mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 03:00:49 +02:00
319 lines
16 KiB
YAML
319 lines
16 KiB
YAML
name: Ubuntu-Macos-Windows Tests
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'master', 'main', 'release/**' ]
|
|
pull_request:
|
|
branches: [ '*' ]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
jobs:
|
|
# Ubuntu config matrix. macOS is covered separately by make_check_macos
|
|
# below with a curated subset; configs here either have equivalent macOS
|
|
# coverage there or exercise no Darwin-specific code.
|
|
make_check_linux:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
config: [
|
|
# Add new configs here
|
|
'',
|
|
'--enable-all --enable-asn=template',
|
|
'--enable-all --enable-asn=original',
|
|
'--enable-all --enable-asn=template CPPFLAGS=-DWOLFSSL_OLD_OID_SUM',
|
|
'--enable-all --enable-asn=original CPPFLAGS=-DWOLFSSL_OLD_OID_SUM',
|
|
'--enable-harden-tls',
|
|
'--enable-tls13 --enable-session-ticket --enable-dtls --enable-dtls13
|
|
--enable-opensslextra --enable-sessioncerts
|
|
CPPFLAGS=''-DWOLFSSL_DTLS_NO_HVR_ON_RESUME -DHAVE_EXT_CACHE
|
|
-DWOLFSSL_TICKET_HAVE_ID -DHAVE_EX_DATA -DSESSION_CACHE_DYNAMIC_MEM'' ',
|
|
'--enable-all --enable-secure-renegotiation',
|
|
'--enable-all --enable-haproxy --enable-quic',
|
|
'--enable-dtls --enable-dtls13 --enable-earlydata
|
|
--enable-session-ticket --enable-psk
|
|
CPPFLAGS=''-DWOLFSSL_DTLS13_NO_HRR_ON_RESUME'' ',
|
|
'--enable-all --enable-dtls13 --enable-dtls-frag-ch --disable-mlkem',
|
|
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
|
|
--enable-psk --enable-aesccm --enable-nullcipher
|
|
CPPFLAGS=-DWOLFSSL_STATIC_RSA',
|
|
'--enable-she=extended --enable-cryptocb --enable-cryptocbutils
|
|
CPPFLAGS=''-DWC_SHE_SW_DEFAULT'' ',
|
|
'--enable-she=standard --enable-cmac',
|
|
'--enable-she=extended --enable-cmac --enable-cryptocb --enable-cryptocbutils',
|
|
'--enable-she=standard --enable-cmac CPPFLAGS=''-DNO_WC_SHE_IMPORT_M123'' ',
|
|
'--enable-she=extended --enable-cmac --enable-cryptocb --enable-cryptocbutils
|
|
CPPFLAGS=''-DNO_WC_SHE_GETUID -DNO_WC_SHE_GETCOUNTER -DNO_WC_SHE_EXPORTKEY'' ',
|
|
'--enable-she=standard --enable-cmac --enable-cryptocb --enable-cryptocbutils
|
|
CPPFLAGS=''-DWC_SHE_SW_DEFAULT'' ',
|
|
'--enable-all CPPFLAGS=''-DNO_AES_192 -DNO_AES_256'' ',
|
|
'--enable-sniffer --enable-curve25519 --enable-curve448 --enable-enckeys
|
|
CPPFLAGS=-DWOLFSSL_DH_EXTRA',
|
|
'--enable-dtls --enable-dtls13 --enable-dtls-frag-ch
|
|
--enable-dtls-mtu CPPFLAGS=-DWOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS',
|
|
'--enable-opensslall --enable-opensslextra CPPFLAGS=-DWC_RNG_SEED_CB',
|
|
'--enable-opensslall --enable-opensslextra
|
|
CPPFLAGS=''-DWC_RNG_SEED_CB -DWOLFSSL_NO_GETPID'' ',
|
|
'--enable-opensslextra CPPFLAGS=''-DWOLFSSL_NO_CA_NAMES'' ',
