add .github/workflows/opensslcoexist.yml. fix TEST_OPENSSL_COEXIST section of wolfssl/ssl.h for compatibility with OpenSSL <3.2. also, remove frivolous entry for WOLFSSL_HMAC_COPY_HASH in .wolfssl_known_macro_extras.

2025-02-14 12:19:12 -06:00 · 2025-02-14 12:19:12 -06:00 · 10d5d59977
parent 29f2767b88
commit 10d5d59977
3 changed files with 70 additions and 16 deletions
--- a/.github/workflows/opensslcoexist.yml
+++ b/.github/workflows/opensslcoexist.yml
@ -0,0 +1,50 @@
+name: OPENSSL_COEXIST and TEST_OPENSSL_COEXIST
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  make_check:
+    strategy:
+      matrix:
+        config: [
+          # Add new configs here
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic"',
+          '--verbose --enable-all --disable-all-osp --disable-opensslall --enable-opensslcoexist CPPFLAGS="-DNO_WOLFSSL_CIPHER_SUITE_TEST -pedantic -DTEST_OPENSSL_COEXIST"'
+        ]
+    name: make check
+    if: github.repository_owner == 'wolfssl'
+    runs-on: ubuntu-22.04
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 6
+    steps:
+      - uses: actions/checkout@v4
+        name: Checkout wolfSSL
+
+      - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST
+        run: |
+          ./autogen.sh || $(exit 2)
+          ./configure ${{ matrix.config }} || $(exit 3)
+          make -j 4 || $(exit 4)
+          make check
+
+      - name: Print errors
+        if: ${{ failure() }}
+        run: |
+          for file in config.log scripts/*.log
+          do
+              if [ -f "$file" ]; then
+                  echo "${file}:"
+                  cat "$file"
+                  echo "========================================================================"
+              fi
+          done
--- a/.wolfssl_known_macro_extras
+++ b/.wolfssl_known_macro_extras
@ -651,7 +651,6 @@ WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS
 WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC
 WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK
 WOLFSSL_HARDEN_TLS_NO_SCR_CHECK
-WOLFSSL_HMAC_COPY_HASH
 WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY
 WOLFSSL_I2D_ECDSA_SIG_ALLOC
 WOLFSSL_IAR_ARM_TIME
--- a/wolfssl/ssl.h
+++ b/wolfssl/ssl.h
@ -117,7 +117,6 @@
        #include <openssl/hmac.h>
        #include <openssl/bn.h>
        #include <openssl/crypto.h>
-
        #if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \
            FIPS_VERSION3_GE(5,2,0))
        #include <openssl/aes.h>
@ -125,24 +124,15 @@
        #include <openssl/camellia.h>
        #include <openssl/cast.h>
        #include <openssl/cmac.h>
-        #include <openssl/cmp.h>
        #include <openssl/cms.h>
        #include <openssl/conf_api.h>
-        #include <openssl/core_object.h>
-        #include <openssl/decoder.h>
        #include <openssl/des.h>
        #include <openssl/dh.h>
        #include <openssl/dsa.h>
        #include <openssl/ecdh.h>
        #include <openssl/ecdsa.h>
-        #include <openssl/encoder.h>
        #include <openssl/engine.h>
-        #include <openssl/ess.h>
-        #include <openssl/fipskey.h>
-        #include <openssl/fips_names.h>
        #include <openssl/hmac.h>
-        #include <openssl/hpke.h>
-        #include <openssl/http.h>
        #include <openssl/idea.h>
        #include <openssl/kdf.h>
        #include <openssl/md2.h>
@ -152,14 +142,10 @@
        #include <openssl/modes.h>
        #include <openssl/ocsp.h>
        #include <openssl/ossl_typ.h>
-        #include <openssl/param_build.h>
-        #include <openssl/params.h>
        #include <openssl/pem2.h>
        #include <openssl/pem.h>
        #include <openssl/pkcs12.h>
        #include <openssl/pkcs7.h>
-        #include <openssl/proverr.h>
-        #include <openssl/provider.h>
        #include <openssl/rand.h>
        #include <openssl/rc2.h>
        #include <openssl/rc4.h>
@ -171,7 +157,6 @@
            #undef RSA_PKCS1_PADDING_SIZE
        #endif
        #include <openssl/seed.h>
-        #include <openssl/self_test.h>
        #include <openssl/sha.h>
        #include <openssl/srp.h>
        #include <openssl/srtp.h>
@ -180,6 +165,26 @@
        #include <openssl/txt_db.h>
        #include <openssl/ui.h>
        #include <openssl/whrlpool.h>
+
+        #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x30000000L
+        #include <openssl/cmp.h>
+        #include <openssl/core_object.h>
+        #include <openssl/decoder.h>
+        #include <openssl/encoder.h>
+        #include <openssl/ess.h>
+        #include <openssl/fipskey.h>
+        #include <openssl/fips_names.h>
+        #if OPENSSL_VERSION_NUMBER >= 0x30200000L
+        #include <openssl/hpke.h>
+        #endif
+        #include <openssl/http.h>
+        #include <openssl/param_build.h>
+        #include <openssl/params.h>
+        #include <openssl/proverr.h>
+        #include <openssl/provider.h>
+        #include <openssl/self_test.h>
+        #endif /* OPENSSL_VERSION_NUMBER >= 0x30000000L */
+
        #endif /* !HAVE_SELFTEST && (!HAVE_FIPS || FIPS_VERSION3_GE(5,2,0)) */

    #endif