diff --git a/.github/workflows/async.yml b/.github/workflows/async.yml new file mode 100644 index 00000000..103efd0a --- /dev/null +++ b/.github/workflows/async.yml @@ -0,0 +1,108 @@ +name: Async Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + + # If not yet built this version, build it now + - name: Build wolfProvider with async support + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} WOLFSSL_CONFIGURE="--enable-asynccrypt" ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_async: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: true + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + - name: Test wolfProvider with async + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + ./scripts/test-openssl.sh diff --git a/.github/workflows/bind.yml b/.github/workflows/bind.yml new file mode 100644 index 00000000..a4942758 --- /dev/null +++ b/.github/workflows/bind.yml @@ -0,0 +1,139 @@ +name: Bind9 Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + OPENSSL_TAG=openssl-3.2.0 WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_bind: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + fail-fast: false + matrix: + bind_ref: [ '9.18.0', '9.18.28' ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + # bind9 dependencies + sudo apt-get install -y libuv1-dev libnghttp2-dev libcap-dev libcmocka-dev + + - name: Checkout bind9 + uses: actions/checkout@v4 + with: + repository: isc-projects/bind9 + path: bind9 + ref: v${{ matrix.bind_ref }} + + - name: Build and test bind9 with wolfProvider + working-directory: bind9 + run: | + # Setup environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + # Generate configure script + autoreconf -ivf + + # Configure with OpenSSL + ./configure --with-openssl=$GITHUB_WORKSPACE/openssl-install + + # Disable system tests and dst_test + sed -i 's/SUBDIRS = system//g' bin/tests/Makefile + sed -i 's/dst_test//g' lib/dns/tests/Makefile + + # Build bind9 + make -j$(nproc) V=1 + + # Run tests + make -j$(nproc) V=1 check diff --git a/.github/workflows/cmake.yml b/.github/workflows/cmake.yml new file mode 100644 index 00000000..eb2864af --- /dev/null +++ b/.github/workflows/cmake.yml @@ -0,0 +1,100 @@ +name: WolfProvider CMake Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_cmake: + name: Test CMake + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + steps: + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y cmake ninja-build + + # Build wolfProvider with standard options + - name: Build wolfProvider + run: | + mkdir build + cd build + cmake -DCMAKE_VERBOSE_MAKEFILE:BOOL=ON \ + -DCMAKE_INSTALL_PREFIX="$GITHUB_WORKSPACE/wolfprov-install" \ + -DCMAKE_PREFIX_PATH="$GITHUB_WORKSPACE/openssl-install;$GITHUB_WORKSPACE/install" \ + -DWITH_OPENSSL3=ON \ + -DBUILD_SHARED_LIBS=ON \ + -DBUILD_EXAMPLE=ON \ + -DBUILD_TESTS=ON \ + -DCMAKE_C_FLAGS="-Wall -Wextra -Werror" \ + .. + cmake --build . + ctest -j $(nproc) + cmake --install . + + # clean up + cd .. + rm -rf build + diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index 35e537ac..6662a07a 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -20,12 +20,11 @@ jobs: strategy: matrix: wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + force_fail: ['', 'WOLFPROV_FORCE_FAIL=1'] steps: - name: Checkout wolfProvider uses: actions/checkout@v4 - # Check if this version of wolfssl/wolfprovider has already been built, - # mark to cache these items on post if we do end up building - name: Checking wolfSSL/wolfProvider in cache uses: actions/cache@v4 id: wolfprov-cache @@ -35,27 +34,35 @@ jobs: wolfssl-install wolfprov-install provider.conf - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} lookup-only: true - # If wolfssl/wolfprovider have not yet been built, pull ossl from cache - name: Checking OpenSSL in cache - if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + if: steps.wolfprov-cache.outputs.cache-hit != 'true' uses: actions/cache@v4 id: openssl-cache with: path: | openssl-source openssl-install - key: ossl-depends - # If not yet built this version, build it now - name: Build wolfProvider - if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + if: steps.wolfprov-cache.outputs.cache-hit != 'true' run: | - WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ${{ matrix.force_fail }} ./scripts/build-wolfprovider.sh || BUILD_RESULT=$? + + if [ -n "${{ matrix.force_fail }}" ]; then + if [ $BUILD_RESULT -eq 0 ]; then + echo "Build unexpectedly succeeded with force fail enabled" + exit 1 + else + echo "Build failed as expected with force fail enabled" + fi + elif [ $BUILD_RESULT -ne 0 ]; then + echo "Build failed unexpectedly" + exit 1 + fi - name: Print errors if: ${{ failure() }} @@ -67,12 +74,12 @@ jobs: test_curl: runs-on: ubuntu-22.04 needs: build_wolfprovider - # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: matrix: curl_ref: [ 'master', 'curl-8_4_0' ] wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + force_fail: ['', 'WOLFPROV_FORCE_FAIL=1'] steps: - name: Retrieving OpenSSL from cache uses: actions/cache/restore@v4 @@ -81,7 +88,6 @@ jobs: path: | openssl-source openssl-install - key: ossl-depends fail-on-cache-miss: true @@ -94,7 +100,6 @@ jobs: wolfssl-install wolfprov-install provider.conf - key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} fail-on-cache-miss: true @@ -118,4 +123,17 @@ jobs: export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib - make -j $(nproc) test-ci + + make -j $(nproc) test-ci || TEST_RESULT=$? + + if [ -n "${{ matrix.force_fail }}" ]; then + if [ $TEST_RESULT -eq 0 ]; then + echo "Tests unexpectedly succeeded with force fail enabled" + exit 1 + else + echo "Tests failed as expected with force fail enabled" + fi + elif [ $TEST_RESULT -ne 0 ]; then + echo "Tests failed unexpectedly" + exit 1 + fi diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml new file mode 100644 index 00000000..c1b491e3 --- /dev/null +++ b/.github/workflows/grpc.yml @@ -0,0 +1,163 @@ +name: gRPC Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_grpc: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 30 + strategy: + fail-fast: false + matrix: + include: + - ref: v1.60.0 + tests: >- + bad_ssl_alpn_test bad_ssl_cert_test client_ssl_test + crl_ssl_transport_security_test server_ssl_test + ssl_transport_security_test ssl_transport_security_utils_test + test_core_security_ssl_credentials_test test_cpp_end2end_ssl_credentials_test + h2_ssl_cert_test h2_ssl_session_reuse_test + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Confirm IPv4 and IPv6 support + run: | + ip addr list lo | grep 'inet ' + ip addr list lo | grep 'inet6 ' + + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install prerequisites + run: | + sudo apt-get update + sudo apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev + + - name: Setup cmake version + uses: jwlawson/actions-setup-cmake@v2 + with: + cmake-version: '3.25.x' + + - name: Checkout grpc + uses: actions/checkout@v4 + with: + repository: grpc/grpc + path: grpc + ref: ${{ matrix.ref }} + + - name: Build grpc with wolfProvider + working-directory: ./grpc + run: | + # Setup environment for wolfProviders + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + # Initialize submodules + git submodule update --init + + # Build + mkdir -p cmake/build + cd cmake/build + + # Configure with OpenSSL and wolfProvider + cmake -DgRPC_BUILD_TESTS=ON -DgRPC_SSL_PROVIDER=package \ + -DOPENSSL_ROOT_DIR=$GITHUB_WORKSPACE/openssl-install ../.. + + # Build the tests + make -j $(nproc) ${{ matrix.tests }} + + - name: Run grpc tests with wolfProvider + working-directory: ./grpc + run: | + # Start the port server + ./tools/run_tests/start_port_server.py + + # Run the tests + for t in ${{ matrix.tests }} ; do + ./cmake/build/$t + done diff --git a/.github/workflows/haproxy.yml b/.github/workflows/haproxy.yml new file mode 100644 index 00000000..6b79e86c --- /dev/null +++ b/.github/workflows/haproxy.yml @@ -0,0 +1,173 @@ +name: HAProxy Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_haproxy: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + matrix: +<<<<<<< HEAD + # List of refs to test + ref: [ master ] +======= + haproxy_ref: [ 'master', '2.8' ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] +>>>>>>> 6ac5ab1 (Add additional CI workflows based on wolfssl patterns) + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: true + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + +<<<<<<< HEAD + key: wolfprov-${{ matrix.ref }}-${{ github.sha }} +======= + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} +>>>>>>> 6ac5ab1 (Add additional CI workflows based on wolfssl patterns) + fail-on-cache-miss: true + + - name: Install HAProxy dependencies + run: | + sudo apt-get update + sudo apt-get install -y libpcre3-dev zlib1g-dev + +<<<<<<< HEAD + - name: Checkout VTest + uses: actions/checkout@v4 + with: + repository: vtest/VTest + path: VTest + + - name: Build VTest + working-directory: VTest + # Special flags due to: https://github.com/vtest/VTest/issues/12 + run: make FLAGS='-O2 -s -Wall' + + - name: Checkout HaProxy + uses: actions/checkout@v4 + with: + repository: haproxy/haproxy + path: haproxy + ref: ${{ matrix.ref }} + + - name: Build HaProxy + working-directory: haproxy + run: >- + make -j TARGET=linux-glibc + USE_OPENSSL=1 + SSL_INC=$GITHUB_WORKSPACE/openssl-install/include/ + SSL_LIB=$GITHUB_WORKSPACE/openssl-install/lib64/ + ADDLIB=-Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64 +======= + - name: Build HAProxy + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: haproxy/haproxy + path: haproxy + ref: ${{ matrix.haproxy_ref }} + configure: USE_OPENSSL=1 SSL_INC=$GITHUB_WORKSPACE/openssl-install/include SSL_LIB=$GITHUB_WORKSPACE/openssl-install/lib64 + check: false +>>>>>>> 6ac5ab1 (Add additional CI workflows based on wolfssl patterns) + + - name: Test HAProxy with wolfProvider + working-directory: haproxy + run: | +<<<<<<< HEAD + # Set up the environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + # Show HAProxy version and OpenSSL information + ./haproxy -vv + + # Run tests exactly like wolfSSL does + make reg-tests reg-tests/ssl VTEST_PROGRAM=$GITHUB_WORKSPACE/VTest/vtest +======= + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + ./haproxy -vv + make reg-tests REGTESTS_TYPES=ssl +>>>>>>> 6ac5ab1 (Add additional CI workflows based on wolfssl patterns) diff --git a/.github/workflows/hostap.yml b/.github/workflows/hostap.yml new file mode 100644 index 00000000..5050f7d5 --- /dev/null +++ b/.github/workflows/hostap.yml @@ -0,0 +1,357 @@ +name: Hostap Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +env: + LINUX_REF: v6.12 + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + checkout_hostap: + name: Checkout hostap repo + runs-on: ubuntu-22.04 + timeout-minutes: 10 + steps: + - name: Checking if we have hostap in cache + uses: actions/cache@v4 + id: cache + with: + path: hostap + key: hostap-repo + lookup-only: true + + - name: Checkout hostap + if: steps.cache.outputs.cache-hit != 'true' + run: git clone git://w1.fi/hostap.git hostap + + build_uml_linux: + name: Build UML (UserMode Linux) + runs-on: ubuntu-22.04 + timeout-minutes: 10 + needs: checkout_hostap + steps: + - name: Checking if we have kernel in cache + uses: actions/cache@v4 + id: cache + with: + path: linux/linux + key: hostap-linux-${{ env.LINUX_REF }} + lookup-only: true + + - name: Checking if we have hostap in cache + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/restore@v4 + with: + path: hostap + key: hostap-repo + fail-on-cache-miss: true + + - name: Checkout linux + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/checkout@v4 + with: + repository: torvalds/linux + path: linux + ref: ${{ env.LINUX_REF }} + + - name: Compile linux + if: steps.cache.outputs.cache-hit != 'true' + run: | + cp hostap/tests/hwsim/vm/kernel-config.uml linux/.config + cd linux + yes "" | ARCH=um make -j $(nproc) + + hostap_test: + runs-on: ubuntu-22.04 + needs: [build_wolfprovider, build_uml_linux, checkout_hostap] + timeout-minutes: 45 + strategy: + fail-fast: false + matrix: + # should hostapd be compiled with wolfProvider + hostapd: [true] + # should wpa_supplicant be compiled with wolfProvider + wpa_supplicant: [true] + # Fix the versions of hostap and osp to not break testing when a new + # patch is added in to osp. Tests are read from the corresponding + # configs/hostap_ref/tests file. + config: [ + { + hostap_ref: hostap_2_10, + remove_teap: true, + }, + { + hostap_ref: 07c9f183ea744ac04585fb6dd10220c75a5e2e74, + osp_ref: e1876fbbf298ee442bc7ab8561331ebc7de17528, + }, + ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checking if we have kernel in cache + uses: actions/cache/restore@v4 + id: cache + with: + path: linux/linux + key: hostap-linux-${{ env.LINUX_REF }} + fail-on-cache-miss: true + + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + # hostap dependencies + sudo apt-get install -y libpcap0.8 libpcap-dev curl libcurl4-openssl-dev \ + libnl-3-dev binutils-dev libssl-dev libiberty-dev libnl-genl-3-dev \ + libnl-route-3-dev libdbus-1-dev bridge-utils tshark python3-pycryptodome + + - name: Checking if we have hostap in cache + uses: actions/cache/restore@v4 + with: + path: hostap + key: hostap-repo + fail-on-cache-miss: true + + - name: Checkout correct ref + working-directory: hostap + run: git checkout ${{ matrix.config.hostap_ref }} + + - name: Update certs + working-directory: hostap/tests/hwsim/auth_serv + run: ./update.sh + + - if: ${{ matrix.config.osp_ref }} + name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + ref: ${{ matrix.config.osp_ref }} + + - if: ${{ matrix.config.osp_ref }} + name: Apply patch files + working-directory: hostap + run: | + for f in $GITHUB_WORKSPACE/osp/hostap-patches/pending/* + do + patch -p1 < $f + done + + - if: ${{ matrix.hostapd }} + name: Setup hostapd config file + run: | + mkdir -p $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }} + cat > $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config << 'EOF' + CONFIG_DRIVER_NONE=y + CONFIG_PKCS12=y + CONFIG_RADIUS_SERVER=y + CONFIG_EAP=y + CONFIG_EAP_MD5=y + CONFIG_EAP_TLS=y + CONFIG_EAP_MSCHAPV2=y + CONFIG_EAP_PEAP=y + CONFIG_EAP_GTC=y + CONFIG_EAP_TTLS=y + CONFIG_EAP_SIM=y + CONFIG_EAP_AKA=y + CONFIG_EAP_PAX=y + CONFIG_EAP_PSK=y + CONFIG_EAP_SAKE=y + CONFIG_EAP_GPSK=y + CONFIG_EAP_GPSK_SHA256=y + CONFIG_EAP_FAST=y + CONFIG_EAP_IKEV2=y + CONFIG_EAP_TNC=y + CONFIG_EAP_PWD=y + CONFIG_TLS=openssl + CONFIG_TLSV11=y + CONFIG_TLSV12=y + CONFIG_WPS=y + CONFIG_EAP_TEAP=y + EOF + + cp $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/hostapd.config \ + hostap/hostapd/.config + cat <> hostap/hostapd/.config + CFLAGS += -I$GITHUB_WORKSPACE/openssl-install/include + LIBS += -L$GITHUB_WORKSPACE/openssl-install/lib64 -Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64 + EOF + + - if: ${{ matrix.wpa_supplicant }} + name: Setup wpa_supplicant config file + run: | + mkdir -p $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }} + cat > $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config << 'EOF' + CONFIG_DRIVER_NONE=y + CONFIG_PKCS12=y + CONFIG_CTRL_IFACE=y + CONFIG_EAP_MD5=y + CONFIG_EAP_TLS=y + CONFIG_EAP_MSCHAPV2=y + CONFIG_EAP_PEAP=y + CONFIG_EAP_GTC=y + CONFIG_EAP_TTLS=y + CONFIG_EAP_SIM=y + CONFIG_EAP_AKA=y + CONFIG_EAP_PAX=y + CONFIG_EAP_PSK=y + CONFIG_EAP_SAKE=y + CONFIG_EAP_GPSK=y + CONFIG_EAP_GPSK_SHA256=y + CONFIG_EAP_FAST=y + CONFIG_EAP_IKEV2=y + CONFIG_EAP_TNC=y + CONFIG_EAP_PWD=y + CONFIG_TLSV11=y + CONFIG_TLSV12=y + CONFIG_TLS=openssl + CONFIG_WPS=y + CONFIG_EAP_TEAP=y + EOF + + cp $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/wpa_supplicant.config \ + hostap/wpa_supplicant/.config + cat <> hostap/wpa_supplicant/.config + CFLAGS += -I$GITHUB_WORKSPACE/openssl-install/include + LIBS += -L$GITHUB_WORKSPACE/openssl-install/lib64 -Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64 + EOF + + - name: Create test list file + run: | + mkdir -p $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }} + cat > $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests << 'EOF' + test_ap_eap.py + test_ap_wpa2_eap.py + test_ap_wpa2_eap_ttls.py + EOF + + - name: Build hostap and wpa_supplicant + working-directory: hostap/tests/hwsim/ + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + ./build.sh + + - if: ${{ matrix.config.remove_teap }} + name: Remove EAP-TEAP from test configuration + working-directory: hostap/tests/hwsim/auth_serv + run: | + sed -e 's/"erp-teap@example.com"\tTEAP//' -i eap_user.conf + sed -e 's/"erp-teap@example.com"\tMSCHAPV2\t"password"\t\[2\]//' -i eap_user.conf + sed -e 's/"TEAP"\t\tTEAP//' -i eap_user.conf + sed -e 's/TEAP,//' -i eap_user.conf + + - name: Run tests + id: testing + working-directory: hostap/tests/hwsim/ + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + cat <> vm/vm-config + KERNELDIR=$GITHUB_WORKSPACE/linux + KVMARGS="-cpu host" + EOF + # Run tests in increments of 200 to not stall out the parallel-vm script + while mapfile -t -n 200 ary && ((${#ary[@]})); do + TESTS=$(printf '%s\n' "${ary[@]}" | tr '\n' ' ') + HWSIM_RES=0 # Not set when command succeeds + ./vm/parallel-vm.py --nocurses $(nproc) $TESTS || HWSIM_RES=$? + if [ "$HWSIM_RES" -ne "0" ]; then + # Let's re-run the failing tests. We gather the failed tests from the log file. + FAILED_TESTS=$(grep 'failed tests' /tmp/hwsim-test-logs/*-parallel.log | sed 's/failed tests: //' | tr ' ' '\n' | sort | uniq | tr '\n' ' ') + printf 'failed tests: %s\n' "$FAILED_TESTS" + ./vm/parallel-vm.py --nocurses $(nproc) $FAILED_TESTS + fi + rm -r /tmp/hwsim-test-logs + done < $GITHUB_WORKSPACE/.github/workflows/hostap-files/configs/${{ matrix.config.hostap_ref }}/tests diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml new file mode 100644 index 00000000..7c5da3e8 --- /dev/null +++ b/.github/workflows/ipmitool.yml @@ -0,0 +1,131 @@ +name: IPMItool Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_ipmitool: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + fail-fast: false + matrix: + git_ref: [ c3939dac2c060651361fc71516806f9ab8c38901 ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libreadline-dev + + - name: Build ipmitool with wolfProvider + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: ipmitool/ipmitool + ref: ${{ matrix.git_ref }} + path: ipmitool + configure: --with-openssl=$GITHUB_WORKSPACE/openssl-install + check: false + + - name: Confirm built with OpenSSL and test with wolfProvider + working-directory: ipmitool + run: | + # Setup environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + # Verify ipmitool was built and linked correctly with OpenSSL + ldd src/ipmitool | grep -E '(libssl|libcrypto)' + ldd src/ipmievd | grep -E '(libssl|libcrypto)' + + # Run a simple command to verify functionality + ./src/ipmitool -V diff --git a/.github/workflows/memcached.sh b/.github/workflows/memcached.sh new file mode 100644 index 00000000..debeed78 --- /dev/null +++ b/.github/workflows/memcached.sh @@ -0,0 +1,14 @@ +#!/bin/sh + +if [ -z "$GITHUB_WORKSPACE" ]; then + echo '$GITHUB_WORKSPACE is not set' + exit 1 +fi + +if [ -z "$HOST_ROOT" ]; then + echo '$HOST_ROOT is not set' + exit 1 +fi + +chroot $HOST_ROOT make -C $GITHUB_WORKSPACE/memcached \ + -j$(nproc) PARALLEL=$(nproc) test_tls \ No newline at end of file diff --git a/.github/workflows/memcached.yml b/.github/workflows/memcached.yml new file mode 100644 index 00000000..788ad323 --- /dev/null +++ b/.github/workflows/memcached.yml @@ -0,0 +1,187 @@ +name: Memcached Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_memcached: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + matrix: + memcached_ref: [ '1.6.22' ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + - name: Create memcached test script + run: | + cat > memcached-test.sh << 'EOF' + #!/bin/sh + set -e + + # Set up environment + export LD_LIBRARY_PATH=/wolfssl-install/lib:/openssl-install/lib64 + export OPENSSL_CONF=/provider.conf + export OPENSSL_MODULES=/wolfprov-install/lib + + cd /memcached + make test_tls + EOF + + chmod +x memcached-test.sh + + - name: Install dependencies + run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get update + sudo apt-get install -y libevent-dev libevent-2.1-7 automake pkg-config make libio-socket-ssl-perl + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + - name: Checkout memcached + uses: actions/checkout@v4 + with: + repository: memcached/memcached + ref: ${{ matrix.memcached_ref }} + path: memcached + + - name: Configure and build memcached + run: | + cd $GITHUB_WORKSPACE/memcached/ + patch -p1 < $GITHUB_WORKSPACE/osp/memcached/memcached_${{ matrix.memcached_ref }}.patch + ./autogen.sh + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + export LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64" + export CPPFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" + ./configure --enable-tls --with-openssl=$GITHUB_WORKSPACE/openssl-install + make -j$(nproc) + + - name: Confirm memcached built with OpenSSL + working-directory: ./memcached + run: | + # Print library path for debugging + echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" + echo "Checking memcached binary dependencies:" + ldd ./memcached + echo "Checking for OpenSSL libraries:" + ldd ./memcached | grep -E '(libssl|libcrypto)' + + - name: Run memcached tests + working-directory: ./memcached + run: | + # Retry up to three times + for i in {1..3}; do + echo "-------- RUNNING TESTS --------" + MEMCACHED_RES=0 + time timeout -s SIGKILL 5m docker run \ + -v $GITHUB_WORKSPACE/memcached:/memcached \ + -v $GITHUB_WORKSPACE/memcached-test.sh:/memcached-test.sh \ + -v $GITHUB_WORKSPACE/wolfssl-install:/wolfssl-install \ + -v $GITHUB_WORKSPACE/openssl-install:/openssl-install \ + -v $GITHUB_WORKSPACE/wolfprov-install:/wolfprov-install \ + -v $GITHUB_WORKSPACE/provider.conf:/provider.conf \ + alpine:latest sh -c "apk add --no-cache make perl libevent-dev bash openssl openssl-dev python3 gcc musl-dev && /memcached-test.sh" || MEMCACHED_RES=$? + + if [ "$MEMCACHED_RES" -eq "0" ]; then + break + fi + done + echo "test ran $i times" + if [ "$MEMCACHED_RES" -ne "0" ]; then + exit $MEMCACHED_RES + fi diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml new file mode 100644 index 00000000..9a28c45c --- /dev/null +++ b/.github/workflows/net-snmp.yml @@ -0,0 +1,121 @@ +name: Net-SNMP Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_net_snmp: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + fail-fast: false + matrix: + # List of releases to test + include: + - ref: 5.9.3 + test_opts: -e 'agentxperl' + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y libperl-dev + + - name: Build net-snmp with wolfProvider + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: net-snmp/net-snmp + ref: v${{ matrix.ref }} + path: net-snmp + check: false + env: + LD_LIBRARY_PATH: ${{ github.workspace }}/wolfssl-install/lib:${{ github.workspace }}/openssl-install/lib64 + OPENSSL_CONF: ${{ github.workspace }}/provider.conf + OPENSSL_MODULES: ${{ github.workspace }}/wolfprov-install/lib diff --git a/.github/workflows/ntp.yml b/.github/workflows/ntp.yml new file mode 100644 index 00000000..51529cd3 --- /dev/null +++ b/.github/workflows/ntp.yml @@ -0,0 +1,144 @@ +name: NTP Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_ntp: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + fail-fast: false + matrix: + # List of releases to test + ref: [ 4.2.8p15, 4.2.8p17 ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + + # Avoid DoS'ing ntp site so cache the tar.gz + - name: Check if