mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 22:40:48 +02:00
155 lines
8.6 KiB
YAML
155 lines
8.6 KiB
YAML
name: Tiny TLS 1.3 Tests
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'release/**' ]
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
branches: [ '*' ]
|
|
schedule:
|
|
- cron: '42 10 * * 1-5'
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
# Build + make check every --enable-tinytls13 spelling on one runner via
|
|
# .github/scripts/parallel-make-check.py (see psk.yml for the pattern).
|
|
make_check:
|
|
name: make check
|
|
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 10
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
name: Checkout wolfSSL
|
|
|
|
- name: Install dependencies
|
|
uses: ./.github/actions/install-apt-deps
|
|
with:
|
|
packages: autoconf automake libtool build-essential bubblewrap
|
|
ghcr-debs-tag: ubuntu-24.04-minimal
|
|
|
|
- name: Set up ccache
|
|
uses: ./.github/actions/ccache-setup
|
|
with:
|
|
workflow-id: tinytls13
|
|
read-only: ${{ github.event_name == 'pull_request' }}
|
|
max-size: 100M
|
|
|
|
- name: Allow unprivileged user namespaces (for bwrap)
|
|
run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 || true
|
|
|
|
# Every tiny TLS 1.3 profile/adder spelling, so each is proven to build
|
|
# and pass make check (which runs the TLS handshake test suite) out of
|
|
# the box. Server is enabled where a config needs the server-side tests.
|
|
# The psk-p256 and cert-rsaverify configs strip to combinations
|
|
# (ECDHE-only ECC without certs, RSA verify only) that the OpenSSL-compat
|
|
# API unit suite (coupled to examples via BUILD_TESTS) does not gate for.
|
|
# Rather than carry test-harness edits for those, they build static with
|
|
# --disable-examples, skip make check ("check": false), and instead run
|
|
# wolfcrypt/test/testwolfcrypt plus examples/tls13/tls13_memio.c
|
|
# (a self-contained in-memory TLS 1.3 handshake) for real crypto and
|
|
# handshake verification.
|
|
- name: Build and test all tinytls13 configs
|
|
run: |
|
|
cat > "$RUNNER_TEMP/tinytls13-configs.json" <<'EOF'
|
|
[
|
|
{"name": "tinytls13-psk-x25519", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk,server", "--disable-mlkem"]},
|
|
{"name": "tinytls13-psk-p256", "minutes": 1, "check": false,
|
|
"configure": ["--enable-tinytls13=psk,p256,server", "--enable-static", "--disable-shared", "--disable-examples", "--disable-mlkem"],
|
|
"run": [["make", "wolfcrypt/test/testwolfcrypt"], ["./wolfcrypt/test/testwolfcrypt"],
|
|
["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio"]]},
|
|
{"name": "tinytls13-psk-staticmem", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk,server,staticmem", "--disable-mlkem"]},
|
|
{"name": "tinytls13-psk-mldsa", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk,server,mldsa", "--disable-mlkem"]},
|
|
{"name": "tinytls13-psk-sha384", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk,server,sha384", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,server", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert-sha384", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,server,sha384", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert-mutualauth", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,mutualauth,server", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert-rsaverify", "minutes": 1, "check": false,
|
|
"configure": ["--enable-tinytls13=cert,server,rsaverify", "--enable-static", "--disable-shared", "--disable-examples", "--disable-mlkem"],
|
|
"run": [["make", "wolfcrypt/test/testwolfcrypt"], ["./wolfcrypt/test/testwolfcrypt"],
|
|
["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio"]]},
|
|
{"name": "tinytls13-cert-mldsa", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,server,mldsa", "--enable-static", "--disable-mlkem"],
|
|
"run": [["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio"]]},
|
|
{"name": "tinytls13-psk-client-only", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert-client-only", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert", "--disable-mlkem"]},
|
|
{"name": "tinytls13-psk-asm", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk,server,asm", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert-asm", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,server,asm", "--disable-mlkem"]},
|
|
{"name": "tinytls13-cert-chacha", "minutes": 1, "check": false,
|
|
"configure": ["--enable-tinytls13=cert,server", "--enable-static", "--disable-shared", "--disable-examples", "--disable-mlkem"],
|
|
"cflags": "-DHAVE_CHACHA -DHAVE_POLY1305",
|
|
"run": [["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio", "TLS13-CHACHA20-POLY1305-SHA256"]]},
|
|
{"name": "tinytls13-cert-aes256", "minutes": 1, "check": false,
|
|
"configure": ["--enable-tinytls13=cert,server,sha384", "--enable-static", "--disable-shared", "--disable-examples", "--disable-mlkem"],
|
|
"cflags": "-DWOLFSSL_AES_256",
|
|
"run": [["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio", "TLS13-AES256-GCM-SHA384"]]},
|
|
{"name": "tinytls13-psk-mlkem", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=psk,server", "--enable-static"],
|
|
"run": [["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio", "-", "mlkem"]]},
|
|
{"name": "tinytls13-cert-staticmem", "minutes": 1, "check": false,
|
|
"configure": ["--enable-tinytls13=cert,server,staticmem", "--enable-static", "--disable-shared", "--disable-examples", "--disable-mlkem"],
|
|
"run": [["make", "wolfcrypt/test/testwolfcrypt"], ["./wolfcrypt/test/testwolfcrypt"],
|
|
["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio"]]},
|
|
{"name": "tinytls13-nomalloc", "minutes": 1, "check": false,
|
|
"configure": ["--enable-tinytls13=psk,server,staticmem", "--enable-static", "--disable-shared", "--disable-examples", "--disable-crypttests", "--disable-mlkem"],
|
|
"cflags": "-DWOLFSSL_NO_MALLOC"},
|
|
{"name": "tinytls13-combo-cert-mutualauth-sha384", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,mutualauth,server,sha384", "--disable-mlkem"]},
|
|
{"name": "tinytls13-combo-cert-mldsa-sha384", "minutes": 1,
|
|
"configure": ["--enable-tinytls13=cert,server,mldsa,sha384", "--enable-static", "--disable-mlkem"],
|
|
"run": [["cc", "-I.", "-I..", "../examples/tls13/tls13_memio.c", "src/.libs/libwolfssl.a", "-lm", "-o", "tls13_memio"],
|
|
["./tls13_memio"]]},
|
|
{"name": "tinytls13-bare", "minutes": 1,
|
|
"configure": ["--enable-tinytls13", "--disable-mlkem"]},
|
|
{"name": "tinytls13-usersettings", "minutes": 1, "check": false,
|
|
"user_settings": "examples/configs/user_settings_tinytls13.h",
|
|
"configure": ["--enable-usersettings", "--enable-static", "--disable-shared", "--disable-examples", "--disable-crypttests"]}
|
|
]
|
|
EOF
|
|
.github/scripts/parallel-make-check.py \
|
|
${{ github.event_name == 'schedule' && '--build-only' || '' }} \
|
|
--private-dir=certs \
|
|
"$RUNNER_TEMP/tinytls13-configs.json"
|
|
|
|
- name: ccache stats
|
|
if: always()
|
|
run: ccache -s || true
|
|
|
|
- name: Upload logs on failure
|
|
if: failure()
|
|
uses: actions/upload-artifact@v6
|
|
with:
|
|
retention-days: 7
|
|
name: tinytls13-logs
|
|
path: |
|
|
build-*/make-check.log
|
|
build-*/test-suite.log
|
|
build-*/config.log
|
|
if-no-files-found: ignore
|