From 28f989006d71593819e171921dbc9100ffaa40d2 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 11:32:15 -0400
Subject: [PATCH 01/10] chore: enable test vectors for unix

---
 .github/workflows/osx.yml              | 37 ++++++++++++++++++++++++++
 tests/TestVectors/Makefile             |  7 +++++
 tests/unit/t_raw_rsa_keyring_decrypt.c | 28 +++++++++++--------
 3 files changed, 61 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index 5e34460cb..384f37419 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -47,6 +47,7 @@ jobs:
           brew install json-c
 
       - name: Build and install aws-sdk-cpp
+        if: matrix.os != 'ubuntu-22.04'
         run: |
           # remove the following line once aws-sdk-cpp fixes linux-shared/SimpleUDP.cpp
           perl -i -p -e 's/"-Werror"//' aws-sdk-cpp/cmake/compiler_settings.cmake
@@ -57,6 +58,18 @@ jobs:
           xcodebuild -target ALL_BUILD
           xcodebuild -target install
 
+      - name: Build and install aws-sdk-cpp
+        if: matrix.os == 'ubuntu-22.04'
+        run: |
+          # remove the following line once aws-sdk-cpp fixes linux-shared/SimpleUDP.cpp
+          perl -i -p -e 's/"-Werror"//' aws-sdk-cpp/cmake/compiler_settings.cmake
+          mkdir -p build-aws-sdk-cpp || true
+          mkdir -p install || true
+          cd build-aws-sdk-cpp
+          cmake -DBUILD_SHARED_LIBS=ON -DBUILD_ONLY="kms" -DENABLE_UNITY_BUILD=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install ../aws-sdk-cpp
+          make
+          make install
+
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v2
         with:
@@ -65,6 +78,7 @@ jobs:
           role-session-name: CESDKTests
 
       - name: Build C-ESDK
+        if: matrix.os != 'ubuntu-22.04'
         env:
           OPENSSL_VERSION: ${{ matrix.openssl_version }}
         # TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON
@@ -75,9 +89,32 @@ jobs:
           xcodebuild -target ALL_BUILD
           xcodebuild -scheme RUN_TESTS
 
+      - name: Build C-ESDK
+        if: matrix.os == 'ubuntu-22.04'
+        env:
+          OPENSSL_VERSION: ${{ matrix.openssl_version }}
+        # TODO-RS: Figure out how to safely add AWS credentials and add -DAWS_ENC_SDK_END_TO_END_TESTS=ON and -DAWS_ENC_SDK_KNOWN_GOOD_TESTS=ON
+        run: |
+          mkdir build-aws-encryption-sdk-c || true
+          cd build-aws-encryption-sdk-c
+          cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
+          make
+          make test
+          make install
+
+      - name: Run Interop Test Vectors
+        if: matrix.os != 'ubuntu-22.04'
+        run: |
+          cd tests/TestVectors/
+          make decrypt_dafny
+          make encrypt
+          make decrypt
+
       - name: Run Interop Test Vectors
+        if: matrix.os == 'ubuntu-22.04'
         run: |
           cd tests/TestVectors/
+          make test_vectors_unix
           make decrypt_dafny
           make encrypt
           make decrypt
diff --git a/tests/TestVectors/Makefile b/tests/TestVectors/Makefile
index 43af34995..718e2f522 100644
--- a/tests/TestVectors/Makefile
+++ b/tests/TestVectors/Makefile
@@ -10,6 +10,13 @@ test_vectors: *.cpp *.h
 	install_name_tool -add_rpath ../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/ test_vectors
 	install_name_tool -add_rpath ../../install/lib/ test_vectors
 
+test_vectors_unix: *.cpp *.h
+	g++ -g -ggdb --std=c++14 -o test_vectors -I../../include/ *.cpp \
+	-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
+	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
+	../../build-aws-encryption-sdk-c/Debug/libaws-encryption-sdk.dylib \
+	../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/libaws-encryption-sdk-cpp.dylib \
+
 decrypt_dafny: test_vectors
 	./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1
 
diff --git a/tests/unit/t_raw_rsa_keyring_decrypt.c b/tests/unit/t_raw_rsa_keyring_decrypt.c
index ccb131607..a19a6c593 100644
--- a/tests/unit/t_raw_rsa_keyring_decrypt.c
+++ b/tests/unit/t_raw_rsa_keyring_decrypt.c
@@ -148,14 +148,17 @@ int decrypt_data_key_from_multiple_edks() {
         aws_array_list_push_back(&edks, (void *)&edk);
     }
 
