diff --git a/.github/packages/debian-wolfssl.tar.gz b/.github/packages/debian-wolfssl.tar.gz
new file mode 100644
index 00000000..f7373b5f
Binary files /dev/null and b/.github/packages/debian-wolfssl.tar.gz differ
diff --git a/.github/scripts/check-workflow-result.sh b/.github/scripts/check-workflow-result.sh
index 6642959b..1323bd5f 100755
--- a/.github/scripts/check-workflow-result.sh
+++ b/.github/scripts/check-workflow-result.sh
@@ -107,30 +107,41 @@ if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then
# Define expected failures
EXPECTED_FAILS="auth_token_testdriver crypto_testdriver pkt_testdriver tls_crypt_testdriver"
+
+ # This test may fail when replace-default is enabled
+ OPTIONAL_FAILS="provider_testdriver"
# Create temporary files for sorted lists
TEMP_DIR=$(mktemp -d)
ACTUAL_SORTED="${TEMP_DIR}/actual_sorted.txt"
EXPECTED_SORTED="${TEMP_DIR}/expected_sorted.txt"
+ OPTIONAL_SORTED="${TEMP_DIR}/optional_sorted.txt"
# Clean and sort both lists
echo "$ACTUAL_FAILS" | tr ' ' '\n' | grep -v '^$' | sort > "$ACTUAL_SORTED"
echo "$EXPECTED_FAILS" | tr ' ' '\n' | grep -v '^$' | sort > "$EXPECTED_SORTED"
-
+ echo "$OPTIONAL_FAILS" | tr ' ' '\n' | grep -v '^$' | sort > "$OPTIONAL_SORTED"
+
echo "DEBUG: Actual failed tests: $(tr '\n' ' ' < "$ACTUAL_SORTED")"
echo "DEBUG: Expected failed tests: $(tr '\n' ' ' < "$EXPECTED_SORTED")"
-
+ echo "DEBUG: Optional failed tests: $(tr '\n' ' ' < "$OPTIONAL_SORTED")"
+
# Find missing in actual (in expected but not in actual)
MISSING=$(comm -23 "$EXPECTED_SORTED" "$ACTUAL_SORTED" | tr '\n' ' ')
# Find extra in actual (in actual but not in expected)
EXTRA=$(comm -13 "$EXPECTED_SORTED" "$ACTUAL_SORTED" | tr '\n' ' ')
-
+ # Strip out optional failures
+ EXTRA=$(comm -23 "$EXTRA" "$OPTIONAL_SORTED" | tr '\n' ' ')
+ # List the optional failures
+ OPTIONAL_FAILS=$(comm -13 "$EXPECTED_SORTED" "$OPTIONAL_SORTED" | tr '\n' ' ')
+
# Clean up temporary files
rm -rf "$TEMP_DIR"
echo "Test(s) that should have failed: $MISSING"
echo "Test(s) that shouldn't have failed: $EXTRA"
-
+ echo "Test(s) that failed (optional): $OPTIONAL_FAILS"
+
if [ -z "$MISSING" ] && [ -z "$EXTRA" ]; then
echo "PASS: Actual failed tests match expected."
exit 0
diff --git a/.github/scripts/install-packages.sh b/.github/scripts/install-packages.sh
new file mode 100755
index 00000000..361fab40
--- /dev/null
+++ b/.github/scripts/install-packages.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+# install-packages.sh
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see .
+
+set -e
+
+echo "WolfSSL artifacts:"
+ls -la /tmp/wolfssl-artifacts || true
+echo "OpenSSL/wolfProvider artifacts:"
+ls -la /tmp/openssl-wolfprov-artifacts || true
+
+# Install wolfSSL first
+wolfssl_debs=$(ls -1 /tmp/wolfssl-artifacts/*.deb 2>/dev/null || true)
+if [ -n "$wolfssl_debs" ]; then
+ echo "Installing wolfSSL packages: $wolfssl_debs"
+ apt install -y $wolfssl_debs
+fi
+
+# Install OpenSSL packages (runtime + development headers)
+openssl_debs=$(ls -1 /tmp/openssl-wolfprov-artifacts/openssl_[0-9]*.deb 2>/dev/null || true)
+libssl3_debs=$(ls -1 /tmp/openssl-wolfprov-artifacts/libssl3_[0-9]*.deb 2>/dev/null || true)
+libssl_dev_debs=$(ls -1 /tmp/openssl-wolfprov-artifacts/libssl-dev_[0-9]*.deb 2>/dev/null || true)
+
+# Install in dependency order: libssl3 first, then openssl, then dev headers
+if [ -n "$libssl3_debs" ]; then
+ echo "Installing libssl3: $libssl3_debs"
+ apt install -y $libssl3_debs
+fi
+if [ -n "$openssl_debs" ]; then
+ echo "Installing openssl: $openssl_debs"
+ apt install -y $openssl_debs
+fi
+if [ -n "$libssl_dev_debs" ]; then
+ echo "Installing libssl-dev: $libssl_dev_debs"
+ apt install -y $libssl_dev_debs
+fi
+
+# Install wolfProvider main package only (no dev/debug needed for testing)
+wolfprov_main=$(ls -1 /tmp/openssl-wolfprov-artifacts/libwolfprov_[0-9]*.deb 2>/dev/null | head -n1 || true)
+
+if [ -z "$wolfprov_main" ]; then
+ echo "ERROR: libwolfprov main package not found in artifacts"
+ ls -la /tmp/openssl-wolfprov-artifacts
+ exit 1
+fi
+
+echo "Installing wolfProvider main package: $wolfprov_main"
+apt install -y "$wolfprov_main"
diff --git a/.github/scripts/pam-pkcs11-test.sh b/.github/scripts/pam-pkcs11-test.sh
index 4c5a53b1..8ea57e99 100755
--- a/.github/scripts/pam-pkcs11-test.sh
+++ b/.github/scripts/pam-pkcs11-test.sh
@@ -1,17 +1,12 @@
#!/bin/bash
set -euo pipefail
+set -x
-echo "[*] Setting up environment..."
-SCRIPT_PATH="$(cd "$(dirname "$0")" && pwd)/$(basename "$0")"
-REPO_ROOT=$(git -C "$(dirname "$SCRIPT_PATH")" rev-parse --show-toplevel)
-source $REPO_ROOT/scripts/env-setup || true
-
-if [[ -z "${OPENSSL_MODULES:-}" ]]; then
- echo "Environment not set up: OPENSSL_MODULES is not defined or empty"
- exit 1
-elif [[ ! -d "$OPENSSL_MODULES" ]]; then
- echo "Could not find wolfProvider at $OPENSSL_MODULES"
- echo "Please build it first..."
+# Confirm wolfProvider is configured by running openssl list -providers
+if openssl list -providers | grep -qi wolf; then
+ echo "wolfProvider is configured"
+else
+ echo "wolfProvider is not configured"
exit 1
fi
diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml
index a247c132..e37eb4dc 100644
--- a/.github/workflows/bind9.yml
+++ b/.github/workflows/bind9.yml
@@ -18,13 +18,19 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_bind:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
@@ -32,38 +38,58 @@ jobs:
fail-fast: false
matrix:
bind_ref: [ 'v9.18.28' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install bind9 test dependencies
run: |
- export DEBIAN_FRONTEND=noninteractive
- sudo apt-get update
- sudo apt install -y build-essential automake libtool gnutls-bin \
- pkg-config make libidn2-dev libuv1-dev libnghttp2-dev libcap-dev \
- libjemalloc-dev zlib1g-dev libxml2-dev libjson-c-dev libcmocka-dev \
- python3-pytest python3-dnspython python3-hypothesis
- sudo PERL_MM_USE_DEFAULT=1 cpan -i Net::DNS
+ apt-get update
+ apt install -y build-essential automake libtool gnutls-bin \
+ pkg-config make libidn2-dev libuv1-dev libnghttp2-dev libcap-dev \
+ libjemalloc-dev zlib1g-dev libxml2-dev libjson-c-dev libcmocka-dev \
+ python3-pytest python3-dnspython python3-hypothesis patch iproute2 \
+ net-tools git
+ PERL_MM_USE_DEFAULT=1 cpan -i Net::DNS
- name: Checkout bind9
uses: actions/checkout@v4
@@ -85,15 +111,14 @@ jobs:
- name: Build and test bind9 with wolfProvider
working-directory: bind9
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
-
+ set +o pipefail # ignore errors from make check
autoreconf -ivf
./configure
make clean
make -j$(nproc)
- sudo ./bin/tests/system/ifconfig.sh up
+ ./bin/tests/system/ifconfig.sh up
export ${{ matrix.force_fail }}
make -j$(nproc) check 2>&1 | tee bind9-test.log
diff --git a/.github/workflows/build-wolfprovider.yml b/.github/workflows/build-wolfprovider.yml
index 1f315eef..f2316da3 100644
--- a/.github/workflows/build-wolfprovider.yml
+++ b/.github/workflows/build-wolfprovider.yml
@@ -9,100 +9,209 @@ on:
openssl_ref:
required: true
type: string
- outputs:
- cache_key:
- description: "Cache key for the build artifacts"
- value: ${{ jobs.build_wolfprovider_common.outputs.cache_key }}
+ replace_default:
+ required: false
+ type: boolean
+ default: false
jobs:
build_wolfprovider_common:
name: Build wolfProvider
runs-on: ubuntu-22.04
+ # Run inside Debian Bookworm to match packaging environment
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
timeout-minutes: 20
- outputs:
- cache_key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }}
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ # Install git prior to cloning to ensure we have the full repo
+ # TODO: create a docker with these pre-installed
+ - name: Install common dependencies
+ run: |
+ apt-get update && apt-get install -y --no-install-recommends \
+ build-essential \
+ ccache \
+ devscripts \
+ debhelper \
+ dh-autoreconf \
+ libtool \
+ pkg-config \
+ git \
+ wget \
+ curl \
+ ca-certificates \
+ openssl \
+ dpkg-dev \
+ lintian \
+ fakeroot \
+ dh-exec \
+ equivs \
+ expect \
+ xxd
+
+ # Experimental: use ccache
+ - name: Setup ccache
+ uses: hendrikmuhs/ccache-action@v1.2
+ id: cc
+ with:
+ create-symlink: true
+
+ - name: Setup ccache environment variables
+ run: |
+ echo CC=ccache\ gcc >> "$GITHUB_ENV"
+ echo CXX=ccache\ g++ >> "$GITHUB_ENV"
+ echo CCACHE_BASEDIR=${GITHUB_WORKSPACE} >> "$GITHUB_ENV"
+ echo CCACHE_NOHASHDIR=true >> "$GITHUB_ENV"
+ echo CCACHE_COMPILERCHECK=content >> "$GITHUB_ENV"
+ echo "CCACHE_DIR=${XDG_CACHE_HOME:-$HOME/.cache}/ccache" >> "$GITHUB_ENV"
+ mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/ccache"
+
+ - name: Sanity check ccache routing
+ run: |
+ set -x
+ which -a gcc || true
+ gcc --version | head -1
+ ccache --zero-stats
+ printf 'int main(){return 0;}\n' > t.c
+ $CC -c t.c
+ ccache -s
+
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
+ fetch-tags: true
- - name: Get OpenSSL commit hash
- id: openssl-ref
+ # Avoid "detected dubious ownership" warning
+ - name: Ensure the working directory safe
run: |
- sha=$(./scripts/resolve-ref.sh "${{ inputs.openssl_ref }}" "openssl/openssl")
- echo "ref=$sha" >> "$GITHUB_OUTPUT"
- env:
- # Used token to bypass rate limits
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
- - name: Get WolfSSL commit hash
- id: wolfssl-ref
+ git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+ # When running on a fork the upstream tags are not present, so fetch them explicitly
+ - name: Fetch tags from upstream(for Debian versioning)
run: |
- sha=$(./scripts/resolve-ref.sh "${{ inputs.wolfssl_ref }}" "wolfssl/wolfssl")
- echo "ref=$sha" >> "$GITHUB_OUTPUT"
- env:
- # Used token to bypass rate limits
- GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
- # Look for a cached version of OpenSSL
- - name: Checking OpenSSL in cache
- uses: actions/cache/restore@v4
- id: openssl-cache
- with:
- path: |
- openssl-install
- key: ossl-depends-${{ steps.openssl-ref.outputs.ref }}
- lookup-only: false
+ git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
+ git fetch upstream --tags --no-recurse-submodules
+
+ # - name: Restore wolfSSL packages
+ # uses: actions/cache@v4
+ # id: wolfssl_cache
+ # with:
+ # path: |
+ # ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+ # ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
+ # ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
+ # key: wolfssl-debian-packages-${{ inputs.wolfssl_ref }}
+
+ # - name: Install wolfSSL packages from cache
+ # if: steps.wolfssl_cache.outputs.cache-hit == 'true'
+ # run: |
+ # printf "Installing wolfSSL packages from cache:\n"
+ # ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ # apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
+
+ # # TODO: roll this step into utils-wolfssl.sh
+ # # TODO: specify tag below
+ # - name: Build wolfSSL packages and install
+ # # if: steps.wolfssl_cache.outputs.cache-hit != 'true'
+ # run: |
+ # # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
+ # $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }}
- # Look for a cached version of WolfSSL
- - name: Checking WolfSSL in cache
- uses: actions/cache/restore@v4
- id: wolfssl-cache
+ # Unpack and install wolfSSL packages
+ - name: Unpack and install wolfSSL packages
+ run: |
+ mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
+ tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }}
+ mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }}
+ apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+
+ # Check for cached OpenSSL packages
+ - name: Checking OpenSSL packages in cache
+ uses: actions/cache@v4
+ id: openssl_cache
+ continue-on-error: true
with:
path: |
- wolfssl-install
- key: wolfssl-depends-${{ steps.wolfssl-ref.outputs.ref }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ key: openssl-debian-packages-${{ inputs.openssl_ref }}${{ inputs.replace_default && '-replace-default' || '' }}
lookup-only: false
+ # Install OpenSSL packages from cache if available
+ - name: Install OpenSSL packages from cache
+ if: steps.openssl_cache.outputs.cache-hit == 'true'
+ run: |
+ printf "Installing OpenSSL packages from cache:\n"
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
- name: Build wolfProvider
run: |
- OPENSSL_TAG=${{ inputs.openssl_ref }} WOLFSSL_TAG=${{ inputs.wolfssl_ref }} ./scripts/build-wolfprovider.sh
+ WOLFSSL_TAG=${{ inputs.wolfssl_ref }} OPENSSL_TAG=${{ inputs.openssl_ref }} \
+ yes "Y" | $GITHUB_WORKSPACE/scripts/build-wolfprovider.sh --debian \
+ ${{ inputs.replace_default && '--replace-default' || '' }}
- # Save the wolfProvider outputs for use by the parent jobs.
- # Note that we don't try to restore since it will likely always
- # be a cache miss.
