-
Notifications
You must be signed in to change notification settings - Fork 970
165 lines (136 loc) · 5.6 KB
/
openssl-ech.yml
File metadata and controls
165 lines (136 loc) · 5.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
name: OpenSSL ECH Interop Test
# START OF COMMON SECTION
on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
# END OF COMMON SECTION
jobs:
build_wolfssl:
name: Build wolfSSL
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 4
steps:
- name: Build wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
path: wolfssl
configure: >-
--enable-ech --enable-sha512 --enable-aes CFLAGS='-DUSE_FLAT_TEST_H'
install: true
- name: tar build-dir
run: |
# need server.h and client.h which are not installed normally
cp "$GITHUB_WORKSPACE/wolfssl/examples/server/server.h" \
build-dir/share/doc/wolfssl/example/server.h
cp "$GITHUB_WORKSPACE/wolfssl/examples/client/client.h" \
build-dir/share/doc/wolfssl/example/client.h
# need certs so 'wolfSSL error: wolf root not found' does not show up
cp -r "$GITHUB_WORKSPACE/wolfssl/certs" build-dir/certs
# need the ech script to run tests
cp "$GITHUB_WORKSPACE/wolfssl/.github/scripts/openssl-ech.sh" \
build-dir/openssl-ech.sh
tar -zcf build-dir.tgz build-dir
- name: Upload built wolfSSL
uses: actions/upload-artifact@v4
with:
name: wolf-install-openssl-ech
path: build-dir.tgz
retention-days: 5
build_openssl_ech:
name: Build OpenSSL (feature/ech)
if: github.repository_owner == 'wolfssl'
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- name: Checkout OpenSSL feature/ech branch
uses: actions/checkout@v4
with:
repository: openssl/openssl
ref: feature/ech
path: openssl
- name: Build OpenSSL
working-directory: openssl
run: |
./Configure --prefix=$GITHUB_WORKSPACE/openssl-install \
--openssldir=$GITHUB_WORKSPACE/openssl-install/ssl \
enable-ech no-docs
make -j$(nproc)
make install_sw
- name: tar openssl-install
run: tar -zcf openssl-install.tgz openssl-install
- name: Upload built OpenSSL
uses: actions/upload-artifact@v4
with:
name: openssl-ech-install
path: openssl-install.tgz
retention-days: 5
ech_interop_test:
name: ECH Interop Test
if: github.repository_owner == 'wolfssl'
needs: [build_wolfssl, build_openssl_ech]
runs-on: ubuntu-24.04
timeout-minutes: 10
steps:
- name: Download wolfSSL build
uses: actions/download-artifact@v4
with:
name: wolf-install-openssl-ech
- name: Download OpenSSL build
uses: actions/download-artifact@v4
with:
name: openssl-ech-install
- name: Extract builds
run: |
tar -xzf build-dir.tgz
tar -xzf openssl-install.tgz
- name: Build wolfssl client and server examples
run: |
export WOLFSSL_INSTALL_DIR="$GITHUB_WORKSPACE/build-dir"
export WOLFSSL_BIN_DIR="$WOLFSSL_INSTALL_DIR/bin"
export CFLAGS="-Wall -I$WOLFSSL_INSTALL_DIR/include"
export LIBS="-L$WOLFSSL_INSTALL_DIR/lib -lm -lwolfssl"
export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib/:$LD_LIBRARY_PATH"
gcc -o "$WOLFSSL_BIN_DIR/client" \
"$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example/client.c" \
$CFLAGS $LIBS -I"$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example"
gcc -o "$WOLFSSL_BIN_DIR/server" \
"$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example/server.c" \
$CFLAGS $LIBS -I"$WOLFSSL_INSTALL_DIR/share/doc/wolfssl/example"
- name: Interop test
run: |
set -e
export LD_LIBRARY_PATH="$GITHUB_WORKSPACE/openssl-install/lib64:$GITHUB_WORKSPACE/openssl-install/lib:$GITHUB_WORKSPACE/build-dir/lib:$LD_LIBRARY_PATH"
export OPENSSL="$GITHUB_WORKSPACE/openssl-install/bin/openssl"
export WOLFSSL_CLIENT="$GITHUB_WORKSPACE/build-dir/bin/client"
export WOLFSSL_SERVER="$GITHUB_WORKSPACE/build-dir/bin/server"
export CERT_DIR="$GITHUB_WORKSPACE/build-dir/certs"
LOG_FILE="$GITHUB_WORKSPACE/log_file.log"
# need to cd into build-dir so the certs/ dir is available for server
cd build-dir
$OPENSSL version | tee "$LOG_FILE"
# default suite (DHKEM_X25519_HKDF_SHA256, HKDF_SHA256, HPKE_AES_128_GCM)
echo -e "\nTesting default suite with OpenSSL server and wolfSSL client\n" &>> "$LOG_FILE"
bash ./openssl-ech.sh server &>> "$LOG_FILE"
echo -e "\nTesting default suite with OpenSSL client and wolfSSL server\n" &>> "$LOG_FILE"
bash ./openssl-ech.sh client &>> "$LOG_FILE"
# weird suite (DHKEM_P521_HKDF_SHA512, HKDF_SHA256, HPKE_AES_256_GCM)
echo -e "\nTesting weird suite with OpenSSL server and wolfSSL client\n" &>> "$LOG_FILE"
bash ./openssl-ech.sh server --suite "18,1,2" &>> "$LOG_FILE"
echo -e "\nTesting weird suite with OpenSSL client and wolfSSL server\n" &>> "$LOG_FILE"
bash ./openssl-ech.sh client --suite "18,1,2" &>> "$LOG_FILE"
# cleanup
rm -f "$LOG_FILE"
- name: Print debug info on failure
if: ${{ failure() }}
run: |
if [ -s "$GITHUB_WORKSPACE/log_file.log" ]; then
cat "$GITHUB_WORKSPACE/log_file.log"
else
echo "No log file"
fi