|
|
'--enable-opensslextra=x509small',
|
|
'--disable-sys-ca-certs',
|
|
'--enable-all CPPFLAGS=-DWOLFSSL_DEBUG_CERTS ',
|
|
'--enable-all CPPFLAGS="-DWOLFSSL_CHECK_MEM_ZERO"',
|
|
'--enable-dtls --enable-dtls13 --enable-ocspstapling --enable-ocspstapling2
|
|
--enable-cert-setup-cb --enable-sessioncerts',
|
|
'--enable-dtls --enable-dtls13 --enable-tls13
|
|
CPPFLAGS=-DWOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC',
|
|
'--enable-all --enable-certgencache',
|
|
'--enable-all --enable-dilithium --enable-cryptocb --enable-cryptocbutils --enable-pkcallbacks',
|
|
'--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
|
|
'--enable-cryptocb --enable-keygen --enable-cryptocbutils=setkey',
|
|
'--enable-cryptocb --enable-keygen --enable-cryptocbutils CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
|
|
'--enable-cryptocb --enable-keygen --enable-aesgcm --enable-cryptocbutils=setkey,free CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
|
|
'--enable-cryptocb --enable-keygen --enable-cryptocbutils=export',
|
|
'--enable-cryptocb --enable-keygen CPPFLAGS="-DWOLF_CRYPTO_CB_EXPORT_KEY"',
|
|
'--enable-cryptocb --enable-keygen --enable-aesgcm --enable-cryptocbutils=setkey,free,export CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY"',
|
|
'--enable-cryptocb --enable-keygen --enable-cryptocbutils=setkey,export CPPFLAGS="-DWOLF_CRYPTO_CB_FIND"',
|
|
'CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH',
|
|
'CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''',
|
|
'CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''',
|
|
'--enable-all CPPFLAGS=-DNO_WOLFSSL_CLIENT',
|
|
'--enable-all CPPFLAGS=-DNO_WOLFSSL_SERVER',
|
|
'--enable-all CPPFLAGS=-DWOLFSSL_NO_CLIENT_AUTH',
|
|
'--enable-all CPPFLAGS=''-DNO_WOLFSSL_CLIENT -DWOLFSSL_NO_CLIENT_AUTH''',
|
|
'--enable-all CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_CLIENT_AUTH''',
|
|
'--enable-ocsp --enable-ocsp-responder --enable-ocspstapling CPPFLAGS="-DWOLFSSL_NONBLOCK_OCSP" --enable-maxfragment',
|
|
'--enable-all CPPFLAGS=-DWOLFSSL_HASH_KEEP',
|
|
'--enable-all --enable-writedup',
|
|
'--enable-ascon --enable-experimental',
|
|
'--enable-ascon CPPFLAGS=-DWOLFSSL_ASCON_UNROLL --enable-experimental',
|
|
# PKCS#7 with RSA-PSS (CMS RSASSA-PSS signers)
|
|
'--enable-pkcs7 CPPFLAGS=-DWC_RSA_PSS',
|
|
# PKCS#7 without RSA-PSS
|
|
'--enable-pkcs7',
|
|
'CPPFLAGS=''-DWOLFSSL_EXTRA'' ',
|
|
'--enable-coding=no',
|
|
'--disable-sni --disable-ecc --disable-tls13 --disable-secure-renegotiation-info',
|
|
'CPPFLAGS=-DWOLFSSL_BLIND_PRIVATE_KEY',
|
|
'--enable-sessionexport --enable-dtls --enable-dtls13',
|
|
'--enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
|
|
'--disable-tls --enable-cryptocb --enable-aesgcm CPPFLAGS="-DWOLF_CRYPTO_CB_AES_SETKEY -DWOLF_CRYPTO_CB_FREE"',