- - name: Save wolfProvider into cache
- uses: actions/cache/save@v4
- with:
- path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }}-${{ github.sha }}
-
- # If openssl cache miss, save it to the cache
- - name: Save OpenSSL into cache
- if: steps.openssl-cache.outputs.cache-hit != 'true'
+ - name: Setup packages directory
+ run: |
+ mkdir -p ${{ env.OPENSSL_PACKAGES_PATH }}
+ cp $GITHUB_WORKSPACE/../openssl*.deb ${{ env.OPENSSL_PACKAGES_PATH }}
+ cp $GITHUB_WORKSPACE/../libssl*.deb ${{ env.OPENSSL_PACKAGES_PATH }}
+
+ mkdir -p ${{ env.WOLFPROV_PACKAGES_PATH }}
+ cp $GITHUB_WORKSPACE/../libwolfprov*.deb ${{ env.WOLFPROV_PACKAGES_PATH }}
+ cp $GITHUB_WORKSPACE/../libwolfprov*.dsc ${{ env.WOLFPROV_PACKAGES_PATH }}
+ cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ printf "Listing packages directory:\n"
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+
+ - name: Save to cache
uses: actions/cache/save@v4
- with:
+ continue-on-error: true
+ with:
path: |
- openssl-install
- key: ossl-depends-${{ steps.openssl-ref.outputs.ref }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
- - name: Save WolfSSL into cache
- if: steps.wolfssl-cache.outputs.cache-hit != 'true'
- uses: actions/cache/save@v4
- with:
+ # Save all packages in a single artifact for consumers
+ # TODO: support debug builds
+ - name: Upload wolfProvider artifacts
+ uses: actions/upload-artifact@v4
+ continue-on-error: true
+ with:
+ name: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }}
path: |
- wolfssl-install
- key: wolfssl-depends-${{ steps.wolfssl-ref.outputs.ref }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
+ ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb
+ ${{ env.OPENSSL_PACKAGES_PATH }}/*.dsc
+ ${{ env.OPENSSL_PACKAGES_PATH }}/*.tar.gz
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/*.deb
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/*.dsc
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/*.tar.gz
+ retention-days: 1
+
+ # TODO: upload wolfSSL artifacts, after building
+ # - name: Upload wolfSSL artifacts
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: wolfssl-debian-packages-${{ inputs.wolfssl_ref }}
+ # path: |
+ # ${{ env.WOLFPROV_PACKAGES_PATH }}/*wolfssl*.deb
+ # ${{ env.WOLFPROV_PACKAGES_PATH }}/*wolfssl*.dsc
+ # ${{ env.WOLFPROV_PACKAGES_PATH }}/*wolfssl*.tar.gz
+ # retention-days: 1
- - name: Print errors
- if: ${{ failure() }}
- run: |
- if [ -f test-suite.log ] ; then
- cat test-suite.log
- fi
diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml
index 98b1ea67..7463248f 100644
--- a/.github/workflows/cjose.yml
+++ b/.github/workflows/cjose.yml
@@ -18,45 +18,82 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_cjose:
runs-on: ubuntu-22.04
needs: build_wolfprovider
+ # Run inside Debian Bookworm to match packaging environment
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- cjose_ref: [ 'master', 'v0.6.2.1' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ # Dont test osp master since it might be unstable
+ cjose_ref: [ 'v0.6.2.1' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Install cjose dependencies
+ run: |
+ apt-get update
+ apt-get install -y git build-essential autoconf automake \
+ libtool pkg-config libjansson-dev check ca-certificates dpkg-dev
+
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
- id: wolfprov-cache-restore
+ id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install cjose dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get install -y libjansson-dev check
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+
+
+ - name: Check wolfProvider is installed
+ run: |
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
- name: Download cjose
uses: actions/checkout@v4
@@ -69,8 +106,7 @@ jobs:
- name: Build cjose
working-directory: cjose
run: |
- # Configure with OpenSSL
- ./configure CFLAGS="-Wno-error=deprecated-declarations" --with-openssl=$GITHUB_WORKSPACE/openssl-install
+ ./configure CFLAGS="-Wno-error=deprecated-declarations"
# Build cjose
make
@@ -78,13 +114,13 @@ jobs:
- name: Run cjose tests
working-directory: cjose
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ # wolfProvider is already loaded as the default provider
+ echo "Current OpenSSL providers:"
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
export ${{ matrix.force_fail }}
- # Run tests
- make test || true
-
- # Capture result
- TEST_RESULT=$(tail -1 ./test/check_cjose.log | grep PASS; echo $?)
+ make test 2>&1 | tee cjose-test.log
+ TEST_RESULT=$(grep -q "FAIL: check_cjose" cjose-test.log && echo "1" || echo "0")
+ echo "TEST_RESULT = $TEST_RESULT"
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cjose
diff --git a/.github/workflows/cmdline.yml b/.github/workflows/cmdline.yml
index 06646dc3..959c3c37 100644
--- a/.github/workflows/cmdline.yml
+++ b/.github/workflows/cmdline.yml
@@ -20,7 +20,7 @@ jobs:
strategy:
matrix:
openssl_ref: [ 'master', 'openssl-3.5.0' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
debug: ['WOLFPROV_DEBUG=1', '']
steps:
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index 204eaa6a..8647e7c4 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -18,49 +18,76 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_curl:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- curl_ref: [ 'master', 'curl-8_4_0', 'curl-7_88_1' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ curl_ref: [ 'curl-8_4_0', 'curl-7_88_1' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
exclude:
- curl_ref: 'master'
force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install nghttp2 libpsl5 libpsl-dev python3-impacket
+ apt-get update
+ apt-get install -y nghttp2 libpsl5 libpsl-dev python3-impacket \
+ build-essential autoconf automake libtool
- name: Build curl
uses: wolfSSL/actions-build-autotools-project@v1
@@ -81,12 +108,15 @@ jobs:
fi
- name: Test curl with wolfProvider
working-directory: curl
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
export CURL_REF=${{ matrix.curl_ref }}
+ # Tests rely on $USER being set
+ export USER=testuser
+
# Run tests and save output to test.log
make -j$(nproc) test-ci 2>&1 | tee curl-test.log
# Capture the test result using PIPESTATUS (Bash only)
diff --git a/.github/workflows/debian-package.yml b/.github/workflows/debian-package.yml
index 06c98381..747a17ef 100644
--- a/.github/workflows/debian-package.yml
+++ b/.github/workflows/debian-package.yml
@@ -1,475 +1,322 @@
name: Debian Package Test
+# START OF COMMON SECTION
on:
push:
- branches: [ master ]
+ branches: [ '**' ] # 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
-env:
- WOLFSSL_VERSION: master # Can be changed to specific tag like v5.6.4
-
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+# END OF COMMON SECTION
+
jobs:
+ build_wolfprovider:
+ uses: ./.github/workflows/build-wolfprovider.yml
+ with:
+ wolfssl_ref: ${{ matrix.wolfssl_ref }}
+ openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
+ strategy:
+ matrix:
+ # Test 5.8.2 since our .deb is based on that version
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+
libwolfprov-standalone:
runs-on: ubuntu-22.04
- # Important: use Debian Bookworm for compatibility
+ needs: build_wolfprovider
+ # Run inside Debian Bookworm to match packaging environment
container:
- image: debian:bookworm # or debian:bookworm-slim
+ image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
+ # This should be a safe limit for the tests to run.
+ timeout-minutes: 20
strategy:
matrix:
- debug_flag: [ '', '--debug' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Set up environment
- run: |
- # Update package lists
- apt-get update
- # Install build dependencies
- apt-get install -y \
- build-essential \
- devscripts \
- debhelper \
- dh-autoreconf \
- libtool \
- pkg-config \
- git \
- wget \
- curl \
- ca-certificates \
- openssl \
- dpkg-dev \
- lintian \
- fakeroot \
- dh-exec\
- equivs
- # Install additional tools for testing
- apt-get install -y \
- expect \
- xxd
-
- # Avoid "detected dubious ownership" warning
- - name: Ensure the working directory safe
- run: |
- git config --global --add safe.directory "$GITHUB_WORKSPACE"
-
- - name: Checkout wolfProvider
- uses: actions/checkout@v4
- with:
- fetch-depth: 1
- - run: |
- # Fetch tags, needed for the Debian versioning
- git fetch --tags
- # List all tags
- git tag -l
-
- # Cache wolfSSL to speed up builds:
- # - Git repository cache: Avoids re-cloning wolfSSL repo
- # - Complete build cache: Includes source, built packages, and artifacts
- # Cache keys include script hash to invalidate when install script changes
- - name: Cache wolfSSL git repository
- uses: actions/cache@v4
- with:
- path: /tmp/wolfssl-pkg/wolfssl/.git
- key: wolfssl-git-${{ env.WOLFSSL_VERSION }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-${{ github.sha }}
- restore-keys: |
- wolfssl-git-${{ env.WOLFSSL_VERSION }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-
- wolfssl-git-${{ env.WOLFSSL_VERSION }}-
-
- - name: Cache wolfSSL source and build
- uses: actions/cache@v4
- with:
- path: |
- /tmp/wolfssl-pkg/wolfssl
- /tmp/wolfssl-pkg/*.deb
- /tmp/wolfssl-pkg/*.dsc
- /tmp/wolfssl-pkg/*.tar.gz
- key: wolfssl-complete-${{ env.WOLFSSL_VERSION }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-${{ github.sha }}
- restore-keys: |
- wolfssl-complete-${{ env.WOLFSSL_VERSION }}-${{ hashFiles('wolfProvider/debian/install-wolfssl.sh') }}-
-
- - name: Install wolfssl debian package
- run: |
- mkdir -p "/tmp/wolfssl-pkg"
- cd "/tmp/wolfssl-pkg"
-
- # Check if cached packages exist
- if ls *.deb 1> /dev/null 2>&1; then
- echo "Found cached wolfSSL packages, installing them..."
- dpkg -i *.deb || apt-get install -f -y
- else
- echo "No cached packages found, building from source..."
- # Install wolfssl packages with specified version
- chmod +x $GITHUB_WORKSPACE/debian/install-wolfssl.sh
- if [ "$WOLFSSL_VERSION" != "master" ]; then
- $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag "$WOLFSSL_VERSION" "/tmp/wolfssl-pkg"
+ - name: Checkout wolfProvider
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 1
+
+ - name: Checking OpenSSL/wolfProvider packages in cache
+ uses: actions/cache/restore@v4
+ id: wolfprov-cache
+ with:
+ path: |
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
+ fail-on-cache-miss: true
+
+ - name: Install package without custom openssl
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt-get update && \
+ apt install --reinstall -y openssl libssl3
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Verify installation
+ run: |
+ echo "Package Installation Verification:"
+ dpkg -l | grep libwolfprov
+ dpkg -L libwolfprov
+
+ - name: Test OpenSSL provider functionality
+ run: |
+ PROVIDER_CONF="/usr/lib/ssl/openssl.cnf.d/wolfprovider.conf"
+ PROVIDER_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
+
+ # Temporarily move wolfprovider config so we can toggle between providers
+ echo "Temporarily disabling wolfprovider for default provider tests:"
+ mkdir -p /tmp/openssl-test
+ if [ -f $PROVIDER_CONF ]; then
+ mv $PROVIDER_CONF $PROVIDER_CONF_BACKUP
+ echo " - Moved $PROVIDER_CONF to $PROVIDER_CONF_BACKUP"
else
- $GITHUB_WORKSPACE/debian/install-wolfssl.sh "/tmp/wolfssl-pkg"
+ echo "$PROVIDER_CONF not found!"
+ exit 1
fi
- fi
-
- # Create wolfprov-packages directory and move wolfssl files there
- mkdir -p "/tmp/wolfprov-packages"
- echo "Moving wolfssl files to artifacts directory..."
-
- # Copy all wolfssl-related files (source and binary packages)
- find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.deb" -exec cp {} /tmp/wolfprov-packages/ \;
- find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.dsc" -exec cp {} /tmp/wolfprov-packages/ \;
- find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.tar.gz" -exec cp {} /tmp/wolfprov-packages/ \;
- find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.orig.tar.gz" -exec cp {} /tmp/wolfprov-packages/ \;
-
- echo "WolfSSL files in artifacts directory:"
- ls -la /tmp/wolfprov-packages/*wolfssl* || true
-
- - name: Build Debian package
- run: |
- # Bypass the warning prompt with 'yes Y'
- yes Y | ./scripts/build-wolfprovider.sh --debian ${{ matrix.debug_flag }}
-
- # List generated packages
- echo "Generated Packages:"
- ls -la ../*.deb ../*.dsc ../*.tar.gz || true
-
- - name: Install package without custom openssl
- run: |
- # Find the package file
- PACKAGE_FILE=$(find ../ -name "libwolfprov_*.deb" | head -n1)
- if [ -z "$PACKAGE_FILE" ]; then
- echo "No package file found!"
- ls -la ../
- exit 1
- fi
-
- echo "Installing package: $PACKAGE_FILE and dependencies"
- apt install -y ./"$PACKAGE_FILE"
-
- # Verify installation
- echo "Package Installation Verification:"
- dpkg -l | grep libwolfprov
- dpkg -L libwolfprov
-
- - name: Test OpenSSL provider functionality
- run: |
- PROVIDER_CONF="/usr/lib/ssl/openssl.cnf.d/wolfprovider.conf"
- PROVIDER_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
-
- # Temporarily move wolfprovider config so we can toggle between providers
- echo "Temporarily disabling wolfprovider for default provider tests:"
- mkdir -p /tmp/openssl-test
- if [ -f $PROVIDER_CONF ]; then
- mv $PROVIDER_CONF $PROVIDER_CONF_BACKUP
- echo " - Moved $PROVIDER_CONF to $PROVIDER_CONF_BACKUP"
- else
- echo "$PROVIDER_CONF not found!"
- exit 1
- fi
-
- # Run the do-cmd-test.sh script to execute interoperability tests
- echo "Running OpenSSL provider interoperability tests..."
- OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh
-
- # Restore wolfprovider configuration
- echo "Restoring wolfprovider configuration:"
- if [ -f $PROVIDER_CONF_BACKUP ]; then
- mv $PROVIDER_CONF_BACKUP $PROVIDER_CONF
- echo " - Restored $PROVIDER_CONF from $PROVIDER_CONF_BACKUP"
- fi
-
- echo "PASS: All provider interoperability tests successful"
-
- - name: Uninstall package and verify cleanup
- run: |
- # Uninstall the package
- apt-get remove --purge -y libwolfprov
-
- # Verify the package is removed
- if dpkg -l | grep -q libwolfprov; then
- echo "Package still installed after removal"
- dpkg -l | grep libwolfprov
- exit 1
- else
- echo "Package successfully removed"
- fi
-
- # Check if the config file is removed
- if [ -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf ]; then
- echo "wolfprovider.conf still exists after package removal"
- ls -la /usr/lib/ssl/openssl.cnf.d/
- exit 1
- else
- echo "wolfprovider.conf successfully removed"
- fi
-
- # Check if the library files are removed
- if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then
- echo "libwolfprov.so still exists after package removal"
- find /usr/lib -name "libwolfprov.so*" 2>/dev/null || true
- exit 1
- else
- echo "libwolfprov.so successfully removed"
- fi
-
- # Verify default OpenSSL provider is active
- echo "Verifying Default Provider is Active:"
- openssl list -providers
-
- # Verify that the default provider is present and active
- echo "Checking default provider status:"
- if openssl list -providers | grep -q "default" && \
- openssl list -providers | grep -q "OpenSSL Default Provider" && \
- openssl list -providers | grep -q "status: active"; then
- echo "Default provider is present and active"
- else
- echo "Default provider verification failed"
- echo "Provider output:"
+
+ # Run the do-cmd-test.sh script to execute interoperability tests
+ echo "Running OpenSSL provider interoperability tests..."
+ OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh
+
+ # Restore wolfprovider configuration
+ echo "Restoring wolfprovider configuration:"
+ if [ -f $PROVIDER_CONF_BACKUP ]; then
+ mv $PROVIDER_CONF_BACKUP $PROVIDER_CONF
+ echo " - Restored $PROVIDER_CONF from $PROVIDER_CONF_BACKUP"
+ fi
+
+ echo "PASS: All provider interoperability tests successful"
+
+ - name: Uninstall package and verify cleanup
+ run: |
+ # Uninstall the package
+ apt-get remove --purge -y libwolfprov
+
+ # Verify the package is removed
+ if dpkg -l | grep -q libwolfprov; then
+ echo "Package still installed after removal"
+ dpkg -l | grep libwolfprov
+ exit 1
+ else
+ echo "Package successfully removed"
+ fi
+
+ # Check if the config file is removed
+ if [ -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf ]; then
+ echo "wolfprovider.conf still exists after package removal"
+ ls -la /usr/lib/ssl/openssl.cnf.d/
+ exit 1
+ else
+ echo "wolfprovider.conf successfully removed"
+ fi
+
+ # Check if the library files are removed
+ if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then
+ echo "libwolfprov.so still exists after package removal"
+ find /usr/lib -name "libwolfprov.so*" 2>/dev/null || true
+ exit 1
+ else
+ echo "libwolfprov.so successfully removed"
+ fi
+
+ # Verify default OpenSSL provider is active
+ echo "Verifying Default Provider is Active:"
openssl list -providers
- exit 1
- fi
-
- echo "Package uninstallation and cleanup verification successful"
-
- - name: Move package artifacts
- run: |
- # Create a clean artifacts directory
- mkdir -p "/tmp/wolfprov-packages"
- # Move the generated packages to the artifacts directory
- mv ../*.deb /tmp/wolfprov-packages/ || true
- mv ../*.dsc /tmp/wolfprov-packages/ || true
- mv ../*.tar.gz /tmp/wolfprov-packages/ || true
-
- # Save the build outputs which for use in release packages
- - name: Upload package artifacts
- if: always()
- uses: actions/upload-artifact@v4
- with:
- name: wolfprovider-debian-packages${{ matrix.debug_flag }}
- path: |
- /tmp/wolfprov-packages/*.deb
- /tmp/wolfprov-packages/*.dsc
- /tmp/wolfprov-packages/*.tar.gz
- retention-days: 2
+
+ # Verify that the default provider is present and active
+ echo "Checking default provider status:"
+ if openssl list -providers | grep -q "default" && \
+ openssl list -providers | grep -q "OpenSSL Default Provider" && \
+ openssl list -providers | grep -q "status: active"; then
+ echo "Default provider is present and active"
+ else
+ echo "Default provider verification failed"
+ echo "Provider output:"
+ openssl list -providers
+ exit 1
+ fi
+
+ echo "Package uninstallation and cleanup verification successful"
+
libwolfprov-with-openssl:
runs-on: ubuntu-22.04
- needs: libwolfprov-standalone
+ needs: build_wolfprovider
+ # Run inside Debian Bookworm to match packaging environment
container:
image: debian:bookworm
env:
DEBIAN_FRONTEND: noninteractive
+ # This should be a safe limit for the tests to run.
+ timeout-minutes: 20
+ strategy:
+ matrix:
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Download artifacts from previous job
- uses: actions/download-artifact@v4
- with:
- name: wolfprovider-debian-packages
- path: /tmp/artifacts
-
- - name: Set up environment
- run: |
- # Update package lists
- apt-get update
- # Install build dependencies
- apt-get install -y \
- build-essential \
- devscripts \
- debhelper \
- dh-autoreconf \
- libtool \
- pkg-config \
- git \
- wget \
- curl \
- ca-certificates \
- openssl \
- dpkg-dev \
- lintian \
- fakeroot \
- dh-exec\
- equivs
- # Install additional tools for testing
- apt-get install -y \
- expect \
- xxd
-
- - name: Unpack artifacts
- run: |
- echo "Downloaded artifacts:"
- ls -la /tmp/artifacts/
-
- # Create working directory
- mkdir -p /tmp/test-installation
- cd /tmp/test-installation
-
- # Copy all artifacts to working directory
- cp /tmp/artifacts/* ./
-
- echo "Unpacked artifacts in working directory:"
- ls -la
-
- - name: Remove packages needed for artifact retrieval
- run: |
- # Remove packages that were needed for artifact download but shouldn't interfere with testing
- apt-get remove -y wget curl ca-certificates || true
- apt-get autoremove -y
-
- - name: Install libwolfssl and openssl packages
- run: |
- cd /tmp/test-installation
-
- # Find and install libwolfssl packages
- wolfssl_debs=$(find . -name "*libwolfssl*.deb")
- echo "Installing libwolfssl packages: $wolfssl_debs"
- if [ -n "$wolfssl_debs" ]; then
- apt install -y $wolfssl_debs
- fi
-
- # Find and install openssl packages
- openssl_debs=$(find . -name "*openssl*.deb")
- libssl3_debs=$(find . -name "*libssl3*.deb")
- echo "Installing openssl packages: $openssl_debs $libssl3_debs"
- if [ -n "$openssl_debs" ] || [ -n "$libssl3_debs" ]; then
- apt install -y $openssl_debs $libssl3_debs
- fi
-
- echo "Installed packages:"
- dpkg -l | grep -E "(wolfssl|openssl|libssl)"
-
- - name: Show OpenSSL version
- run: |
- echo "OpenSSL version:"
- openssl version -a || true
-
- - name: Test OpenSSL providers before wolfprov installation
- run: |
- echo "Testing OpenSSL providers before wolfprov installation..."
- echo "Expected: This should work normally with default providers"
-
- # Test openssl list -providers
- if openssl list -providers; then
- echo "SUCCESS: openssl list -providers works before wolfprov installation"
- else
- echo "FAILURE: openssl list -providers failed before wolfprov installation"
- exit 1
- fi
-
- echo "Provider list before wolfprov installation:"
- openssl list -providers
-
- - name: Install libwolfprov package
- run: |
- cd /tmp/test-installation
-
- # Find and install libwolfprov package
- wolfprov_debs=$(find . -name "*libwolfprov*.deb" | head -n1)
- echo "Installing libwolfprov package: $wolfprov_debs"
-
- if [ -z "$wolfprov_debs" ]; then
- echo "ERROR: No libwolfprov package found!"
- ls -la
- exit 1
- fi
-
- echo "Installing: $wolfprov_debs"
- apt install -y ./"$wolfprov_debs"
-
- echo "Installed packages after wolfprov:"
- dpkg -l | grep -E "(wolfprov|wolfssl|openssl|libssl)"
-
- - name: Test OpenSSL providers after wolfprov installation
- run: |
- echo "Testing OpenSSL providers after wolfprov installation..."
- echo "Expected: This should show wolfprov as an available provider"
-
- # Test openssl list -providers
- if openssl list -providers; then
- echo "SUCCESS: openssl list -providers works after wolfprov installation"
- else
- echo "FAILURE: openssl list -providers failed after wolfprov installation"
- exit 1
- fi
-
- echo "Provider list after wolfprov installation:"
- openssl list -providers
-
- # Check if wolfprov provider is available
- if openssl list -providers | grep -i "wolfprov"; then
- echo "SUCCESS: wolfprov provider is available"
- else
- echo "WARNING: wolfprov provider not found in provider list"
- echo "This might be expected if the provider needs to be explicitly loaded"
- fi
-
- - name: Verify wolfprov configuration
- run: |
- echo "Verifying wolfprov configuration..."
-
- # Check if configuration file exists
- if [ -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf ]; then
- echo "SUCCESS: wolfprovider.conf exists"
- cat /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf
- else
- echo "WARNING: wolfprovider.conf not found"
- fi
-
- # Check if library file exists
- if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then
- echo "SUCCESS: libwolfprov.so exists"
- find /usr/lib -name "libwolfprov.so*" 2>/dev/null
- else
- echo "WARNING: libwolfprov.so not found"
- fi
-
- - name: Test basic OpenSSL functionality (digests, AES, ECDH, ECC)
- shell: bash
- run: |
- set -e
- echo "Testing OpenSSL digests..."
- echo "test" | openssl dgst -sha256
- echo "test" | openssl dgst -sha512
-
- echo "Testing OpenSSL AES encryption/decryption..."
- echo "secret" | openssl enc -aes-128-cbc -pass pass:mykey -out secret.enc
- openssl enc -d -aes-128-cbc -pass pass:mykey -in secret.enc
-
- echo "Testing OpenSSL ECDH key generation and shared secret..."
- openssl ecparam -name prime256v1 -genkey -noout -out ec1.pem
- openssl ecparam -name prime256v1 -genkey -noout -out ec2.pem
- openssl pkey -in ec1.pem -pubout -out ec1.pub
- openssl pkey -in ec2.pem -pubout -out ec2.pub
- openssl pkeyutl -derive -inkey ec1.pem -peerkey ec2.pub -out secret1.bin
- openssl pkeyutl -derive -inkey ec2.pem -peerkey ec1.pub -out secret2.bin
- cmp secret1.bin secret2.bin && echo "ECDH shared secrets match"
-
- echo "Testing OpenSSL ECC sign/verify..."
- openssl ecparam -name prime256v1 -genkey -noout -out ecc_key.pem
- echo "message" > msg.txt
- openssl dgst -sha256 -sign ecc_key.pem -out msg.sig msg.txt
- openssl dgst -sha256 -verify <(openssl pkey -in ecc_key.pem -pubout) -signature msg.sig msg.txt
-
- - name: Save artifacts
- run: |
- echo "Saving artifacts..."
- ls -la /tmp/test-installation
- cp -r /tmp/test-installation /tmp/artifacts
-
- # Save the build outputs which for use in release packages
- - name: Upload package artifacts
- if: always()
- uses: actions/upload-artifact@v4
- with:
- name: ossl-debian-packages
- path: |
- /tmp/test-installation/*.deb
- /tmp/test-installation/*.dsc
- /tmp/test-installation/*.tar.gz
- retention-days: 1
-
- - name: Cleanup test environment
- run: |
- echo "Cleaning up test environment..."
-
- # Uninstall test packages
- apt-get remove --purge -y libwolfprov || true
- apt-get autoremove -y
-
- echo "Cleanup completed"
+ - name: Checking OpenSSL/wolfProvider packages in cache
+ uses: actions/cache/restore@v4
+ id: wolfprov-cache
+ with:
+ path: |
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
+ fail-on-cache-miss: true
+
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ - name: Show OpenSSL version
+ run: |
+ echo "OpenSSL version:"
+ openssl version -a || true
+
+ - name: Test OpenSSL providers before wolfprov installation
+ run: |
+ echo "Testing OpenSSL providers before wolfprov installation..."
+ echo "Expected: This should work normally with default providers"
+
+ # Test openssl list -providers
+ if openssl list -providers; then
+ echo "SUCCESS: openssl list -providers works before wolfprov installation"
+ else
+ echo "FAILURE: openssl list -providers failed before wolfprov installation"
+ exit 1
+ fi
+
+ echo "Provider list before wolfprov installation:"
+ openssl list -providers
+
+ - name: Install libwolfprov package
+ run: |
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ echo "Installed packages after wolfprov:"
+ dpkg -l | grep -E "(wolfprov|wolfssl|openssl|libssl)"
+
+ - name: Test OpenSSL providers after wolfprov installation
+ run: |
+ echo "Testing OpenSSL providers after wolfprov installation..."
+ echo "Expected: This should show wolfprov as an available provider"
+
+ # Test openssl list -providers
+ if openssl list -providers; then
+ echo "SUCCESS: openssl list -providers works after wolfprov installation"
+ else
+ echo "FAILURE: openssl list -providers failed after wolfprov installation"
+ exit 1
+ fi
+
+ echo "Provider list after wolfprov installation:"
+ openssl list -providers
+
+ # Check if wolfprov provider is available
+ if openssl list -providers | grep -i "wolfprov"; then
+ echo "SUCCESS: wolfprov provider is available"
+ else
+ echo "WARNING: wolfprov provider not found in provider list"
+ echo "This might be expected if the provider needs to be explicitly loaded"
+ fi
+
+ - name: Verify wolfprov configuration
+ run: |
+ echo "Verifying wolfprov configuration..."
+
+ # Check if configuration file exists
+ if [ -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf ]; then
+ echo "SUCCESS: wolfprovider.conf exists"
+ cat /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf
+ else
+ echo "WARNING: wolfprovider.conf not found"
+ fi
+
+ # Check if library file exists
+ if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then
+ echo "SUCCESS: libwolfprov.so exists"
+ find /usr/lib -name "libwolfprov.so*" 2>/dev/null
+ else
+ echo "WARNING: libwolfprov.so not found"
+ fi
+
+ - name: Test basic OpenSSL functionality (digests, AES, ECDH, ECC)
+ shell: bash
+ run: |
+ set -e
+ echo "Testing OpenSSL digests..."
+ echo "test" | openssl dgst -sha256
+ echo "test" | openssl dgst -sha512
+
+ echo "Testing OpenSSL AES encryption/decryption..."
+ echo "secret" | openssl enc -aes-128-cbc -pass pass:mykey -out secret.enc
+ openssl enc -d -aes-128-cbc -pass pass:mykey -in secret.enc
+
+ echo "Testing OpenSSL ECDH key generation and shared secret..."
+ openssl ecparam -name prime256v1 -genkey -noout -out ec1.pem
+ openssl ecparam -name prime256v1 -genkey -noout -out ec2.pem
+ openssl pkey -in ec1.pem -pubout -out ec1.pub
+ openssl pkey -in ec2.pem -pubout -out ec2.pub
+ openssl pkeyutl -derive -inkey ec1.pem -peerkey ec2.pub -out secret1.bin
+ openssl pkeyutl -derive -inkey ec2.pem -peerkey ec1.pub -out secret2.bin
+ cmp secret1.bin secret2.bin && echo "ECDH shared secrets match"
+
+ echo "Testing OpenSSL ECC sign/verify..."
+ openssl ecparam -name prime256v1 -genkey -noout -out ecc_key.pem
+ echo "message" > msg.txt
+ openssl dgst -sha256 -sign ecc_key.pem -out msg.sig msg.txt
+ openssl dgst -sha256 -verify <(openssl pkey -in ecc_key.pem -pubout) -signature msg.sig msg.txt
+
+ - name: Cleanup test environment
+ run: |
+ echo "Cleaning up test environment..."
+
+ # Uninstall test packages
+ apt-get remove --purge -y libwolfprov || true
+ apt-get autoremove -y
+
+ echo "Cleanup completed"
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
index 58af58db..9d665d90 100644
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@@ -18,13 +18,19 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_grpc:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 30
@@ -39,37 +45,58 @@ jobs:
ssl_transport_security_test ssl_transport_security_utils_test
test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test
h2_ssl_cert_test h2_ssl_session_reuse_test
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Confirm IPv4 and IPv6 support
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- ip addr list lo | grep 'inet '
- ip addr list lo | grep 'inet6 '
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Install prerequisites
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev
+ apt-get update
+ apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev \
+ iproute2 clang net-tools git python3-six
+
+ - name: Confirm IPv4 and IPv6 support
+ run: |
+ ip addr list lo | grep 'inet '
+ ip addr list lo | grep 'inet6 '
- name: Setup cmake version
uses: jwlawson/actions-setup-cmake@v2
@@ -86,9 +113,6 @@ jobs:
- name: Build grpc with wolfProvider
working-directory: ./grpc
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
-
# Initialize submodules
git submodule update --init
@@ -97,8 +121,7 @@ jobs:
cd cmake/build
# Configure with OpenSSL and wolfProvider
- cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=package \
- -DOPENSSL_ROOT_DIR=$GITHUB_WORKSPACE/openssl-install ../..
+ cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=package ../..