we have ntp + uses: actions/cache@v4 + id: cache + with: + path: ntp-${{ matrix.ref }}.tar.gz + key: ntp-${{ matrix.ref }}.tar.gz + + - name: Download ntp + if: steps.cache.outputs.cache-hit != 'true' + run: | + wget https://downloads.nwtime.org/ntp/4.2.8/ntp-${{ matrix.ref }}.tar.gz + + - name: Extract ntp + run: | + tar -xf ntp-${{ matrix.ref }}.tar.gz + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y libcap-dev + + - name: Build and test ntp with wolfProvider + working-directory: ntp-${{ matrix.ref }} + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + patch -p1 < $GITHUB_WORKSPACE/osp/ntp/${{ matrix.ref }}/ntp-${{ matrix.ref }}.patch + ./bootstrap + ./configure --with-openssl-libdir=$GITHUB_WORKSPACE/openssl-install/lib64 \ + --with-openssl-incdir=$GITHUB_WORKSPACE/openssl-install/include + make -j + make -j check diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml new file mode 100644 index 00000000..8afa9eab --- /dev/null +++ b/.github/workflows/openldap.yml @@ -0,0 +1,141 @@ +name: OpenLDAP Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_openldap: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + fail-fast: false + matrix: + include: + # List of releases to test + - osp_ref: 2.5.13 + git_ref: OPENLDAP_REL_ENG_2_5_13 + - osp_ref: 2.6.7 + git_ref: OPENLDAP_REL_ENG_2_6_7 + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y libsasl2-dev + + - name: Checkout openldap + uses: actions/checkout@v4 + with: + repository: openldap/openldap + path: openldap + ref: ${{ matrix.git_ref }} + + - name: Build and test OpenLDAP with wolfProvider + working-directory: openldap + run: | + # Setup environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + # Generate configure script + rm -f aclocal.m4 + autoreconf -ivf + + # Configure with OpenSSL + ./configure --with-tls=openssl --disable-bdb --disable-hdb \ + CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include \ + -L$GITHUB_WORKSPACE/openssl-install/lib64" \ + LDFLAGS="-Wl,-rpath,$GITHUB_WORKSPACE/openssl-install/lib64" + + # Build OpenLDAP + make -j depend + make -j + make -j check diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml new file mode 100644 index 00000000..659966ea --- /dev/null +++ b/.github/workflows/openssh.yml @@ -0,0 +1,137 @@ +name: OpenSSH Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-cache.outputs.cache-hit != 'true' + run: | + # Use a specific OpenSSL version - 3.2.0 + OPENSSL_TAG=openssl-3.2.0 WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_openssh: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + matrix: + openssh_ref: [ 'V_9_6_P1' ] + osp_ver: [ '9.6' ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: false + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y libpam0g-dev zlib1g-dev + + - name: Checkout OpenSSH + uses: actions/checkout@v4 + with: + repository: openssh/openssh-portable + path: openssh + ref: ${{ matrix.openssh_ref }} + + - name: Apply patch and build OpenSSH + working-directory: openssh + run: | + # Setup environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + + # Generate configure script + autoreconf -ivf + + # Configure with OpenSSL + ./configure --with-ssl-dir=$GITHUB_WORKSPACE/openssl-install \ + --with-rpath=-Wl,-rpath=$GITHUB_WORKSPACE/openssl-install/lib64 \ + --with-prngd-socket=/tmp/prngd + + # Build OpenSSH + make -j$(nproc) + + # Verify OpenSSH was built and linked correctly with OpenSSL + ldd ./ssh | grep -E '(libssl|libcrypto)' + ./ssh -V diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index 848145d4..9b2599a1 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -98,20 +98,33 @@ jobs: key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} fail-on-cache-miss: true - - name: Install test dependencies + - name: Install dependencies run: | sudo apt-get update sudo apt-get install liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \ linux-libc-dev man2html libcmocka-dev python3-docutils \ libtool automake autoconf libnl-genl-3-dev libnl-genl-3-200 - - name: Build and test OpenVPN + - name: workaround high-entropy ASLR + # not needed after either an update to llvm or runner is done + run: sudo sysctl vm.mmap_rnd_bits=28 + + - if: ${{ matrix.openvpn_ref != 'master' }} + name: Build openvpn with fsanitize + run: | + echo 'extra_c_flags=CC="gcc -fsanitize=address" CFLAGS="-fno-omit-frame-pointer -O2"' >> $GITHUB_ENV + + - name: Build OpenVPN with OpenSSL uses: wolfSSL/actions-build-autotools-project@v1 with: repository: OpenVPN/openvpn - path: openvpn ref: ${{ matrix.openvpn_ref }} - configure: + path: openvpn + configure: >- + --with-crypto-library=openssl + OPENSSL_CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" + OPENSSL_LIBS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -lssl -lcrypto" + ${{ env.extra_c_flags }} check: false - name: Test OpenVPN with wolfProvider @@ -120,4 +133,7 @@ jobs: export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + ldd src/openvpn/openvpn | grep -E '(libssl|libcrypto)' + ./src/openvpn/openvpn --version + $GITHUB_WORKSPACE/openssl-install/bin/openssl engine -c make check diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml new file mode 100644 index 00000000..79e12a3c --- /dev/null +++ b/.github/workflows/socat.yml @@ -0,0 +1,117 @@ +name: Socat Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 20 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + + test_socat: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 20 + strategy: + matrix: + socat_ref: [ 'master' ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + + key: ossl-depends + fail-on-cache-miss: true + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Build socat + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: craSH/socat + path: socat + ref: ${{ matrix.socat_ref }} + configure: --with-openssl=$GITHUB_WORKSPACE/openssl-install + check: false + + - name: Test socat with wolfProvider + working-directory: socat + run: | + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + ./socat -V + make test diff --git a/.github/workflows/sssd.yml b/.github/workflows/sssd.yml new file mode 100644 index 00000000..007fc959 --- /dev/null +++ b/.github/workflows/sssd.yml @@ -0,0 +1,61 @@ +name: SSSD Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + test_sssd: + runs-on: ubuntu-22.04 + timeout-minutes: 20 + container: + image: quay.io/sssd/ci-client-devel:ubuntu-latest + env: + LD_LIBRARY_PATH: /usr/local/lib:/github/home/wolfssl-install/lib:/github/home/openssl-install/lib64 + strategy: + fail-fast: false + matrix: + sssd_ref: [ 2.9.1 ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + - name: Build wolfProvider + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + + - name: Install dependencies + run: | + # Don't prompt for anything + export DEBIAN_FRONTEND=noninteractive + apt-get update + apt-get install -y build-essential autoconf libldb-dev \ + libldb2 python3-ldb bc + + - name: Setup env + run: | + ln -s samba-4.0/ldb.h /usr/include/ldb.h + ln -s samba-4.0/ldb_errors.h /usr/include/ldb_errors.h + ln -s samba-4.0/ldb_handlers.h /usr/include/ldb_handlers.h + ln -s samba-4.0/ldb_module.h /usr/include/ldb_module.h + ln -s samba-4.0/ldb_version.h /usr/include/ldb_version.h + + - name: Build sssd with wolfProvider + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: SSSD/sssd + ref: ${{ matrix.sssd_ref }} + path: sssd + configure: >- + --without-samba --disable-cifs-idmap-plugin + --without-nfsv4-idmapd-plugin --with-oidc-child=no + check: true diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml new file mode 100644 index 00000000..17ff61d3 --- /dev/null +++ b/.github/workflows/stunnel.yml @@ -0,0 +1,119 @@ +name: Stunnel Tests + +# START OF COMMON SECTION +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +# END OF COMMON SECTION + +jobs: + build_wolfprovider: + name: Build wolfProvider + runs-on: ubuntu-22.04 + timeout-minutes: 10 + strategy: + matrix: + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Checkout wolfProvider + uses: actions/checkout@v4 + + # Check if this version of wolfssl/wolfprovider has already been built, + # mark to cache these items on post if we do end up building + - name: Checking wolfSSL/wolfProvider in cache + uses: actions/cache@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + lookup-only: true + + # If wolfssl/wolfprovider have not yet been built, pull ossl from cache + - name: Checking OpenSSL in cache + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + uses: actions/cache@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + key: ossl-depends + + # If not yet built this version, build it now + - name: Build wolfProvider + if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true' + run: | + WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh + - name: Print errors + if: ${{ failure() }} + run: | + if [ -f test-suite.log ] ; then + cat test-suite.log + fi + test_stunnel: + runs-on: ubuntu-22.04 + needs: build_wolfprovider + # This should be a safe limit for the tests to run. + timeout-minutes: 10 + strategy: + matrix: + stunnel_ref: [ 5.67 ] + wolfssl_ref: [ 'master', 'v5.7.4-stable' ] + steps: + - name: Retrieving OpenSSL from cache + uses: actions/cache/restore@v4 + id: openssl-cache + with: + path: | + openssl-source + openssl-install + key: ossl-depends + fail-on-cache-miss: true + + - name: Retrieving wolfSSL/wolfProvider from cache + uses: actions/cache/restore@v4 + id: wolfprov-cache + with: + path: | + wolfssl-source + wolfssl-install + wolfprov-install + provider.conf + key: wolfprov-${{ matrix.wolfssl_ref }}-${{ github.sha }} + fail-on-cache-miss: true + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y build-essential autoconf automake \ + libtool pkg-config libwrap0-dev autoconf-archive \ + autotools-dev m4 + - name: Build stunnel + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: mtrojnar/stunnel + ref: stunnel-${{ matrix.stunnel_ref }} + path: stunnel + configure: --with-ssl=$GITHUB_WORKSPACE/openssl-install/ + check: true + + - name: Verify stunnel with wolfProvider + working-directory: ./stunnel + run: | + # Setup environment for wolfProvider + export LD_LIBRARY_PATH=$GITHUB_WORKSPACE/wolfssl-install/lib:$GITHUB_WORKSPACE/openssl-install/lib64 + export OPENSSL_CONF=$GITHUB_WORKSPACE/provider.conf + export OPENSSL_MODULES=$GITHUB_WORKSPACE/wolfprov-install/lib + # Verify stunnel + ldd src/stunnel | grep -E '(libssl|libcrypto)' + ./src/stunnel -version diff --git a/README.md b/README.md index b0e6fba6..aeebf485 100644 --- a/README.md +++ b/README.md @@ -56,7 +56,7 @@ The quickest method is to use the `scripts/build-wolfprovider.sh` script as foll ./scripts/build-wolfprovider.sh ``` -It will retreive the dependencies and compile them as necessary. To use other than the default (such as different releases) you can set various environment variables prior to calling the script: +It will retrieve the dependencies and compile them as necessary. To use other than the default (such as different releases) you can set various environment variables prior to calling the script: ``` OPENSSL_TAG=openssl-3.2.0 WOLFSSL_TAG=v5.7.2-stable WOLFPROV_DEBUG=1 scripts/build-wolfprovider.sh diff --git a/autogen.sh b/autogen.sh index a1dd85fd..cf2d9059 100755 --- a/autogen.sh +++ b/autogen.sh @@ -2,7 +2,7 @@ # # autogen.sh # -# Create configure and makfile stuff... +# Create configure and makefile stuff... # autoreconf --install --force --verbose diff --git a/include/wolfprovider/internal.h b/include/wolfprovider/internal.h index f3368f0a..9465cd5d 100644 --- a/include/wolfprovider/internal.h +++ b/include/wolfprovider/internal.h @@ -103,7 +103,7 @@ #define WP_RSA_DEFAULT_SALT_LEN 20 /* These values are taken from ssl.h. - * Can't include this header as it re-declares OpenSSL types. + * Can't include this header as it redeclares OpenSSL types. */ /* Named Groups */ enum { diff --git a/src/wp_aes_aead.c b/src/wp_aes_aead.c index 8fa574bf..23d9b1b3 100644 --- a/src/wp_aes_aead.c +++ b/src/wp_aes_aead.c @@ -67,7 +67,7 @@ typedef struct wp_AeadCtx { /** Current state of IV/nonce. */ int ivState; - /** Initialized for encrpytion or decryption. */ + /** Initialized for encryption or decryption. */ unsigned int enc:1; /** IV/nonce has been generated. */ unsigned int ivGen:1; @@ -263,7 +263,7 @@ static int wp_aead_tls_init(wp_AeadCtx* ctx, unsigned char* aad, size_t aadLen) * * @param [in, out] ctx AEAD context object. * @param [in] in More AAD data. - * @parma [in] inLen Length of new AAD data. + * @param [in] inLen Length of new AAD data. * @return 1 on success. * @return 0 on failure. */ @@ -299,7 +299,7 @@ static int wp_aead_cache_aad(wp_AeadCtx *ctx, const unsigned char *in, * * @param [in, out] ctx AEAD context object. * @param [in] in More AAD data. - * @parma [in] inLen Length of new AAD data. + * @param [in] inLen Length of new AAD data. * @return 1 on success. * @return 0 on failure. */ @@ -819,7 +819,7 @@ static int wp_aesgcm_get_rand_iv(wp_AeadCtx* ctx, unsigned char* out, #ifdef WOLFSSL_AESGCM_STREAM int rc; - rc = wc_AesGcmInit(&ctx->aes, NULL, 0, ctx->iv, ctx->ivLen); + rc = wc_AesGcmInit(&ctx->aes, NULL, 0, ctx->iv, (word32)ctx->ivLen); if (rc != 0) { ok = 0; } @@ -1199,7 +1199,7 @@ static int wp_aesgcm_stream_update(wp_AeadCtx *ctx, unsigned char *out, if ((!done) && ok) { if (ctx->ivState == IV_STATE_BUFFERED) { - rc = wc_AesGcmInit(&ctx->aes, NULL, 0, ctx->iv, ctx->ivLen); + rc = wc_AesGcmInit(&ctx->aes, NULL, 0, ctx->iv, (word32)ctx->ivLen); if (rc != 0) { ok = 0; } diff --git a/src/wp_aes_block.c b/src/wp_aes_block.c index 82b95e6d..44469659 100644 --- a/src/wp_aes_block.c +++ b/src/wp_aes_block.c @@ -813,7 +813,7 @@ static int wp_aes_block_set_ctx_params(wp_AesBlockCtx *ctx, * @param [in, out] ctx AES block context object. * @param [in] kBits Number of bits in a valid key. * @param [in] ivBits Number of bits in a valid IV. 0 indicates no IV. - * @parma [in] mode AES block mode: ECB or CBC. + * @param [in] mode AES block mode: ECB or CBC. * @return 1 on success. * @return 0 on failure. */ diff --git a/src/wp_aes_stream.c b/src/wp_aes_stream.c index 5212d470..66284ec7 100644 --- a/src/wp_aes_stream.c +++ b/src/wp_aes_stream.c @@ -381,7 +381,7 @@ static int wp_aes_stream_doit(wp_AesStreamCtx *ctx, unsigned char *out, #ifdef WP_HAVE_AESCFB if (ctx->mode == EVP_CIPH_CFB_MODE) { int rc; - + XMEMCPY(&ctx->aes.reg, ctx->iv, ctx->ivLen); if (ctx->enc) { rc = wc_AesCfbEncrypt(&ctx->aes, out, in, (word32)inLen); @@ -578,7 +578,7 @@ static int wp_aes_stream_set_ctx_params(wp_AesStreamCtx *ctx, * @param [in, out] ctx AES stream context object. * @param [in] kBits Number of bits in a valid key. * @param [in] ivBits Number of bits in a valid IV. 0 indicates no IV. - * @parma [in] mode AES stream mode: CTR. + * @param [in] mode AES stream mode: CTR. * @return 1 on success. * @return 0 on failure. */ diff --git a/src/wp_cmac.c b/src/wp_cmac.c index 6a8a50da..097c7ffc 100644 --- a/src/wp_cmac.c +++ b/src/wp_cmac.c @@ -208,7 +208,7 @@ static int wp_cmac_init(wp_CmacCtx* macCtx, const unsigned char* key, * Update the MAC state with data. * * @param [in, out] macCtx CMAC context object to update. - * @parma [in] data Data to be MACed. + * @param [in] data Data to be MACed. * @param [in] dataLen Length of data in bytes. * @return 1 on success. * @return 0 on failure. diff --git a/src/wp_des.c b/src/wp_des.c index e0aa9125..78c9ea59 100644 --- a/src/wp_des.c +++ b/src/wp_des.c @@ -778,7 +778,7 @@ static int wp_des3_block_set_ctx_params(wp_Des3BlockCtx *ctx, * @param [in, out] ctx DES3 block context object. * @param [in] kBits Number of bits in a valid key. * @param [in] ivBits Number of bits in a valid IV. 0 indicates no IV. - * @parma [in] mode DES3 block mode: ECB or CBC. + * @param [in] mode DES3 block mode: ECB or CBC. * @return 1 on success. * @return 0 on failure. */ diff --git a/src/wp_dh_exch.c b/src/wp_dh_exch.c index 6dfe30a1..cdb762e7 100644 --- a/src/wp_dh_exch.c +++ b/src/wp_dh_exch.c @@ -306,7 +306,7 @@ static int wp_dh_derive_secret(wp_DhCtx* ctx, unsigned char* secret, * Can put the DH secret through a KDF. * * @param [in] ctx DH key exchange context object. - * @param [out] secert Buffer to hold secret/key. + * @param [out] secret Buffer to hold secret/key. * @param [out] secLen Length of secret/key data in bytes. * @param [in] secSize Size of buffer in bytes. * @return 1 on success. diff --git a/src/wp_dh_kmgmt.c b/src/wp_dh_kmgmt.c index f9399caf..69a43326 100644 --- a/src/wp_dh_kmgmt.c +++ b/src/wp_dh_kmgmt.c @@ -560,7 +560,7 @@ static wp_Dh* wp_dh_dup(const wp_Dh *src, int selection) * Return the DH key object taken out of the reference. * * @param [in, out] pDh Pointer to a DH key object. - * @parma [in] size Size of data structure that is the DH key object. + * @param [in] size Size of data structure that is the DH key object. * Unused. * @return NULL when no DH key object at reference. * @return DH key object from reference on success. @@ -790,8 +790,8 @@ static int wp_dh_has(const wp_Dh* dh, int selection) /** * Check that two DH key objects match for the components specified. * - * @parma [in] dh1 First DH key object. - * @parma [in] dh2 Second DH key object. + * @param [in] dh1 First DH key object. + * @param [in] dh2 Second DH key object. * @param [in] selection Parts of key to match. * @return 1 on success. * @return 0 on failure. @@ -2565,7 +2565,7 @@ static int wp_dh_encode(wp_DhEncDecCtx* ctx, OSSL_CORE_BIO *cBio, * * @param [in] ctx DH encoder/decoder context object. * @param [in] dh DH key object. - * @oaram [in] size Size of key object. + * @param [in] size Size of key object. * @param [in] exportCb Callback to export key. * @param [in] exportCbArg Argument to pass to callback. * @return 1 on success. diff --git a/src/wp_ecc_kmgmt.c b/src/wp_ecc_kmgmt.c index 3e19a77e..9ac017ee 100644 --- a/src/wp_ecc_kmgmt.c +++ b/src/wp_ecc_kmgmt.c @@ -468,7 +468,7 @@ static wp_Ecc* wp_ecc_dup(const wp_Ecc *src, int selection) * Return the ECC key object taken out of the reference. * * @param [in, out] pEcc Pointer to a ECC key object. - * @parma [in] size Size of data structure that is the ECC key object. + * @param [in] size Size of data structure that is the ECC key object. * Unused. * @return NULL when no ECC key object at reference. * @return ECC key object from reference on success. @@ -852,8 +852,8 @@ static int wp_ecc_has(const wp_Ecc* ecc, int selection) /** * Check that two ECC key objects match for the components specified. * - * @parma [in] ecc1 First ECC key object. - * @parma [in] ecc2 Second ECC key object. + * @param [in] ecc1 First ECC key object. + * @param [in] ecc2 Second ECC key object. * @param [in] selection Parts of key to match. * @return 1 on success. * @return 0 on failure. @@ -2633,7 +2633,7 @@ static int wp_ecc_encode(wp_EccEncDecCtx* ctx, OSSL_CORE_BIO *cBio, * * @param [in] ctx ECC encoder/decoder context object. * @param [in] ecc ECC key object. - * @oaram [in] size Size of key object. + * @param [in] size Size of key object. * @param [in] exportCb Callback to export key. * @param [in] exportCbArg Argument to pass to callback. * @return 1 on success. diff --git a/src/wp_ecdh_exch.c b/src/wp_ecdh_exch.c index 852e9bc6..c28d5a64 100644 --- a/src/wp_ecdh_exch.c +++ b/src/wp_ecdh_exch.c @@ -290,7 +290,7 @@ static int wp_ecdh_derive_secret(wp_EcdhCtx* ctx, unsigned char* secret, * Can put the ECDH secret through a KDF. * * @param [in] ctx ECDH key exchange context object. - * @param [out] secert Buffer to hold secret/key. + * @param [out] secret Buffer to hold secret/key. * @param [out] secLen Length of secret/key data in bytes. * @param [in] secSize Size of buffer in bytes. * @return 1 on success. diff --git a/src/wp_ecdsa_sig.c b/src/wp_ecdsa_sig.c index ddd10477..75752524 100644 --- a/src/wp_ecdsa_sig.c +++ b/src/wp_ecdsa_sig.c @@ -406,7 +406,7 @@ static int wp_ecdsa_verify_recover(wp_EcdsaSigCtx *ctx, const unsigned char *rou * * @param [in, out] ctx ECDSA signature context object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @param [in] op Signature operation being performed. * @return 1 on success. * @return 0 on failure. diff --git a/src/wp_ecx_exch.c b/src/wp_ecx_exch.c index 1d506820..83dcba8d 100644 --- a/src/wp_ecx_exch.c +++ b/src/wp_ecx_exch.c @@ -209,7 +209,7 @@ const unsigned char wp_curve25519_order[] = { * Can put the secret through a KDF. * * @param [in] ctx ECX key exchange context object. - * @param [out] secert Buffer to hold secret/key. + * @param [out] secret Buffer to hold secret/key. * @param [out] secLen Length of secret/key data in bytes. * @param [in] secSize Size of buffer in bytes. * @return 1 on success. @@ -295,7 +295,7 @@ const OSSL_DISPATCH wp_x25519_keyexch_functions[] = { * Can put the secret through a KDF. * * @param [in] ctx ECX key exchange context object. - * @param [out] secert Buffer to hold secret/key. + * @param [out] secret Buffer to hold secret/key. * @param [out] secLen Length of secret/key data in bytes. * @param [in] secSize Size of buffer in bytes. * @return 1 on success. diff --git a/src/wp_ecx_kmgmt.c b/src/wp_ecx_kmgmt.c index 8da534ad..5f83fa39 100644 --- a/src/wp_ecx_kmgmt.c +++ b/src/wp_ecx_kmgmt.c @@ -352,7 +352,7 @@ static wp_Ecx* wp_ecx_dup(const wp_Ecx* src, int selection) * Return the ECX key object taken out of the reference. * * @param [in, out] pEcx Pointer to a ECX key object. - * @parma [in] size Size of data structure that is the ECX key object. + * @param [in] size Size of data structure that is the ECX key object. * Unused. * @return NULL when no ECX key object at reference. * @return ECX key object from reference on success. @@ -610,8 +610,8 @@ static int wp_ecx_has(const wp_Ecx* ecx, int selection) /** * Check that two ECX key objects' private keys match. * - * @parma [in] ecx1 First ECX key object. - * @parma [in] ecx2 Second ECX key object. + * @param [in] ecx1 First ECX key object. + * @param [in] ecx2 Second ECX key object. * @return 1 on success. * @return 0 on failure. */ @@ -655,8 +655,8 @@ static int wp_ecx_match_priv_key(const wp_Ecx* ecx1, const wp_Ecx* ecx2) /** * Check that two ECX key objects' public keys match. * - * @parma [in] ecx1 First ECX key object. - * @parma [in] ecx2 Second ECX key object. + * @param [in] ecx1 First ECX key object. + * @param [in] ecx2 Second ECX key object. * @return 1 on success. * @return 0 on failure. */ @@ -702,8 +702,8 @@ static int wp_ecx_match_pub_key(const wp_Ecx* ecx1, const wp_Ecx* ecx2) /** * Check that two ECX key objects match for the components specified. * - * @parma [in] ecx1 First ECX key object. - * @parma [in] ecx2 Second ECX key object. + * @param [in] ecx1 First ECX key object. + * @param [in] ecx2 Second ECX key object. * @param [in] selection Parts of key to match. * @return 1 on success. * @return 0 on failure. @@ -2081,7 +2081,7 @@ static int wp_ecx_encode(wp_EcxEncDecCtx* ctx, OSSL_CORE_BIO *cBio, * * @param [in] ctx ECX encoder/decoder context object. * @param [in] ecx ECX key object. - * @oaram [in] size Size of key object. + * @param [in] size Size of key object. * @param [in] exportCb Callback to export key. * @param [in] exportCbArg Argument to pass to callback. * @return 1 on success. diff --git a/src/wp_file_store.c b/src/wp_file_store.c index ed13cbad..8c1814ef 100644 --- a/src/wp_file_store.c +++ b/src/wp_file_store.c @@ -48,7 +48,7 @@ typedef struct wp_FileCtx { /** Decoder context for processing the contents of the file. */ OSSL_DECODER_CTX* decCtx; - /** Properites query. */ + /** Properties query. */ char* propQuery; /** Type of data: key, certificate, CRL, ... */ int type; diff --git