|
|
'--enable-cryptocb --enable-keygen CPPFLAGS="-DWOLF_CRYPTO_CB_FIND"',
|
|
'--disable-examples CPPFLAGS=-DWOLFSSL_NO_MALLOC',
|
|
'CPPFLAGS=-DNO_WOLFSSL_CLIENT',
|
|
'CPPFLAGS=-DNO_WOLFSSL_SERVER',
|
|
'--enable-lms=small,verify-only --enable-xmss=small,verify-only',
|
|
'--enable-opensslall --enable-ecc CPPFLAGS="-DWC_ALLOW_ECC_ZERO_HASH"',
|
|
# Non-blocking ECC + Curve25519 + RSA + DH on the default SP word
|
|
# size for the host (sp_c64.c on x86_64). RSA/DH non-block require
|
|
# RSA_LOW_MEM (CRT path is not supported in non-block mode).
|
|
'--enable-curve25519=nonblock --enable-ecc=nonblock --enable-rsa=nonblock --enable-dh=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK -DRSA_LOW_MEM"',
|
|
# Same configuration but force SP_WORD_SIZE=32 to exercise sp_c32.c
|
|
# on a 64-bit host. The two builds together cover both generated
|
|
# variants of mod_exp_<words>_nb / RSA / DH wrappers.
|
|
'--enable-curve25519=nonblock --enable-ecc=nonblock --enable-rsa=nonblock --enable-dh=nonblock --enable-sp=yes,nonblock CPPFLAGS="-DWOLFSSL_PUBLIC_MP -DWOLFSSL_DEBUG_NONBLOCK -DRSA_LOW_MEM -DSP_WORD_SIZE=32"',
|
|
'--enable-certreq --enable-certext --enable-certgen --disable-secure-renegotiation-info CPPFLAGS="-DNO_TLS"',
|
|
# Minimal DTLS 1.3 client-only build. The SHA-224/384/512/3
|
|
# disables are deliberately omitted: --disable-sha384 alone
|
|
# trips a pre-existing wolfSSL bug in
|
|
# test_tls13_duplicate_extension (reproducible on clean master).
|
|
'--enable-dtls13 --disable-tlsv12 --disable-oldtls --disable-rsa --disable-dh
|
|
--disable-aescbc --disable-aesecb --disable-md5 --disable-chacha
|
|
--disable-poly1305 --disable-errorstrings --disable-asn-print
|
|
--disable-eccshamir --disable-base64encode --disable-coding --disable-sni
|
|
--enable-aesgcm=small --enable-sp-math --enable-sp=smallec256 --disable-sp-asm
|
|
CPPFLAGS=''-DNO_WOLFSSL_SERVER -DWOLFSSL_NO_TLS12 -DNO_SESSION_CACHE
|
|
-DWOLFSSL_AES_NO_UNROLL -DUSE_SLOW_SHA256 -DWOLFSSL_NO_ASYNC_IO
|
|
-DWOLFSSL_DTLS_ONLY'' ',
|
|
'CPPFLAGS=-DNO_VERIFY_OID',
|
|
'CPPFLAGS="-DNO_VERIFY_OID -DWOLFSSL_FPKI"',
|
|
]
|
|
name: make check linux
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: ubuntu-24.04
|
|
# This should be a safe limit for the tests to run.
|
|
timeout-minutes: 14
|
|
steps:
|
|
- name: Build and test wolfSSL
|
|
uses: wolfSSL/actions-build-autotools-project@v1
|
|
with:
|
|
configure: CFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -Wno-overlength-strings -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }}