# Build the tests
make -j $(nproc) ${{ matrix.tests }}
diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml
index c9528ab9..a8af6683 100644
--- a/.github/workflows/iperf.yml
+++ b/.github/workflows/iperf.yml
@@ -18,46 +18,72 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_iperf:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
- iperf_ref: [ 'master', '3.12' ]
+ iperf_ref: [ '3.12' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
+ apt-get update
+ apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev
- name: Checkout iperf
uses: actions/checkout@v4
@@ -70,7 +96,7 @@ jobs:
working-directory: iperf
run: |
# Configure with OpenSSL
- ./configure --with-openssl=$GITHUB_WORKSPACE/openssl-install
+ ./configure
# Build iperf
make -j
@@ -91,8 +117,6 @@ jobs:
- name: Run tests
working-directory: iperf
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Test variables for iperf
@@ -105,9 +129,6 @@ jobs:
export IPERF3_PASSWORD=rossi
export KEY_DIR=$GITHUB_WORKSPACE/test-keys
- # Verify iperf loads OpenSSL containing wolfProvider
- ldd $IPERF3_LIB | grep -q wolfProvider
-
# Launch the iperf server in the background
$IPERF3_EXECUTABLE -s \
--rsa-private-key-path $KEY_DIR/rsa_private_unprotected.pem \
diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml
index c8307e19..3cf483c5 100644
--- a/.github/workflows/ipmitool.yml
+++ b/.github/workflows/ipmitool.yml
@@ -18,47 +18,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_ipmitool:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
- ipmitool_ref: [ 'master', 'IPMITOOL_1_8_19' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ ipmitool_ref: [ 'IPMITOOL_1_8_19' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- export DEBIAN_FRONTEND=noninteractive
- sudo apt-get update
- sudo apt-get install -y libreadline-dev
+ apt-get update
+ apt-get install -y libreadline-dev build-essential autoconf \
+ automake libtool pkg-config autoconf-archive wget
- name: Build ipmitool with wolfProvider
uses: wolfSSL/actions-build-autotools-project@v1
@@ -71,9 +97,6 @@ jobs:
- name: Confirm built with OpenSSL and test with wolfProvider
working-directory: ipmitool
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
-
# Verify ipmitool was built and linked correctly with OpenSSL
ldd src/ipmitool | grep -E '(libssl|libcrypto)'
ldd src/ipmievd | grep -E '(libssl|libcrypto)'
diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml
index de0a5d0c..6f4b1f49 100644
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -18,45 +18,72 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_krb5:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 30
strategy:
matrix:
krb5_ref: [ 'krb5-1.20.1-final' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install KRB5 dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y \
+ apt-get update
+ apt-get install -y \
build-essential autoconf automake libtool \
bison flex libldap2-dev libkeyutils-dev \
libverto-dev libcom-err2 comerr-dev \
@@ -83,14 +110,15 @@ jobs:
- name: Build and test KRB5 with wolfProvider
working-directory: krb5
+ shell: bash
run: |
+ set +o pipefail # ignore errors from make check
# Build KRB5
cd src
autoreconf -fiv
./configure \
--prefix=$GITHUB_WORKSPACE/krb5-install \
--with-crypto-impl=openssl \
- --with-openssl=$GITHUB_WORKSPACE/openssl-install \
--disable-pkinit \
CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" \
LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64"
@@ -98,7 +126,6 @@ jobs:
make -j$(nproc)
make install
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Run tests and save output
diff --git a/.github/workflows/libcryptsetup.yml b/.github/workflows/libcryptsetup.yml
index 19e727e9..a0a92663 100644
--- a/.github/workflows/libcryptsetup.yml
+++ b/.github/workflows/libcryptsetup.yml
@@ -18,23 +18,34 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: ['v5.8.0-stable', 'master']
- openssl_ref: ['openssl-3.5.0']
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_cryptsetup:
runs-on: ubuntu-22.04
needs: build_wolfprovider
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
cryptsetup_ref: ['v2.6.1']
- wolfssl_ref: ['v5.8.0-stable', 'master']
- openssl_ref: ['openssl-3.5.0']
+ wolfssl_ref: ['v5.8.2-stable']
+ openssl_ref: ['openssl-3.5.2']
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
@@ -42,28 +53,43 @@ jobs:
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y \
+ apt-get update
+ apt-get install -y \
build-essential autoconf asciidoctor gettext autopoint libtool \
pkg-config uuid-dev libdevmapper-dev libpopt-dev libjson-c-dev \
- libargon2-dev
-
+ libargon2-dev libblkid-dev bsdextrautils kmod util-linux cryptsetup-bin
+
- name: Checkout cryptsetup
uses: actions/checkout@v4
with:
@@ -87,17 +113,29 @@ jobs:
./autogen.sh
./configure --enable-static \
--with-crypto-backend=openssl \
- --disable-ssh-token \
- --with-openssl-includes=$GITHUB_WORKSPACE/openssl-install/include \
- --with-openssl-libs=$GITHUB_WORKSPACE/openssl-install/lib64
+ --disable-ssh-token
make -j$(nproc)
+ # According to ChatGPT, the following tests are excluded since they use
+ # crypto kernel rather than openssl:
+ # bitlk-compat-test → does activation via dm-crypt (kernel).
+ # reencryption-compat-test → kernel dm-crypt online reencryption.
+ # verity-compat-test → dm-verity (kernel).
+ # integrity-compat-test → dm-integrity (kernel).
+ # blockwise-compat-test / luks2-*reencryption* → scsi_debug / kernel paths.
+ # unit-wipe-test → direct I/O expectations that depend on kernel/devices.
+ # Instead, only run the following tests:
+ # - vectors-test
+ # - run-all-symbols
+ # - unit-utils-crypt-test
- name: Run cryptsetup tests
working-directory: cryptsetup
run: |
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
- make check 2>&1 | tee cryptsetup-test.log
- TEST_RESULT=$(grep -q "All 10 tests passed" cryptsetup-test.log && echo "0" || echo "1")
+ # from the cryptsetup source root
+ make -j$(nproc)
+ make -C tests check TESTS="vectors-test run-all-symbols unit-utils-crypt-test" VERBOSE=1 2>&1 | tee cryptsetup-test.log
+ TEST_RESULT=$(grep -q "All 3 tests passed" cryptsetup-test.log && echo "0" || echo "1")
+ printf "TEST_RESULT: $TEST_RESULT\n"
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} cryptsetup
diff --git a/.github/workflows/libeac3.yml b/.github/workflows/libeac3.yml
index e6776a7a..f569a1d4 100644
--- a/.github/workflows/libeac3.yml
+++ b/.github/workflows/libeac3.yml
@@ -18,22 +18,33 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_libeac3:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- openpace_ref: [ '1.1.3' ] # no master branch
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ openpace_ref: [ '1.1.3' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
# Checkout the source so we can run the check-workflow-result script.
@@ -42,23 +53,40 @@ jobs:
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install libeac3 dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y autoconf automake libtool libc6 help2man gengetopt pkg-config m4 libeac3
+ apt-get update
+ apt-get install -y autoconf automake libtool libc6 help2man gengetopt pkg-config m4 patch\
+ autoconf automake libtool pkg-config build-essential
- name: Checkout openpace
uses: actions/checkout@v4
@@ -84,13 +112,11 @@ jobs:
autoreconf --verbose --install
./configure
make
- sudo make install
+ make install
- name: Run libeac3 tests
working-directory: openpace
run: |
- echo "Setting environment variables..."
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
./src/eactest > libeac3-test.log || echo "eactest failed with exit code $?"
cat libeac3-test.log
diff --git a/.github/workflows/libfido2.yml b/.github/workflows/libfido2.yml
index b95f7c73..64f346c0 100644
--- a/.github/workflows/libfido2.yml
+++ b/.github/workflows/libfido2.yml
@@ -14,47 +14,71 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_libfido2:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 15
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
- libfido2_ref: [ 'main', '1.15.0' ]
+ libfido2_ref: [ '1.15.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - libfido2_ref: 'main'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install test dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential cmake pkg-config libudev-dev \
+ apt-get update
+ apt-get install -y build-essential cmake pkg-config libudev-dev \
zlib1g-dev libcbor-dev libpcsclite-dev pcscd
- name: Checkout libfido2
@@ -68,8 +92,6 @@ jobs:
- name: Build and install libfido2
working-directory: libfido2_repo
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
mkdir build
cd build
cmake -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install ..
@@ -79,8 +101,6 @@ jobs:
- name: Run libfido2 tests
working-directory: libfido2_repo/build
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Run tests, excluding regress_dev which requires hardware/fails in CI
diff --git a/.github/workflows/libhashkit2.yml b/.github/workflows/libhashkit2.yml
index f3a640c3..2a3ee264 100644
--- a/.github/workflows/libhashkit2.yml
+++ b/.github/workflows/libhashkit2.yml
@@ -18,49 +18,72 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_libhashkit2:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- libhashkit2_ref: [ 'v1.x', '1.1.4' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ libhashkit2_ref: [ '1.1.4' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - libhashkit2_ref: 'v1.x'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install libmemcached dependencies
run: |
- sudo apt-get update
- sudo apt-get install cmake build-essential bison flex memcached libc6
+ apt-get update
+ apt-get install -y cmake build-essential bison flex memcached libc6
- name: Download libmemcached
uses: actions/checkout@v4
@@ -73,8 +96,6 @@ jobs:
- name: Build libmemcached
working-directory: libmemcached
run: |
- # OPENSSL_ROOT_DIR is needed for cmake to find OpenSSL headers
- export OPENSSL_ROOT_DIR=$GITHUB_WORKSPACE/openssl-install/include
# Build libmemcached with OpenSSL support
mkdir build
cd build
@@ -84,8 +105,6 @@ jobs:
- name: Run libhashkit2 tests
working-directory: libmemcached/build
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Run tests
make test 2>&1 | tee libhashkit2-test.log
diff --git a/.github/workflows/libnice.yml b/.github/workflows/libnice.yml
index c88e4839..cbbb2904 100644
--- a/.github/workflows/libnice.yml
+++ b/.github/workflows/libnice.yml
@@ -18,45 +18,71 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_libnice:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 20
strategy:
matrix:
libnice_ref: [ '0.1.21' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt update
- sudo apt install -y \
+ apt update
+ apt install -y \
build-essential pkg-config meson ninja-build libglib2.0-dev \
libgstreamer1.0-dev libunwind-dev gstreamer1.0-plugins-base-apps
@@ -70,18 +96,13 @@ jobs:
- name: Build libnice
working-directory: libnice
run: |
- source $GITHUB_WORKSPACE/scripts/env-setup
-
- # force libnice to use the openssl binary in wolfProvider
- sudo ln -sf $GITHUB_WORKSPACE/openssl-install/bin/openssl /usr/bin/openssl
-
meson setup builddir -Dcrypto-library=openssl
- name: Test libnice with wolfProvider
working-directory: libnice
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from ninja test
export ${{ matrix.force_fail }}
# Run tests and save output to test.log
diff --git a/.github/workflows/liboauth2.yml b/.github/workflows/liboauth2.yml
index 7272c0b5..77b9eb21 100644
--- a/.github/workflows/liboauth2.yml
+++ b/.github/workflows/liboauth2.yml
@@ -18,47 +18,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_liboauth2:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 20
strategy:
matrix:
- liboauth2_ref: [ 'v1.4.5.4' ] # No master with patch
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ liboauth2_ref: [ 'v1.4.5.4' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install liboauth2 dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y libcurl4-openssl-dev libjansson-dev \
+ apt-get update
+ apt-get install -y libcurl4-openssl-dev libjansson-dev \
libcjose-dev pkg-config build-essential apache2-dev libhiredis-dev \
- libmemcached-dev autotools-dev autoconf automake libtool check
+ libmemcached-dev autotools-dev autoconf automake libtool check patch
- name: Checkout OSP
uses: actions/checkout@v4
@@ -78,9 +104,6 @@ jobs:
- name: Build liboauth2
working-directory: liboauth2
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
-
# Apply patch from OSP repo
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/liboauth2/liboauth2-${{ matrix.liboauth2_ref }}-wolfprov.patch
@@ -90,9 +113,9 @@ jobs:
- name: Run liboauth2 tests
working-directory: liboauth2
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Build and run tests
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
index d0f4da01..7845a5ba 100644
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -18,45 +18,74 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_libssh2:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 20
strategy:
matrix:
libssh2_ref: [ 'libssh2-1.10.0' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev python3-impacket
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y git sudo build-essential autoconf automake \
+ libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \
+ clang libc++-dev python3-impacket openssh-client openssh-server
- name: Download libssh2
uses: actions/checkout@v4
@@ -74,23 +103,30 @@ jobs:
fetch-depth: 1
- run: |
cd libssh2
- patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libssh2/${{ matrix.libssh2_ref }}-wolfprov.patch
+ # Apply the wolfProvider patch
+ patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libssh2/libssh2-${{ matrix.libssh2_ref }}-debian-wolfprov.patch
- name: Build libssh2
working-directory: libssh2
run: |
autoreconf -fi
- ./configure --with-crypto=openssl --with-libssl-prefix="$GITHUB_WORKSPACE/openssl-install"
+ ./configure --with-crypto=openssl
make -j$(nproc)
- name: Run libssh2 tests
working-directory: libssh2
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ # wolfProvider is already loaded as the default provider
+ echo "Current OpenSSL providers:"
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
export ${{ matrix.force_fail }}
+ # Always continue on errors to ensure we show test results
+ set +e
# Run the tests and capture the result
+ set -o pipefail
make check 2>&1 | tee libssh2-test.log
- TEST_RESULT=$(grep -q "FAIL: ssh2.sh" libssh2-test.log && echo "1" || echo "0")
+ TEST_RESULT=${PIPESTATUS[0]}
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libssh2
diff --git a/.github/workflows/libtss2.yml b/.github/workflows/libtss2.yml
index ee2ed622..9d15ab90 100644
--- a/.github/workflows/libtss2.yml
+++ b/.github/workflows/libtss2.yml
@@ -9,59 +9,29 @@ concurrency:
cancel-in-progress: true
jobs:
- build_wolfprovider:
- uses: ./.github/workflows/build-wolfprovider.yml
- with:
- wolfssl_ref: ${{ matrix.wolfssl_ref }}
- openssl_ref: ${{ matrix.openssl_ref }}
- strategy:
- matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
-
test_tpm2_tss:
runs-on: ubuntu-22.04
- needs: build_wolfprovider
timeout-minutes: 30
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
- tpm2_tss_ref: [ 'master', '4.1.3']
+ tpm2_tss_ref: [ '4.1.3']
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - tpm2_tss_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Checkout wolfProvider
- uses: actions/checkout@v4
- with:
- fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
- uses: actions/cache/restore@v4
- id: wolfprov-cache
- with:
- path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
- fail-on-cache-miss: true
-
- # Replace system openssl with our version
- - name: Setup OpenSSL
- run: |
- OPENSSL_SYSTEM=$(which openssl)
- sudo rm ${OPENSSL_SYSTEM}
- sudo ln -s $GITHUB_WORKSPACE/openssl-install/bin/openssl ${OPENSSL_SYSTEM}
- name: Install test dependencies
run: |
sudo apt-get update
sudo apt-get install -y pkg-config libcunit1-dev autoconf-archive \
gettext libcmocka-dev build-essential autoconf automake libtool \
- libjson-c-dev libcurl4-openssl-dev acl libusb-1.0-0-dev
+ libjson-c-dev libcurl4-openssl-dev acl libusb-1.0-0-dev git \
+ pkg-config uuid-dev
+
# ensure libssl-dev is not installed
- name: Ensure libssl-dev is not installed
run: |
@@ -71,6 +41,16 @@ jobs:
else
echo "libssl-dev is not installed, no action needed"
fi
+
+ - name: Checkout wolfProvider
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 1
+
+ - name: Build wolfProvider
+ run: |
+ OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh
+
- name: Checkout tpm2-tss
uses: actions/checkout@v4
with:
@@ -80,20 +60,23 @@ jobs:
fetch-depth: 1
# Apply patch to fix missing stdint.h includes in test files
+ # TODO: use patch from OSP repo
- name: Apply patch for test source files
working-directory: tpm2_tss_repo
if: ${{ matrix.tpm2_tss_ref }} == '4.1.3'
run: |
perl -pi -e 's|(#include )|#include \n$1|' ./test/unit/*.c
+
- name: Build and install tpm2-tss
working-directory: tpm2_tss_repo
run: |
source $GITHUB_WORKSPACE/scripts/env-setup
./bootstrap
./configure --prefix=$PWD/tpm2-tss-install --with-crypto=ossl \
- --enable-unit --includedir=$GITHUB_WORKSPACE/openssl-install/include
+ --enable-unit
make -j$(nproc)
make install
+
- name: Run tpm2-tss tests
working-directory: tpm2_tss_repo
run: |
diff --git a/.github/workflows/libwebsockets.yml b/.github/workflows/libwebsockets.yml
index 38192d59..a87d29dd 100644
--- a/.github/workflows/libwebsockets.yml
+++ b/.github/workflows/libwebsockets.yml
@@ -18,25 +18,33 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_libwebsockets:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- libwebsockets_ref: [ 'main', 'v4.3.3' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ libwebsockets_ref: [ 'v4.3.3' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - libwebsockets_ref: 'main'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
# Checkout the source so we can run the check-workflow-result script
- name: Checkout wolfProvider
@@ -44,23 +52,37 @@ jobs:
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Install libwebsockets dependencies
+ run: |
+ apt-get update
+ apt-get install -y libc6 libcap2 zlib1g cmake build-essential dpkg-dev
+
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install libwebsockets dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
- sudo apt-get install -y libc6 libcap2 zlib1g cmake build-essential
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev*.deb
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Download libwebsockets
uses: actions/checkout@v4
with:
@@ -73,21 +95,19 @@ jobs:
run: |
mkdir build
cd build
- cmake .. -DCMAKE_POLICY_VERSION_MINIMUM=3.5
+ cmake .. -DLWS_WITH_SSL=ON -DCMAKE_POLICY_VERSION_MINIMUM=3.5
make -j$(nproc)
- sudo make install
- name: Run libwebsockets tests
working-directory: libwebsockets
+ shell: bash
run: |
- echo "Setting environment variables..."
