Merge pull request #286 from aidangarske/ssh-git-test

Add git test for replace default

Author: ColtonWilley

.github/workflows/asan.yml

@@ -3,9 +3,9 @@ name: Asan Test
 # START OF COMMON SECTION
 on:
   push:
-    branches: [ "*" ]
+    branches: [ '*' ]
   pull_request:
-    branches: [ "*" ]
+    branches: [ '*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/bind9.yml

@@ -24,6 +24,7 @@ jobs:
         wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.2' ]
         replace_default: [ true ]
+        fips: [ false ]
 
   test_bind:
     runs-on: ubuntu-22.04
@@ -42,6 +43,7 @@ jobs:
         openssl_ref: [ 'openssl-3.5.2' ]
         force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
         replace_default: [ true ]
+        fips: [ false ]
     env:
       WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
       OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -81,6 +83,10 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
+      - name: Verify wolfProvider is properly installed
+        run: |
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
       - name: Install bind9 test dependencies
         run: |
           apt-get update
@@ -113,6 +119,7 @@ jobs:
         working-directory: bind9
         shell: bash
         run: |
+
           set +o pipefail # ignore errors from make check
           autoreconf -ivf
           ./configure

.github/workflows/cjose.yml

@@ -24,6 +24,7 @@ jobs:
         wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.2' ]
         replace_default: [ true ]
+        fips: [ false ]
 
   test_cjose:
     runs-on: ubuntu-22.04
@@ -43,6 +44,7 @@ jobs:
         openssl_ref: [ 'openssl-3.5.2' ]
         force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
         replace_default: [ true ]
+        fips: [ false ]
     env:
       WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
       OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -88,12 +90,9 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
-
-
-      - name: Check wolfProvider is installed
+      - name: Verify wolfProvider is properly installed
         run: |
-          openssl list -providers
-          openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
 
       - name: Download cjose
         uses: actions/checkout@v4
@@ -114,10 +113,6 @@ jobs:
       - name: Run cjose tests
         working-directory: cjose
         run: |
-          # wolfProvider is already loaded as the default provider
-          echo "Current OpenSSL providers:"
-          openssl list -providers
-          openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
           export ${{ matrix.force_fail }}
 
           make test 2>&1 | tee cjose-test.log

.github/workflows/curl.yml

@@ -24,6 +24,7 @@ jobs:
         wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.2' ]
         replace_default: [ true ]
+        fips: [ false ]
 
   test_curl:
     runs-on: ubuntu-22.04
@@ -41,9 +42,7 @@ jobs:
         openssl_ref: [ 'openssl-3.5.2' ]
         force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
         replace_default: [ true ]
-        exclude:
-          - curl_ref: 'master'
-            force_fail: 'WOLFPROV_FORCE_FAIL=1'
+        fips: [ false ]
     env:
       WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
       OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -83,6 +82,10 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
+      - name: Verify wolfProvider is properly installed
+        run: |
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
       - name: Install dependencies
         run: |
           apt-get update

.github/workflows/debian-package.yml

@@ -3,7 +3,7 @@ name: Debian Package Test
 # START OF COMMON SECTION
 on:
   push:
-    branches: [ '**' ] # 'master', 'main', 'release/**' ]
+    branches: [ 'master', 'main', 'release/**' ]
   pull_request:
     branches: [ '*' ]
 
@@ -27,6 +27,9 @@ jobs:
         replace_default: [ true ]
 
   libwolfprov-standalone:
+    # Standalone mode is disabled until we re-enable support for it in the debian build.
+    if: false
+
     runs-on: ubuntu-22.04
     needs: build_wolfprovider
     # Run inside Debian Bookworm to match packaging environment
@@ -77,11 +80,9 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
-      - name: Verify installation
+      - name: Verify wolfProvider is properly installed
         run: |
-          echo "Package Installation Verification:"
-          dpkg -l | grep libwolfprov
-          dpkg -L libwolfprov
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.fips && '--fips' || '' }}
 
       - name: Test OpenSSL provider functionality
         run: |
@@ -184,6 +185,11 @@ jobs:
       OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
       WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
     steps:
+      - name: Checkout wolfProvider
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
       - name: Checking OpenSSL/wolfProvider packages in cache
         uses: actions/cache/restore@v4
         id: wolfprov-cache
@@ -239,29 +245,9 @@ jobs:
           echo "Installed packages after wolfprov:"
           dpkg -l | grep -E "(wolfprov|wolfssl|openssl|libssl)"
 
-      - name: Test OpenSSL providers after wolfprov installation
+      - name: Verify wolfProvider is properly installed
         run: |
-          echo "Testing OpenSSL providers after wolfprov installation..."
-          echo "Expected: This should show wolfprov as an available provider"
-          
-          # Test openssl list -providers
-          if openssl list -providers; then
-            echo "SUCCESS: openssl list -providers works after wolfprov installation"
-          else
-            echo "FAILURE: openssl list -providers failed after wolfprov installation"
-            exit 1
-          fi
-          
-          echo "Provider list after wolfprov installation:"
-          openssl list -providers
-          
-          # Check if wolfprov provider is available
-          if openssl list -providers | grep -i "wolfprov"; then
-            echo "SUCCESS: wolfprov provider is available"
-          else
-            echo "WARNING: wolfprov provider not found in provider list"
-            echo "This might be expected if the provider needs to be explicitly loaded"
-          fi
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
 
