Merge pull request #260 from ColtonWilley/wp_replace_default

Initial option to replace openssl default provider

Author: padelsbach

.github/workflows/replace-default.yml

@@ -0,0 +1,66 @@
+name: Replace Default Tests
+
+# START OF COMMON SECTION
+on:
+  push:
+    branches: [ 'master', 'main', 'release/**' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+# END OF COMMON SECTION
+
+jobs:
+  replace_default_test:
+    name: Replace Default Test
+    runs-on: ubuntu-22.04
+    timeout-minutes: 30
+    strategy:
+      matrix:
+        # Test both standard and replace-default builds
+        replace_default: ['', '--replace-default']
+        # Test with stable versions
+        wolfssl_ref: ['v5.8.0-stable']
+        openssl_ref: ['openssl-3.5.0']
+    steps:
+      - name: Checkout wolfProvider
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      - name: Build wolfProvider ${{ matrix.replace_default && 'with replace-default' || 'standard' }}
+        run: |
+          OPENSSL_TAG=${{ matrix.openssl_ref }} \
+            WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \
+            ./scripts/build-wolfprovider.sh ${{ matrix.replace_default }}
+
+      - name: Run standalone test suite
+        run: |
+          ./test/standalone/runners/run_standalone_tests.sh
+
+      - name: Print errors on failure
+        if: ${{ failure() }}
+        run: |
+          # Build failure log
+          if [ -f scripts/build-release.log ]; then
+            echo "=== Build log (last 50 lines) ==="
+            tail -n 50 scripts/build-release.log
+          fi
+
+          # Test suite failure log
+          if [ -f test-suite.log ]; then
+            echo "=== Test suite log ==="
+            cat test-suite.log
+          fi
+
+          # Standalone test failures
+          if [ -d test/standalone/runners/test_results ]; then
+            for log in test/standalone/runners/test_results/*.log; do
+              if [ -f "$log" ]; then
+                echo "=== $log ==="
+                cat "$log"
+              fi
+            done
+          fi

.gitignore

@@ -61,6 +61,30 @@
 /wolfprov-install/
 /artifacts
 
+# Default stub autotools files
+default_stub/ar-lib
+default_stub/compile
+default_stub/config.guess
+default_stub/config.sub
+default_stub/depcomp
+default_stub/install-sh
+default_stub/ltmain.sh
+default_stub/missing
+
+# Build install directories
+*-install/
+
+# Libtool archive files
+*.la
+
+# Test artifacts in subdirectories
+test/**/*.log
+test/**/*.test
+test/**/*.trs
+test/**/*.o
+test/**/.deps/
+test/**/.dirstamp
+
 IDE/Android/android-ndk-r26b/
 IDE/Android/openssl-source/
 IDE/Android/openssl-install/

Makefile.am

@@ -1,5 +1,5 @@
 
-SUFFIXES = 
+SUFFIXES =
 TESTS =
 noinst_PROGRAMS =
 noinst_HEADERS =
@@ -14,6 +14,15 @@ AM_CPPFLAGS = -I$(top_srcdir)/include
 
 lib_LTLIBRARIES = libwolfprov.la
 
+# Conditionally build libdefault.so when --replace-default is enabled
+if BUILD_REPLACE_DEFAULT
+# Install libdefault.la directly to OpenSSL lib directory
+openssldir = $(OPENSSL_LIB_DIR)
+openssl_LTLIBRARIES = libdefault.la
+libdefault_la_SOURCES = src/wp_default_replace.c
+libdefault_la_LIBADD = libwolfprov.la
+endif
+
 EXTRA_DIST+=ChangeLog.md
 EXTRA_DIST+=README.md
 EXTRA_DIST+=IDE

configure.ac

@@ -123,8 +123,26 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
                       ])
       ])
 