|
|
check: true
|
|
|
|
# Curated macOS subset. Each config exists for a Darwin-specific reason;
|
|
# do not add entries that only re-test platform-agnostic crypto already
|
|
# covered by the corresponding Linux run.
|
|
make_check_macos:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
config: [
|
|
# Default build: --enable-sys-ca-certs is auto-on on macOS, so
|
|
# this exercises Apple keychain / system trust loading in
|
|
# src/ssl_load.c that has no Linux equivalent.
|
|
'',
|
|
# Broad key-crypto + Security.framework + opensslextra in one run
|
|
# (RSA, ECC, AES, SHA-2/3, ChaCha20-Poly1305, Curve25519/448, HMAC,
|
|
# sniffer, DTLS, OCSP, ...). Note: --enable-all does NOT enable
|
|
# cryptocb or SHE, so those have their own entries below.
|
|
'--enable-all --enable-asn=template',
|
|
# Validates the configure-time auto-enable override and that the
|
|
# build compiles out the Security.framework code path cleanly --
|
|
# macOS is the only OS where sys-ca-certs is auto-on by default.
|
|
'--disable-sys-ca-certs',
|
|
# DTLS over BSD sockets on Darwin: connection-ID, fragmented
|
|
# ClientHello, secure renegotiation, PSK, AES-CCM, null cipher --
|
|
# exercises recvmsg/MTU/datagram handling that differs from Linux.
|
|
'--enable-dtls --enable-dtlscid --enable-dtls13 --enable-secure-renegotiation
|
|
--enable-psk --enable-aesccm --enable-nullcipher
|
|
CPPFLAGS=-DWOLFSSL_STATIC_RSA',
|
|
# Crypto-callback dispatcher under Apple clang. Not covered by
|
|
# --enable-all; verifies the cryptocb find/setkey/keygen path
|
|
# compiles and runs on the macOS toolchain.
|
|
'--enable-cryptocb --enable-keygen --enable-cryptocbutils=setkey',
|
|
]
|
|
name: make check macos
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: macos-latest
|
|
# This should be a safe limit for the tests to run.
|
|
timeout-minutes: 14
|
|
steps:
|
|
- name: Build and test wolfSSL
|
|
uses: wolfSSL/actions-build-autotools-project@v1
|
|
with:
|
|
configure: CFLAGS="-pedantic -Wdeclaration-after-statement -Wnull-dereference -Wno-overlength-strings -DTEST_LIBWOLFSSL_SOURCES_INCLUSION_SEQUENCE" ${{ matrix.config }}
|
|
check: true
|
|
|
|
# Run on both OSes: the user_settings.h header-driven build path is
|
|
# distinct from the autotools-driven --enable-all path in
|
|
# make_check_linux / make_check_macos, and macOS-specific guard ordering
|
|
# (e.g. WOLFSSL_SYS_CA_CERTS pulling in Security.framework) needs to be
|
|
# exercised under Apple clang here.
|
|
make_user_settings:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
os: [ ubuntu-24.04, macos-latest ]
|
|
user-settings: [
|
|
# Add new user_settings.h here
|
|
'examples/configs/user_settings_all.h',
|
|
]
|
|
name: make user_setting.h
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: ${{ matrix.os }}
|
|
# This should be a safe limit for the tests to run.
|
|
timeout-minutes: 14
|
|
steps:
|
|
- name: Build and test wolfSSL
|
|
uses: wolfSSL/actions-build-autotools-project@v1
|
|
with:
|
|
configure: --enable-usersettings
|
|
check: true
|
|
user-settings: ${{ matrix.user-settings }}
|
|
|
|
make_user_settings_testwolfcrypt:
