Fix is_openssl_patched

Author: padelsbach

.github/scripts/x11vnc/test_x11vnc.sh

@@ -161,8 +161,8 @@ else
     X11VNC_TEST_FAIL=1
 fi
 
-killall x11vnc > /dev/null 2> /dev/null
-killall Xvfb > /dev/null 2> /dev/null
+killall x11vnc > /dev/null 2> /dev/null || true
+killall Xvfb > /dev/null 2> /dev/null || true
 cat server.log >> x11vnc_test.log
 
 $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $X11VNC_TEST_FAIL "$WOLFPROV_FORCE_FAIL_STR" x11vnc

.github/workflows/build-wolfprovider.yml

@@ -70,22 +70,23 @@ jobs:
           git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true
           git fetch upstream --tags --no-recurse-submodules
 
-      - name: Restore wolfSSL packages
-        uses: actions/cache@v4
-        id: wolfssl_cache
-        with:
-          path: |
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
-            ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
-          key: wolfssl-debian-packages-${{ inputs.wolfssl_ref }}
-
-      - name: Install wolfSSL packages from cache
-        if: steps.wolfssl_cache.outputs.cache-hit == 'true'
-        run: |
-          printf "Installing wolfSSL packages from cache:\n"
-          ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
-          apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
+      # Disable cache for debug purposes
+      # - name: Restore wolfSSL packages
+      #   uses: actions/cache@v4
+      #   id: wolfssl_cache
+      #   with:
+      #     path: |
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc
+      #       ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz
+      #     key: wolfssl-debian-packages-${{ inputs.wolfssl_ref }}
+
+      # - name: Install wolfSSL packages from cache
+      #   if: steps.wolfssl_cache.outputs.cache-hit == 'true'
+      #   run: |
+      #     printf "Installing wolfSSL packages from cache:\n"
+      #     ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
 
       # TODO: roll this step into utils-wolfssl.sh
       - name: Build wolfSSL packages and install

.github/workflows/xmlsec.yml

@@ -3,7 +3,7 @@ name: xmlsec Tests
 # START OF COMMON SECTION
 on:
   push:
-    branches: [ '**' ] # 'master', 'main', 'release/**' ]
+    branches: [ 'master', 'main', 'release/**' ]
   pull_request:
     branches: [ '*' ]
 

debian/install-wolfssl.sh

@@ -132,6 +132,7 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
     # Configure with the specified options
     echo "Configuring wolfSSL with specified options..."
     configure_opts="--enable-opensslcoexist \
+        --enable-opensslextra \
         --enable-cmac \
         --with-eccminsz=192 \
         --enable-ed25519 \
@@ -145,9 +146,16 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
         --enable-keygen \
         --enable-shake128 \
         --enable-shake256 \
-        --enable-wolfprovider \
         --enable-rsapss \
-        --enable-scrypt"
+        --enable-scrypt \
+        --enable-base16 \
+        --enable-aesctr \
+        --enable-des3 \
+        --enable-enckeys \
+        --enable-hkdf \
+        --enable-supportedcurves \
+        --enable-base64encode \
+        --enable-wolfprovider"
 
     if [ "$debug_mode" = "true" ]; then
         configure_opts="$configure_opts --enable-debug"
@@ -173,7 +181,10 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
             -DWC_RSA_DIRECT \
             -DWC_RSA_NO_PADDING \
             -DACVP_VECTOR_TESTING \
-            -DWOLFSSL_ECDSA_SET_K" \
+            -DWOLFSSL_ECDSA_SET_K \
+            -DWOLFSSL_ASN_ALL \
+            -DWOLFSSL_ALT_NAMES \
+            -DWOLFSSL_HAVE_ISSUER_NAMES" \
             LIBS="-lm"
 
     # Build Debian packages

scripts/utils-openssl.sh

@@ -121,20 +121,20 @@ clone_openssl() {
 }
 
 is_openssl_patched() {
-    if [ ! -f "${OPENSSL_SOURCE_DIR}/crypto/provider_predefined.c" ]; then
+    # Return 0 if patched, 1 if not
+    local dir="${OPENSSL_SOURCE_DIR:?OPENSSL_SOURCE_DIR not set}"
+    local file="${dir%/}/crypto/provider_predefined.c"
+
+    # File must exist to be patched
+    [[ -f "$file" ]] || return 1
+
+    # Any time we see libwolfprov, we're patched
+    if grep -q 'libwolfprov' -- "$file"; then
         return 0
     fi
 
-    # Check if $OPENSSL_SOURCE_DIR is a git repository
-    if [ -d ${OPENSSL_SOURCE_DIR}/.git ]; then
-        pushd ${OPENSSL_SOURCE_DIR} &> /dev/null
-        patch_applied=$(git diff --quiet "crypto/provider_predefined.c" 2>/dev/null && echo 1 || echo 0)
-        popd &> /dev/null
-    else
-        # Not a git repo, may have been downloaded separately (from Debian sources)
-        patch_applied=$(grep -q "libwolfprov" "${OPENSSL_SOURCE_DIR}/crypto/provider_predefined.c" && echo 1 || echo 0)
-    fi
-    return $patch_applied
+    # Not patched
+    return 1
 }
 
 check_openssl_replace_default_mismatch() {

src/wp_wolfprov.c

@@ -1242,8 +1242,9 @@ int wolfssl_provider_init(const OSSL_CORE_HANDLE* handle,
     if (ok) {
         if (wolfSSL_Debugging_ON() != 0) {
             WOLFPROV_MSG(WP_LOG_PROVIDER,
-              "WARNING: wolfProvider built with debug but underlying wolfSSL is not!"
-              "Building wolfSSl with debug is highly recommended, proceeding...");
+              "WARNING: wolfProvider built with debug but underlying wolfSSL is not!");
+            WOLFPROV_MSG(WP_LOG_PROVIDER,
+              "\tBuilding wolfSSl with debug is highly recommended, proceeding...");
         }
         else {
             wolfSSL_SetLoggingPrefix("wolfSSL");