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
./build/bin/libwebsockets-test-server --port=11111 --ssl > server.log 2>&1 & SERVER_PID=$!
sleep 5
timeout 10 ./build/bin/libwebsockets-test-client 127.0.0.1 --port=11111 --ssl > client.log 2>&1 || echo "Client exited with error $?"
- ldd ./build/bin/libwebsockets-test-server | grep wolfProvider
- ldd ./build/bin/libwebsockets-test-client | grep wolfProvider
+ ldd ./build/bin/libwebsockets-test-server | grep wolfProvider || echo "wolfProvider not found in server"
+ ldd ./build/bin/libwebsockets-test-client | grep wolfProvider || echo "wolfProvider not found in client"
kill $SERVER_PID || echo "Server already exited"
cat server.log || echo "Missing server.log"
cat client.log || echo "Missing client.log"
diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml
index 4ccaf28c..48744255 100644
--- a/.github/workflows/net-snmp.yml
+++ b/.github/workflows/net-snmp.yml
@@ -18,47 +18,74 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_net_snmp:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
- net_snmp_ref: ['v5.9.3']
- wolfssl_ref: ['master', 'v5.8.0-stable']
- openssl_ref: ['openssl-3.5.0']
- force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ net_snmp_ref: [ 'v5.9.3' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y libperl-dev
+ apt-get update
+ apt-get install -y libperl-dev build-essential autoconf \
+ libtool pkg-config gettext net-tools
- name: Build net-snmp with wolfProvider
uses: wolfSSL/actions-build-autotools-project@v1
@@ -67,22 +94,21 @@ jobs:
ref: ${{ matrix.net_snmp_ref }}
path: net-snmp
configure: >-
- --disable-shared --with-openssl=$GITHUB_WORKSPACE/openssl-install
+ --disable-shared
--with-default-snmp-version="3" --with-sys-contact="@@no.where"
--with-sys-location="Unknown" --with-logfile="/var/log/snmpd.log"
- --with-persistent-directory="/var/net-snmp" LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -lcrypto -lssl"
- CPPFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" LIBS="-lcrypto -lssl"
+ --with-persistent-directory="/var/net-snmp"
check: false
- name: Run tests
working-directory: net-snmp
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make test
export ${{ matrix.force_fail }}
autoconf --version | grep -P '2\.\d\d' -o > dist/autoconf-version
- make -j test TESTOPTS="-e agentxperl" | tee net-snmp-test.log
+ make -j test TESTOPTS="-e agentxperl" 2>&1 | tee net-snmp-test.log
# Capture the test result using PIPESTATUS (Bash only)
TEST_RESULT=${PIPESTATUS[0]}
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} net-snmp
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 04f29c96..337e6392 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -18,48 +18,74 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_nginx:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- nginx_ref: [ 'master', 'release-1.27.4' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ nginx_ref: [ 'release-1.27.4' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '']
- exclude:
- - nginx_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
+ apt-get update && \
+ apt-get install -y perl build-essential autoconf automake libtool \
+ pkg-config libpcre3-dev zlib1g-dev
+ cpan -iT Proc::Find Net::SSLeay IO::Socket::SSL
- name: Checkout nginx
uses: actions/checkout@v4
@@ -84,8 +110,6 @@ jobs:
- name: Run nginx-tests with wolfProvider
working-directory: nginx-tests
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Run tests and save result
diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml
index 287e1d4c..8e66a7ee 100644
--- a/.github/workflows/openldap.yml
+++ b/.github/workflows/openldap.yml
@@ -18,46 +18,76 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_openldap:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
fail-fast: false
matrix:
- openldap_ref: [ 'master', 'OPENLDAP_REL_ENG_2_5_13', 'OPENLDAP_REL_ENG_2_6_7' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ openldap_ref: [ 'OPENLDAP_REL_ENG_2_6_7' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y libsasl2-dev
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y git sudo build-essential autoconf automake \
+ libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \
+ groff libsasl2-dev
- name: Checkout openldap
uses: actions/checkout@v4
@@ -66,23 +96,54 @@ jobs:
path: openldap
ref: ${{ matrix.openldap_ref }}
+ - name: Checkout OSP
+ uses: actions/checkout@v4
+ with:
+ repository: wolfssl/osp
+ path: osp
+ fetch-depth: 1
+ - run: |
+ cd openldap
+ # Apply the wolfProvider patch
+ patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openldap/openldap-${{ matrix.openldap_ref }}-debian-wolfprov.patch
+
- name: Build and test OpenLDAP with wolfProvider
working-directory: openldap
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set -o pipefail
+ # wolfProvider is already loaded as the default provider
+ echo "Current OpenSSL providers:"
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
# Generate configure script
rm -f aclocal.m4
autoreconf -ivf
# Configure with OpenSSL
- ./configure --with-tls=openssl --disable-bdb --disable-hdb \
- CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include \
- -L$GITHUB_WORKSPACE/openssl-install/lib64" \
- LDFLAGS="-Wl,-rpath,$GITHUB_WORKSPACE/openssl-install/lib64"
+ ./configure --with-tls=openssl --disable-bdb --disable-hdb
# Build OpenLDAP
make -j depend
make -j
- make -j check
+
+ export ${{ matrix.force_fail }}
+ if [ -n "${{ matrix.force_fail }}" ]; then
+ set +e
+ fi
+
+ if [ "${{ matrix.force_fail }}" = "WOLFPROV_FORCE_FAIL=1" ]; then
+ # Run with a 15 minute timeout for WPFF since it breaks on test 067
+ timeout 15m make -j check 2>&1 | tee openldap-test.log
+ TEST_RESULT=${PIPESTATUS[0]}
+ if [ $TEST_RESULT -eq 124 ]; then
+ echo "make -j check timed out after 15 minutes with WOLFPROV_FORCE_FAIL=1"
+ echo "Tests failed to complete as expected"
+ TEST_RESULT=1
+ fi
+ else
+ make -j check 2>&1 | tee openldap-test.log
+ TEST_RESULT=${PIPESTATUS[0]}
+ fi
+ $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} openldap
diff --git a/.github/workflows/opensc.yml b/.github/workflows/opensc.yml
index f2be5099..c2e24233 100644
--- a/.github/workflows/opensc.yml
+++ b/.github/workflows/opensc.yml
@@ -18,49 +18,76 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_opensc:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 30
strategy:
matrix:
opensc_ref: [ '0.25.1' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install OpenSC dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y \
+ apt-get update
+ apt-get install -y \
autotools-dev libtool automake autoconf make pkg-config \
libeac-dev gengetopt libpcsclite-dev libreadline-dev \
zlib1g-dev docbook-xsl xsltproc pcscd softhsm2 opensc pcsc-tools \
- vim libcmocka-dev libjson-c-dev libp11-dev
+ vim libcmocka-dev libjson-c-dev libp11-dev patch
- name: Download OpenSC
uses: actions/checkout@v4
@@ -99,13 +126,13 @@ jobs:
# Build OpenSC
make -j$(nproc)
- sudo make install
+ make install
- name: Run OpenSC tests
working-directory: opensc
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Run tests and save output
diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml
index bfb5c8db..ee438909 100644
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@@ -18,51 +18,98 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_openssh:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ # Extra permissions needed for Debian Bookworm
+ options: >-
+ --privileged
+ --cap-add=SYS_ADMIN
+ --device=/dev/mapper/control
+ --device=/dev/loop-control
+ --device=/dev/loop0
+ --device=/dev/loop1
+ --device=/dev/loop2
+ -v /lib/modules:/lib/modules:ro
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
- openssh_ref: [ 'master', 'V_10_0_P2', 'V_9_9_P1' ]
+ openssh_ref: [ 'V_10_0_P2', 'V_9_9_P1' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - openssh_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Checkout OSP
- uses: actions/checkout@v4
- with:
- repository: wolfssl/osp
- path: osp
- fetch-depth: 1
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Install dependencies
+ run: |
+ apt-get update
+ apt-get install -y build-essential autoconf automake libtool \
+ pkg-config patch zlib1g-dev
+
+ - name: Install test deps
+ run: |
+ apt-get update
+ apt-get install -y kmod util-linux cryptsetup-bin
+
+ - name: Ensure kernel modules are present
+ run: |
+ # loop + device-mapper (dm-crypt); scsi_debug is optional and may still be unavailable on the host kernel
+ modprobe loop || true
+ modprobe dm_mod || true
+ modprobe dm_crypt || true
+ modprobe scsi_debug || true
+ losetup -f || true
+ ls -l /dev/loop* /dev/mapper || true
- name: Checkout openssh
uses: actions/checkout@v4
@@ -72,32 +119,56 @@ jobs:
ref: ${{ matrix.openssh_ref }}
fetch-depth: 1
+ - name: Checkout OSP
+ uses: actions/checkout@v4
+ with:
+ repository: wolfssl/osp
+ path: osp
+ fetch-depth: 1
+ - run: |
+ # Apply the patch for the correct version of OpenSSH
+ cd openssh-portable
+ patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openssh/openssh-${{ matrix.openssh_ref }}-wolfprov.patch
+
- name: Build and Test openssh-portable
working-directory: openssh-portable
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
- # Apply the patch for the correct version of OpenSSH
- if [ "${{ matrix.openssh_ref }}" != "master" ]; then
- patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openssh/openssh-${{ matrix.openssh_ref }}-wolfprov.patch
- else
- # for master we need to supply the latest release version
- patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openssh/openssh-V_10_0_P2-wolfprov.patch
+ # Enable unsafe permissions for testing
+ export TEST_SSH_UNSAFE_PERMISSIONS=1
+
+ # Priv-sep user/group (idempotent)
+ getent group sshd >/dev/null || addgroup --system sshd
+ id -u sshd >/dev/null 2>&1 || adduser --system --no-create-home \
+ --ingroup sshd --home /nonexistent --shell /usr/sbin/nologin sshd
+
+ # Priv-sep runtime dirs
+ install -d -m 0755 /run/sshd
+
+ # The required chroot for privilege separation
+ # Must exist, be owned by root, and not be writable by group/world.