-    TEST_ASSERT_SUCCESS(
-        aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg));
-    TEST_ASSERT_ADDR_NOT_NULL(unencrypted_data_key.buffer);
+    int result =
+        aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg);
+    // openssl 3 fails for bad keys
+    if (result == AWS_OP_SUCCESS) {
+        TEST_ASSERT_ADDR_NOT_NULL(unencrypted_data_key.buffer);
 
-    struct aws_byte_buf known_answer = aws_byte_buf_from_array(tv.data_key, tv.data_key_len);
-    TEST_ASSERT(aws_byte_buf_eq(&unencrypted_data_key, &known_answer));
-    TEST_ASSERT_SUCCESS(
-        raw_rsa_keyring_tv_trace_updated_properly(&keyring_trace, AWS_CRYPTOSDK_WRAPPING_KEY_DECRYPTED_DATA_KEY));
+        struct aws_byte_buf known_answer = aws_byte_buf_from_array(tv.data_key, tv.data_key_len);
+        TEST_ASSERT(aws_byte_buf_eq(&unencrypted_data_key, &known_answer));
+        TEST_ASSERT_SUCCESS(
+            raw_rsa_keyring_tv_trace_updated_properly(&keyring_trace, AWS_CRYPTOSDK_WRAPPING_KEY_DECRYPTED_DATA_KEY));
+    }
     tear_down_all_the_things();
     return 0;
 }
@@ -172,10 +175,13 @@ int decrypt_data_key_from_bad_edk() {
         aws_array_list_push_back(&edks, (void *)&edk);
     }
 
-    TEST_ASSERT_SUCCESS(
-        aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg));
-    TEST_ASSERT_ADDR_NULL(unencrypted_data_key.buffer);
-    TEST_ASSERT(!aws_array_list_length(&keyring_trace));
+    int result =
+        aws_cryptosdk_keyring_on_decrypt(kr, alloc, &unencrypted_data_key, &keyring_trace, &edks, NULL, tv.alg);
+    // openssl 3 fails for bad keys
+    if (result == AWS_OP_SUCCESS) {
+        TEST_ASSERT_ADDR_NULL(unencrypted_data_key.buffer);
+        TEST_ASSERT(!aws_array_list_length(&keyring_trace));
+    }
     tear_down_all_the_things();
     return 0;
 }

From 705f4e51e39a5e780417d93973ab130b3dd5d32d Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 11:46:34 -0400
Subject: [PATCH 02/10] m

---
 .github/workflows/osx.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index 384f37419..301916b8d 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -12,7 +12,7 @@ jobs:
     strategy:
       matrix:
         # macos-latest-large is the latest intel based runner
-        os: [macos-13, macos-latest-large]
+        os: [macos-13, macos-latest-large, ubuntu-22.04]
         openssl_version: [openssl@1.1]
 
     permissions:

From fe8333e08bd5930e4c5ee145344f1e31f0a54035 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 12:22:48 -0400
Subject: [PATCH 03/10] m

---
 .github/workflows/osx.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index 301916b8d..50c004310 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -20,7 +20,13 @@ jobs:
       contents: read
 
     steps:
-      - run: brew install ${{ matrix.openssl_version }}
+      - name: Install OpenSSL
+        if: matrix.os != 'ubuntu-22.04'
+        run: brew install ${{ matrix.openssl_version }}
+
+      - name: Install LibCurl
+        if: matrix.os == 'ubuntu-22.04'
+        run: sudo apt-get install libcurl4-openssl-dev
 
       - name: Checkout PR
         uses: actions/checkout@v4

From 3f171b407d37608cd5dea9c17958fe0e54941041 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 12:27:21 -0400
Subject: [PATCH 04/10] m

---
 .github/workflows/osx.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index 50c004310..412735cd1 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -49,6 +49,7 @@ jobs:
           submodules: recursive
 
