mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-06 05:30:50 +02:00
a3f5260260
crpytocb: support SHA224 under WOLF_CRYPTO_CB_ONLY_SHA256
98 lines
3.9 KiB
YAML
98 lines
3.9 KiB
YAML
name: cryptocb-only Tests
|
|
|
|
# START OF COMMON SECTION
|
|
on:
|
|
push:
|
|
branches: [ 'release/**' ]
|
|
pull_request:
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
branches: [ '*' ]
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
# END OF COMMON SECTION
|
|
|
|
jobs:
|
|
make_check:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
# WOLF_CRYPTO_CB_ONLY_ECC: strips software ECC; swdev provides the
|
|
# software path via cryptocb. FP_ECC / ECCSI / SAKKE / deterministic-k
|
|
# test / OPENSSL_EXTRA compat layer all reference stripped primitives
|
|
# directly, so they stay off.
|
|
- name: ECC
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_ECC
|
|
# WOLF_CRYPTO_CB_ONLY_RSA: strips software RSA; swdev provides the
|
|
# software path via cryptocb.
|
|
- name: RSA
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_RSA
|
|
# WOLF_CRYPTO_CB_ONLY_SHA256: strips software SHA-256; swdev provides
|
|
# the software path via cryptocb.
|
|
- name: SHA256
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_SHA256
|
|
# WOLF_CRYPTO_CB_ONLY_AES: strips software AES; swdev provides the
|
|
# software path via cryptocb.
|
|
- name: AES
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_AES
|
|
# Same as AES but tells swdev to refuse AES-GCM (SWDEV_AES_ONLYECB).
|
|
# That forces the parent's CB_ONLY_AES host-side GCM software path:
|
|
# GHASH runs on the host while AES-CTR blocks dispatch back through
|
|
# cryptocb ECB. The AES entry above instead has swdev handle GCM
|
|
# end-to-end, so the host-side GCM path is otherwise uncovered.
|
|
- name: AES_GCM_via_ECB
|
|
cppflags: -DWOLF_CRYPTO_CB_ONLY_AES -DSWDEV_AES_ONLYECB
|
|
# All four ONLY_* macros at once: every supported software primitive
|
|
# is stripped and dispatched through cryptocb. Catches any cross-
|
|
# algorithm call that a single-strip entry would still resolve via
|
|
# the remaining software paths.
|
|
- name: ALL
|
|
cppflags: >-
|
|
-DWOLF_CRYPTO_CB_ONLY_ECC -DWOLF_CRYPTO_CB_ONLY_RSA
|
|
-DWOLF_CRYPTO_CB_ONLY_SHA256 -DWOLF_CRYPTO_CB_ONLY_AES
|
|
name: make check (${{ matrix.name }})
|
|
if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }}
|
|
runs-on: ubuntu-24.04
|
|
timeout-minutes: 10
|
|
env:
|
|
# Common feature set for every entry.
|
|
BASE_CONFIG: >-
|
|
--enable-swdev --enable-cryptocb --enable-ecc --enable-rsa --enable-dh
|
|
--enable-aesgcm --enable-aesccm --enable-aesctr --enable-aescfb
|
|
--enable-aeskeywrap --enable-aessiv --enable-aesofb --enable-aesxts
|
|
--enable-camellia --enable-chacha --enable-poly1305
|
|
--enable-sha --enable-sha3 --enable-shake128 --enable-shake256
|
|
--enable-blake2 --enable-blake2s
|
|
--enable-hkdf --enable-hashdrbg --enable-hashflags
|
|
--enable-curve25519 --enable-ed25519 --enable-curve448 --enable-ed448
|
|
--enable-mlkem --enable-dilithium
|
|
--enable-scrypt --enable-pwdbased --enable-pkcs7 --enable-pkcs12
|
|
--enable-certgen --enable-certreq --enable-certext
|
|
--enable-keygen --enable-asn=all
|
|
--enable-cmac --enable-xchacha
|
|
--enable-crl --enable-ocsp --enable-ocspstapling --enable-ocspstapling2
|
|
--enable-dtls --enable-dtls13 --enable-tls13
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
name: Checkout wolfSSL
|
|
|
|
- name: Test wolfSSL
|
|
run: |
|
|
./autogen.sh
|
|
./configure $BASE_CONFIG ${{ matrix.extra_config }} CPPFLAGS="${{ matrix.cppflags }}"
|
|
make -j 4
|
|
make check
|
|
|
|
- name: Print errors
|
|
if: ${{ failure() }}
|
|
run: |
|
|
for file in scripts/*.log
|
|
do
|
|
if [ -f "$file" ]; then
|
|
echo "${file}:"
|
|
cat "$file"
|
|
fi
|
|
done
|