From 7cead1200fcf777da4b08bf98c6d14aa78072800 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 10 Jul 2024 15:07:41 -0400 Subject: [PATCH 1/9] Give possibility to use other forks --- scripts/utils-wolfssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh index ef4dbad3..062dc4c2 100755 --- a/scripts/utils-wolfssl.sh +++ b/scripts/utils-wolfssl.sh @@ -24,7 +24,7 @@ # SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" -WOLFSSL_GIT="https://github.com/wolfSSL/wolfssl.git" +WOLFSSL_GIT=${WOLFSSL_GIT:-"https://github.com/wolfSSL/wolfssl.git"} WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.6.3-stable"} WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install From 58e5045d70a80c3bdce8e2255d2f94a04a9ea458 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 10 Jul 2024 15:08:16 -0400 Subject: [PATCH 2/9] Need other tags for FIPS mode --- scripts/utils-wolfssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh index 062dc4c2..497cdf3c 100755 --- a/scripts/utils-wolfssl.sh +++ b/scripts/utils-wolfssl.sh @@ -42,7 +42,7 @@ clone_wolfssl() { if [ ! -d ${WOLFSSL_SOURCE_DIR} ]; then printf "\tClone wolfSSL ${WOLFSSL_TAG} ... " - git clone --depth=1 -b ${WOLFSSL_TAG} ${WOLFSSL_GIT} \ + git clone -b ${WOLFSSL_TAG} ${WOLFSSL_GIT} \ ${WOLFSSL_SOURCE_DIR} >>$LOG_FILE 2>&1 if [ $? != 0 ]; then printf "ERROR.\n" From a7ad099a115312687d767af0674bfac8c32830e1 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 10 Jul 2024 15:08:58 -0400 Subject: [PATCH 3/9] Remove unnecessary check --- configure.ac | 2 -- 1 file changed, 2 deletions(-) diff --git a/configure.ac b/configure.ac index c4ab0d1b..483189d6 100644 --- a/configure.ac +++ b/configure.ac @@ -51,8 +51,6 @@ if test "x$have_wolfssl" = "xyes"; then LDFLAGS="$LDFLAGS $WOLFSSL_LDFLAGS" fi -AC_CHECK_HEADERS([wolfssl/wolfcrypt/kdf.h]) - # DEBUG DEBUG_CFLAGS="-g -O0 -DWOLFPROV_DEBUG" From 829a9a49e71a293227af58a90d86517a618de3c1 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 10 Jul 2024 15:09:28 -0400 Subject: [PATCH 4/9] Fix packaging --- Makefile.am | 1 + include/include.am | 16 +++++++--------- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/Makefile.am b/Makefile.am index d8601d8b..79fc244b 100644 --- a/Makefile.am +++ b/Makefile.am @@ -6,6 +6,7 @@ noinst_HEADERS = check_PROGRAMS = dist_noinst_SCRIPTS = DISTCLEANFILES = +pkginclude_HEADERS = ACLOCAL_AMFLAGS = -I m4 diff --git a/include/include.am b/include/include.am index c185defc..aabbf9a1 100644 --- a/include/include.am +++ b/include/include.am @@ -2,14 +2,12 @@ # All paths should be given relative to the root # -noinst_HEADERS += include/wolfprovider/version.h -noinst_HEADERS += include/wolfprovider/alg_funcs.h noinst_HEADERS += include/wolfprovider/internal.h -noinst_HEADERS += include/wolfprovider/settings.h -noinst_HEADERS += include/wolfprovider/wp_logging.h -noinst_HEADERS += include/wolfprovider/wp_fips.h -noinst_HEADERS += include/wolfprovider/wp_params.h -noinst_HEADERS += include/wolfprovider/wp_wolfprov.h - -#pkginclude_HEADERS = +pkginclude_HEADERS += include/wolfprovider/version.h +pkginclude_HEADERS += include/wolfprovider/alg_funcs.h +pkginclude_HEADERS += include/wolfprovider/settings.h +pkginclude_HEADERS += include/wolfprovider/wp_logging.h +pkginclude_HEADERS += include/wolfprovider/wp_fips.h +pkginclude_HEADERS += include/wolfprovider/wp_params.h +pkginclude_HEADERS += include/wolfprovider/wp_wolfprov.h From 6ae9f8387d55d30abf2d5cf639421e80d34df0fd Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 10 Jul 2024 15:58:52 -0400 Subject: [PATCH 5/9] Add missing fixes from wolfEngine Necessary to make 'make distcheck' work --- Makefile.am | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/Makefile.am b/Makefile.am index 79fc244b..b162a4a5 100644 --- a/Makefile.am +++ b/Makefile.am @@ -9,6 +9,7 @@ DISTCLEANFILES = pkginclude_HEADERS = ACLOCAL_AMFLAGS = -I m4 +AM_CPPFLAGS = -I$(top_srcdir)/include lib_LTLIBRARIES = libwolfprov.la @@ -23,3 +24,17 @@ include test/include.am #DISTCLEANFILES += .libs/bench test: check +# By default, make distcheck will only add wolfProvider/ as an include directory. +# So, for example, a file like unit.h that has #include +# won't be able to find wp_logging.h, because +# wolfProvider/include isn't an include directory. We add it here. +# +# The OpenSSL lib and include directories won't be visible to make