|
|
# testwolfcrypt runs pure crypto tests with no platform-specific
|
|
# features, so Linux-only is sufficient for these user_settings.
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
user-settings: [
|
|
# Add new user_settings.h here (alphabetical order)
|
|
'examples/configs/user_settings_ca.h',
|
|
'examples/configs/user_settings_dtls13.h',
|
|
'examples/configs/user_settings_EBSnet.h',
|
|
'examples/configs/user_settings_eccnonblock.h',
|
|
'examples/configs/user_settings_curve25519nonblock.h',
|
|
'examples/configs/user_settings_min_ecc.h',
|
|
'examples/configs/user_settings_openssl_compat.h',
|
|
'examples/configs/user_settings_pkcs7.h',
|
|
'examples/configs/user_settings_rsa_only.h',
|
|
'examples/configs/user_settings_template.h',
|
|
'examples/configs/user_settings_tls12.h',
|
|
'examples/configs/user_settings_tls13.h',
|
|
'examples/configs/user_settings_wolfboot_keytools.h',
|
|
'examples/configs/user_settings_wolfssh.h',
|
|
'examples/configs/user_settings_wolftpm.h',
|
|
# Not included (require special setup):
|
|
# - user_settings_pq.h: Requires --enable-experimental
|
|
# - user_settings_baremetal.h: Requires static memory, custom platform
|
|
]
|
|
name: make user_setting.h (testwolfcrypt only)
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: ubuntu-24.04
|
|
# This should be a safe limit for the tests to run.
|
|
timeout-minutes: 14
|
|
steps:
|
|
- name: Build and test wolfSSL
|
|
uses: wolfSSL/actions-build-autotools-project@v1
|
|
with:
|
|
configure: --enable-usersettings --disable-examples
|
|
check: false
|
|
user-settings: ${{ matrix.user-settings }}
|
|
|
|
- name: Run wolfcrypt/test/testwolfcrypt
|
|
run: ./wolfcrypt/test/testwolfcrypt
|
|
|
|
# Has to be dedicated function due to the sed call.
|
|
# Platform-agnostic; --enable-all macOS coverage in make_check_macos and
|
|
# the macOS user_settings_all.h run in make_user_settings already cover
|
|
# the equivalent code paths on Darwin.
|
|
make_user_all:
|
|
name: make user_setting.h (with sed)
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: ubuntu-24.04
|
|
# This should be a safe limit for the tests to run.
|
|
timeout-minutes: 14
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: ./autogen.sh
|
|
- name: user_settings_all.h with compatibility layer
|
|
run: |
|
|
cp ./examples/configs/user_settings_all.h user_settings.h
|
|
sed -i -e "s/if 0/if 1/" user_settings.h
|
|
./configure --enable-usersettings
|
|
make -j
|
|
make check
|
|
|
|
windows_build:
|
|
name: Windows Build Test
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: windows-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
arch: [ x64, Win32, ARM64 ]
|
|
# This should be a safe limit for the tests to run.
|
|
timeout-minutes: 6
|
|
env:
|
|
# Path to the solution file relative to the root of the project.
|
|
SOLUTION_FILE_PATH: wolfssl64.sln
|
|
|
|
# Configuration type to build.
|
|
# You can convert this to a build matrix if you need coverage of multiple configuration types.
|
|
# https://docs.github.com/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
|
|
BUILD_CONFIGURATION: Release
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Add MSBuild to PATH
|
|
uses: microsoft/setup-msbuild@v2
|
|
|
|
- name: Restore NuGet packages
|
|
working-directory: ${{env.GITHUB_WORKSPACE}}
|
|
run: nuget restore ${{env.SOLUTION_FILE_PATH}}
|
|
|
|
- name: Build
|
|
working-directory: ${{env.GITHUB_WORKSPACE}}
|
|
# Add additional options to the MSBuild command line here (like platform or verbosity level).
|
|
# See https://docs.microsoft.com/visualstudio/msbuild/msbuild-command-line-reference
|
|
run: msbuild /m /p:PlatformToolset=v142 /p:Platform=${{matrix.arch}} /p:Configuration=${{env.BUILD_CONFIGURATION}} ${{env.SOLUTION_FILE_PATH}}
|
|
|
|
- if: ${{ matrix.arch != 'ARM64' }}
|
|
name: Run Test
|
|
working-directory: ${{env.GITHUB_WORKSPACE}}
|
|
run: Release/${{matrix.arch}}/testsuite.exe
|