects/nspr -r ${{ env.NSPR_VERSION }} | |
| - name: Cache NSS source and patches | |
| id: cache-nss-source | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| nss | |
| osp | |
| key: nss-source-fork | |
| - name: Clone NSS and apply wolfSSL patches | |
| if: steps.cache-nss-source.outputs.cache-hit != 'true' | |
| run: | | |
| # Clone official Mozilla NSS with specific tag | |
| hg clone https://hg.mozilla.org/projects/nss -r ${{ env.NSS_VERSION }} | |
| # Clone wolfSSL OSP repository for patches | |
| git clone https://github.com/wolfSSL/osp.git | |
| cd nss | |
| # Apply patches from wolfSSL/osp/nss directory | |
| echo "Applying wolfSSL NSS patches..." | |
| if [ -d "../osp/nss" ]; then | |
| for patch in ../osp/nss/*.patch; do | |
| if [ -f "$patch" ]; then | |
| echo "Applying patch: $(basename $patch)" | |
| patch -p1 < "$patch" || { | |
| echo "Warning: Patch $(basename $patch) failed to apply cleanly" | |
| echo "Attempting to apply with --reject-file option..." | |
| patch -p1 --reject-file=/tmp/$(basename $patch).rej < "$patch" || true | |
| } | |
| fi | |
| done | |
| else | |
| echo "No patches found in wolfSSL/osp/nss directory" | |
| fi | |
| - name: Cache NSS build | |
| id: cache-nss-build | |
| uses: actions/cache@v4 | |
| with: | |
| path: dist | |
| key: nss-fork-${{ env.NSS_VERSION }}-latest | |
| - name: Build NSS | |
| if: steps.cache-nss-build.outputs.cache-hit != 'true' | |
| working-directory: nss | |
| # Build NSS in release mode enabled (omit --opt to build in debug mode) | |
| run: ./build.sh -v --opt | |
| - name: Restore wolfSSL | |
| id: cache-wolfssl | |
| uses: actions/cache/restore@v4 | |
| with: | |
| path: build-dir | |
| key: wolfssl-${{ env.WOLFSSL_VERSION }} | |
| - name: Clone and Build wolfSSL | |
| uses: wolfSSL/actions-build-autotools-project@v1 | |
| if: steps.cache-wolfssl.outputs.cache-hit != 'true' | |
| with: | |
| repository: wolfssl/wolfssl | |
| ref: ${{ env.WOLFSSL_VERSION }} | |
| path: wolfssl | |
| configure: >- | |
| --enable-all --enable-aescfb --enable-rsapss | |
| --enable-keygen --enable-pwdbased --enable-scrypt --with-eccminsz=192 | |
| --with-max-rsa-bits=8192 --enable-rsapss | |
| CFLAGS="-DWOLFSSL_PUBLIC_MP -DWC_RSA_DIRECT -DRSA_MIN_SIZE=1024 -DWOLFSSL_PSS_LONG_SALT" | |
| install: true | |
| - name: Cache wolfSSL | |
| uses: actions/cache/save@v4 | |
| if: steps.cache-wolfssl.outputs.cache-hit != 'true' | |
| with: | |
| path: build-dir | |
| key: wolfssl-${{ env.WOLFSSL_VERSION }} | |
| - name: Build wolfPKCS11 | |
| uses: wolfSSL/actions-build-autotools-project@v1 | |
| with: | |
| path: wolfpkcs11 | |
| configure: >- | |
| --enable-nss --enable-rsa --enable-rsaoaep --enable-rsapss | |
| --enable-keygen --enable-ecc --enable-dh --enable-aes | |
| --enable-aeskeywrap --enable-aescbc --enable-aesgcm --enable-aesctr | |
| --enable-aesccm --enable-aesecb --enable-aescmac --enable-hmac | |
| --enable-md5 --enable-sha --enable-sha1 --enable-sha224 --enable-sha256 | |
| --enable-sha384 --enable-sha512 | |
| CFLAGS="-I$GITHUB_WORKSPACE/build-dir/include -L$GITHUB_WORKSPACE/build-dir/lib" | |
| install: true | |
| - name: Run NSS tests | |
| working-directory: nss/tests | |
| run: LD_LIBRARY_PATH=$GITHUB_WORKSPACE/build-dir/lib ./all.sh |