dtls13: add check over handshake message length #6887
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PSK Tests | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'release/**' ] | |
| pull_request: | |
| types: [opened, synchronize, reopened, ready_for_review] | |
| branches: [ '*' ] | |
| # Weekday-morning cron (10:00 UTC) seeds the master-scoped ccache that PR runs | |
| # restore: re-runs --build-only (compile only, no tests) on the | |
| # default branch. PR runs are read-only (see ccache-setup). | |
| schedule: | |
| - cron: '36 10 * * 1-5' | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| # All former runner-per-config matrix entries build on one runner via | |
| # .github/scripts/parallel-make-check.py (see os-check.yml for the full | |
| # pattern): each config in its own out-of-tree ("VPATH") build directory | |
| # off one checkout/autogen, checks on a pool of one-per-CPU worker | |
| # threads, longest first. bubblewrap gives every test script its own | |
| # network namespace so concurrent checks cannot collide on TCP/UDP ports | |
| # (do not set AM_BWRAPPED here - that would disable it). | |
| make_check: | |
| name: make check | |
| if: ${{ (github.repository_owner == 'wolfssl') && (github.event_name != 'pull_request' || github.event.pull_request.draft == false) }} | |
| runs-on: ubuntu-24.04 | |
| # Generous for a cold ccache; warm reruns finish in a fraction. | |
| timeout-minutes: 10 | |
| steps: | |
| - uses: actions/checkout@v5 | |
| name: Checkout wolfSSL | |
| - name: Install dependencies | |
| uses: ./.github/actions/install-apt-deps | |
| with: | |
| packages: autoconf automake libtool build-essential bubblewrap | |
| ghcr-debs-tag: ubuntu-24.04-minimal | |
| # ccache via the cross-platform composite; the script passes the | |
| # compiler to configure as CC="ccache gcc" (or a per-config "cc"). | |
| - name: Set up ccache | |
| uses: ./.github/actions/ccache-setup | |
| with: | |
| workflow-id: psk | |
| read-only: ${{ github.event_name == 'pull_request' }} | |
| max-size: 100M | |
| # Ubuntu 24.04 can restrict unprivileged user namespaces via AppArmor, | |
| # which would stop the test scripts from re-execing under | |
| # bwrap --unshare-net (their port-isolation mechanism). | |
| - name: Allow unprivileged user namespaces (for bwrap) | |
| run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 || true | |
| # The JSON list below is the former runner-per-config matrix; add new | |
| # configs as new entries (a "comment" key is allowed for notes). | |
| # "minutes" is the expected duration driving longest-first scheduling: | |
| # take it from the Minutes column of a previous run's step summary, or | |
| # omit it for a new config (defaults to 1) and refresh later. The list | |
| # is kept sorted by minutes for readability, but the schedule sorts by | |
| # the values, not list order. | |
| - name: Build and make check all configs (parallel, out-of-tree) | |
| run: | | |
| cat > "$RUNNER_TEMP/psk-configs.json" <<'EOF' | |
| [ | |
| {"name": "psk-cert-extern", "minutes": 1, | |
| "configure": ["--enable-psk", "--enable-cert-with-extern-psk", | |
| "--disable-mlkem"]}, | |
| {"name": "static-psk-oldtls-sha2", "minutes": 1, | |
| "configure": ["--enable-psk", "--disable-mlkem", | |
| "C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK -DWOLFSSL_OLDTLS_SHA2_CIPHERSUITES"]}, | |
| {"name": "static-psk-no-pk", "minutes": 1, | |
| "configure": ["--enable-psk", "--disable-mlkem", | |
| "C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK", "--disable-rsa", | |
| "--disable-ecc", "--disable-dh"]}, | |
| {"name": "static-psk-lowresource-tls12", "minutes": 0.8, | |
| "configure": ["--disable-oldtls", "--disable-tls13", "--enable-psk", | |
| "--disable-rsa", "--disable-dh", "--disable-ecc", "--disable-asn", | |
| "C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK", "--enable-lowresource", | |
| "--enable-singlethreaded", "--disable-asm", | |
| "--disable-errorstrings", "--disable-pkcs12", "--disable-sha3", | |
| "--disable-sha224", "--disable-sha384", "--disable-sha512", | |
| "--disable-sha", "--disable-md5", "--disable-aescbc", | |
| "--disable-chacha", "--disable-poly1305", "--disable-coding", | |
| "--disable-sp-math-all", "--disable-mlkem"]}, | |
| {"name": "static-psk-lowresource-tls13", "minutes": 0.8, | |
| "configure": ["--disable-oldtls", "--disable-tlsv12", | |
| "--enable-tls13", "--enable-psk", "--disable-rsa", "--disable-dh", | |
| "--disable-ecc", "--disable-asn", | |
| "C_EXTRA_FLAGS=-DWOLFSSL_STATIC_PSK", "--enable-lowresource", | |
| "--enable-singlethreaded", "--disable-asm", | |
| "--disable-errorstrings", "--disable-pkcs12", "--disable-sha3", | |
| "--disable-sha224", "--disable-sha384", "--disable-sha512", | |
| "--disable-sha", "--disable-md5", "--disable-aescbc", | |
| "--disable-chacha", "--disable-poly1305", "--disable-coding", | |
| "--disable-sp-math-all", "--disable-mlkem"]} | |
| ] | |
| EOF | |
| .github/scripts/parallel-make-check.py \ | |
| ${{ github.event_name == 'schedule' && '--build-only' || '' }} \ | |
| --private-dir=certs \ | |
| "$RUNNER_TEMP/psk-configs.json" | |
| - name: ccache stats | |
| if: always() | |
| run: ccache -s || true | |
| - name: Upload logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| retention-days: 7 | |
| name: psk-logs | |
| path: | | |
| build-*/make-check.log | |
| build-*/test-suite.log | |
| build-*/config.log | |
| if-no-files-found: ignore |