+# Replace default provider
+AC_ARG_ENABLE([replace-default],
+    [AS_HELP_STRING([--enable-replace-default],[Build real libdefault.so from wp_default_replace.c (default: disabled).])],
+    [ ENABLED_REPLACE_DEFAULT=$enableval ],
+    [ ENABLED_REPLACE_DEFAULT=no ]
+    )
 
-
+AM_CONDITIONAL([BUILD_REPLACE_DEFAULT], [test "x$ENABLED_REPLACE_DEFAULT" = "xyes"])
+
+# Set OpenSSL lib directory for installing libdefault.so
+if test "x$ENABLED_REPLACE_DEFAULT" = "xyes"; then
+    if test -d "$OPENSSL_INSTALL_DIR/lib64"; then
+        OPENSSL_LIB_DIR="$OPENSSL_INSTALL_DIR/lib64"
+    elif test -d "$OPENSSL_INSTALL_DIR/lib"; then
+        OPENSSL_LIB_DIR="$OPENSSL_INSTALL_DIR/lib"
+    else
+        OPENSSL_LIB_DIR="$OPENSSL_INSTALL_DIR/lib"
+    fi
+fi
+AC_SUBST([OPENSSL_LIB_DIR])
 
 
 AX_HARDEN_CC_COMPILER_FLAGS
@@ -170,6 +188,7 @@ echo
 echo "   Features "
 echo "   * User settings:              $ENABLED_USERSETTINGS"
 echo "   * Dynamic provider:           $ENABLED_DYNAMIC_PROVIDER"
+echo "   * Replace default:            $ENABLED_REPLACE_DEFAULT"
 echo ""
 echo "---"
 

default_stub/.gitignore

@@ -0,0 +1,15 @@
+Makefile
+Makefile.in
+.deps/
+.libs/
+*.la
+*.lo
+*.o
+aclocal.m4
+autom4te.cache/
+config.log
+config.status
+configure
+libtool
+*.so
+*.so.*

default_stub/Makefile.am

@@ -0,0 +1,2 @@
+lib_LTLIBRARIES = libdefault.la
+libdefault_la_SOURCES = wp_default_stub.c

default_stub/README.md

@@ -0,0 +1,21 @@
+# libdefault - Default Provider Stub Library
+
+Minimal autotools build for a stub version of the default provider.
+
+## Building
+
+```bash
+# Generate build system
+./autogen.sh
+
+# Configure and build
+./configure
+make
+
+# Clean build artifacts
+make clean
+```
+
+## Output
+
+The build produces `libdefault.so` in the `.libs/` directory.

default_stub/autogen.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+set -e
+
+autoreconf -fiv

default_stub/configure.ac

@@ -0,0 +1,7 @@
+AC_INIT([libdefault], [1.0], [support@wolfssl.com])
+AM_INIT_AUTOMAKE([-Wall -Werror foreign])
+AC_PROG_CC
+AM_PROG_AR
+LT_INIT
+AC_CONFIG_FILES([Makefile])
+AC_OUTPUT

default_stub/wp_default_stub.c

@@ -0,0 +1,40 @@
+/*
+ * Copyright (C) 2006-2024 wolfSSL Inc.
+ *
+ * This file is part of wolfProvider.
+ *
+ * wolfProvider is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * wolfProvider is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <openssl/provider.h>
+
+/* Prototype of public function that initializes the wolfSSL provider. */
+OSSL_provider_init_fn wolfssl_provider_init;
+
+/* Prototype for the wolfprov_provider_init function */
+int wolfprov_provider_init(const OSSL_CORE_HANDLE* handle,
+                          const OSSL_DISPATCH* in,
+                          const OSSL_DISPATCH** out,
+                          void** provCtx);
+
+/*
+ * Provider implementation stub
+ */
+int wolfprov_provider_init(const OSSL_CORE_HANDLE* handle,
+                          const OSSL_DISPATCH* in,
+                          const OSSL_DISPATCH** out,
+                          void** provCtx)
+{
+    return 0;
+}