Commit Graph

23 Commits

Author SHA1 Message Date
Juliusz Sosinowicz 3a6c31a51e CI: pool the per-config runner matrices into parallel make-check jobs
Replace the one-runner-per-configuration matrices across the
make-check workflow family with a generic pooled runner,
.github/scripts/parallel-make-check.py. Each workflow keeps its
configuration list as JSON next to the invocation; one runner (or a
small fixed set of shards, balanced by measured per-config minutes)
builds every config in its own out-of-tree (VPATH) build directory off
a single checkout/autogen, on a pool of one-per-CPU worker threads,
longest first. Concurrent checks are isolated with bubblewrap network
namespaces, compilations are cached with ccache, the first failure
aborts the rest (fail-fast, with --no-fail-fast to run everything),
and per-config timings plus pool efficiency land in the step summary.
Failure logs upload as artifacts. smoke-test.yml is likewise reworked
into a single pooled job that runs its nine configs on one runner.

Converted workflows (runner jobs per full pass):
  os-check.yml             101 -> 8  (92 Ubuntu configs -> 4 shards;
                           the macOS matrix, the user-settings jobs and
                           the standalone
                           macos-apple-native-cert-validation.yml fold
                           into one macOS runner; Windows unchanged)
  pq-all.yml                21 -> 2 shards
  disable-pk-algs.yml       15 -> 1
  wolfCrypt-Wconversion.yml 11 -> 1
  trackmemory.yml            7 -> 1
  cryptocb-only.yml          8 -> 1  (incl. the two new SHA512 entries)
  multi-compiler.yml         6 -> 1
  smallStackSize.yml         6 -> 1
  multi-arch.yml             6 -> 1
  async.yml                  5 -> 1
  psk.yml                    5 -> 1
  no-malloc.yml              3 -> 1
  wolfsm.yml                 3 -> 1
  opensslcoexist.yml         2 -> 1

Measured against current upstream passing runs (job execution time,
queue excluded): ~200 runner jobs / ~374 runner-minutes per full pass
become 23 jobs / ~168 runner-minutes, with more coverage than before.
multi-arch's old matrix combined an "include" list of four
architectures with an "opts" axis; GitHub's include-merge rules made
each arch entry overwrite the previous one, so only the armel
combinations actually ran. The pooled list restores the intended
aarch64/armhf/riscv64 coverage (23 combinations; riscv64 x sp-math is
omitted as invalid - configure rejects sp-math without SP, and
--enable-riscv-asm, unlike --enable-sp-asm, does not bring SP in).

Out-of-tree build fixes this depends on:
- Makefile.am: symlink the read-only test data (certs/, tests/ config
  files, sniffer captures and helpers, examples/crypto_policies,
  input, quit) into the build tree via a BUILT_SOURCES stamp, removed
  again in distclean-local. ChangeToWolfRoot() and the script tests
  resolve everything relative to the working directory, so out-of-tree
  make check and make distcheck now pass.
- scripts/multi-msg-record.py: locate the client binary from the build
  tree working directory rather than the script's source directory.
- configure.ac + wolfssl/include.am: run
  support/gen-debug-trace-error-codes.sh from $srcdir; it reads the
  error-code headers from the source tree and generates into the build
  tree.
- tests/swdev: a WOLFBUILD variable points the sub-make at the build
  tree for the configure-generated headers (wolfssl/options.h,
  wolfssl/version.h); the in-tree-only guards are dropped.

