mirror of https://github.com/openssl/openssl
Add external testing with oqsprovider
Including running the oqsprovider external test in the CI external test build. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17832)
This commit is contained in:
parent
a35c3a9f5b
commit
fa66f62ebb
|
@ -277,6 +277,8 @@ jobs:
|
||||||
run: make test TESTS="test_external_krb5"
|
run: make test TESTS="test_external_krb5"
|
||||||
- name: test external_tlsfuzzer
|
- name: test external_tlsfuzzer
|
||||||
run: make test TESTS="test_external_tlsfuzzer"
|
run: make test TESTS="test_external_tlsfuzzer"
|
||||||
|
- name: test external oqs-provider
|
||||||
|
run: make test TESTS="test_external_oqsprovider"
|
||||||
|
|
||||||
external-test-pyca:
|
external-test-pyca:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
|
@ -22,3 +22,6 @@
|
||||||
[submodule "tlslite-ng"]
|
[submodule "tlslite-ng"]
|
||||||
path = tlslite-ng
|
path = tlslite-ng
|
||||||
url = https://github.com/tlsfuzzer/tlslite-ng
|
url = https://github.com/tlsfuzzer/tlslite-ng
|
||||||
|
[submodule "oqs-provider"]
|
||||||
|
path = oqs-provider
|
||||||
|
url = https://github.com/open-quantum-safe/oqs-provider.git
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
Subproject commit e422884c2387006f68f4c192b3dcb6be3160e7d1
|
|
@ -87,6 +87,39 @@ explicitly run (with more debugging):
|
||||||
|
|
||||||
$ make test VERBOSE=1 TESTS=test_external_gost_engine
|
$ make test VERBOSE=1 TESTS=test_external_gost_engine
|
||||||
|
|
||||||
|
OQSprovider test suite
|
||||||
|
======================
|
||||||
|
|
||||||
|
Much like the PYCA/Cryptography test suite, this builds and runs the OQS
|
||||||
|
(OpenQuantumSafe -- www.openquantumsafe.org) provider tests against the
|
||||||
|
local OpenSSL build.
|
||||||
|
|
||||||
|
You will need a git checkout of oqsprovider at the top level:
|
||||||
|
|
||||||
|
$ git submodule update --init
|
||||||
|
|
||||||
|
Then configure/build OpenSSL enabling external tests:
|
||||||
|
|
||||||
|
$ ./config shared enable-external-tests
|
||||||
|
$ make
|
||||||
|
|
||||||
|
oqsprovider requires CMake for the build process.
|
||||||
|
|
||||||
|
OQSprovider tests will then be run as part of the rest of the suite, or can be
|
||||||
|
explicitly run (with more debugging):
|
||||||
|
|
||||||
|
$ make test VERBOSE=1 TESTS=test_external_oqsprovider
|
||||||
|
|
||||||
|
The environment variable `OQS_SKIP_TESTS` can be set to select tests and
|
||||||
|
algorithms to be skipped. If not set, the "rainbow" algorithm set as well as
|
||||||
|
the (OQS-)OpenSSL1.1.1 compatibility tests will not be executed. So, for
|
||||||
|
example to exclude the "mceliece" and "kyber" algorithms execute
|
||||||
|
|
||||||
|
OQS_SKIP_TESTS=mceliece,kyber make test TESTS=test_external_oqsprovider
|
||||||
|
|
||||||
|
The names of all supported quantum-safe algorithms are available at
|
||||||
|
<https://github.com/open-quantum-safe/openssl#supported-algorithms>
|
||||||
|
|
||||||
Updating test suites
|
Updating test suites
|
||||||
====================
|
====================
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,28 @@
|
||||||
|
#! /usr/bin/env perl
|
||||||
|
# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
# this file except in compliance with the License. You can obtain a copy
|
||||||
|
# in the file LICENSE in the source distribution or at
|
||||||
|
# https://www.openssl.org/source/license.html
|
||||||
|
|
||||||
|
|
||||||
|
use OpenSSL::Test;
|
||||||
|
use OpenSSL::Test::Utils;
|
||||||
|
use OpenSSL::Test qw/:DEFAULT data_file bldtop_dir srctop_dir cmdstr/;
|
||||||
|
|
||||||
|
setup("test_external_oqsprovider");
|
||||||
|
|
||||||
|
plan skip_all => "No external tests in this configuration"
