Skip to content

SCP11: Remove dependency on OpenSSL when calculating messge CMAC value #92

SCP11: Remove dependency on OpenSSL when calculating messge CMAC value

SCP11: Remove dependency on OpenSSL when calculating messge CMAC value #92

name: Ubuntu with LibreSSL and OpenSSL
on: [push]
jobs:
libressl_build:
name: Build with LibreSSL
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Install prerequisites
run: |
set -x
sudo apt install libpcsclite-dev check gengetopt help2man zlib1g-dev
- name: Install LibreSSL from source
run: |
set -x
cd ..
wget -nv http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1.tar.gz
tar -xzf libressl-3.6.1.tar.gz
cd libressl-3.6.1
mkdir build; cd build
cmake ..
make
- name: Build and install
run: |
set -x
mkdir build; cd build
PKG_CONFIG_PATH=/home/runner/work/yubico-piv-tool/libressl-3.6.1/build/pkgconfig cmake .. -DVERBOSE_CMAKE=ON
make
make test
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T ykcs11/libykcs11.so | grep C_Sign
ldd tool/yubico-piv-tool | grep libcrypto.so
ldd lib/libykpiv.so | grep libcrypto.so
ldd ykcs11/libykcs11.so | grep libcrypto.so
sudo make install
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
export LD_LIBRARY_PATH=$LIBDIR
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T $LIBDIR/libykcs11.so | grep C_Sign
openssl_1_1_build:
name: Build with OpenSSL 1.1
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Install prerequisites
run: |
set -x
sudo apt install libpcsclite-dev check gengetopt help2man zlib1g-dev
- name: Install OpenSSL 1.1 from source
run: |
set -x
cd ..
wget -nv https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1w.tar.gz
tar -xzf OpenSSL_1_1_1w.tar.gz
cd openssl-OpenSSL_1_1_1w
./Configure linux-x86_64 shared --prefix=/home/runner/work/yubico-piv-tool/openssl
sudo make all install VERSION="1.1.1s"
- name: Build and install
run: |
set -x
mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_PKG_PATH=/home/runner/work/yubico-piv-tool/openssl/lib/pkgconfig
make
make test
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T ykcs11/libykcs11.so | grep C_Sign
ldd tool/yubico-piv-tool | grep libcrypto.so
ldd lib/libykpiv.so | grep libcrypto.so
ldd ykcs11/libykcs11.so | grep libcrypto.so
sudo make install
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
sudo cp /home/runner/work/yubico-piv-tool/openssl/lib/libcrypto.* $LIBDIR/
export LD_LIBRARY_PATH=$LIBDIR
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T $LIBDIR/libykcs11.so | grep C_Sign
openss_3_build:
name: Build with OpenSSL 3.0
runs-on: ubuntu-latest
steps:
- name: checkout
uses: actions/checkout@v2
- name: Install prerequisites
run: |
set -x
sudo apt install libpcsclite-dev check gengetopt help2man zlib1g-dev
- name: Install OpenSSL 3.0 from source
run: |
set -x
cd ..
wget -nv https://github.com/openssl/openssl/archive/refs/tags/openssl-3.3.1.tar.gz
tar -xzf openssl-3.3.1.tar.gz
cd openssl-openssl-3.3.1
./Configure linux-x86_64 shared --prefix=/home/runner/work/yubico-piv-tool/openssl
sudo make all install VERSION="3.0.7"
- name: Build and install
run: |
set -x
mkdir build; cd build
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_PKG_PATH=/home/runner/work/yubico-piv-tool/openssl/lib64/pkgconfig
make
make test
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T ykcs11/libykcs11.so | grep C_Sign
ldd tool/yubico-piv-tool | grep libcrypto.so
ldd lib/libykpiv.so | grep libcrypto.so
ldd ykcs11/libykcs11.so | grep libcrypto.so
sudo make install
cd ..
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p")
sudo cp /home/runner/work/yubico-piv-tool/openssl/lib64/libcrypto.* $LIBDIR/
export LD_LIBRARY_PATH=$LIBDIR
yubico-piv-tool --help | grep "Usage: yubico-piv-tool"
objdump -T $LIBDIR/libykcs11.so | grep C_Sign