SCP11: Remove dependency on OpenSSL when calculating messge CMAC value #92
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Ubuntu with LibreSSL and OpenSSL | |
on: [push] | |
jobs: | |
libressl_build: | |
name: Build with LibreSSL | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
- name: Install prerequisites | |
run: | | |
set -x | |
sudo apt install libpcsclite-dev check gengetopt help2man zlib1g-dev | |
- name: Install LibreSSL from source | |
run: | | |
set -x | |
cd .. | |
wget -nv http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.1.tar.gz | |
tar -xzf libressl-3.6.1.tar.gz | |
cd libressl-3.6.1 | |
mkdir build; cd build | |
cmake .. | |
make | |
- name: Build and install | |
run: | | |
set -x | |
mkdir build; cd build | |
PKG_CONFIG_PATH=/home/runner/work/yubico-piv-tool/libressl-3.6.1/build/pkgconfig cmake .. -DVERBOSE_CMAKE=ON | |
make | |
make test | |
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump -T ykcs11/libykcs11.so | grep C_Sign | |
ldd tool/yubico-piv-tool | grep libcrypto.so | |
ldd lib/libykpiv.so | grep libcrypto.so | |
ldd ykcs11/libykcs11.so | grep libcrypto.so | |
sudo make install | |
cd .. | |
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p") | |
export LD_LIBRARY_PATH=$LIBDIR | |
yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump -T $LIBDIR/libykcs11.so | grep C_Sign | |
openssl_1_1_build: | |
name: Build with OpenSSL 1.1 | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
- name: Install prerequisites | |
run: | | |
set -x | |
sudo apt install libpcsclite-dev check gengetopt help2man zlib1g-dev | |
- name: Install OpenSSL 1.1 from source | |
run: | | |
set -x | |
cd .. | |
wget -nv https://github.com/openssl/openssl/archive/refs/tags/OpenSSL_1_1_1w.tar.gz | |
tar -xzf OpenSSL_1_1_1w.tar.gz | |
cd openssl-OpenSSL_1_1_1w | |
./Configure linux-x86_64 shared --prefix=/home/runner/work/yubico-piv-tool/openssl | |
sudo make all install VERSION="1.1.1s" | |
- name: Build and install | |
run: | | |
set -x | |
mkdir build; cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_PKG_PATH=/home/runner/work/yubico-piv-tool/openssl/lib/pkgconfig | |
make | |
make test | |
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump -T ykcs11/libykcs11.so | grep C_Sign | |
ldd tool/yubico-piv-tool | grep libcrypto.so | |
ldd lib/libykpiv.so | grep libcrypto.so | |
ldd ykcs11/libykcs11.so | grep libcrypto.so | |
sudo make install | |
cd .. | |
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p") | |
sudo cp /home/runner/work/yubico-piv-tool/openssl/lib/libcrypto.* $LIBDIR/ | |
export LD_LIBRARY_PATH=$LIBDIR | |
yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump -T $LIBDIR/libykcs11.so | grep C_Sign | |
openss_3_build: | |
name: Build with OpenSSL 3.0 | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout | |
uses: actions/checkout@v2 | |
- name: Install prerequisites | |
run: | | |
set -x | |
sudo apt install libpcsclite-dev check gengetopt help2man zlib1g-dev | |
- name: Install OpenSSL 3.0 from source | |
run: | | |
set -x | |
cd .. | |
wget -nv https://github.com/openssl/openssl/archive/refs/tags/openssl-3.3.1.tar.gz | |
tar -xzf openssl-3.3.1.tar.gz | |
cd openssl-openssl-3.3.1 | |
./Configure linux-x86_64 shared --prefix=/home/runner/work/yubico-piv-tool/openssl | |
sudo make all install VERSION="3.0.7" | |
- name: Build and install | |
run: | | |
set -x | |
mkdir build; cd build | |
cmake .. -DVERBOSE_CMAKE=ON -DOPENSSL_PKG_PATH=/home/runner/work/yubico-piv-tool/openssl/lib64/pkgconfig | |
make | |
make test | |
./tool/yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump -T ykcs11/libykcs11.so | grep C_Sign | |
ldd tool/yubico-piv-tool | grep libcrypto.so | |
ldd lib/libykpiv.so | grep libcrypto.so | |
ldd ykcs11/libykcs11.so | grep libcrypto.so | |
sudo make install | |
cd .. | |
LIBDIR=$(cmake -L | sed -n "s/^.*YKPIV_INSTALL_LIB_DIR:PATH=\s*\(\S*\).*$/\1/p") | |
sudo cp /home/runner/work/yubico-piv-tool/openssl/lib64/libcrypto.* $LIBDIR/ | |
export LD_LIBRARY_PATH=$LIBDIR | |
yubico-piv-tool --help | grep "Usage: yubico-piv-tool" | |
objdump -T $LIBDIR/libykcs11.so | grep C_Sign |