a/src/wp_gmac.c b/src/wp_gmac.c index 4b6d30be..c8487885 100644 --- a/src/wp_gmac.c +++ b/src/wp_gmac.c @@ -208,7 +208,7 @@ static int wp_gmac_init(wp_GmacCtx* macCtx, const unsigned char* key, * Update the MAC state with data. * * @param [in, out] macCtx GMAC context object to update. - * @parma [in] data Data to be MACed. + * @param [in] data Data to be MACed. * @param [in] dataLen Length of data in bytes. * @return 1 on success. * @return 0 on failure. diff --git a/src/wp_hkdf.c b/src/wp_hkdf.c index 1745d88f..47e4379f 100644 --- a/src/wp_hkdf.c +++ b/src/wp_hkdf.c @@ -380,7 +380,7 @@ static int wp_hkdf_base_set_info(wp_HkdfCtx* ctx, const OSSL_PARAM params[]) unsigned char* q = ctx->info; ctx->infoSz = 0; - /* Combine all the data in the info parametrs. */ + /* Combine all the data in the info parameters. */ while (ok && ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL)) { size_t sz = 0; diff --git a/src/wp_hmac.c b/src/wp_hmac.c index e80ee51a..364bd9d4 100644 --- a/src/wp_hmac.c +++ b/src/wp_hmac.c @@ -231,7 +231,7 @@ static int wp_hmac_init(wp_HmacCtx* macCtx, const unsigned char* key, * Update the MAC state with data. * * @param [in, out] macCtx HMAC context object to update. - * @parma [in] data Data to be MACed. + * @param [in] data Data to be MACed. * @param [in] dataLen Length of data in bytes. * @return 1 on success. * @return 0 on failure. diff --git a/src/wp_kdf_exch.c b/src/wp_kdf_exch.c index b2c22172..bfbb3c2b 100644 --- a/src/wp_kdf_exch.c +++ b/src/wp_kdf_exch.c @@ -178,7 +178,7 @@ static int wp_kdf_init(wp_KdfCtx* ctx, wp_Kdf* kdf, const OSSL_PARAM params[]) * Can put the ECDH secret through a KDF. * * @param [in] ctx ECDH key exchange context object. - * @param [out] secert Buffer to hold secret/key. + * @param [out] secret Buffer to hold secret/key. * @param [out] secLen Length of secret/key data in bytes. * @param [in] secSize Size of buffer in bytes. * @return 1 on success. @@ -238,7 +238,7 @@ static const OSSL_PARAM* wp_hkdf_settable_ctx_params(wp_KdfCtx* ctx, OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SALT, NULL, 0), OSSL_PARAM_octet_string(OSSL_KDF_PARAM_INFO, NULL, 0), OSSL_PARAM_END - }; + }; return settable_ctx_params; } @@ -260,7 +260,7 @@ static const OSSL_PARAM* wp_tls1_prf_settable_ctx_params(wp_KdfCtx* ctx, OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SECRET, NULL, 0), OSSL_PARAM_octet_string(OSSL_KDF_PARAM_SEED, NULL, 0), OSSL_PARAM_END - }; + }; return settable_ctx_params; } diff --git a/src/wp_logging.c b/src/wp_logging.c index b0f5358f..8c2c2275 100644 --- a/src/wp_logging.c +++ b/src/wp_logging.c @@ -244,7 +244,7 @@ void WOLFPROV_ENTER(int component, const char* msg) * Log function used to record function exit. Extended for function name. * * @param component [IN] Component type, from wolfProv_LogComponents enum. - * @param func [IN] Name of function that exitting. + * @param func [IN] Name of function that exiting. * @param msg [IN] Log message. * @param ret [IN] Value that function will be returning. */ diff --git a/src/wp_mac_kmgmt.c b/src/wp_mac_kmgmt.c index 7491a8ee..3425e7fb 100644 --- a/src/wp_mac_kmgmt.c +++ b/src/wp_mac_kmgmt.c @@ -265,7 +265,7 @@ static wp_Mac* wp_mac_dup(const wp_Mac *src, int selection) } } dst->keyLen = src->keyLen; - /* Copy properites if set. */ + /* Copy properties if set. */ if (src->properties != NULL) { size_t propLen = XSTRLEN(src->properties) + 1; dst->properties = OPENSSL_malloc(propLen); @@ -319,8 +319,8 @@ static int wp_mac_has(const wp_Mac* mac, int selection) /** * Check that two MAC key objects match for the components specified. * - * @parma [in] mac1 First ECC key object. - * @parma [in] mac2 Second ECC key object. + * @param [in] mac1 First ECC key object. + * @param [in] mac2 Second ECC key object. * @param [in] selection Parts of key to match. * @return 1 on success. * @return 0 on failure. @@ -595,7 +595,7 @@ static void wp_mac_gen_cleanup(wp_MacGenCtx *ctx) * Return the MAC key object taken out of the reference. * * @param [in, out] pMac Pointer to a MAC key object. - * @parma [in] size Size of data structure that is the MAC key object. + * @param [in] size Size of data structure that is the MAC key object. * Unused. * @return NULL when no MAC key object at reference. * @return MAC key object from reference on success. diff --git a/src/wp_params.c b/src/wp_params.c index 328239a5..3eeaf1eb 100644 --- a/src/wp_params.c +++ b/src/wp_params.c @@ -204,7 +204,7 @@ void wp_param_set_mp_buf(OSSL_PARAM* p, const char* key, unsigned char* num, * Copies the name and returns the wolfSSL hash type and length of output. * * @param [in] params Array of parameters. - * @parma [out] name Buffer to hold hash name. + * @param [out] name Buffer to hold hash name. * @param [in] libCtx Library context to lookup name in. * @param [out] type wolfCrypt hash type corresponding to name. May be NULL. * @param [out] len Length of digest output in bytes. May be NULL. diff --git a/src/wp_rsa_asym.c b/src/wp_rsa_asym.c index 7d345267..3611705e 100644 --- a/src/wp_rsa_asym.c +++ b/src/wp_rsa_asym.c @@ -32,7 +32,7 @@ #ifdef WP_HAVE_RSA /* This define taken from ssl.h. - * Can't include this header as it re-declares OpenSSL types. + * Can't include this header as it redeclares OpenSSL types. */ #define WOLFSSL_MAX_MASTER_KEY_LENGTH 48 @@ -475,7 +475,7 @@ static int wp_rsaa_decrypt(wp_RsaAsymCtx* ctx, unsigned char* out, * * @param [in, out] ctx RSA asymmetric cipher context object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @return 1 on success. * @return 0 on failure. */ @@ -517,7 +517,7 @@ static int wp_rsaa_setup_md(wp_RsaAsymCtx* ctx, const char* mdName, * * @param [in, out] ctx RSA asymmetric cipher context object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @return 1 on success. * @return 0 on failure. */ diff --git a/src/wp_rsa_kem.c b/src/wp_rsa_kem.c index ed3baebd..f7f13133 100644 --- a/src/wp_rsa_kem.c +++ b/src/wp_rsa_kem.c @@ -269,7 +269,7 @@ static int wp_rsasve_gen_rand_bytes(wp_RsaKemCtx* ctx, unsigned char* out) } /** - * Generate a secret value and corresponding ciphertext (encapsulte). + * Generate a secret value and corresponding ciphertext (encapsulate). * * NIST.SP.800-56Br2 * 7.2.1.2 RSASVE Generate Operation (RSASVE.GENERATE). @@ -372,7 +372,7 @@ static int wp_rsakem_encapsulate(wp_RsaKemCtx* ctx, unsigned char* out, } /** - * Recover the secret from the encapsualted data (decapsulate). + * Recover the secret from the encapsulated data (decapsulate). * * NIST.SP.800-56Br2 * 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER). @@ -381,7 +381,7 @@ static int wp_rsakem_encapsulate(wp_RsaKemCtx* ctx, unsigned char* out, * @param [out] out Buffer to hold secret. * @param [out] outLen Length of secret in bytes. * @param [out] in Buffer holding encapsulated secret. - * @param [out] secretLen Length of encapsualted data in bytes. + * @param [out] secretLen Length of encapsulated data in bytes. * @return 1 on success. * @return 0 on failure. */ @@ -438,7 +438,7 @@ static int wp_rsasve_recover(wp_RsaKemCtx* ctx, unsigned char* out, * @param [out] out Buffer to hold secret. * @param [out] outLen Length of secret in bytes. * @param [out] in Buffer holding encapsulated secret. - * @param [out] secretLen Length of encapsualted data in bytes. + * @param [out] secretLen Length of encapsulated data in bytes. * @return 1 on success. * @return 0 on failure. */ diff --git a/src/wp_rsa_kmgmt.c b/src/wp_rsa_kmgmt.c index 398736e6..58464d03 100644 --- a/src/wp_rsa_kmgmt.c +++ b/src/wp_rsa_kmgmt.c @@ -578,7 +578,7 @@ static int wp_rsa_pss_params_set_pss_defaults(wp_RsaPssParams* pss) * * @param [in, out] pss RSA PSS parameters object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @param [in] libCtx Library context. * @return 1 on success. * @return 0 on failure. @@ -603,7 +603,7 @@ static int