diff --git a/.github/workflows/cmdline.yml b/.github/workflows/cmdline.yml new file mode 100644 index 00000000..06646dc3 --- /dev/null +++ b/.github/workflows/cmdline.yml @@ -0,0 +1,60 @@ +name: Command Line Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + cmdtest_test: + name: Command line test + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + openssl_ref: [ 'master', 'openssl-3.5.0' ] + wolfssl_ref: [ 'master', 'v5.8.0-stable' ] + force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + debug: ['WOLFPROV_DEBUG=1', ''] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Checking wolfSSL/wolfProvider in cache + # Debug builds are not currently supported by build-wolfprovider.yml + # so those are manually built as a separate step. + if: ${{ matrix.debug == '' }} + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-install + wolfprov-install + openssl-install/lib64 + openssl-install/include + openssl-install/bin + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} + # Normally we would fail on cache miss, but we rebuild below + # for the DEBUG build. + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + # Only run the test for a cache miss. On hit, we've already run the test. + if: steps.wolfprov-cache-restore.cache-hit != 'true' + run: | + ${{ matrix.debug }} OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Run tests + run: | + ${{ matrix.force_fail }} ${{ matrix.debug }} ./scripts/cmd_test/do-cmd-tests.sh diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml index 63ed142f..959ee8cf 100644 --- a/.github/workflows/simple.yml +++ b/.github/workflows/simple.yml @@ -20,8 +20,19 @@ jobs: openssl_ref: ${{ matrix.openssl_ref }} strategy: matrix: - wolfssl_ref: [ 'master', 'v5.8.0-stable' ] - openssl_ref: [ 'master', 'openssl-3.5.0' ] + wolfssl_ref: [ + 'master', + 'v5.8.2-stable', + 'v5.8.0-stable'] + # Test against the newest of each minor version + openssl_ref: [ + 'openssl-3.5.2', + 'openssl-3.4.2', + 'openssl-3.3.4', + 'openssl-3.2.5', + 'openssl-3.1.8', + 'openssl-3.0.17'] + force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] debug: ['WOLFPROV_DEBUG=1', ''] simple_test: @@ -31,9 +42,20 @@ jobs: timeout-minutes: 20 strategy: matrix: - wolfssl_ref: [ 'master', 'v5.8.0-stable' ] - openssl_ref: [ 'master', 'openssl-3.5.0' ] + wolfssl_ref: [ + 'master', + 'v5.8.2-stable', + 'v5.8.0-stable'] + # Test against the newest of each minor version + openssl_ref: [ + 'openssl-3.5.2', + 'openssl-3.4.2', + 'openssl-3.3.4', + 'openssl-3.2.5', + 'openssl-3.1.8', + 'openssl-3.0.17'] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] + debug: ['WOLFPROV_DEBUG=1', ''] steps: - name: Checkout wolfProvider uses: actions/checkout@v4 @@ -55,16 +77,22 @@ jobs: openssl-install/bin key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }} - fail-on-cache-miss: true + # Normally we would fail on cache miss, but we rebuild below + # for the DEBUG build. + fail-on-cache-miss: false - - name: Build wolfProvider - if: ${{ matrix.debug != '' }} + - name: Build and test wolfProvider + # Only run the test for a cache miss. On hit, we've already run the test. + if: steps.wolfprov-cache-restore.cache-hit != 'true' run: | ${{ matrix.debug }} \ OPENSSL_TAG=${{ matrix.openssl_ref }} \ WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \ ./scripts/build-wolfprovider.sh - - name: Run simple tests + - name: Print errors + if: ${{ failure() }} run: | - ${{ matrix.force_fail }} ./scripts/cmd_test/do-cmd-tests.sh + if [ -f test-suite.log ] ; then + cat test-suite.log + fi diff --git a/test/test_hkdf.c b/test/test_hkdf.c index 76fff571..751fd478 100644 --- a/test/test_hkdf.c +++ b/test/test_hkdf.c @@ -109,56 +109,76 @@ static int test_hkdf_double_set_salt(OSSL_LIB_CTX* libCtx, unsigned char *key, ctx = EVP_PKEY_CTX_new_from_name(libCtx, "HKDF", NULL); if (ctx == NULL) { + PRINT_MSG("Failed to create HKDF context"); err = 1; } if (err == 0) { if (EVP_PKEY_derive_init(ctx) != 1) { + PRINT_MSG("Failed to init HKDF derive"); err = 1; } } if (err == 0) { if (EVP_PKEY_CTX_hkdf_mode(ctx, mode) != 1) { + PRINT_MSG("Failed to set HKDF mode"); err = 1; } } if (err == 0) { if (EVP_PKEY_CTX_set_hkdf_md(ctx, md) != 1) { + PRINT_MSG("Failed to set HKDF md"); err = 1; } } if (err == 0) { if (EVP_PKEY_CTX_set1_hkdf_key(ctx, inKey, sizeof(inKey)) != 1) { + PRINT_MSG("Failed to set HKDF key"); err = 1; } } if ((err == 0) && (mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)) { +#if OPENSSL_VERSION_NUMBER >= 0x30100000L && \ + OPENSSL_VERSION_NUMBER != 0x30200050L && \ + OPENSSL_VERSION_NUMBER != 0x30300040L if (EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, 0) != 1) { +#else + /* In 3.1.x, the following code was added to hkdf_common_set_ctx_params() + * if (p->data_size != 0 && p->data != NULL) { + * The above code is not present in 3.2.5 and 3.3.4. */ + if (EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, 0) != 0) { +#endif + PRINT_MSG("Failed to set HKDF salt to NULL"); err = 1; } } if ((err == 0) && (mode != EVP_PKEY_HKDEF_MODE_EXPAND_ONLY)) { if (EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)) != 1) { + PRINT_MSG("Failed to set HKDF salt"); err = 1; } } if ((err == 0) && (mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY)) { if (EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)) != 1) { + PRINT_MSG("Failed to set HKDF info"); err = 1; } } if (err == 0) { if (EVP_PKEY_derive(ctx, key, &len) != 1) { + PRINT_MSG("Failed to derive HKDF key"); err = 1; } } if ((err == 0) && (mode != EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY)) { if (len != (size_t)keyLen) { + PRINT_MSG("HKDF key length mismatch"); err = 1; } } else { if (len != (size_t)EVP_MD_size(md)) { + PRINT_MSG("HKDF key length mismatch for extract only"); err = 1; } } @@ -204,6 +224,7 @@ static int test_hkdf_md(const EVP_MD *md, int mode) memset(wKey, 0, sizeof(wKey)); if (err == 0) { + PRINT_MSG("Calc with OpenSSL"); err = test_hkdf_double_set_salt(osslLibCtx, oKey, sizeof(oKey), md, mode); if (err == 1) { PRINT_MSG("FAILED OpenSSL"); diff --git a/test/test_rsa.c b/test/test_rsa.c index d9ce8d14..a136c804 100644 --- a/test/test_rsa.c +++ b/test/test_rsa.c @@ -1170,7 +1170,7 @@ int test_rsa_fromdata(void* data) static const int selections[] = { EVP_PKEY_KEYPAIR, EVP_PKEY_PUBLIC_KEY, - EVP_PKEY_PRIVATE_KEY, + EVP_PKEY_PRIVATE_KEY, /* added in 3.0.12 and 3.1.4 */ }; /* Parameter data fields */