forked from wolfSSL/wolfProvider
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathutils-wolfssl.sh
More file actions
executable file
·172 lines (151 loc) · 6.23 KB
/
utils-wolfssl.sh
File metadata and controls
executable file
·172 lines (151 loc) · 6.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
#!/bin/bash
#
# Copyright (C) 2006-2024 wolfSSL Inc.
#
# This file is part of wolfProvider.
#
# wolfProvider is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# wolfProvider is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
#
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
source ${SCRIPT_DIR}/utils-general.sh
WOLFSSL_GIT=${WOLFSSL_GIT:-"https://github.com/wolfSSL/wolfssl.git"}
WOLFSSL_TAG=${WOLFSSL_TAG:-"v5.7.4-stable"}
WOLFSSL_SOURCE_DIR=${SCRIPT_DIR}/../wolfssl-source
WOLFSSL_INSTALL_DIR=${SCRIPT_DIR}/../wolfssl-install
WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0}
WOLFSSL_CONFIG_OPTS=${WOLFSSL_CONFIG_OPTS:-'--enable-all-crypto --with-eccminsz=192 --with-max-ecc-bits=1024 --enable-opensslcoexist --enable-sha'}
WOLFSSL_CONFIG_CFLAGS=${WOLFSSL_CONFIG_CFLAGS:-"-I${OPENSSL_INSTALL_DIR}/include -DWC_RSA_NO_PADDING -DWOLFSSL_PUBLIC_MP -DHAVE_PUBLIC_FFDHE -DHAVE_FFDHE_6144 -DHAVE_FFDHE_8192 -DWOLFSSL_PSS_LONG_SALT -DWOLFSSL_PSS_SALT_LEN_DISCOVER -DRSA_MIN_SIZE=1024 -DWOLFSSL_OLD_OID_SUM"}
WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
USE_CUR_TAG=${USE_CUR_TAG:-0}
# Depends on OPENSSL_INSTALL_DIR
clone_wolfssl() {
if [ -n "$WOLFSSL_FIPS_BUNDLE" ]; then
rm -rf ${WOLFSSL_SOURCE_DIR}
mkdir ${WOLFSSL_SOURCE_DIR}
cp -pr ${WOLFSSL_FIPS_BUNDLE}/* ${WOLFSSL_SOURCE_DIR}/
else
if [ -d ${WOLFSSL_SOURCE_DIR} ] && [ "$USE_CUR_TAG" != "1" ]; then
WOLFSSL_TAG_CUR=$(cd ${WOLFSSL_SOURCE_DIR} && (git describe --tags 2>/dev/null || git branch --show-current))
if [ "${WOLFSSL_TAG_CUR}" != "${WOLFSSL_TAG}" ]; then # force a rebuild
printf "Version inconsistency. Please fix ${WOLFSSL_SOURCE_DIR} (expected: ${WOLFSSL_TAG}, got: ${WOLFSSL_TAG_CUR})\n"
do_cleanup
exit 1
fi
fi
if [ ! -d ${WOLFSSL_SOURCE_DIR} ]; then
CLONE_TAG=${USE_CUR_TAG:+${WOLFSSL_TAG_CUR}}
CLONE_TAG=${CLONE_TAG:-${WOLFSSL_TAG}}
printf "\tClone wolfSSL ${CLONE_TAG} ... "
DEPTH_ARG=${WOLFPROV_DEBUG:+""}
DEPTH_ARG=${DEPTH_ARG:---depth=1}
git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${WOLFSSL_GIT} ${WOLFSSL_SOURCE_DIR} >>$LOG_FILE 2>&1
RET=$?
if [ $RET != 0 ]; then
printf "ERROR cloning\n"
do_cleanup
exit 1
fi
printf "Done.\n"
fi
fi
}
install_wolfssl() {
clone_wolfssl
cd ${WOLFSSL_SOURCE_DIR}
if [ ! -d ${WOLFSSL_INSTALL_DIR} ]; then
printf "\tConfigure wolfSSL ${WOLFSSL_TAG} ... "
./autogen.sh >>$LOG_FILE 2>&1
CONF_ARGS="-prefix=${WOLFSSL_INSTALL_DIR}"
if [ "$WOLFPROV_DEBUG" = "1" ]; then
CONF_ARGS+=" --enable-debug --enable-keylog-export"
if [[ "$OSTYPE" != "darwin"* ]]; then
# macOS doesn't support backtrace
CONF_ARGS+=" --enable-debug-trace-errcodes=backtrace"
fi
WOLFSSL_CONFIG_CFLAGS+=" -DWOLFSSL_LOGGINGENABLED_DEFAULT=1"
fi
if [ -n "$WOLFSSL_FIPS_BUNDLE" ]; then
if [ ! -n "$WOLFSSL_FIPS_VERSION" ]; then
printf "ERROR, must specify version if using FIPS bundle (v5, v6, ready)"
do_cleanup
exit 1
fi
printf "using FIPS bundle ... "
CONF_ARGS+=" --enable-fips=$WOLFSSL_FIPS_VERSION"
elif [ "$WOLFSSL_ISFIPS" = "1" ]; then
printf "with FIPS ... "
CONF_ARGS+=" --enable-fips=v5"
if [ ! -e "XXX-fips-test" ]; then
# Sometimes the system OpenSSL is different than the one we're using. So for the 'git' commands, we'll just use whatever the system comes with
LD_LIBRARY_PATH="" ./fips-check.sh keep nomakecheck linuxv5 >>$LOG_FILE 2>&1
if [ $? != 0 ]; then
printf "ERROR checking out FIPS\n"
rm -rf ${WOLFSSL_INSTALL_DIR}
do_cleanup
exit 1
fi
(cd XXX-fips-test && ./autogen.sh && ./configure ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS="${WOLFSSL_CONFIG_CFLAGS}" && make && ./fips-hash.sh) >>$LOG_FILE 2>&1
if [ $? != 0 ]; then
printf "ERROR compiling FIPS version of wolfSSL\n"
rm -rf ${WOLFSSL_INSTALL_DIR}
do_cleanup
exit 1
fi
fi
cd XXX-fips-test
fi
./configure ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS="${WOLFSSL_CONFIG_CFLAGS}" >>$LOG_FILE 2>&1
if [ $? != 0 ]; then
printf "ERROR running ./configure\n"
rm -rf ${WOLFSSL_INSTALL_DIR}
do_cleanup
exit 1
fi
printf "Done.\n"
printf "\tBuild wolfSSL ${WOLFSSL_TAG} ... "
make >>$LOG_FILE 2>&1
if [ $? != 0 ]; then
printf "ERROR.\n"
rm -rf ${WOLFSSL_INSTALL_DIR}
do_cleanup
exit 1
fi
printf "Done.\n"
if [ -n "$WOLFSSL_FIPS_BUNDLE" ]; then
./fips-hash.sh
fi
printf "\tInstalling wolfSSL ${WOLFSSL_TAG} ... "
make install >>$LOG_FILE 2>&1
if [ $? != 0 ]; then
printf "ERROR.\n"
rm -rf ${WOLFSSL_INSTALL_DIR}
do_cleanup
exit 1
fi
if [ "$WOLFSSL_ISFIPS" = "1" ]; then
cd ..
fi
printf "Done.\n"
fi
cd ..
}
init_wolfssl() {
install_wolfssl
printf "\twolfSSL ${WOLFSSL_TAG} installed in: ${WOLFSSL_INSTALL_DIR}\n"
if [ -z $LD_LIBRARY_PATH ]; then
export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib"
else
export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib:$LD_LIBRARY_PATH"
fi
}