Skip to content

Commit

Permalink
Ensure cargo test passes with aws-lc-rs alone
Browse files Browse the repository at this point in the history
Ensure `cargo package` works with --all-features, otherwise
optional modules could be missing from the list in Cargo.toml!
  • Loading branch information
ctz committed Sep 15, 2023
1 parent c70ca46 commit 84436a0
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 9 deletions.
25 changes: 24 additions & 1 deletion .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -99,7 +99,7 @@ jobs:
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable

- run: cargo package
- run: cargo package --all-features

test:
name: Build+test
Expand All @@ -111,6 +111,7 @@ jobs:
- --features=alloc
- --all-features
- --no-default-features
- --no-default-features --features alloc,std,aws_lc_rs

mode:
- # debug
Expand All @@ -125,6 +126,7 @@ jobs:
- features: # Default
- features: --features=alloc
- features: --no-default-features
- features: --no-default-features --features alloc,std,aws_lc_rs
- features: --all-features
mode: --release
- features: --all-features
Expand Down Expand Up @@ -179,6 +181,23 @@ jobs:
mode: # debug
rust_channel: stable
host_os: ubuntu-latest

# check aws-lc-rs alone
- features: --no-default-features --features alloc,std,aws_lc_rs
mode: # debug
rust_channel: stable
host_os: macos-latest

- features: --no-default-features --features alloc,std,aws_lc_rs
mode: # debug
rust_channel: stable
host_os: windows-latest

- features: --no-default-features --features alloc,std,aws_lc_rs
mode: # debug
rust_channel: stable
host_os: ubuntu-latest

steps:
- name: Checkout sources
uses: actions/checkout@v4
Expand All @@ -190,6 +209,10 @@ jobs:
with:
toolchain: ${{ matrix.rust_channel }}

- name: Install NASM for aws-lc-rs on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1

- name: cargo test (${{ matrix.mode }}, ${{ matrix.features }})
run: cargo test -vv ${{ matrix.features }} ${{ matrix.mode }} -- --ignored
env:
Expand Down
14 changes: 11 additions & 3 deletions tests/better_tls.rs
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
#![cfg(feature = "ring")]
#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]

use core::time::Duration;
use std::collections::HashMap;
Expand All @@ -9,9 +9,17 @@ use bzip2::read::BzDecoder;
use pki_types::UnixTime;
use serde::Deserialize;

use webpki::types::{CertificateDer, TrustAnchor};
use webpki::types::{CertificateDer, SignatureVerificationAlgorithm, TrustAnchor};
use webpki::{extract_trust_anchor, KeyUsage, SubjectNameRef};

// All of the BetterTLS testcases use P256 keys.
static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
#[cfg(feature = "ring")]
webpki::ring::ECDSA_P256_SHA256,
#[cfg(feature = "aws_lc_rs")]
webpki::aws_lc_rs::ECDSA_P256_SHA256,
];

#[ignore] // Runs slower than other unit tests - opt-in with `cargo test -- --ignored`
#[test]
fn path_building() {
Expand Down Expand Up @@ -69,7 +77,7 @@ fn run_testsuite(suite_name: &str, suite: &BetterTlsSuite, roots: &[TrustAnchor]

let result = ee_cert
.verify_for_usage(
&[webpki::ring::ECDSA_P256_SHA256], // All of the BetterTLS testcases use P256 keys.
ALGS,
roots,
intermediates,
now,
Expand Down
13 changes: 10 additions & 3 deletions tests/client_auth_revocation.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,16 +12,23 @@
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

#![cfg(feature = "ring")]
#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]

use core::time::Duration;

use pki_types::{CertificateDer, UnixTime};
use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime};
use webpki::{
extract_trust_anchor, KeyUsage, RevocationCheckDepth, RevocationOptions,
RevocationOptionsBuilder,
};

static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[
#[cfg(feature = "ring")]
webpki::ring::ECDSA_P256_SHA256,
#[cfg(feature = "aws_lc_rs")]
webpki::aws_lc_rs::ECDSA_P256_SHA256,
];

fn check_cert(
ee: &[u8],
intermediates: &[&[u8]],
Expand All @@ -39,7 +46,7 @@ fn check_cert(
.collect::<Vec<_>>();

cert.verify_for_usage(
&[webpki::ring::ECDSA_P256_SHA256],
ALGS,
anchors,
&intermediates,
time,
Expand Down
2 changes: 1 addition & 1 deletion tests/integration.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

#![cfg(feature = "ring")]
#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]

use core::time::Duration;

Expand Down
12 changes: 11 additions & 1 deletion tests/signatures.rs
Original file line number Diff line number Diff line change
Expand Up @@ -12,9 +12,11 @@
// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

#![cfg(feature = "ring")]
#![cfg(any(feature = "ring", feature = "aws_lc_rs"))]

use pki_types::{CertificateDer, SignatureVerificationAlgorithm};

#[cfg(feature = "ring")]
use webpki::ring::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
};
Expand All @@ -25,6 +27,14 @@ use webpki::ring::{
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};

#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))]
use webpki::aws_lc_rs::{
ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519,
RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512,
RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY,
RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY,
};

#[cfg(feature = "alloc")]
fn check_sig(
ee: &[u8],
Expand Down

0 comments on commit 84436a0

Please sign in to comment.