Portions of PR #10649 are incorporated: the cross-platform
ccache-setup composite action, repository_owner gates on check-headers
and check-source-text, the docs-only paths-ignore on os-check, and the
libspdm timeout bumps.
2026-06-12 09:47:13 +00:00
David Garske 7f80896033 CI optimizations
- Skip CI for draft PRs and redundant master-push re-runs; membrowse nightly.
- Add smoke test (8 configs, CFLAGS=-Werror, post-merge tree, fail-fast on conflicts).
- Add wait-for-smoke composite action for downstream CI gating.
- Add check-source-text + bash -n + shellcheck workflow (script in make dist).
- Cache apt-get update in install-apt-deps composite on cache hit.
2026-05-21 13:19:29 -07:00
Daniel Pouzzner d14b8f8e79 .github/workflows/:
* add "-Wnull-dereference" to all existing "-pedantic -Wdeclaration-after-statement" configs;
* add an --enable-sp-math config to .github/workflows/pq-all.yml and .github/workflows/multi-arch.yml.
2026-04-25 11:47:24 -05:00
Tobias Frauenschläger 062ef3e93b Remove some duplicate CI tests 2026-04-10 12:50:24 +02:00
Tobias Frauenschläger c3289f8aa9 Enable and use ML-KEM by default
* Enable ML-KEM by default in build systems (autoconf and CMake)
* Only allow three to-be-standardized hybrid PQ/T combinations by
  default
* Use X25519MLKEM768 as the default KeyShare in the ClientHello (if user
  does not override that). When Curve25519 is disabled, then either
  WOLFSSL_SECP384R1MLKEM1024 or WOLFSSL_SECP256R1MLKEM768 is used as
  default depending on the ECC configuration
* Disable standalone ML-KEM in supported groups by default (enable with
  --enable-tls-mlkem-standalone)
* Disable extra OQS-based hybrid PQ/T curves by default and gate
  behind --enable-experimental (enable with --enable-extra-pqc-hybrids)
* Reorder the SupportedGroups extension to reflect the preferences
* Reorder the preferredGroup array to also reflect the same preferences
* Add async support for ML-KEM hybrids
2026-03-18 10:48:16 +01:00
Josh Holtrop 69fd8dc01f Update from Ubuntu 22.04 to Ubuntu 24.04 for several github workflows 2026-01-20 21:44:56 -05:00
David Garske a071426bc8 Migrate wolfAsyncCrypt repo into wolfSSL proper 2025-11-14 09:43:59 -08:00
Daniel Pouzzner 982a7600c2 src/tls13.c: in DoTls13ServerHello() WOLFSSL_ASYNC_CRYPT path, fix -Wdeclaration-after-statement caused by fallthrough definition;
.github/workflows: update async.yml, multi-arch.yml, multi-compiler.yml, no-malloc.yml, opensslcoexist.yml, and os-check.yml, with -pedantic and related flags, and add --enable-riscv-asm to multi-arch.yml RISC-V scenario;

configure.ac: clarify error message for "SP ASM not available for CPU."
2025-05-06 14:49:32 -05:00
Juliusz Sosinowicz 1d2acd9de6 Revert to ubuntu-22.04 2024-12-10 16:27:41 +01:00
Andras Fekete a5331d406c Revert "Merge pull request #8072 from rizlik/github-fix"
This reverts commit 0f8b4dbc63, reversing
changes made to 743a78dc85.
2024-10-15 12:39:01 -04:00
Marco Oliverio 5d3f7c2528 ci: github: fix ubuntu version to 22.04 2024-10-14 16:46:45 +00:00
gojimmypi 27adc66cca Add conditional repository_owner to workflow, remove socat strategy 2024-09-23 11:30:58 -07:00
Daniel Pouzzner a3fb5029f8 clean up trailing whitespace and misplaced CRLFs, add missing final newlines, remove stray UTF8 nonprintables (BOMs) and ASCIIfy stray homoglyphs (spaces and apostrophes), guided by expanded coverage in wolfssl-multi-test check-source-text. 2024-09-05 14:52:18 -05:00
Juliusz Sosinowicz 7206508329 Don't use main.yml since it has a limit of 20 jobs 2024-05-06 17:18:01 +02:00
Juliusz Sosinowicz 31bfac43ea Update github actions
Many of these updates should also speed up some steps
2024-02-02 20:14:28 +01:00
Andras Fekete b34348680a New format 2023-09-11 14:33:19 -04:00
JacobBarthelmeh 3e5e16f1ff Merge pull request #6641 from julek-wolfssl/gh/6555
Dtls13GetRnMask: Correctly get chacha counter on BE systems
2023-07-26 11:29:39 -06:00
Juliusz Sosinowicz 72d99d0ae0 Add timeouts to action tests 2023-07-24 09:13:10 +02:00
John Bland 2e4b651b87 update tls13 to handle an OCSP_WANT_READ, update
async client test to retry connect on OCSP_WANT_READ instead of timing out
2023-07-21 16:24:59 -04:00
David Garske 72ffa743a0 Fix for async ECC shared secret. ZD 15938 2023-05-01 15:30:03 -07:00
tmael 1106e5ff0e TLS v1.3: Support a stateful ticket and test HAVE_EXT_CACHE (#5960)
* Add TLSv1.3 stateful support
Fix internal and external session cache