+ install -d -o root -g root -m 0755 /var/empty
+
+ # Ensure the privsep user/group exist (idempotent)
+ if ! getent group sshd >/dev/null; then
+ addgroup --system sshd
+ fi
+ if ! id -u sshd >/dev/null 2>&1; then
+ adduser --system --no-create-home --ingroup sshd \
+ --home /nonexistent --shell /usr/sbin/nologin sshd
fi
autoreconf -ivf
- ./configure --with-ssl-dir=$GITHUB_WORKSPACE/openssl-install \
- --with-rpath=-Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64 \
- --with-prngd-socket=/tmp/prngd \
+ ./configure --with-prngd-socket=/tmp/prngd \
--with-ldflags=-Wl,--export-dynamic
make -j
export LD_LIBRARY_PATH=".:openbsd-compat:$LD_LIBRARY_PATH" # Include build dirs for symbol resolution
# Run all the tests except (t-exec) as it takes too long
- export ${{ matrix.force_fail }}
make file-tests interop-tests extra-tests unit 2>&1 | tee openssh-test.log
TEST_RESULT=${PIPESTATUS[0]}
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} openssh
diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml
index 2571566b..6e0c8cee 100644
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -18,52 +18,81 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_openvpn:
runs-on: ubuntu-22.04
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
strategy:
+ fail-fast: true
matrix:
- openvpn_ref: [ 'master', 'v2.6.12' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ # Dont test master since it might be too unstable
+ openvpn_ref: [ 'v2.6.12' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
- exclude:
- - openvpn_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
+
steps:
+ - name: Set up environment
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y git sudo build-essential autoconf automake \
+ libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \
+ liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
+ linux-libc-dev man2html libcmocka-dev python3-docutils \
+ iproute2 libtool automake autoconf libnl-genl-3-dev \
+ libnl-genl-3-200
+
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install test dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
- sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
- linux-libc-dev man2html libcmocka-dev python3-docutils \
- iproute2 libtool automake autoconf libnl-genl-3-dev \
- libnl-genl-3-200
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Find ossl headers
run: |
@@ -96,10 +125,17 @@ jobs:
- name: Test OpenVPN with wolfProvider
working-directory: openvpn
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
+ # wolfProvider is already loaded as the default provider
+ echo "Current OpenSSL providers:"
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
export ${{ matrix.force_fail }}
+ if [ -n "${{ matrix.force_fail }}" ]; then
+ set +e
+ fi
# Run tests and save result
make check 2>&1 | tee openvpn-test.log
diff --git a/.github/workflows/pam-pkcs11.yml b/.github/workflows/pam-pkcs11.yml
index 4603b1a0..bee0baca 100644
--- a/.github/workflows/pam-pkcs11.yml
+++ b/.github/workflows/pam-pkcs11.yml
@@ -18,57 +18,95 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_pam_pkcs11:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- pam_pkcs11_ref: [ 'master', 'pam_pkcs11-0.6.12' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ pam_pkcs11_ref: [ 'pam_pkcs11-0.6.12' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - pam_pkcs11_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Install test dependencies
+ run: |
+ apt-get update
+ apt-get install -y pkg-config build-essential autoconf automake libtool \
+ git
+
# Checkout the source so we can run the check-workflow-result script
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ # Avoid "detected dubious ownership" warning
+ - name: Ensure the working directory safe
+ run: |
+ git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Run pam_pkcs11 tests
+ shell: bash
run: |
- # Setup environment variables
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
+ export ${{ matrix.force_fail }}
+ export PAM_PKCS11_REF=${{ matrix.pam_pkcs11_ref }}
# Run tests
- if timeout 300 sudo bash -c "${{ matrix.force_fail }} PAM_PKCS11_REF=${{ matrix.pam_pkcs11_ref }} $GITHUB_WORKSPACE/.github/scripts/pam-pkcs11-test.sh"; then
+ if timeout 300 $GITHUB_WORKSPACE/.github/scripts/pam-pkcs11-test.sh; then
TEST_RESULT=0
else
TEST_RESULT=1
fi
+ echo "TEST_RESULT: $TEST_RESULT"
+
# Capture result
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} pam_pkcs11
diff --git a/.github/workflows/ppp.yml b/.github/workflows/ppp.yml
index a4ebd2ab..eb0ff574 100644
--- a/.github/workflows/ppp.yml
+++ b/.github/workflows/ppp.yml
@@ -16,27 +16,35 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_ppp:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 15
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
# Switched to v2.5.2 due to significant limitations with v2.4.9,
# specifically the lack of a test suite, necessary configure options,
# and compatibility with newer versions of openssl
- ppp_ref: [ 'master', 'v2.5.2' ]
+ ppp_ref: [ 'v2.5.2' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - ppp_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
# Checkout the source so we can run the check-workflow-result script
@@ -45,19 +53,40 @@ jobs:
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Install dependencies
+ run: |
+ apt-get update
+ apt-get install -y build-essential autoconf libtool patch
+
- name: Checkout PPP
uses: actions/checkout@v4
with:
@@ -66,6 +95,7 @@ jobs:
ref: ${{ matrix.ppp_ref }}
fetch-depth: 1
+ # TODO: use patch from OSP repo
- name: Apply PPP compatibility fixes for OpenSSL 3.x
working-directory: ppp_repo
run: |
@@ -84,15 +114,15 @@ jobs:
elif [ ! -f ./configure ]; then
autoreconf -fiv
fi
- CPPFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" ./configure --prefix=$GITHUB_WORKSPACE/ppp-install --with-openssl=$GITHUB_WORKSPACE/openssl-install --disable-microsoft-extensions
+ ./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions
make -j$(nproc)
make install
- name: Run PPP tests
working-directory: ppp_repo
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Run tests
diff --git a/.github/workflows/python3-ntp.yml b/.github/workflows/python3-ntp.yml
index 9a318a0d..14f2db41 100644
--- a/.github/workflows/python3-ntp.yml
+++ b/.github/workflows/python3-ntp.yml
@@ -18,48 +18,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_python3-ntp:
runs-on: ubuntu-22.04
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
+ container:
+ image: debian:bookworm
+ options: --user root
+ env:
+ DEBIAN_FRONTEND: noninteractive
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
strategy:
matrix:
- python3-ntp_ref: [ 'master', 'NTPsec_1_2_2' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ python3-ntp_ref: [ 'NTPsec_1_2_2' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - python3-ntp_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install python3-ntp dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential bison libcap-dev libseccomp-dev libavahi-compat-libdnssd-dev pps-tools python-dev-is-python3
+ apt-get update
+ apt-get install -y build-essential bison libcap-dev libseccomp-dev \
+ libavahi-compat-libdnssd-dev pps-tools python-dev-is-python3
- name: Checkout python3-ntp
uses: actions/checkout@v4
@@ -88,8 +113,6 @@ jobs:
- name: Run python3-ntp tests
working-directory: ntpsec
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Run tests
./waf check | tee python3-ntp-test.log
diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml
index cc66aae7..3426a75c 100644
--- a/.github/workflows/qt5network5.yml
+++ b/.github/workflows/qt5network5.yml
@@ -1,7 +1,7 @@
name: qtbase Network Tests
on:
push:
- branches: [ 'master', 'main', 'release/**', 'qt5network5' ]
+ branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
@@ -15,48 +15,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_qtbase_network:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
- timeout-minutes: 30
+ timeout-minutes: 40
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
- qt_ref: [ 'dev', 'v5.15.8-lts-lgpl' ]
+ qt_ref: [ 'v5.15.8-lts-lgpl' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - qt_ref: 'dev'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Install Qt dependencies
+ run: |
+ apt-get update
+ apt-get install -y build-essential pkg-config dpkg-dev \
+ python3 perl libpcre2-dev zlib1g-dev cmake ninja-build \
+ bison flex libpng-dev libjpeg-dev git ca-certificates
+
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install Qt dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential pkg-config \
- python3 perl libpcre2-dev zlib1g-dev cmake ninja-build
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Checkout OSP
uses: actions/checkout@v4
@@ -64,7 +89,7 @@ jobs:
repository: wolfssl/osp
path: osp
fetch-depth: 1
-
+
- name: Checkout Qt
uses: actions/checkout@v4
with:
@@ -76,9 +101,6 @@ jobs:
- name: Configure Qt
working-directory: qt5_repo
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
-
# Configure Qt with GUI support to avoid test dependency issues
# Build with GUI support but skip examples and DBus
./configure -opensource -confirm-license -developer-build \
@@ -91,39 +113,39 @@ jobs:
run: |
# Apply patch from OSP repo
patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/qtbase/qtbase-v6.10-wolfprov.patch
-
+
# Build the OpenSSL TLS backend plugin first
ninja QTlsBackendOpenSSLPlugin
-
+
# Build only the SSL test and its dependencies
cmake --build . --target tst_qsslsocket --parallel $(nproc)
#disable tests that both openssl and wolfprovider fail
cp $GITHUB_WORKSPACE/.github/scripts/qtbase/BLACKLIST tests/auto/network/ssl/qsslsocket/BLACKLIST
-
+
- name: Build Qt (v5.15.8 - qmake)
if: matrix.qt_ref != 'dev'
working-directory: qt5_repo
run: |
# Force C++14 to avoid C++17 compatibility issues
echo 'QMAKE_CXXFLAGS += -std=c++14' >> mkspecs/linux-g++/qmake.conf
-
+
make -k -j$(nproc)
- name: Add test server to hosts
run: |
- sudo sh -c 'echo "127.0.0.1 qt-test-server.qt-test-net" >> /etc/hosts'
+ sh -c 'echo "127.0.0.1 qt-test-server.qt-test-net" >> /etc/hosts'
- name: Run QSSLSocket test
working-directory: qt5_repo
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +e
export ${{ matrix.force_fail }}
-
+
# Run the QSSLSocket test, the make check takes too long
QTEST_ENVIRONMENT=ci ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log
-
+
# Check test results based on qt_ref
if [[ "${{ matrix.qt_ref }}" == "dev" ]]; then
if grep -q "0 failed" qsslsocket-test.log; then
@@ -136,6 +158,7 @@ jobs:
#No easy way to disable tests in v5.15.8. Both openssl and wolfprovider should always pass 521 tests on this version though
if grep -q "521 passed" qsslsocket-test.log; then
TEST_RESULT=0
+ echo "SUCCESS: Found 521 passed tests as expected"
else
TEST_RESULT=1
echo "Tests failed unexpectedly for 'v5.15.8-lts-lgpl' branch."
diff --git a/.github/workflows/rsync.yml b/.github/workflows/rsync.yml
index 051c5ec3..80db7507 100644
--- a/.github/workflows/rsync.yml
+++ b/.github/workflows/rsync.yml
@@ -15,49 +15,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_rsync:
runs-on: ubuntu-22.04
needs: build_wolfprovider
timeout-minutes: 15
+ container:
+ image: debian:bookworm
+ options: --user root
+ env:
+ DEBIAN_FRONTEND: noninteractive
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
- rsync_ref: [ 'master', 'v3.2.7' ]
+ rsync_ref: [ 'v3.2.7' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - rsync_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
- id: wolfprov-cache
+ id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install rsync dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y gcc g++ gawk autoconf automake python3-cmarkgfm \
+ apt-get update
+ apt-get install -y gcc g++ gawk autoconf automake python3-cmarkgfm \
acl libacl1-dev attr libattr1-dev libxxhash-dev \
- libzstd-dev liblz4-dev
+ libzstd-dev liblz4-dev build-essential
- name: Checkout rsync
uses: actions/checkout@v4
@@ -70,8 +94,6 @@ jobs:
- name: Build and install rsync
working-directory: rsync_repo
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
./configure --disable-xxhash
# Run the patch script from wolfProvider
@@ -85,8 +107,6 @@ jobs:
- name: Run rsync tests
working-directory: rsync_repo
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
# Run rsync test suite including our SHA test
diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml
index 054b9966..6bcb9e84 100644
--- a/.github/workflows/socat.yml
+++ b/.github/workflows/socat.yml
@@ -18,44 +18,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_socat:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install build-essential autoconf libtool pkg-config clang libc++-dev
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y git sudo build-essential autoconf automake \
+ libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \
+ clang libc++-dev curl net-tools netcat-openbsd procps
- name: Download socat
run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz
@@ -64,22 +93,29 @@ jobs:
working-directory: ./socat-1.8.0.0
run: |
# Configure with OpenSSL
- ./configure --enable-openssl-base=$GITHUB_WORKSPACE/openssl-install
+ ./configure
# Build socat
make
- name: Run socat tests
working-directory: ./socat-1.8.0.0
+ shell: bash
+ env:
+ SHELL: /bin/bash
+ PATH: /sbin:/usr/sbin:/usr/bin:/bin
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ # Create missing device file for vsock tests
+ mkdir -p /dev
+ touch /dev/vsock
- # Verify OpenSSL loads wolfProvider
- $GITHUB_WORKSPACE/openssl-install/bin/openssl list -providers
+ # wolfProvider is already loaded as the default provider
+ echo "Current OpenSSL providers:"
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
# Show socat version (includes OpenSSL version info)
./socat -V
# Run the tests with expected failures
- SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,459,460,467,468,475,478,491,492,528,529,530
+ SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,410,418,453,459,460,467,468,475,478,491,492,528,529,530
diff --git a/.github/workflows/sscep.yml b/.github/workflows/sscep.yml
index 924e72ea..09b07b80 100644
--- a/.github/workflows/sscep.yml
+++ b/.github/workflows/sscep.yml
@@ -18,21 +18,32 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_sscep:
runs-on: ubuntu-22.04
needs: build_wolfprovider
timeout-minutes: 10
+ container:
+ image: debian:bookworm
+ options: --user root
+ env:
+ DEBIAN_FRONTEND: noninteractive
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
strategy:
matrix:
- sscep_ref: [ 'master', 'v0.10.0' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ sscep_ref: [ 'v0.10.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
steps:
- name: Checkout wolfProvider
@@ -40,25 +51,39 @@ jobs:
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install sscep dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
- sudo apt-get install -y scep psmisc
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Install sscep dependencies
+ run: |
+ apt-get update
+ apt-get install -y scep psmisc build-essential autoconf libtool pkg-config
- name: Download sscep
uses: actions/checkout@v4
@@ -70,20 +95,13 @@ jobs:
- name: Build sscep
working-directory: sscep
run: |
- # force sscep to use the openssl binary in wolfProvider
- sudo ln -sf $GITHUB_WORKSPACE/openssl-install/bin/openssl /usr/bin/openssl
-
- export openssl_CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include/"
- export openssl_LIBS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -lssl -lcrypto"
-
autoreconf -vfi
./configure
make -j $(nproc)
- sudo make install
+ make install
- name: Run sscep tests
run: |
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
export WOLFPROV_FORCE_FAIL_STR="${{ matrix.force_fail }}"
diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml
index e1e36e93..af538233 100644
--- a/.github/workflows/sssd.yml
+++ b/.github/workflows/sssd.yml
@@ -36,25 +36,7 @@ jobs:
with:
fetch-depth: 1
- # Check if this version of wolfssl/wolfprovider has already been built,
- # mark to cache these items on post if we do end up building
- - name: Checking wolfSSL/wolfProvider in cache
- uses: actions/cache@v4
- id: wolfprov-cache
- with:
- path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
- lookup-only: true
-
- # If not yet built this version, build it now
- name: Build wolfProvider
- if: steps.wolfprov-cache.outputs.cache-hit != 'true'
run: |
OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh
diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml
index c4d0dfb4..fec7a22b 100644
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -18,67 +18,77 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_stunnel:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 10
strategy:
matrix:
- stunnel_ref: [ 'master', 'stunnel-5.67' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ stunnel_ref: [ 'stunnel-5.67' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
- exclude:
- - stunnel_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
- sudo apt-get install -y libwrap0-dev autoconf-archive autotools-dev m4
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
- # - name: Set up Python 3.12
- # if : ${{ matrix.stunnel_ref == 'master' }}
- # uses: actions/setup-python@v5
- # with:
- # python-version: '3.12'
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
- # - name: Set up Python 3.10
- # if : ${{ matrix.stunnel_ref != 'master' }}
- # uses: actions/setup-python@v5
- # with:
- # python-version: '3.10'
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
- - name: Check Python version
- run: python --version
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- - name: Replace system openssl with wolfProvider build
- run: sudo ln -sf $GITHUB_WORKSPACE/openssl-install/bin/openssl /usr/bin/openssl
+ - name: Install dependencies
+ run: |
+ apt-get update
+ apt-get install -y build-essential autoconf automake \
+ autoconf-archive libtool libwrap0-dev pkg-config python3-venv \
+ python3-cryptography patch git
+
+ - name: Check Python version
+ run: python3 --version
- name: Checkout Stunnel
uses: actions/checkout@v4
@@ -106,19 +116,15 @@ jobs:
working-directory: ./stunnel
run: |
autoreconf -ivf
- ./configure --with-ssl=$GITHUB_WORKSPACE/openssl-install/
+ ./configure
make -j
- name: Update python cryptography module
working-directory: ./stunnel
+ shell: bash
run: |
- export LD_LIBRARY_PATH="$GITHUB_WORKSPACE/openssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64"
- export CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include"
- export LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib -L$GITHUB_WORKSPACE/openssl-install/lib64"
-
python3 -m venv myenv
source myenv/bin/activate
- pip install cryptography # will use your OpenSSL if built from source
- name: Apply patch to disable pkcs12 test
if : ${{ matrix.stunnel_ref == 'master' }}
@@ -129,14 +135,9 @@ jobs:
- name: Verify stunnel with wolfProvider
working-directory: ./stunnel
+ shell: bash
run: |
- # Unset LD_LIBRARY_PATH after python setup
- unset LD_LIBRARY_PATH
- unset PKG_CONFIG_PATH
- unset OPENSSL_MODULES
-
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# enter venv
@@ -149,8 +150,6 @@ jobs:
export CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
# Verify stunnel
- ldd src/stunnel
- ldd src/stunnel | grep -E '(libssl|libcrypto)' | grep wolfProvider
./src/stunnel -version
# Run tests
diff --git a/.github/workflows/systemd.yml b/.github/workflows/systemd.yml
index f2ae0189..323217db 100644
--- a/.github/workflows/systemd.yml
+++ b/.github/workflows/systemd.yml
@@ -18,50 +18,81 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: ['v5.8.0-stable', 'master']
- openssl_ref: ['openssl-3.5.0']
+ wolfssl_ref: ['v5.8.2-stable']
+ openssl_ref: ['openssl-3.5.2']
+ replace_default: [ true ]
test_systemd:
runs-on: ubuntu-22.04
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
strategy:
fail-fast: false
matrix:
systemd_ref: ['v254']
- wolfssl_ref: ['v5.8.0-stable', 'master']
- openssl_ref: ['openssl-3.5.0']
+ wolfssl_ref: ['v5.8.2-stable']
+ openssl_ref: ['openssl-3.5.2']
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
steps:
- - name: Install dependencies
- run: |
- sudo apt-get update
- sudo apt-get install -y build-essential meson ninja-build \
- libmount-dev gperf python3-pytest libuv1-dev libnghttp2-dev \
- libcap-dev uuid-dev libdevmapper-dev libpopt-dev libjson-c-dev \
- libargon2-dev libblkid-dev asciidoctor pkgconf zlib1g-dev
-
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
- id: wolfprov-cache
+ id: wolfprov-cache-restore
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Install dependencies
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y build-essential meson ninja-build \
+ libmount-dev gperf python3-pytest python3-jinja2 python3-pip \
+ libuv1-dev libnghttp2-dev libcap-dev uuid-dev libdevmapper-dev \
+ libpopt-dev libjson-c-dev libargon2-dev libblkid-dev asciidoctor \
+ pkgconf zlib1g-dev libgcrypt20-dev libgpg-error-dev libgnutls28-dev \
+ libp11-kit-dev libfido2-dev libtss2-dev libdw-dev libbz2-dev \
+ liblzma-dev liblz4-dev libzstd-dev libxkbcommon-dev libglib2.0-dev \
+ libdbus-1-dev python3-setuptools python3-wheel git
+
- name: Checkout systemd
uses: actions/checkout@v4
with:
@@ -73,24 +104,29 @@ jobs:
- name: Build systemd
working-directory: systemd
run: |
- source $GITHUB_WORKSPACE/scripts/env-setup
meson setup -Dnobody-group=nogroup build
ninja -C build
- name: Run systemd tests
working-directory: systemd
+ shell: bash
run: |
set +e
- source $GITHUB_WORKSPACE/scripts/env-setup
+ # wolfProvider is already loaded as the default provider
+ echo "Current OpenSSL providers:"
+ openssl list -providers
+ openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
# The following test cases link directly to libcrypto.
TEST_CASES="fuzz-dns-packet fuzz-etc-hosts fuzz-resource-record \
resolvectl systemd-resolved test-cryptolib \
test-dns-packet test-dnssec test-resolve-tables \
test-resolved-etc-hosts test-resolved-packet \
test-resolved-stream"
- if [ -n ${{ matrix.force_fail }} ]; then
- export ${{ matrix.force_fail }}
- fi
+ export ${{ matrix.force_fail }}
meson test -C build $TEST_CASES
TEST_RESULT=$?