wp_rsa_pss_params_setup_mgf1_md(wp_RsaPssParams* pss, * * @param [in, out] pss RSA PSS parameters object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @param [in] libCtx Library context. * @return 1 on success. * @return 0 on failure. @@ -710,7 +710,7 @@ static int wp_rsa_pss_params_set_mgf1_digest(wp_RsaPssParams* pss, * * @param [in, out] pss RSA PSS parameters object. * @param [in, out] defaultsSet Whether default PSS parameters have been set. - * @param [in] params Array of parameters and valus. + * @param [in] params Array of parameters and values. * @param [in] libCtx Library context. * @return 1 on success. * @return 0 on failure. @@ -777,7 +777,7 @@ static int wp_rsa_pss_params_set_params(wp_RsaPssParams* pss, * Return the RSA key object taken out of the reference. * * @param [in, out] pRsa Pointer to a RSA key object. - * @parma [in] size Size of data structure that is the RSA key object. + * @param [in] size Size of data structure that is the RSA key object. * Unused. * @param [in] type Expected RSA type: PKCS#1.5 or PSS. * @return NULL when no RSA key object at reference or not matching type. @@ -981,8 +981,8 @@ static int wp_rsa_has(const wp_Rsa* rsa, int selection) /** * Check that two RSA key objects match for the components specified. * - * @parma [in] rsa1 First RSA key object. - * @parma [in] rsa2 Second RSA key object. + * @param [in] rsa1 First RSA key object. + * @param [in] rsa2 Second RSA key object. * @param [in] selection Parts of key to match. * @return 1 on success. * @return 0 on failure. @@ -1601,7 +1601,7 @@ static const OSSL_PARAM* wp_rsa_gen_settable_params(wp_RsaGenCtx* gctx, * Return the RSA key object taken out of the reference. * * @param [in, out] pRsa Pointer to a RSA key object. - * @parma [in] size Size of data structure that is the RSA key object. + * @param [in] size Size of data structure that is the RSA key object. * Unused. * @return NULL when no RSA key object at reference or not RSA PKCS#1.5 type. * @return RSA key object from reference on success. @@ -1658,7 +1658,7 @@ static wp_Rsa* wp_rsapss_new(WOLFPROV_CTX* provctx) * Return the RSA key object taken out of the reference. * * @param [in, out] pRsa Pointer to a RSA key object. - * @parma [in] size Size of data structure that is the RSA key object. + * @param [in] size Size of data structure that is the RSA key object. * Unused. * @return NULL when no RSA key object at reference or not RSA PSS type. * @return RSA key object from reference on success. @@ -2224,7 +2224,7 @@ static int wp_rsa_decode_enc_pki(wp_Rsa* rsa, unsigned char* data, word32 len, } if (ok) { /* Decrypt to encoded private key. */ - int ret = wc_DecryptPKCS8Key(data, len, password, passwordSz); + int ret = wc_DecryptPKCS8Key(data, len, password, (int)passwordSz); if (ret <= 0) { ok = 0; } @@ -2596,7 +2596,7 @@ static int wp_rsa_encode_spki(const wp_Rsa* rsa, unsigned char* keyData, int ok = 1; int ret; - ret = wc_RsaKeyToPublicDer((RsaKey*)&rsa->key, keyData, *keyLen); + ret = wc_RsaKeyToPublicDer((RsaKey*)&rsa->key, keyData, (word32)*keyLen); if (ret <= 0) { ok = 0; } @@ -2692,7 +2692,7 @@ static int wp_rsa_encode_pub(const wp_Rsa* rsa, unsigned char* keyData, } #else /* TODO: Encodes with header. Strip it off. */ - ret = wc_RsaKeyToPublicDer((RsaKey*)&rsa->key, keyData, *keyLen); + ret = wc_RsaKeyToPublicDer((RsaKey*)&rsa->key, keyData, (word32)*keyLen); if (ret <= 0) { ok = 0; } @@ -2879,8 +2879,8 @@ static int wp_rsa_encode_enc_pki_size(const wp_RsaEncDecCtx* ctx, ok = wp_rsa_encode_pki_size(rsa, &len, RSA_ALGO_ID(ctx)); if (ok) { /* Get encrypted encode private key. */ - if (wc_EncryptPKCS8Key(fakeData, len, NULL, &outSz, "", 0, WP_PKCS5, - WP_PBES2, ctx->cipher, fakeSalt, sizeof(fakeSalt), + if (wc_EncryptPKCS8Key(fakeData, (word32)len, NULL, &outSz, "", 0, + WP_PKCS5, WP_PBES2, ctx->cipher, fakeSalt, sizeof(fakeSalt), WP_PKCS12_ITERATIONS_DEFAULT, wp_provctx_get_rng(ctx->provCtx), NULL) != LENGTH_ONLY_E) { ok = 0; @@ -2914,7 +2914,7 @@ static int wp_rsa_encode_enc_pki(const wp_RsaEncDecCtx* ctx, const wp_Rsa* rsa, { int ok = 1; size_t len; - word32 outSz = *keyLen; + word32 outSz = (word32)*keyLen; byte salt[WP_MAX_SALT_SIZE]; int saltLen = 16; char password[1024]; @@ -2947,10 +2947,10 @@ static int wp_rsa_encode_enc_pki(const wp_RsaEncDecCtx* ctx, const wp_Rsa* rsa, } if (ok) { /* Encrypt encoded key - in and out buffers must be different. */ - if (wc_EncryptPKCS8Key(encodedKey, len, keyData, &outSz, password, - passwordSz, WP_PKCS5, WP_PBES2, ctx->cipher, salt, saltLen, - WP_PKCS12_ITERATIONS_DEFAULT, wp_provctx_get_rng(ctx->provCtx), - NULL) <= 0) { + if (wc_EncryptPKCS8Key(encodedKey, (word32)len, keyData, &outSz, + password, (word32)passwordSz, WP_PKCS5, WP_PBES2, ctx->cipher, + salt, saltLen, WP_PKCS12_ITERATIONS_DEFAULT, + wp_provctx_get_rng(ctx->provCtx), NULL) <= 0) { ok = 0; } else { @@ -3201,7 +3201,7 @@ static int wp_rsa_encode(wp_RsaEncDecCtx* ctx, OSSL_CORE_BIO* cBio, * * @param [in] ctx RSA encoder/decoder context object. * @param [in] rsa RSA key object. - * @oaram [in] size Size of key object. + * @param [in] size Size of key object. * @param [in] exportCb Callback to export key. * @param [in] exportCbArg Argument to pass to callback. * @return 1 on success. diff --git a/src/wp_rsa_sig.c b/src/wp_rsa_sig.c index afbb17ed..23dd96b7 100644 --- a/src/wp_rsa_sig.c +++ b/src/wp_rsa_sig.c @@ -109,7 +109,7 @@ static int wp_rsa_set_ctx_params(wp_RsaSigCtx* ctx, const OSSL_PARAM params[]); * * @param [in, out] ctx RSA signature context object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @param [in] op Signature operation being performed. * @return 1 on success. * @return 0 on failure. @@ -198,7 +198,7 @@ static int wp_rsa_setup_md(wp_RsaSigCtx* ctx, const char* mdName, * * @param [in, out] ctx RSA signature context object. * @param [in] mdName Name of digest. - * @param [in] mdProps Digest properites. + * @param [in] mdProps Digest properties. * @return 1 on success. * @return 0 on failure. */ @@ -867,7 +867,7 @@ static int wp_rsa_sign_x931(wp_RsaSigCtx* ctx, unsigned char* sig, } } if (ok) { - rc = mp_read_unsigned_bin(&toMp, sig, *sigLen); + rc = mp_read_unsigned_bin(&toMp, sig, (word32)*sigLen); if (rc != MP_OKAY) { ok = 0; } @@ -882,7 +882,7 @@ static int wp_rsa_sign_x931(wp_RsaSigCtx* ctx, unsigned char* sig, ok = 0; } else if (mp_cmp(&toMp, &nMinusTo) == MP_GT) { - rc = mp_to_unsigned_bin_len(&nMinusTo, sig, *sigLen); + rc = mp_to_unsigned_bin_len(&nMinusTo, sig, (int)*sigLen); if (rc != MP_OKAY) { ok = 0; } diff --git a/src/wp_tls1_prf.c b/src/wp_tls1_prf.c index 1d8b74c7..2a2415a6 100644 --- a/src/wp_tls1_prf.c +++ b/src/wp_tls1_prf.c @@ -213,7 +213,7 @@ static int wp_kdf_tls1_prf_get_seed(wp_Tls1Prf_Ctx* ctx, const OSSL_PARAM *p; unsigned char* q = ctx->seed + ctx->seedSz; - /* Combine all the data in the seed parametrs. */ + /* Combine all the data in the seed parameters. */ while (ok && ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SEED)) != NULL)) { size_t sz = 0; diff --git a/test/test_ecc.c b/test/test_ecc.c index 71f3d076..7e9ff965 100644 --- a/test/test_ecc.c +++ b/test/test_ecc.c @@ -285,7 +285,7 @@ static int test_eckeygen_name_ex(const char *name, int setEncoding, int expectFa err = EVP_PKEY_CTX_ctrl_str(ctx, "ec_paramgen_curve", name) != 1; } if (err == 0 && setEncoding) { - /* For now only testing explictly setting named curve encoding */ + /* For now only testing explicitly setting named curve encoding */ err = EVP_PKEY_CTX_ctrl_str(ctx, "ec_param_enc", OSSL_PKEY_EC_ENCODING_GROUP) != 1; } diff --git a/test/test_rsa.c b/test/test_rsa.c index 323ea7ae..510ffc87 100644 --- a/test/test_rsa.c +++ b/test/test_rsa.c @@ -856,7 +856,7 @@ int test_rsa_get_params(void *data) } } if (err == 0) { - eRet = BN_bin2bn(e, params[1].return_size, NULL); + eRet = BN_bin2bn(e, (int)params[1].return_size, NULL); if (eRet == NULL) { err = 1; }