distcheck +# either because make distcheck runs ./configure with no other options. If +# OpenSSL isn't installed in a standard location, this naked configure command +# will fail to find it. We tell it where to find the include and lib directory +# for OpenSSL here. +AM_DISTCHECK_CONFIGURE_FLAGS=CPPFLAGS="-I@abs_top_srcdir@/include \ + @OPENSSL_INCLUDES@" \ + LDFLAGS="@OPENSSL_LDFLAGS@" + From bb6d02fb9c9be1aab407e200fc7f03742748fdce Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 10 Jul 2024 16:07:32 -0400 Subject: [PATCH 6/9] Include the minimal amount of certs to make tests pass --- Makefile.am | 2 ++ certs/include.am | 8 ++++++++ 2 files changed, 10 insertions(+) create mode 100644 certs/include.am diff --git a/Makefile.am b/Makefile.am index b162a4a5..e023c977 100644 --- a/Makefile.am +++ b/Makefile.am @@ -7,6 +7,7 @@ check_PROGRAMS = dist_noinst_SCRIPTS = DISTCLEANFILES = pkginclude_HEADERS = +EXTRA_DIST = ACLOCAL_AMFLAGS = -I m4 AM_CPPFLAGS = -I$(top_srcdir)/include @@ -16,6 +17,7 @@ lib_LTLIBRARIES = libwolfprov.la include src/include.am include include/include.am include test/include.am +include certs/include.am #include scripts/include.am #noinst_PROGRAMS += bench diff --git a/certs/include.am b/certs/include.am new file mode 100644 index 00000000..3c30b33c --- /dev/null +++ b/certs/include.am @@ -0,0 +1,8 @@ + +# for test_rsa.c +dist_noinst_SCRIPTS += certs/server-key.pem +dist_noinst_SCRIPTS += certs/server-cert.pem + +# for test_ecc.c +dist_noinst_SCRIPTS += certs/server-ecc.pem +dist_noinst_SCRIPTS += certs/ecc-key.pem From eff883570511fb0c60e26b3a030ae7c8e9ef8bcb Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Thu, 11 Jul 2024 16:32:13 -0400 Subject: [PATCH 7/9] Fix CERTS_DIR for 'make distcheck' to have the correct path --- test/include.am | 2 ++ test/test_ecc.c | 4 ++-- test/test_rsa.c | 4 ++-- test/unit.h | 4 ++++ 4 files changed, 10 insertions(+), 4 deletions(-) diff --git a/test/include.am b/test/include.am index 3549d638..448a0b5a 100644 --- a/test/include.am +++ b/test/include.am @@ -9,6 +9,8 @@ check_PROGRAMS += test/unit.test noinst_PROGRAMS += test/unit.test DISTCLEANFILES += test/.libs/unit.test +# Override the 'certs' directory with the toplevel source directory for 'make distcheck' to work +test_unit_test_CPPFLAGS = -DCERTS_DIR='"$(abs_top_srcdir)/certs/"' test_unit_test_SOURCES = \ test/test_aestag.c \ test/test_cipher.c \ diff --git a/test/test_ecc.c b/test/test_ecc.c index 4dc8272f..c289bd2e 100644 --- a/test/test_ecc.c +++ b/test/test_ecc.c @@ -1411,7 +1411,7 @@ int test_ec_load_key(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open ECC private key"); - ctx = OSSL_STORE_open_ex("./certs/ecc-key.pem", wpLibCtx, NULL, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR"ecc-key.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { @@ -1446,7 +1446,7 @@ int test_ec_load_cert(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open certificate with ECC public key"); - ctx = OSSL_STORE_open_ex("./certs/server-ecc.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR"server-ecc.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { diff --git a/test/test_rsa.c b/test/test_rsa.c index 1f4deebd..921424a8 100644 --- a/test/test_rsa.c +++ b/test/test_rsa.c @@ -749,7 +749,7 @@ int test_rsa_load_key(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open RSA private key"); - ctx = OSSL_STORE_open_ex("./certs/server-key.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR"server-key.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { @@ -784,7 +784,7 @@ int test_rsa_load_cert(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open certificate with RSA public key"); - ctx = OSSL_STORE_open_ex("./certs/server-cert.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR"server-cert.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { diff --git a/test/unit.h b/test/unit.h index 224911af..ee5acb54 100644 --- a/test/unit.h +++ b/test/unit.h @@ -62,6 +62,10 @@ void print_buffer(const char *desc, const unsigned char *buffer, size_t len); #define TEST_DECL(func, data) { #func, func, data, 0, 0, 0 } #endif +#ifndef CERTS_DIR +#define CERTS_DIR "./certs/" +#endif + typedef int (*TEST_FUNC)(void *data); typedef struct TEST_CASE { const char *name; From 418c5874bc5f57bfb21dac6e0100115b0bc17cb6 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 15 Jul 2024 09:36:14 -0400 Subject: [PATCH 8/9] Addressing PR comments --- test/test_ecc.c | 4 ++-- test/test_rsa.