+ if [ $TEST_RESULT -ne 0 ]; then
+ cat build/meson-logs/testlog.txt
+ fi
+
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} systemd
diff --git a/.github/workflows/tcpdump.yml b/.github/workflows/tcpdump.yml
index 879d94cf..0d821903 100644
--- a/.github/workflows/tcpdump.yml
+++ b/.github/workflows/tcpdump.yml
@@ -15,47 +15,72 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_tcpdump:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 15
strategy:
matrix:
- tcpdump_ref: [ 'master', 'tcpdump-4.99.3' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ tcpdump_ref: [ 'tcpdump-4.99.3' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - tcpdump_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieve wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install test dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential flex bison autoconf libtool
+ apt-get update
+ apt-get install -y build-essential flex bison autoconf libtool\
+ libpcap-dev
- name: Checkout libpcap
uses: actions/checkout@v4
@@ -93,9 +118,9 @@ jobs:
- name: Run tcpdump tests
working-directory: tcpdump_repo
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Run tests
diff --git a/.github/workflows/tnftp.yml b/.github/workflows/tnftp.yml
index be262c37..f35b00f1 100644
--- a/.github/workflows/tnftp.yml
+++ b/.github/workflows/tnftp.yml
@@ -18,45 +18,73 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_tnftp:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
tnftp_ref: [ 'tnftp-20210827' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieve wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
- name: Install dependencies
run: |
- sudo apt-get update
- sudo apt-get install -y build-essential autoconf libtool pkg-config vsftpd
+ apt-get update
+ apt-get install -y build-essential autoconf libtool pkg-config \
+ vsftpd wget libncurses5-dev libncursesw5-dev
- name: Download and extract tnftp
run: |
@@ -66,13 +94,13 @@ jobs:
- name: Build and test tnftp
working-directory: ${{ matrix.tnftp_ref }}
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Configure with OpenSSL
- ./configure --with-openssl=$GITHUB_WORKSPACE/openssl-install
+ ./configure
# Build tnftp
make -j
diff --git a/.github/workflows/tpm2-tools.yml b/.github/workflows/tpm2-tools.yml
index de17608f..2ef148b1 100644
--- a/.github/workflows/tpm2-tools.yml
+++ b/.github/workflows/tpm2-tools.yml
@@ -18,13 +18,19 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_tpm2_tools:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
# This should be a safe limit for the tests to run.
timeout-minutes: 20
@@ -32,36 +38,56 @@ jobs:
fail-fast: false
matrix:
tpm2_tools_ref: [ '5.7' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Install tpm2-tools test dependencies
+ run: |
+ apt-get update
+ apt-get install -y git build-essential expect vim dbus vim-common \
+ autoconf-archive python3 python3-yaml python3-pip libefivar-dev \
+ libcmocka-dev automake libtool pkg-config build-essential pandoc \
+ libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev
+
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install tpm2-tools test dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
- sudo apt-get install -y git sudo autoconf expect vim dbus vim-common \
- autoconf-archive python3 python3-yaml python3-pip libefivar-dev \
- libcmocka-dev automake libtool pkg-config build-essential pandoc \
- libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Download tpm2-tools
uses: actions/checkout@v4
@@ -77,15 +103,14 @@ jobs:
./bootstrap
./configure \
--prefix="$GITHUB_WORKSPACE/tpm2-tools-install" \
- --with-openssl="$GITHUB_WORKSPACE/openssl-install" \
--enable-unit
make -j$(nproc)
- name: Run tpm2-tools tests
working-directory: tpm2-tools
+ shell: bash
run: |
- # Set up the environment for wolfProvider
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
# Run only unit tests and integration tests that dont need TPM2 hardware/simulator
diff --git a/.github/workflows/x11vnc.yml b/.github/workflows/x11vnc.yml
index 2f9d2d54..0bee2c67 100644
--- a/.github/workflows/x11vnc.yml
+++ b/.github/workflows/x11vnc.yml
@@ -18,58 +18,84 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
-
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+
test_x11vnc:
runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
needs: build_wolfprovider
timeout-minutes: 10
strategy:
matrix:
- x11vnc_ref: [ 'master', '0.9.17' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ x11vnc_ref: [ '0.9.17' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Install x11vnc dependencies
+ run: |
+ apt-get update
+
+ # common build dependencies
+ apt-get install -y build-essential autoconf automake libtool \
+ pkg-config gcc make ca-certificates
+
+ # x11vnc dependencies
+ apt-get install -y libc6-dev libjpeg-dev x11proto-core-dev \
+ libxss-dev zlib1g-dev libavahi-client-dev libvncserver-dev \
+ libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev \
+ libxinerama-dev libxrandr-dev libxtst-dev
+
+ # packages for testing script
+ apt-get install -y xvfb tigervnc-viewer psmisc expect curl
+
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfSSL/wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
-
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install x11vnc dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
- # common build dependencies
- sudo apt-get install -y build-essential autoconf automake libtool \
- pkg-config gcc make ca-certificates
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
- # x11vnc dependencies
- sudo apt-get install -y libc6-dev libjpeg-dev x11proto-core-dev \
- libxss-dev zlib1g-dev libavahi-client-dev libvncserver-dev \
- libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev \
- libxinerama-dev libxrandr-dev libxtst-dev
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
- # packages for testing script
- sudo apt-get install -y xvfb tigervnc-viewer psmisc expect curl
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Download x11vnc
uses: actions/checkout@v4
@@ -81,28 +107,19 @@ jobs:
- name: Build x11vnc
working-directory: x11vnc
run: |
- # force x11vnc to use the openssl binary in wolfProvider
- sudo ln -sf $GITHUB_WORKSPACE/openssl-install/bin/openssl /usr/bin/openssl
-
# change certs from being hashed with MD5 to SHA256
perl -pi -e 's/default_md\s*=\s*md5/default_md = SHA256/' src/ssltools.h
# change encryption for cert keys from des3 to aes256
perl -pi -e 's/-des3/-aes256/' src/ssltools.h
- source $GITHUB_WORKSPACE/scripts/env-setup
-
autoreconf -vfi
- ./configure --with-ssl="$GITHUB_WORKSPACE/openssl-install/lib64" \
- CPPFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" \
- LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64"
+ ./configure
make -j $(nproc)
- sudo make install
+ make install
- name: Run x11vnc tests
run: |
- source $GITHUB_WORKSPACE/scripts/env-setup
export ${{ matrix.force_fail }}
export WOLFPROV_FORCE_FAIL_STR="${{ matrix.force_fail }}"
-
$GITHUB_WORKSPACE/.github/scripts/x11vnc/test_x11vnc.sh
diff --git a/.github/workflows/xmlsec.yml b/.github/workflows/xmlsec.yml
index 7b68e7ef..d31e02f7 100644
--- a/.github/workflows/xmlsec.yml
+++ b/.github/workflows/xmlsec.yml
@@ -3,7 +3,7 @@ name: xmlsec Tests
# START OF COMMON SECTION
on:
push:
- branches: [ 'master', 'main', 'release/**' ]
+ branches: [ '**' ] # 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
@@ -18,50 +18,76 @@ jobs:
with:
wolfssl_ref: ${{ matrix.wolfssl_ref }}
openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
strategy:
matrix:
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
test_xmlsec:
runs-on: ubuntu-22.04
needs: build_wolfprovider
+ # Run inside Debian Bookworm to match packaging environment
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
# This should be a safe limit for the tests to run.
timeout-minutes: 20
strategy:
matrix:
- xmlsec_ref: [ 'master', 'xmlsec-1_2_37' ]
- wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
- openssl_ref: [ 'openssl-3.5.0' ]
+ xmlsec_ref: [ 'xmlsec-1_2_37' ]
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
- exclude:
- - xmlsec_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ replace_default: [ true ]
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Install xmlsec dependencies
+ run: |
+ apt-get update
+ apt-get install -y automake autoconf libtool libtool-bin \
+ libltdl-dev libltdl7 libxml2-dev patch build-essential \
+ pkg-config libxml2-dev
+
# Checkout the source so we can run the check-workflow-result script
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
- - name: Retrieving wolfProvider from cache
+ - name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
- id: wolfprov-cache-restore
+ id: wolfprov-cache
with:
path: |
- wolfssl-install
- wolfprov-install
- openssl-install/lib64
- openssl-install/include
- openssl-install/bin
- key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
fail-on-cache-miss: true
- - name: Install xmlsec dependencies
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
run: |
- sudo apt-get update
- sudo apt-get install -y automake autoconf libtool libtool-bin \
- libltdl-dev libltdl7 libxml2-dev
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- name: Checkout OSP
uses: actions/checkout@v4
@@ -88,16 +114,16 @@ jobs:
--without-gnutls --without-gcrypt --disable-xmldsig \
--disable-crypto-dl --disable-apps-crypto-dl \
--disable-concatkdf --disable-tmpl-tests
- make
- cp $GITHUB_WORKSPACE/provider.conf tests/openssl3.cnf
+ make -j$(nproc)
+ # Remove the bundled openssl3.cnf since we use the default
+ rm -f tests/openssl3.cnf
- name: Run xmlsec tests
working-directory: xmlsec
+ shell: bash
run: |
- echo "Setting environment variables..."
- source $GITHUB_WORKSPACE/scripts/env-setup
+ set +o pipefail # ignore errors from make check
export ${{ matrix.force_fail }}
- export OPENSSL_CONF=$PWD/tests/openssl3.cnf
make check-keys | tee xmlsec-keys.log
make check-enc | tee xmlsec-enc.log
if grep -q "TOTAL FAILED: 0" xmlsec-enc.log && grep -q "TOTAL FAILED: 0" xmlsec-keys.log; then
diff --git a/Makefile.am b/Makefile.am
index d1b28091..62b00b38 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -14,9 +14,6 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
lib_LTLIBRARIES = libwolfprov.la
-# Create only libwolfprov.so, and not .so.X.Y.Z
-libwolfprov_la_LDFLAGS = -avoid-version
-
EXTRA_DIST+=ChangeLog.md
EXTRA_DIST+=README.md
EXTRA_DIST+=IDE
diff --git a/debian/control b/debian/control
index 25dcd83a..d8d9a993 100644
--- a/debian/control
+++ b/debian/control
@@ -9,8 +9,7 @@ Build-Depends:
devscripts,
dh-exec,
git,
- pkgconf,
- libwolfssl-dev
+ pkgconf
Package: libwolfprov
Architecture: any
diff --git a/debian/install-wolfssl.sh b/debian/install-wolfssl.sh
index e95aa9b6..7e280bac 100755
--- a/debian/install-wolfssl.sh
+++ b/debian/install-wolfssl.sh
@@ -21,6 +21,7 @@ install_wolfssl_from_git() {
local work_dir="$1"
local git_tag="$2"
local debug_mode="$3"
+ local reinstall_mode="$4"
# If no working directory specified, create one using mktemp
if [ -z "$work_dir" ]; then
@@ -114,6 +115,12 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
else
echo "configure.ac already contains required patches"
fi
+
+ # Patch debian/rules.in to disable dh_strip
+ echo "Patching debian/rules.in to disable dh_strip..."
+ sed -i 's/^[[:space:]]*dh_strip.*/:/' debian/rules.in
+ echo "debian/rules.in patched successfully"
+
else
echo "debian/rules.in found, using existing debian packaging"
fi
@@ -130,14 +137,50 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
# Configure with the specified options
echo "Configuring wolfSSL with specified options..."
- configure_opts="--enable-opensslcoexist --enable-cmac --with-eccminsz=192 --enable-ed25519 --enable-ed448 --enable-md5 --enable-curve25519 --enable-curve448 --enable-aesccm --enable-aesxts --enable-aescfb --enable-keygen --enable-shake128 --enable-shake256 --enable-wolfprovider --enable-rsapss --enable-scrypt"
+ configure_opts="--enable-opensslcoexist \
+ --enable-cmac \
+ --with-eccminsz=192 \
+ --enable-ed25519 \
+ --enable-ed448 \
+ --enable-md5 \
+ --enable-curve25519 \
+ --enable-curve448 \
+ --enable-aesccm \
+ --enable-aesxts \
+ --enable-aescfb \
+ --enable-keygen \
+ --enable-shake128 \
+ --enable-shake256 \
+ --enable-wolfprovider \
+ --enable-rsapss \
+ --enable-scrypt"
if [ "$debug_mode" = "true" ]; then
configure_opts="$configure_opts --enable-debug"
echo "Debug mode enabled"
fi
- ./configure $configure_opts CFLAGS="-DWOLFSSL_OLD_OID_SUM -DWOLFSSL_PUBLIC_ASN -DHAVE_FFDHE_3072 -DHAVE_FFDHE_4096 -DWOLFSSL_DH_EXTRA -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DWOLFSSL_PUBLIC_MP -DWOLFSSL_RSA_KEY_CHECK -DHAVE_FFDHE_Q -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_ECDSA_DETERMINISTIC_K -DWOLFSSL_VALIDATE_ECC_IMPORT -DRSA_MIN_SIZE=1024 -DHAVE_AES_ECB -DWC_RSA_DIRECT -DWC_RSA_NO_PADDING -DACVP_VECTOR_TESTING -DWOLFSSL_ECDSA_SET_K" LIBS="-lm"
+ ./configure $configure_opts \
+ CFLAGS="-DWOLFSSL_OLD_OID_SUM \
+ -DWOLFSSL_PUBLIC_ASN \
+ -DHAVE_FFDHE_3072 \
+ -DHAVE_FFDHE_4096 \
+ -DWOLFSSL_DH_EXTRA \
+ -DWOLFSSL_PSS_SALT_LEN_DISCOVER \
+ -DWOLFSSL_PUBLIC_MP \
+ -DWOLFSSL_RSA_KEY_CHECK \
+ -DHAVE_FFDHE_Q \
+ -DHAVE_FFDHE_6144 \
+ -DHAVE_FFDHE_8192 \
+ -DWOLFSSL_ECDSA_DETERMINISTIC_K \
+ -DWOLFSSL_VALIDATE_ECC_IMPORT \
+ -DRSA_MIN_SIZE=1024 \
+ -DHAVE_AES_ECB \
+ -DWC_RSA_DIRECT \
+ -DWC_RSA_NO_PADDING \
+ -DACVP_VECTOR_TESTING \
+ -DWOLFSSL_ECDSA_SET_K" \
+ LIBS="-lm"
# Build Debian packages
echo "Building Debian packages..."
