diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b33b6775..7b27c68a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -99,7 +99,7 @@ jobs: - name: Install rust toolchain uses: dtolnay/rust-toolchain@stable - - run: cargo package + - run: cargo package --all-features test: name: Build+test @@ -111,6 +111,7 @@ jobs: - --features=alloc - --all-features - --no-default-features + - --no-default-features --features alloc,std,aws_lc_rs mode: - # debug @@ -125,6 +126,7 @@ jobs: - features: # Default - features: --features=alloc - features: --no-default-features + - features: --no-default-features --features alloc,std,aws_lc_rs - features: --all-features mode: --release - features: --all-features @@ -179,6 +181,23 @@ jobs: mode: # debug rust_channel: stable host_os: ubuntu-latest + + # check aws-lc-rs alone + - features: --no-default-features --features alloc,std,aws_lc_rs + mode: # debug + rust_channel: stable + host_os: macos-latest + + - features: --no-default-features --features alloc,std,aws_lc_rs + mode: # debug + rust_channel: stable + host_os: windows-latest + + - features: --no-default-features --features alloc,std,aws_lc_rs + mode: # debug + rust_channel: stable + host_os: ubuntu-latest + steps: - name: Checkout sources uses: actions/checkout@v4 @@ -190,6 +209,10 @@ jobs: with: toolchain: ${{ matrix.rust_channel }} + - name: Install NASM for aws-lc-rs on Windows + if: runner.os == 'Windows' + uses: ilammy/setup-nasm@v1 + - name: cargo test (${{ matrix.mode }}, ${{ matrix.features }}) run: cargo test -vv ${{ matrix.features }} ${{ matrix.mode }} -- --ignored env: diff --git a/tests/better_tls.rs b/tests/better_tls.rs index fa6466dd..63febf93 100644 --- a/tests/better_tls.rs +++ b/tests/better_tls.rs @@ -1,4 +1,4 @@ -#![cfg(feature = "ring")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] use core::time::Duration; use std::collections::HashMap; @@ -9,9 +9,17 @@ use bzip2::read::BzDecoder; use pki_types::UnixTime; use serde::Deserialize; -use webpki::types::{CertificateDer, TrustAnchor}; +use webpki::types::{CertificateDer, SignatureVerificationAlgorithm, TrustAnchor}; use webpki::{extract_trust_anchor, KeyUsage, SubjectNameRef}; +// All of the BetterTLS testcases use P256 keys. +static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[ + #[cfg(feature = "ring")] + webpki::ring::ECDSA_P256_SHA256, + #[cfg(feature = "aws_lc_rs")] + webpki::aws_lc_rs::ECDSA_P256_SHA256, +]; + #[ignore] // Runs slower than other unit tests - opt-in with `cargo test -- --ignored` #[test] fn path_building() { @@ -69,7 +77,7 @@ fn run_testsuite(suite_name: &str, suite: &BetterTlsSuite, roots: &[TrustAnchor] let result = ee_cert .verify_for_usage( - &[webpki::ring::ECDSA_P256_SHA256], // All of the BetterTLS testcases use P256 keys. + ALGS, roots, intermediates, now, diff --git a/tests/client_auth_revocation.rs b/tests/client_auth_revocation.rs index ae37b4d7..504d5c0d 100644 --- a/tests/client_auth_revocation.rs +++ b/tests/client_auth_revocation.rs @@ -12,16 +12,23 @@ // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![cfg(feature = "ring")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] use core::time::Duration; -use pki_types::{CertificateDer, UnixTime}; +use pki_types::{CertificateDer, SignatureVerificationAlgorithm, UnixTime}; use webpki::{ extract_trust_anchor, KeyUsage, RevocationCheckDepth, RevocationOptions, RevocationOptionsBuilder, }; +static ALGS: &[&dyn SignatureVerificationAlgorithm] = &[ + #[cfg(feature = "ring")] + webpki::ring::ECDSA_P256_SHA256, + #[cfg(feature = "aws_lc_rs")] + webpki::aws_lc_rs::ECDSA_P256_SHA256, +]; + fn check_cert( ee: &[u8], intermediates: &[&[u8]], @@ -39,7 +46,7 @@ fn check_cert( .collect::>(); cert.verify_for_usage( - &[webpki::ring::ECDSA_P256_SHA256], + ALGS, anchors, &intermediates, time, diff --git a/tests/integration.rs b/tests/integration.rs index bc3277bd..e9d3d76a 100644 --- a/tests/integration.rs +++ b/tests/integration.rs @@ -12,7 +12,7 @@ // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![cfg(feature = "ring")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] use core::time::Duration; diff --git a/tests/signatures.rs b/tests/signatures.rs index a261bc96..009f5bca 100644 --- a/tests/signatures.rs +++ b/tests/signatures.rs @@ -12,9 +12,11 @@ // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -#![cfg(feature = "ring")] +#![cfg(any(feature = "ring", feature = "aws_lc_rs"))] use pki_types::{CertificateDer, SignatureVerificationAlgorithm}; + +#[cfg(feature = "ring")] use webpki::ring::{ ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519, }; @@ -25,6 +27,14 @@ use webpki::ring::{ RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, }; +#[cfg(all(not(feature = "ring"), feature = "aws_lc_rs"))] +use webpki::aws_lc_rs::{ + ECDSA_P256_SHA256, ECDSA_P256_SHA384, ECDSA_P384_SHA256, ECDSA_P384_SHA384, ED25519, + RSA_PKCS1_2048_8192_SHA256, RSA_PKCS1_2048_8192_SHA384, RSA_PKCS1_2048_8192_SHA512, + RSA_PKCS1_3072_8192_SHA384, RSA_PSS_2048_8192_SHA256_LEGACY_KEY, + RSA_PSS_2048_8192_SHA384_LEGACY_KEY, RSA_PSS_2048_8192_SHA512_LEGACY_KEY, +}; + #[cfg(feature = "alloc")] fn check_sig( ee: &[u8],