gdb < <(echo -e "file ./libcrypto.so.3\nquit") > ./results
grep -q "Reading symbols from.*libcrypto\.so\.3\.debug" results
+ external-test-pkcs11-provider:
+ runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
+ steps:
+ - uses: actions/checkout@v4
+ with:
+ submodules: recursive
+ - name: package installs
+ run: |
+ sudo apt-get update
+ sudo apt-get -yq install meson pkg-config gnutls-bin libnss3-tools libnss3-dev libsofthsm2 opensc expect
+ - name: config
+ run: ./config --banner=Configured --strict-warnings --debug enable-external-tests && perl configdata.pm --dump
+ - name: make
+ run: make -s -j4
+ - name: get cpu info
+ run: |
+ cat /proc/cpuinfo
+ ./util/opensslwrap.sh version -c
+ - name: test external pkcs11-provider
+ run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
+
external-test-pyca:
runs-on: ${{ github.server_url == 'https://github.com' && 'ubuntu-latest' || 'ubuntu-22.04-self-hosted' }}
strategy:
path = fuzz/corpora
url = https://github.com/openssl/fuzz-corpora
branch = main
+[submodule "pkcs11-provider"]
+ path = pkcs11-provider
+ url = https://github.com/latchset/pkcs11-provider.git
--- /dev/null
+Subproject commit 8757cf26a8ffc4144b66870c8438df00d2668d48
The names of all supported quantum-safe algorithms are available at
<https://github.com/open-quantum-safe/oqs-provider#algorithms>
+pkcs11-provider test suite
+======================
+
+This builds and runs pkcs11-provider tests agains the local OpenSSL build.
+
+You will need a git checkout of pkcs11-provider at the top level:
+
+ $ git submodule update --init
+
+Then configure/build OpenSSL enabling external tests:
+
+ $ ./config shared enable-external-tests
+ $ make
+
+pkcs11-provider requires meson for the build process. Moreover, it requires
+softhsm and nss softokn tokens and certtool, certutil, pkcs11-tool and expect
+to run the tests.
+
+Tests will then be run as part of the rest of the suite, or can be
+explicitly run (with more debugging):
+
+ $ make test VERBOSE=1 TESTS=test_external_pkcs11_provider
+
+Test failures and suppressions
+------------------------------
+
+There are tests for different software tokens - softhsm, nss-softokn and kryoptic.
+Kryoptic tests will not run at this point. Currently no test fails.
+
Updating test suites
====================
--- /dev/null
+#! /usr/bin/env perl
+# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+use OpenSSL::Test;
+use OpenSSL::Test::Utils;
+use OpenSSL::Test qw/:DEFAULT data_file bldtop_dir srctop_dir cmdstr/;
+
+setup("test_external_pkcs11_provider");
+
+plan skip_all => "No external tests in this configuration"
+ if disabled("external-tests");
+plan skip_all => "pkcs11-provider tests not available on Windows or VMS"
+ if $^O =~ /^(VMS|MSWin32)$/;
+plan skip_all => "pkcs11-provider tests only available in a shared build"
+ if disabled("shared");
+plan skip_all => "pkcs11-provider tests not supported in out of tree builds"
+ if bldtop_dir() ne srctop_dir();
+
+plan tests => 1;
+
+ok(run(cmd(["sh", data_file("pkcs11-provider.sh")])),
+ "running pkcs11-provider tests");
--- /dev/null
+#!/bin/sh
+#
+# Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+#
+# OpenSSL external testing using the pkcs11-provider
+#
+
+PWD="$(pwd)"
+
+SRCTOP="$(cd $SRCTOP; pwd)"
+BLDTOP="$(cd $BLDTOP; pwd)"
+
+if [ "$SRCTOP" != "$BLDTOP" ] ; then
+ echo "Out of tree builds not supported with pkcsa11-provider test!"
+ exit 1
+fi
+
+O_EXE="$BLDTOP/apps"
+O_BINC="$BLDTOP/include"
+O_SINC="$SRCTOP/include"
+O_LIB="$BLDTOP"
+
+unset OPENSSL_CONF
+
+export PATH="$O_EXE:$PATH"
+export LD_LIBRARY_PATH="$O_LIB:$LD_LIBRARY_PATH"
+export OPENSSL_ROOT_DIR="$O_LIB"
+
+# Check/Set openssl version
+OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '`
+
+echo "------------------------------------------------------------------"
+echo "Testing OpenSSL using pkcs11-provider:"
+echo " CWD: $PWD"
+echo " SRCTOP: $SRCTOP"
+echo " BLDTOP: $BLDTOP"
+echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR"
+echo " OpenSSL version: $OPENSSL_VERSION"
+echo "------------------------------------------------------------------"
+
+PKCS11_PROVIDER_BUILDDIR=$OPENSSL_ROOT_DIR/pkcs11-provider/builddir
+
+echo "------------------------------------------------------------------"
+echo "Building pkcs11-provider"
+echo "------------------------------------------------------------------"
+
+PKG_CONFIG_PATH="$BLDTOP" meson setup $PKCS11_PROVIDER_BUILDDIR $OPENSSL_ROOT_DIR/pkcs11-provider/ || exit 1
+meson compile -C $PKCS11_PROVIDER_BUILDDIR pkcs11 || exit 1
+
+echo "------------------------------------------------------------------"
+echo "Running tests"
+echo "------------------------------------------------------------------"
+
+# The OpenSSL app uses ${HARNESS_OSSL_PREFIX} as a prefix for its standard output
+HARNESS_OSSL_PREFIX= meson test -C $PKCS11_PROVIDER_BUILDDIR
+
+if [ $? -ne 0 ]; then
+ cat $PKCS11_PROVIDER_BUILDDIR/meson-logs/testlog.txt
+ exit 1
+fi
+
+rm -rf $PKCS11_PROVIDER_BUILDDIR
+
+exit 0
projects / thirdparty / openssl.git / commitdiff
