Skip to content

ci: add wycheproof vector test job#10258

Open
MarkAtwood wants to merge 4 commits intowolfSSL:masterfrom
MarkAtwood:ci/wycheproof-integration
Open

ci: add wycheproof vector test job#10258
MarkAtwood wants to merge 4 commits intowolfSSL:masterfrom
MarkAtwood:ci/wycheproof-integration

Conversation

@MarkAtwood
Copy link
Copy Markdown

@MarkAtwood MarkAtwood commented Apr 17, 2026

Summary

  • Adds .github/workflows/wycheproof.yml which builds wolfSSL from the PR branch and runs it against the wolfSSL/wychcheck test suite (340+ Wycheproof JSON test files, NIST ACVP vectors, and RFC vectors covering AES-GCM, AES-EAX, AES-SIV, ChaCha20-Poly1305, RSA-PSS, RSA-OAEP, ECDH/ECDSA over all curves, X25519, ML-DSA, ML-KEM, SLH-DSA, EdDSA)
  • Guarded with if: github.repository_owner == 'wolfssl' per project convention
  • Only inits the wycheproof submodule (not acvp-server which is 900 MB)
  • Uploads JUnit XML results as a build artifact

Relationship to wychcheck

wolfSSL/wychcheck already runs nightly against wolfssl/wolfssl master (Saturday 22:00 UTC). This job adds per-PR coverage so regressions are caught before merge rather than after.

Test plan

  • Verify job appears in PR checks
  • Confirm wolfcrypt-check builds and ctest passes
  • Confirm artifact upload contains wycheproof-results/test-results.xml

Copilot AI reviewed Apr 17, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a dedicated GitHub Actions workflow to run wolfSSL against the wolfSSL/wychcheck (Wycheproof + vector) suite on pushes and PRs, and to publish JUnit XML results as an artifact.

Changes:

  • Introduces .github/workflows/wycheproof.yml with a new wycheproof CI job.
  • Builds wolfSSL from the PR branch, builds wolfcrypt-check from wolfSSL/wychcheck, and executes ctest with JUnit output.
  • Uploads the generated JUnit XML as a workflow artifact.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/wycheproof.yml Outdated
Comment thread .github/workflows/wycheproof.yml
Comment on lines +26 to +29
- name: Build wolfSSL
run: |
autoreconf -i
./configure \
Copy link

Copilot AI Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This workflow assumes build tooling (e.g., autoconf/automake/libtool, compiler toolchain, cmake/ctest) is present on ubuntu-latest. Since ubuntu-latest runner contents can change over time, this can cause sporadic CI failures. Add an explicit dependency-install step (apt-get) before autoreconf/cmake to make the job deterministic.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown
Author

@MarkAtwood MarkAtwood Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot apply changes based on this feedback

Copy link
Copy Markdown
Author

@MarkAtwood MarkAtwood Apr 17, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot apply changes based on this feedback

Comment thread .github/workflows/wycheproof.yml
Comment thread .github/workflows/wycheproof.yml Outdated
@github-actions
Copy link
Copy Markdown

github-actions bot commented Apr 18, 2026

MemBrowse Memory Report

No memory changes detected for:

@LinuxJedi LinuxJedi assigned wolfSSL-Bot and unassigned wolfSSL-Bot Apr 18, 2026
LinuxJedi
LinuxJedi reviewed Apr 18, 2026
View reviewed changes
Comment thread .github/workflows/wycheproof.yml
--enable-aeseax \
--enable-aessiv \
--enable-aesxts \
--enable-keywrap \
Copy link
Copy Markdown
Member

@LinuxJedi LinuxJedi Apr 18, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That isn't an option. Did you mean --enable-aeskeywrap?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LinuxJedi LinuxJedi LinuxJedi left review comments

Copilot code review Copilot Copilot left review comments

@dgarske dgarske Awaiting requested review from dgarske

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@MarkAtwood @LinuxJedi @wolfSSL-Bot