Fix alert type for missing cert. Prevent building with RNG disabled and blinding enabled by default. Enforce bounds for AES CMAC size in verify. #4749
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: WOLFSSL_API_PREFIX_MAP | |
| # START OF COMMON SECTION | |
| on: | |
| push: | |
| branches: [ 'master', 'main', 'release/**' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| # END OF COMMON SECTION | |
| jobs: | |
| make_and_analyze: | |
| strategy: | |
| matrix: | |
| config: [ | |
| '--enable-all --enable-mlkem --enable-mldsa --enable-xmss --enable-lms --enable-acert --with-sys-crypto-policy CFLAGS=-DWOLFSSL_API_PREFIX_MAP' | |
| ] | |
| name: make and analyze | |
| if: github.repository_owner == 'wolfssl' | |
| runs-on: ubuntu-24.04 | |
| # This should be a safe limit for the tests to run. | |
| timeout-minutes: 6 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| name: Checkout wolfSSL | |
| - name: Test --enable-opensslcoexist and TEST_OPENSSL_COEXIST | |
| run: | | |
| ./autogen.sh || $(exit 2) | |
| ./configure ${{ matrix.config }} || $(exit 3) | |
| make -j 4 || $(exit 4) | |
| # ignore properly prefixed symbols, and symbols associated with asm implementations (all internal) regardless of prefix: | |
| readelf --symbols --wide src/.libs/libwolfssl.so | \ | |
| awk ' | |
| BEGIN { | |
| total_public_symbols = 0; | |
| unprefixed_public_symbols = 0; | |
| } | |
| { | |
| if (($5 == "GLOBAL") && ($6 != "HIDDEN") && ($7 ~ /^[0-9]+$/)) { | |
| ++total_public_symbols; | |
| } | |
| } | |
| { | |
| if (($7 !~ /^[0-9]+$/) || | |
| ($8 ~ /^(wc_|wolf|WOLF|__pfx|fe_|sp_[a-zA-Z090-0_]*[0-9])/) || | |
| ($8 ~ /(_avx[12]|_AVX[12]|_sse[12]|_SSE[12]|_aesni|_AESNI|_bmi2|_x64$)/)) | |
| { | |
| next; | |
| } | |
| } | |
| { | |
| if (($4 == "FUNC") && ($5 == "GLOBAL") && ($6 == "DEFAULT")) { | |
| ++unprefixed_public_symbols; | |
| print; | |
| } | |
| } | |
| END { | |
| if (unprefixed_public_symbols) { | |
| print unprefixed_public_symbols " unprefixed public symbols found, of " total_public_symbols " total." >"/dev/stderr"; | |
| exit(1); | |
| } else { | |
| print total_public_symbols " public symbols found in libwolfssl, all OK."; | |
| exit(0); | |
| } | |
| }' || $(exit 5) |