* session cache fixes

* Refactor

- implement wolfSSL_CTX_flush_sessions
- use wolfSSL_CTX_flush_sessions to make test_wolfSSL_CTX_add_session_ext deterministic
- add dtls to test_wolfSSL_CTX_add_session_ext
- DoClientTicket_ex does not modify ssl object
- only call session remove callback on:
  - timeout
  - session is being overwritten/removed from the cache

* Session fixes

- restore bogus ID on session duplicate
- don't evict on overwrite
- use memmove instead on memcpy as `ssl->session == session` is possible
- ignore ClientSession parameter in AddSessionToCache on NO_SESSION_CACHE_REF
- use sessionID when altSessionID not present

* Session fixes

- DoClientTicketFinalize: always copy in the ID as teh altSessionID
- don't overwrite ex_data when overwriting cacheSession and cacheSession owns it

* Callback wants to retain a copy

* wolfSSL_GetSessionClient: ssl->ctx->get_sess_cb does not apply here

* test_wolfSSL_CTX_add_session_ext 

gate expected results on WOLFSSL_DTLS_NO_HVR_ON_RESUME

* TlsSessionIdIsValid: copy return can't be ignored

* Silence unused parameter

* test_wolfSSL_CTX_add_session_ext: handle async case

* Gate wolfSSL_SSL_CTX_remove_session on NO_SESSION_CACHE

* ssl.c: style fixes

* Add twcase_get_sessionCb_cleanup to free external cache

* Remove hard tab

* Correct build error in wolfSSL_CTX_flush_sessions

* Jenkins fixes:

- altSessionID only available with WOLFSSL_TICKET_HAVE_ID
- slim out psk_sess_free_cb_ctx

* Stateful dtls case has 2 accesses. Stateless just one.

* Add version numbering to hostap logs

* Import internal.h for test_wolfSSL_SESSION_get_ex_new_index

* wolfSSL_SetSession: don't check SslSessionCacheOff for session setting

* wolfSSL_SetSession: fully set expired session for OpenSSL compatibility

* wolfSSL_SetSession: check if setting same object

* AddSession: always populate the session object to allow re-use

* Add logging to wolfSSL_NewSession and wolfSSL_FreeSession

* Always setup session object

* Check if session has been setup before setting it

* Print errors in async test

* Make SetupSession available outside NO_SESSION_CACHE

* Review comments

* Fix ticBuf leak and TlsSessionIdIsValid logic

* Fix unmatched curly brackets

* TlsSessionIdIsValid: always need to check copy var

* TlsResumptionIsValid: set resume to FALSE default

* wolfSSL_SetSession: remove now variable since only used in one place

* Move internalCacheLookupOff into HAVE_EXT_CACHE block

---------

Co-authored-by: Juliusz Sosinowicz <juliusz@wolfssl.com>
2023-04-21 06:46:08 -07:00
Juliusz Sosinowicz 4ddc975aca Expand asyn-check script 2023-03-31 11:25:46 +02:00
Juliusz Sosinowicz 27794c4b7e Initial async test with gh action 2023-03-30 19:33:54 +02:00