mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-09 23:50:50 +02:00
c5ef060139
Modes (CTR, GCM, CCM, etc.) can be supported either directly or fallback to invoking the crypto callback with a "direct" (ECB) mode. Software implementation and AES tables are stripped under CB_ONLY_AES. wc_swdev gains AES support so WOLF_CRYPTO_CB_ONLY_AES builds can be tested. crypto find cb support added to wc_AesSetKey in order to support current CI tests that use INVALID_DEVID.
96 lines
3.7 KiB
YAML
96 lines
3.7 KiB
YAML
name: cryptocb-only Tests
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'master', 'main', 'release/**' ]
|
|
pull_request:
|
|
branches: [ '*' ]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
jobs:
|
|
make_check:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
# WOLF_CRYPTO_CB_ONLY_ECC: strips software ECC; swdev provides the
|
|
# software path via cryptocb. FP_ECC / ECCSI / SAKKE / deterministic-k
|
|
# test / OPENSSL_EXTRA compat layer all reference stripped primitives
|
|
# directly, so they stay off.
|
|
- name: ECC
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_ECC
|
|
# WOLF_CRYPTO_CB_ONLY_RSA: strips software RSA; swdev provides the
|
|
# software path via cryptocb.
|
|
- name: RSA
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_RSA
|
|
# WOLF_CRYPTO_CB_ONLY_SHA256: strips software SHA-256; swdev provides
|
|
# the software path via cryptocb. SHA-224 piggybacks on the SHA-256
|
|
# software core so it is incompatible with this strip and must be
|
|
# explicitly disabled (it is default-on on x86_64/aarch64).
|
|
- name: SHA256
|
|
extra_config: --disable-sha224
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA256
|
|
# WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the
|
|
# software path via cryptocb.
|
|
- name: AES
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_AES
|
|
# All four ONLY_* macros at once: every supported software primitive
|
|
# is stripped and dispatched through cryptocb. Catches any cross-
|
|
# algorithm call that a single-strip entry would still resolve via
|
|
# the remaining software paths.
|
|
- name: ALL
|
|
extra_config: --disable-sha224
|
|
cppflags: >-
|
|
-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA
|
|
-DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_AES
|
|
name: make check (${{ matrix.name }})
|
|
if: github.repository_owner == 'wolfssl'
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 10
|
|
env:
|
|
# Common feature set for every entry. SHA-224 is left at the platform
|
|
# default (on for x86_64/aarch64); entries that need it off pass
|
|
# --disable-sha224 in extra_config.
|
|
BASE_CONFIG: >-
|
|
--enable-swdev --enable-cryptocb --enable-ecc --enable-rsa --enable-dh
|
|
--enable-aesgcm --enable-aesccm --enable-aesctr --enable-aescfb
|
|
--enable-aeskeywrap --enable-aessiv --enable-aesofb --enable-aesxts
|
|
--enable-camellia --enable-chacha --enable-poly1305
|
|
--enable-sha --enable-sha3 --enable-shake128 --enable-shake256
|
|
--enable-blake2 --enable-blake2s
|
|
--enable-hkdf --enable-hashdrbg --enable-hashflags
|
|
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
|
|
--enable-mlkem --enable-dilithium
|
|
--enable-scrypt --enable-pwdbased --enable-pkcs7 --enable-pkcs12
|
|
--enable-certgen --enable-certreq --enable-certext
|
|
--enable-keygen --enable-asn=all
|
|
--enable-cmac --enable-xchacha
|
|
--enable-crl --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
|
|
--enable-dtls --enable-dtls13 --enable-tls13
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
name: Checkout wolfSSL
|
|
|
|
- name: Test wolfSSL
|
|
run: |
|
|
./autogen.sh
|
|
./configure $BASE_CONFIG ${{ matrix.extra_config }} CPPFLAGS="${{ matrix.cppflags }}"
|
|
make -j 4
|
|
make check
|
|
|
|
- name: Print errors
|
|
if: ${{ failure() }}
|
|
run: |
|
|
for file in scripts/*.log
|
|
do
|
|
if [ -f "$file" ]; then
|
|
echo "${file}:"
|
|
cat "$file"
|
|
fi
|
|
done
|