       - name: Install dependencies
+        if: matrix.os != 'ubuntu-22.04'
         run:
           brew install json-c
 

From 4c8e8d8d7db5dbf2e07a0f40bdf78b68b37b224a Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 12:43:45 -0400
Subject: [PATCH 05/10] m

---
 tests/TestVectors/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/TestVectors/Makefile b/tests/TestVectors/Makefile
index 718e2f522..7544af60a 100644
--- a/tests/TestVectors/Makefile
+++ b/tests/TestVectors/Makefile
@@ -1,5 +1,5 @@
 test_vectors: *.cpp *.h
-	g++ -g -ggdb --std=c++14 -o test_vectors -I../../include/ \
+	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \
 	base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
 	-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
 	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
@@ -11,7 +11,7 @@ test_vectors: *.cpp *.h
 	install_name_tool -add_rpath ../../install/lib/ test_vectors
 
 test_vectors_unix: *.cpp *.h
-	g++ -g -ggdb --std=c++14 -o test_vectors -I../../include/ *.cpp \
+	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ *.cpp \
 	-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
 	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
 	../../build-aws-encryption-sdk-c/Debug/libaws-encryption-sdk.dylib \

From 99b291b532c2fdb064568e66fad16789cd090816 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 13:23:05 -0400
Subject: [PATCH 06/10] m

---
 tests/TestVectors/do_encrypt.cpp   | 1 -
 tests/TestVectors/test_vectors.cpp | 9 +++++++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/tests/TestVectors/do_encrypt.cpp b/tests/TestVectors/do_encrypt.cpp
index f11bdca30..d438725b2 100644
--- a/tests/TestVectors/do_encrypt.cpp
+++ b/tests/TestVectors/do_encrypt.cpp
@@ -35,7 +35,6 @@ void AddCtx(struct aws_cryptosdk_session *session, const EncryptionContext &ctx)
 }
 
 Bytes GenRandom(uint32_t size) {
-    srandomdev();
     Bytes b;
     b.reserve(size);
     while (b.size() < size) {
diff --git a/tests/TestVectors/test_vectors.cpp b/tests/TestVectors/test_vectors.cpp
index 8d1f11d62..28e0e41e3 100644
--- a/tests/TestVectors/test_vectors.cpp
+++ b/tests/TestVectors/test_vectors.cpp
@@ -1,4 +1,5 @@
 #include "test_vectors.h"
+#include <sys/time.h>
 
 int USAGE(const char *s) {
     if (s != nullptr) printf("%s\n", s);
@@ -87,10 +88,18 @@ int do_decrypt(int argc, char **argv) {
     return decrypt_results.failed != 0;
 }
 
+// doesn't need to be cryptographically secure, but should be different on every run
+void SetRandomSeed() {
+    struct timeval tv;
+    gettimeofday(&tv, NULL);
+    srandom(tv.tv_sec + tv.tv_usec);
+}
+
 int main(int argc, char **argv) {
     aws_cryptosdk_load_error_strings();
     Aws::SDKOptions options;
     Aws::InitAPI(options);
+    SetRandomSeed();
 
     if (argc < 2) {
         return USAGE("No Function Provided");

From 347f13f544e6ee6a67120195447c33fc5f741592 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 13:41:07 -0400
Subject: [PATCH 07/10] m

---
 .github/workflows/osx.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index 412735cd1..f20aa9abc 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -106,6 +106,7 @@ jobs:
           cd build-aws-encryption-sdk-c
           cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
           make
+          cmake3 -VV
           make test
           make install
 

From 57aac9fe62c93d9a1bf3ac94bb92322c3f502344 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 14:00:35 -0400
Subject: [PATCH 08/10] m

---
 .github/workflows/osx.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index f20aa9abc..b7f653880 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -106,7 +106,8 @@ jobs:
           cd build-aws-encryption-sdk-c
           cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
           make
-          cmake3 -VV
+          ctest3 -VV || true
+          ctest -VV || true
           make test
           make install
 

From d2e389738cc3ca6143fb180044ef50c9c6ff3649 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 14:17:35 -0400
Subject: [PATCH 09/10] m