@@ -145,7 +188,12 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
# Install the generated packages
echo "Installing generated .deb packages..."
- dpkg -i ../*.deb
+ if [ "$reinstall_mode" = "true" ]; then
+ echo "Reinstall mode: forcing package reinstallation..."
+ dpkg -i --force-overwrite --force-confnew ../*.deb
+ else
+ dpkg -i ../*.deb
+ fi
echo "WolfSSL installation from git completed successfully"
}
@@ -155,6 +203,7 @@ main() {
local work_dir=""
local git_tag=""
local debug_mode="false"
+ local reinstall_mode="false"
# Parse command line arguments
while [[ $# -gt 0 ]]; do
@@ -166,6 +215,7 @@ main() {
echo "Options:"
echo " -t, --tag TAG Clone and build specific tag or branch (default: master)"
echo " -d, --debug Enable debug build mode (adds --enable-debug)"
+ echo " -r, --reinstall Force reinstall even if packages are already installed"
echo " -h, --help Show this help message"
echo ""
echo "Arguments:"
@@ -178,6 +228,7 @@ main() {
echo " $0 --tag v5.6.4 /tmp/build # Build tag v5.6.4 in /tmp/build"
echo " $0 --debug # Build master with debug enabled"
echo " $0 --debug --tag v5.6.4 # Build tag v5.6.4 with debug enabled"
+ echo " $0 --reinstall # Force reinstall even if packages exist"
exit 0
;;
-t|--tag)
@@ -188,6 +239,10 @@ main() {
debug_mode="true"
shift
;;
+ -r|--reinstall)
+ reinstall_mode="true"
+ shift
+ ;;
-*)
echo "Unknown option: $1" >&2
echo "Use --help for usage information" >&2
@@ -206,10 +261,15 @@ main() {
esac
done
- echo "Checking if wolfSSL packages are already installed..."
- if check_packages_installed; then
- echo "Packages already installed, exiting successfully"
- exit 0
+ # Only check if packages are installed if not in reinstall mode
+ if [ "$reinstall_mode" = "false" ]; then
+ echo "Checking if wolfSSL packages are already installed..."
+ if check_packages_installed; then
+ echo "Packages already installed, exiting successfully"
+ exit 0
+ fi
+ else
+ echo "Reinstall mode enabled, bypassing package check..."
fi
echo "Installing wolfSSL packages from git repository..."
@@ -219,7 +279,7 @@ main() {
echo "Building wolfSSL master branch"
fi
- install_wolfssl_from_git "$work_dir" "$git_tag" "$debug_mode"
+ install_wolfssl_from_git "$work_dir" "$git_tag" "$debug_mode" "$reinstall_mode"
echo "WolfSSL installation completed successfully"
}
diff --git a/debian/libssl-dev.links b/debian/libssl-dev.links
index 584cd66f..ab59eb90 100644
--- a/debian/libssl-dev.links
+++ b/debian/libssl-dev.links
@@ -1,7 +1,5 @@
#!/usr/bin/dh-exec
+# Make unversioned .so link to the soname .so.3 (normal Debian split: libssl3 ships *.so.3, -dev ships headers + unversioned symlinks)
-# Create symlinks for the shared libs rather than pulling in the full versioned files
-# This avoids issues with soname mismatches for applications linking against
-# libssl and libcrypto.
-usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so usr/lib/$(DEB_HOST_MULTIARCH)/libssl.so.3
-usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so usr/lib/$(DEB_HOST_MULTIARCH)/libcrypto.so.3
\ No newline at end of file
+usr/lib/${DEB_HOST_MULTIARCH}/libssl.so.3 usr/lib/${DEB_HOST_MULTIARCH}/libssl.so
+usr/lib/${DEB_HOST_MULTIARCH}/libcrypto.so.3 usr/lib/${DEB_HOST_MULTIARCH}/libcrypto.so
diff --git a/debian/libwolfprov.install b/debian/libwolfprov.install
index e0f5fd99..0a25d1c8 100644
--- a/debian/libwolfprov.install
+++ b/debian/libwolfprov.install
@@ -1,3 +1,3 @@
-usr/lib/*/ossl-modules/libwolfprov.so*
+usr/lib/*/ossl-modules/libwolfprov.so.0.0.0
usr/lib/ssl/openssl.cnf.d
usr/lib/ssl/openssl.cnf.d/wolfprovider.conf
diff --git a/debian/libwolfprov.links b/debian/libwolfprov.links
new file mode 100755
index 00000000..79f213f2
--- /dev/null
+++ b/debian/libwolfprov.links
@@ -0,0 +1,4 @@
+#!/usr/bin/dh-exec
+usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so.0.0.0 usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so
+usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so.0.0.0 usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so.0
+usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so.0.0.0 usr/lib/${DEB_HOST_MULTIARCH}/libwolfprov.so
diff --git a/debian/libwolfprov.postinst b/debian/libwolfprov.postinst
index 49ad68f2..a8c3a105 100755
--- a/debian/libwolfprov.postinst
+++ b/debian/libwolfprov.postinst
@@ -1,42 +1,35 @@
#!/bin/sh
set -e
-INCLUDE_LINE=".include /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf"
-CONF_FILE="/usr/lib/ssl/openssl.cnf"
-CONF_DEFAULT="/usr/share/openssl-defaults/openssl.cnf"
+# We currently only support "replace default" mode.
+# In this mode, we don't need to modify the system openssl.cnf file
+# since our modified openssl references libwolfprov.so explicitly.
+# In the future, we should add scripting here to find the system openssl.cnf file
+# and add the include line to it. Note that the code below
+# references a hardcoded path which may not be correct for all systems.
-# Copy from our template if it doesn't exist
-if [ ! -f "$CONF_FILE" ]; then
- echo "Config file does not exist: $CONF_FILE"
- if [ -f "$CONF_DEFAULT" ]; then
- install -Dm644 "$CONF_DEFAULT" "$CONF_FILE"
- else
- echo "Default config file does not exist: $CONF_DEFAULT"
- exit 1
- fi
-fi
+# INCLUDE_LINE=".include /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf"
+# CONF_FILE="/usr/lib/ssl/openssl.cnf"
+# CONF_DEFAULT="/usr/share/openssl-defaults/openssl.cnf"
-# Add include for wolfprovider config file if not already present
-if grep -qF "$INCLUDE_LINE" "$CONF_FILE"; then
- echo "Include line already exists in $CONF_FILE"
-else
- echo "Adding include for wolfprovider to $CONF_FILE..."
- sed -i "/^openssl_conf/ a $INCLUDE_LINE" "$CONF_FILE"
-fi
+# # Copy from our template if it doesn't exist
+# if [ ! -f "$CONF_FILE" ]; then
+# echo "Config file does not exist: $CONF_FILE"
+# if [ -f "$CONF_DEFAULT" ]; then
+# install -Dm644 "$CONF_DEFAULT" "$CONF_FILE"
+# else
+# echo "Default config file does not exist: $CONF_DEFAULT"
+# exit 1
+# fi
+# fi
-# Link /usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/libwolfprov.so to /usr/lib/$(DEB_HOST_MULTIARCH)/
-# This is needed for the custom openssl build where libwolfprov is a normal module
-# Todo: this could possibly be done with a .links file in debian/
-DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH)
-# Loop through /usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/libwolfprov.so* and create the link
-for file in "/usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so"*; do
- # use the same extension as the original file
- extension="${file##*.}"
- if [ -f "$file" ]; then
- echo "Linking $file to /usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.$extension"
- ln -sf "$file" "/usr/lib/${DEB_HOST_MULTIARCH}/libwolfprov.$extension"
- fi
-done
+# # Add include for wolfprovider config file if not already present
+# if grep -qF "$INCLUDE_LINE" "$CONF_FILE"; then
+# echo "Include line already exists in $CONF_FILE"
+# else
+# echo "Adding include for wolfprovider to $CONF_FILE..."
+# sed -i "/^openssl_conf/ a $INCLUDE_LINE" "$CONF_FILE"
+# fi
#DEBHELPER#
exit 0
diff --git a/debian/libwolfprov.postrm b/debian/libwolfprov.postrm
deleted file mode 100755
index 9c12481b..00000000
--- a/debian/libwolfprov.postrm
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-set -e
-
-case "$1" in
- remove|purge)
- DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH)
- rm -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf
- rm -f /usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so*
- rm -f /usr/lib/${DEB_HOST_MULTIARCH}/libwolfprov.so*
- ;;
-esac
-
-#DEBHELPER#
-exit 0
diff --git a/debian/rules b/debian/rules
index 9ce75506..47d05767 100755
--- a/debian/rules
+++ b/debian/rules
@@ -71,7 +71,7 @@ override_dh_auto_install:
# Install wolfProvider library
install -d $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules
- install -m755 ./.libs/libwolfprov.so* \
+ install -m755 ./.libs/libwolfprov.so.0.0.0 \
$(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/
# Install wolfProvider headers
diff --git a/scripts/build-debian.sh b/scripts/build-debian.sh
index f08d3f3e..b363d6f2 100755
--- a/scripts/build-debian.sh
+++ b/scripts/build-debian.sh
@@ -23,8 +23,10 @@ PKG_NAME="libwolfprov"
WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
+printf "Running build-debian.sh with WOLFSSL_ISFIPS=$WOLFSSL_ISFIPS and WOLFPROV_DEBUG=$WOLFPROV_DEBUG\n"
+
# Step 1: Determine the repo root
-REPO_ROOT=$(git rev-parse --show-toplevel)
+REPO_ROOT=${GITHUB_WORKSPACE:-$(git rev-parse --show-toplevel)}
cd "$REPO_ROOT"
# Step 2: Determine latest upstream tag
@@ -111,9 +113,29 @@ echo "📦 Creating tarball $TARBALL from commit $current_commit..."
git archive --format=tar.gz --prefix="${TARBALL_PREFIX}/" \
-o "../$TARBALL" "$current_commit"
-# Step 10: Build package
+# Step 9.1: Set up ccache if installed
+# Optional ccache
+if command -v ccache >/dev/null 2>&1; then
+ export CC="ccache gcc"
+ export CXX="ccache g++"
+else
+ export CC="gcc"
+ export CXX="g++"
+fi
+
+# Optional tuning (safe if unset)
+: "${CCACHE_DIR:=}"
+: "${CCACHE_BASEDIR:=}"
+: "${CCACHE_NOHASHDIR:=}"
+: "${CCACHE_SLOPPINESS:=}"
+CCACHE_COMPILERCHECK=${CCACHE_COMPILERCHECK:-content}
+
+# Step 10: Build package with optional ccache (if installed)
echo "⚙️ Building package..."
-# Use nostrip to avoid building the -dbgsym package
-DEB_BUILD_OPTIONS="nostrip" debuild -e WOLFSSL_ISFIPS -e WOLFPROV_DEBUG -us -uc
+WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
+dpkg-buildpackage -us -uc \
+ -eWOLFSSL_ISFIPS \
+ -eCC -eCXX \
+ -eCCACHE_DIR -eCCACHE_BASEDIR -eCCACHE_NOHASHDIR -eCCACHE_COMPILERCHECK
echo "✅ Build completed for version $VERSION"
diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh
index f11e4a4d..3ae08236 100755
--- a/scripts/utils-openssl.sh
+++ b/scripts/utils-openssl.sh
@@ -26,7 +26,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
source ${SCRIPT_DIR}/utils-general.sh
OPENSSL_GIT_URL="https://github.com/openssl/openssl.git"
-OPENSSL_TAG=${OPENSSL_TAG:-"openssl-3.5.0"}
+OPENSSL_TAG=${OPENSSL_TAG:-"openssl-3.5.2"}
OPENSSL_SOURCE_DIR=${SCRIPT_DIR}/../openssl-source
OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install
OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl
@@ -232,18 +232,24 @@ install_openssl_deb() {
fi
printf "Done.\n"
- # Manually set up the install directory rather than running 'make install'
- # so that we don't modify the system OpenSSL installation
+ printf "\tInstalling OpenSSL ${OPENSSL_TAG} ... "
+ make -j$NUMCPU install DESTDIR=${OPENSSL_INSTALL_DIR} >>$LOG_FILE 2>&1
+ if [ $? != 0 ]; then
+ printf "ERROR.\n"
+ rm -rf ${OPENSSL_INSTALL_DIR}
+ do_cleanup
+ exit 1
+ fi
+ printf "Done.\n"
+
+ # We use a different install path for Debian, which places the outputs in $OPENSSL_INSTALL_DIR/usr/lib/${DEB_HOST_MULTIARCH}
+ # rather than $OPENSSL_INSTALL_DIR. So manually copy the outputs to the correct path.
printf "\tCopying outputs to ${OPENSSL_INSTALL_DIR} for OpenSSL ${OPENSSL_TAG} ... "
- mkdir -p ${OPENSSL_INSTALL_DIR}/bin
- mkdir -p ${OPENSSL_INSTALL_DIR}/lib
- mkdir -p ${OPENSSL_INSTALL_DIR}/include/openssl
- mkdir -p ${OPENSSL_INSTALL_DIR}/lib/pkgconfig
- cp -r apps/openssl ${OPENSSL_INSTALL_DIR}/bin/openssl
- cp -r libcrypto.so* libcrypto.a ${OPENSSL_INSTALL_DIR}/lib/
- cp -r libssl.so* libssl.a ${OPENSSL_INSTALL_DIR}/lib/
- cp -r include/openssl/* ${OPENSSL_INSTALL_DIR}/include/openssl/
- cp -r *.pc ${OPENSSL_INSTALL_DIR}/lib/pkgconfig/
+ mkdir -p $OPENSSL_INSTALL_DIR/lib
+ cp -r $OPENSSL_INSTALL_DIR/usr/lib/${DEB_HOST_MULTIARCH}/* $OPENSSL_INSTALL_DIR/lib
+ cp -r $OPENSSL_INSTALL_DIR/usr/bin $OPENSSL_INSTALL_DIR/bin
+ cp -r $OPENSSL_INSTALL_DIR/usr/include $OPENSSL_INSTALL_DIR/include
+ cp -r $OPENSSL_INSTALL_DIR/usr/lib/pkgconfig $OPENSSL_INSTALL_DIR/lib/pkgconfig
printf "Done.\n"
popd &> /dev/null
@@ -304,7 +310,11 @@ install_openssl() {
}
init_openssl() {
- install_openssl
+ if [ $WOLFPROV_BUILD_DEBIAN -eq 1 ]; then
+ install_openssl_deb
+ else
+ install_openssl
+ fi
printf "\tOpenSSL ${OPENSSL_TAG} installed in: ${OPENSSL_INSTALL_DIR}\n"
if [ -z $LD_LIBRARY_PATH ]; then
diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh
index 52dea336..2fc0c687 100644
--- a/scripts/utils-wolfssl.sh
+++ b/scripts/utils-wolfssl.sh
@@ -22,7 +22,7 @@ SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
source ${SCRIPT_DIR}/utils-general.sh
WOLFSSL_GIT=${WOLFSSL_GIT:-"https://github.com/wolfSSL/wolfssl.git"}
-WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.8.0-stable"}
+WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.8.2-stable"}
WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source
WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install
WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}