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/test/test_ecc.c b/test/test_ecc.c index c289bd2e..bacaa663 100644 --- a/test/test_ecc.c +++ b/test/test_ecc.c @@ -1411,7 +1411,7 @@ int test_ec_load_key(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open ECC private key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR"ecc-key.pem", wpLibCtx, NULL, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "ecc-key.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { @@ -1446,7 +1446,7 @@ int test_ec_load_cert(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open certificate with ECC public key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR"server-ecc.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "server-ecc.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { diff --git a/test/test_rsa.c b/test/test_rsa.c index 921424a8..32ef9022 100644 --- a/test/test_rsa.c +++ b/test/test_rsa.c @@ -749,7 +749,7 @@ int test_rsa_load_key(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open RSA private key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR"server-key.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "server-key.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { @@ -784,7 +784,7 @@ int test_rsa_load_cert(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open certificate with RSA public key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR"server-cert.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "server-cert.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { From f8c2f8887df173f55f7c69fd2922fc04efe71ecb Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Mon, 15 Jul 2024 09:57:14 -0400 Subject: [PATCH 9/9] Adhere to PR suggestion --- test/include.am | 2 +- test/test_ecc.c | 4 ++-- test/test_rsa.c | 4 ++-- test/unit.h | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/test/include.am b/test/include.am index 448a0b5a..75b90760 100644 --- a/test/include.am +++ b/test/include.am @@ -10,7 +10,7 @@ noinst_PROGRAMS += test/unit.test DISTCLEANFILES += test/.libs/unit.test # Override the 'certs' directory with the toplevel source directory for 'make distcheck' to work -test_unit_test_CPPFLAGS = -DCERTS_DIR='"$(abs_top_srcdir)/certs/"' +test_unit_test_CPPFLAGS = -DCERTS_DIR='"$(abs_top_srcdir)/certs"' test_unit_test_SOURCES = \ test/test_aestag.c \ test/test_cipher.c \ diff --git a/test/test_ecc.c b/test/test_ecc.c index bacaa663..fcb51ebe 100644 --- a/test/test_ecc.c +++ b/test/test_ecc.c @@ -1411,7 +1411,7 @@ int test_ec_load_key(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open ECC private key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR "ecc-key.pem", wpLibCtx, NULL, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "/ecc-key.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { @@ -1446,7 +1446,7 @@ int test_ec_load_cert(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open certificate with ECC public key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR "server-ecc.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "/server-ecc.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { diff --git a/test/test_rsa.c b/test/test_rsa.c index 32ef9022..fd07be1f 100644 --- a/test/test_rsa.c +++ b/test/test_rsa.c @@ -749,7 +749,7 @@ int test_rsa_load_key(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open RSA private key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR "server-key.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "/server-key.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { @@ -784,7 +784,7 @@ int test_rsa_load_cert(void* data) params[0] = OSSL_PARAM_construct_end(); PRINT_MSG("Open certificate with RSA public key"); - ctx = OSSL_STORE_open_ex(CERTS_DIR "server-cert.pem", wpLibCtx, NULL, NULL, + ctx = OSSL_STORE_open_ex(CERTS_DIR "/server-cert.pem", wpLibCtx, NULL, NULL, NULL, params, NULL, NULL); err = ctx == NULL; if (err == 0) { diff --git a/test/unit.h b/test/unit.h index ee5acb54..749cbd79 100644 --- a/test/unit.h +++ b/test/unit.h @@ -63,7 +63,7 @@ void print_buffer(const char *desc, const unsigned char *buffer, size_t len); #endif #ifndef CERTS_DIR -#define CERTS_DIR "./certs/" +#define CERTS_DIR "./certs" #endif typedef int (*TEST_FUNC)(void *data);