Files
wolfssl/.github/workflows/cryptocb-only.yml
T
2026-06-04 20:21:50 +02:00

112 lines
4.8 KiB
YAML

name: cryptocb-only Tests
# START OF COMMON SECTION
on:
push:
branches: [ 'release/**' ]
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
make_check:
strategy:
fail-fast: false
matrix:
include:
# WOLF_CRYPTO_CB_ONLY_ECC: strips software ECC; swdev provides the
# software path via cryptocb. FP_ECC / ECCSI / SAKKE / deterministic-k
# test / OPENSSL_EXTRA compat layer all reference stripped primitives
# directly, so they stay off.
- name: ECC
cppflags: -DWOLF_CRYPTO_CB_ONLY_ECC
# WOLF_CRYPTO_CB_ONLY_RSA: strips software RSA; swdev provides the
# software path via cryptocb.
- name: RSA
cppflags: -DWOLF_CRYPTO_CB_ONLY_RSA
# WOLF_CRYPTO_CB_ONLY_SHA256: strips software SHA-256; swdev provides
# the software path via cryptocb.
- name: SHA256
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA256
# WOLF_CRYPTO_CB_ONLY_SHA512: strips software SHA-512 family (SHA-384,
# SHA-512/224, SHA-512/256, SHA-512); swdev handles every variant
# explicitly via cryptocb.
- name: SHA512
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA512
# Same as SHA512 but tells swdev to refuse the SHA-384 / SHA-512/224 /
# SHA-512/256 variant callbacks (WOLFSSL_SWDEV_SHA512_GENERAL_ONLY). That
# forces the cryptocb dispatcher's fallback-to-plain-SHA-512-with-
# truncation path. The SHA512 entry above instead has swdev handle
# every variant end-to-end, so the dispatcher fallback is otherwise
# uncovered.
- name: SHA512_via_general
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA512 -DWOLFSSL_SWDEV_SHA512_GENERAL_ONLY
# WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the
# software path via cryptocb.
- name: AES
cppflags: -DWOLF_CRYPTO_CB_ONLY_AES
# Same as AES but tells swdev to refuse AES-GCM (SWDEV_AES_ONLYECB).
# That forces the parent's CB_ONLY_AES host-side GCM software path:
# GHASH runs on the host while AES-CTR blocks dispatch back through
# cryptocb ECB. The AES entry above instead has swdev handle GCM
# end-to-end, so the host-side GCM path is otherwise uncovered.
- name: AES_GCM_via_ECB
cppflags: -DWOLF_CRYPTO_CB_ONLY_AES -DSWDEV_AES_ONLYECB
# All four ONLY_* macros at once: every supported software primitive
# is stripped and dispatched through cryptocb. Catches any cross-
# algorithm call that a single-strip entry would still resolve via
# the remaining software paths.
- name: ALL
cppflags: >-
-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA
-DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_SHA512
-DWOLF_CRYPTO_CB_ONLY_AES
name: make check (${{ matrix.name }})
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
runs-on: ubuntu-24.04
timeout-minutes: 10
env:
# Common feature set for every entry.
BASE_CONFIG: >-
--enable-swdev --enable-cryptocb --enable-ecc --enable-rsa --enable-dh
--enable-aesgcm --enable-aesccm --enable-aesctr --enable-aescfb
--enable-aeskeywrap --enable-aessiv --enable-aesofb --enable-aesxts
--enable-camellia --enable-chacha --enable-poly1305
--enable-sha --enable-sha3 --enable-shake128 --enable-shake256
--enable-blake2 --enable-blake2s
--enable-hkdf --enable-hashdrbg --enable-hashflags
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
--enable-mlkem --enable-dilithium
--enable-scrypt --enable-pwdbased --enable-pkcs7 --enable-pkcs12
--enable-certgen --enable-certreq --enable-certext
--enable-keygen --enable-asn=all
--enable-cmac --enable-xchacha
--enable-crl --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
--enable-dtls --enable-dtls13 --enable-tls13
steps:
- uses: actions/checkout@v4
name: Checkout wolfSSL
- name: Test wolfSSL
run: |
./autogen.sh
./configure $BASE_CONFIG ${{ matrix.extra_config }} CPPFLAGS="${{ matrix.cppflags }}"
make -j 4
make check
- name: Print errors
if: ${{ failure() }}
run: |
for file in scripts/*.log
do
if [ -f "$file" ]; then
echo "${file}:"
cat "$file"
fi
done