|
||||||
|
if disabled("external-tests");
|
||||||
|
plan skip_all => "oqsprovider tests not available on Windows or VMS"
|
||||||
|
if $^O =~ /^(VMS|MSWin32)$/;
|
||||||
|
plan skip_all => "oqsprovider tests only available in a shared build"
|
||||||
|
if disabled("shared");
|
||||||
|
plan skip_all => "oqsprovider tests not supported in out of tree builds"
|
||||||
|
if bldtop_dir() ne srctop_dir();
|
||||||
|
|
||||||
|
plan tests => 1;
|
||||||
|
|
||||||
|
ok(run(cmd(["sh", data_file("oqsprovider.sh")])),
|
||||||
|
"running oqsprovider tests");
|
|
@ -0,0 +1,77 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
|
||||||
|
#
|
||||||
|
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||||
|
# this file except in compliance with the License. You can obtain a copy
|
||||||
|
# in the file LICENSE in the source distribution or at
|
||||||
|
# https://www.openssl.org/source/license.html
|
||||||
|
|
||||||
|
#
|
||||||
|
# OpenSSL external testing using the OQS provider
|
||||||
|
#
|
||||||
|
set -e
|
||||||
|
|
||||||
|
PWD="$(pwd)"
|
||||||
|
|
||||||
|
SRCTOP="$(cd $SRCTOP; pwd)"
|
||||||
|
BLDTOP="$(cd $BLDTOP; pwd)"
|
||||||
|
|
||||||
|
if [ "$SRCTOP" != "$BLDTOP" ] ; then
|
||||||
|
echo "Out of tree builds not supported with oqsprovider test!"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
O_EXE="$BLDTOP/apps"
|
||||||
|
O_BINC="$BLDTOP/include"
|
||||||
|
O_SINC="$SRCTOP/include"
|
||||||
|
O_LIB="$BLDTOP"
|
||||||
|
|
||||||
|
unset OPENSSL_CONF
|
||||||
|
|
||||||
|
export PATH="$O_EXE:$PATH"
|
||||||
|
export LD_LIBRARY_PATH="$O_LIB:$LD_LIBRARY_PATH"
|
||||||
|
export OPENSSL_ROOT_DIR="$O_LIB"
|
||||||
|
|
||||||
|
# Check/Set openssl version
|
||||||
|
OPENSSL_VERSION=`openssl version | cut -f 2 -d ' '`
|
||||||
|
|
||||||
|
echo "------------------------------------------------------------------"
|
||||||
|
echo "Testing OpenSSL using oqsprovider:"
|
||||||
|
echo " CWD: $PWD"
|
||||||
|
echo " SRCTOP: $SRCTOP"
|
||||||
|
echo " BLDTOP: $BLDTOP"
|
||||||
|
echo " OPENSSL_ROOT_DIR: $OPENSSL_ROOT_DIR"
|
||||||
|
echo " OpenSSL version: $OPENSSL_VERSION"
|
||||||
|
echo "------------------------------------------------------------------"
|
||||||
|
|
||||||
|
if [ ! -d $SRCTOP/oqs-provider/oqs ]; then
|
||||||
|
# disable rainbow family by default; all further config options listed at
|
||||||
|
# https://github.com/open-quantum-safe/liboqs/wiki/Customizing-liboqs
|
||||||
|
(
|
||||||
|
cd $SRCTOP/oqs-provider \
|
||||||
|
&& git clone --depth 1 --branch main https://github.com/open-quantum-safe/liboqs.git \
|
||||||
|
&& cd liboqs \
|
||||||
|
&& mkdir build \
|
||||||
|
&& cd build \
|
||||||
|
&& cmake -DOQS_ENABLE_SIG_RAINBOW=OFF -DCMAKE_INSTALL_PREFIX=$SRCTOP/oqs-provider/oqs .. \
|
||||||
|
&& make \
|
||||||
|
&& make install
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -f $SRCTOP/oqs-provider/test/ssltestlib.c ]; then
|
||||||
|
( cd $SRCTOP/oqs-provider && OPENSSL_BLDTOP=$BLDTOP ./scripts/preptests.sh )
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo " CWD: $PWD"
|
||||||
|
cmake $SRCTOP/oqs-provider -DCMAKE_INCLUDE_PATH=$SRCTOP/oqs-provider/oqs -DCMAKE_PREFIX_PATH=$SRCTOP/oqs-provider/oqs -DOPENSSL_ROOT_DIR="$OPENSSL_ROOT_DIR" -DOPENSSL_BLDTOP=$BLDTOP -B _build && cmake --build _build
|
||||||
|
export CTEST_OUTPUT_ON_FAILURE=1
|
||||||
|
export HARNESS_OSSL_PREFIX=''
|
||||||
|
export OPENSSL_APP="$O_EXE/openssl"
|
||||||
|
if [ -z "$OQS_SKIP_TESTS" ]; then
|
||||||
|
export OQS_SKIP_TESTS="rainbow,111"
|
||||||
|
fi
|
||||||
|
export OPENSSL_MODULES=$PWD/_build/oqsprov
|
||||||
|
export OQS_PROVIDER_TESTSCRIPTS=$SRCTOP/oqs-provider
|
||||||
|
$SRCTOP/oqs-provider/scripts/runtests.sh
|
Loading…
Reference in New Issue