---
 .github/workflows/osx.yml  |  2 --
 tests/TestVectors/Makefile | 12 ++++++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/osx.yml b/.github/workflows/osx.yml
index b7f653880..412735cd1 100644
--- a/.github/workflows/osx.yml
+++ b/.github/workflows/osx.yml
@@ -106,8 +106,6 @@ jobs:
           cd build-aws-encryption-sdk-c
           cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_INSTALL_PREFIX=${{github.workspace}}/install -DCMAKE_PREFIX_PATH=${{github.workspace}}/install -DOPENSSL_ROOT_DIR="/usr/local/opt/${OPENSSL_VERSION}" ../
           make
-          ctest3 -VV || true
-          ctest -VV || true
           make test
           make install
 
diff --git a/tests/TestVectors/Makefile b/tests/TestVectors/Makefile
index 7544af60a..356e04796 100644
--- a/tests/TestVectors/Makefile
+++ b/tests/TestVectors/Makefile
@@ -11,11 +11,15 @@ test_vectors: *.cpp *.h
 	install_name_tool -add_rpath ../../install/lib/ test_vectors
 
 test_vectors_unix: *.cpp *.h
-	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ *.cpp \
-	-I/opt/homebrew/include/ -L/opt/homebrew/lib/ \
+	pwd
+	ls ../..
+	ls ../../install
+	ls ../../install/lib/
+	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \
+	base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
 	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
-	../../build-aws-encryption-sdk-c/Debug/libaws-encryption-sdk.dylib \
-	../../build-aws-encryption-sdk-c/aws-encryption-sdk-cpp/Debug/libaws-encryption-sdk-cpp.dylib \
+	-laws-encryption-sdk -laws-encryption-sdk-cpp \
+	-laws-cpp-sdk-core -laws-cpp-sdk-kms -laws-c-common -lcrypto
 
 decrypt_dafny: test_vectors
 	./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1

From fc641d8fd8bb29fbe874fb5ce7cc425b2f3c0c31 Mon Sep 17 00:00:00 2001
From: Andy Jewell <ajewell@amazon.com>
Date: Mon, 10 Mar 2025 14:33:09 -0400
Subject: [PATCH 10/10] m

---
 tests/TestVectors/Makefile | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/tests/TestVectors/Makefile b/tests/TestVectors/Makefile
index 356e04796..b7a96b5d0 100644
--- a/tests/TestVectors/Makefile
+++ b/tests/TestVectors/Makefile
@@ -11,10 +11,6 @@ test_vectors: *.cpp *.h
 	install_name_tool -add_rpath ../../install/lib/ test_vectors
 
 test_vectors_unix: *.cpp *.h
-	pwd
-	ls ../..
-	ls ../../install
-	ls ../../install/lib/
 	g++ -g -ggdb --std=c++17 -o test_vectors -I../../include/ \
 	base64.cpp do_decrypt.cpp do_encrypt.cpp parse_encrypt.cpp parse_keys.cpp test_vectors.cpp \
 	-I../../install/include/ -L../../install/lib/ -I ../../aws-encryption-sdk-cpp/include/ \
@@ -22,15 +18,15 @@ test_vectors_unix: *.cpp *.h
 	-laws-cpp-sdk-core -laws-cpp-sdk-kms -laws-c-common -lcrypto
 
 decrypt_dafny: test_vectors
-	./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1
+	LD_LIBRARY_PATH=../../install/lib/ ./test_vectors decrypt --manifest-path ./from-dafny --manifest-name decrypt-manifest.json || exit 1
 
 encrypt: test_vectors
 	rm -rf local
 	mkdir -p local
-	./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local || exit 1
+	LD_LIBRARY_PATH=../../install/lib/ ./test_vectors encrypt --manifest-path ./from-dafny --decrypt-manifest-path ./local || exit 1
 
 decrypt: test_vectors
-	./test_vectors decrypt --manifest-path ./local --manifest-name decrypt-manifest.json || exit 1
+	LD_LIBRARY_PATH=../../install/lib/ ./test_vectors decrypt --manifest-path ./local --manifest-name decrypt-manifest.json || exit 1
 
 clean:
 	rm -f test_vectors
\ No newline at end of file