       - name: Verify wolfprov configuration
         run: |

.github/workflows/git-ssh-dr.yml

@@ -0,0 +1,111 @@
+name: Git SSH Default Replace Tests
+
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**', ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build_wolfprovider:
+    uses: ./.github/workflows/build-wolfprovider.yml
+    with:
+      wolfssl_ref: ${{ matrix.wolfssl_ref }}
+      openssl_ref: ${{ matrix.openssl_ref }}
+      replace_default: ${{ matrix.replace_default }}
+    strategy:
+      matrix:
+        wolfssl_ref: [ 'v5.8.2-stable' ]
+        openssl_ref: [ 'openssl-3.5.2' ]
+        replace_default: [ true ]
+        fips: [ false ]
+
+  git-ssh-default-replace-test:
+    runs-on: ubuntu-22.04
+    container:
+      image: debian:bookworm
+      env:
+        DEBIAN_FRONTEND: noninteractive
+    needs: build_wolfprovider
+    # This should be a safe limit for the tests to run.
+    timeout-minutes: 20
+    strategy:
+      matrix:
+        wolfssl_ref: [ 'v5.8.2-stable' ]
+        openssl_ref: [ 'openssl-3.5.2' ]
+        replace_default: [ true ]
+        fips: [ false ]
+        key_type: [ 'rsa', 'ecdsa', 'ed25519', 'chacha20-poly1305' ]
+        force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+        iterations: [ 10 ] # Total of 50 runs
+    env:
+      WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+      OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+      WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
+
+    steps:
+    - name: Checkout wolfProvider
+      uses: actions/checkout@v4
+      with:
+        fetch-depth: 1
+
+    - name: Checking OpenSSL/wolfProvider packages in cache
+      uses: actions/cache/restore@v4
+      id: wolfprov-cache
+      with:
+        path: |
+          ${{ env.WOLFSSL_PACKAGES_PATH }}
+          ${{ env.OPENSSL_PACKAGES_PATH }}
+          ${{ env.WOLFPROV_PACKAGES_PATH }}
+        key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
+        fail-on-cache-miss: true
+
+    - name: Install wolfSSL/OpenSSL/wolfprov packages
+      run: |
+        printf "Installing OpenSSL/wolfProvider packages:\n"
+        ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+        ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+        ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+        apt install --reinstall -y \
+          ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+        apt install --reinstall -y \
+          ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+          ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+          ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+        apt install --reinstall -y \
+          ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+    - name: Verify wolfProvider is properly installed
+      run: |
+        $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+    - name: Set up environment
+      run: |
+        export DEBIAN_FRONTEND=noninteractive
+        apt-get update
+        apt-get install -y openssh-client openssh-server expect xxd git \
+          net-tools git-all
+
+    - name: Run git + replace default + ssh test
+      shell: bash
+      run: |
+        echo "=== Running Git + replace default + ssh Test ==="
+        echo "Using the local test script for consistent testing"
+        # Run the test with the matrix parameters
+        echo "Testing with key type: ${{ matrix.key_type }}"
+        echo "Running ${{ matrix.iterations }} iterations"
+
+        # Run the scripts test
+        ${{ matrix.force_fail }} ./scripts/test-git-ssh-dr.sh \
+          --key-types "${{ matrix.key_type }}" \
+          --iterations "${{ matrix.iterations }}" \
+          --verbose
+
+        echo "=== Test completed for ${{ matrix.key_type }} ==="

.github/workflows/grpc.yml

@@ -24,6 +24,7 @@ jobs:
         wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.2' ]
         replace_default: [ true ]
+        fips: [ false ]
 
   test_grpc:
     runs-on: ubuntu-22.04
@@ -48,6 +49,7 @@ jobs:
         wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.2' ]
         replace_default: [ true ]
+        fips: [ false ]
     env:
       WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
       OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -87,11 +89,15 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
+      - name: Verify wolfProvider is properly installed
+        run: |
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
       - name: Install prerequisites
         run: |
           apt-get update
-          apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev \
-            iproute2 clang net-tools git python3-six
+          apt-get install -y build-essential autoconf libtool pkg-config clang \
+            libc++-dev iproute2 net-tools git python3-six
 
       - name: Confirm IPv4 and IPv6 support
         run: |
@@ -129,6 +135,7 @@ jobs:
       - name: Run grpc tests with wolfProvider
         working-directory: ./grpc
         run: |
+
           # Start the port server
           ./tools/run_tests/start_port_server.py
 

.github/workflows/iperf.yml

@@ -24,6 +24,7 @@ jobs:
         wolfssl_ref: [ 'v5.8.2-stable' ]
         openssl_ref: [ 'openssl-3.5.2' ]
         replace_default: [ true ]
+        fips: [ false ]
 
   test_iperf:
     runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
         openssl_ref: [ 'openssl-3.5.2' ]
         force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
         replace_default: [ true ]
+        fips: [ false ]
     env:
       WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
       OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,10 +82,15 @@ jobs:
           apt install --reinstall -y \
             ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
 
+      - name: Verify wolfProvider is properly installed
+        run: |
+          $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
       - name: Install dependencies
         run: |
           apt-get update
-          apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev
+          apt-get install -y build-essential autoconf libtool pkg-config clang \
+            libc++-dev
 
       - name: Checkout iperf
         uses: actions/checkout@v4