diff --git a/.github/workflows/debian-package.yml b/.github/workflows/debian-package.yml index 74fa7f46..5e5bb868 100644 --- a/.github/workflows/debian-package.yml +++ b/.github/workflows/debian-package.yml @@ -7,7 +7,7 @@ on: branches: [ '*' ] jobs: - bookworm: + libwolfprov-standalone: runs-on: ubuntu-22.04 # Important: use Debian Bookworm for compatibility container: @@ -35,6 +35,7 @@ jobs: dpkg-dev \ lintian \ fakeroot \ + dh-exec\ equivs # Install additional tools for testing apt-get install -y \ @@ -51,50 +52,45 @@ jobs: with: fetch-depth: 1 - run: | - # Fetch tags + # Fetch tags, needed for the Debian versioning git fetch --tags # List all tags git tag -l - name: Install wolfssl debian package run: | - mkdir -p "$RUNNER_TEMP/wolfssl-pkg" - cd "$RUNNER_TEMP/wolfssl-pkg" + mkdir -p "/tmp/wolfssl-pkg" + cd "/tmp/wolfssl-pkg" - echo "Using standard wolfSSL package" - tar -xvf $GITHUB_WORKSPACE/.github/packages/debian-wolfssl.tar.gz + # Install wolfssl packages + chmod +x $GITHUB_WORKSPACE/debian/install-wolfssl.sh + $GITHUB_WORKSPACE/debian/install-wolfssl.sh \ + $GITHUB_WORKSPACE/.github/packages/debian-wolfssl.tar.gz \ + "/tmp/wolfssl-pkg" - # Get current architecture - CURRENT_ARCH=$(dpkg --print-architecture) - echo "Current architecture: $CURRENT_ARCH" + # Create wolfprov-packages directory and move wolfssl files there + mkdir -p "/tmp/wolfprov-packages" + echo "Moving wolfssl files to artifacts directory..." - # Look for existing .deb files that match the current architecture - cd debian-packages - MATCHING_DEB_FILES=$(find . -name "*_${CURRENT_ARCH}.deb" -o -name "*_${CURRENT_ARCH}_*.deb" 2>/dev/null || true) + # Copy all wolfssl-related files (source and binary packages) + find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.deb" -exec cp {} /tmp/wolfprov-packages/ \; + find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.dsc" -exec cp {} /tmp/wolfprov-packages/ \; + find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.tar.gz" -exec cp {} /tmp/wolfprov-packages/ \; + find /tmp/wolfssl-pkg -name "*wolfssl*" -type f -name "*.orig.tar.gz" -exec cp {} /tmp/wolfprov-packages/ \; - if [ -n "$MATCHING_DEB_FILES" ]; then - echo "Found matching .deb files for architecture $CURRENT_ARCH:" - echo "$MATCHING_DEB_FILES" - echo "Installing existing .deb files..." - dpkg -i $MATCHING_DEB_FILES - else - echo "No matching .deb files found for architecture $CURRENT_ARCH, rebuilding from source..." - dpkg-source -x wolfssl*.dsc - cd wolfssl*/ - dpkg-buildpackage -b -us -uc - dpkg -i ../libwolfssl*.deb - fi + echo "WolfSSL files in artifacts directory:" + ls -la /tmp/wolfprov-packages/*wolfssl* || true - name: Build Debian package run: | # Bypass the warning prompt with 'yes Y' - yes Y | ./scripts/build-wolfprovider.sh --debian + yes Y | ./scripts/build-wolfprovider.sh --debian $FIPS_FLAG # List generated packages echo "Generated Packages:" ls -la ../*.deb ../*.dsc ../*.tar.gz || true - - name: Install package + - name: Install package without custom openssl run: | # Find the package file PACKAGE_FILE=$(find ../ -name "libwolfprov_*.deb" | head -n1) @@ -114,11 +110,11 @@ jobs: - name: Test OpenSSL provider functionality run: | - PROVIDER_CONF="/etc/ssl/openssl.cnf.d/wolfprovider.conf" + PROVIDER_CONF="/usr/lib/ssl/openssl.cnf.d/wolfprovider.conf" PROVIDER_CONF_BACKUP="/tmp/wolfprovider.conf.backup" # Temporarily move wolfprovider config so we can toggle between providers - echo "3. Temporarily disabling wolfprovider for default provider tests:" + echo "Temporarily disabling wolfprovider for default provider tests:" mkdir -p /tmp/openssl-test if [ -f $PROVIDER_CONF ]; then mv $PROVIDER_CONF $PROVIDER_CONF_BACKUP @@ -133,7 +129,7 @@ jobs: OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh # Restore wolfprovider configuration - echo "5. Restoring wolfprovider configuration:" + echo "Restoring wolfprovider configuration:" if [ -f $PROVIDER_CONF_BACKUP ]; then mv $PROVIDER_CONF_BACKUP $PROVIDER_CONF echo " - Restored $PROVIDER_CONF from $PROVIDER_CONF_BACKUP" @@ -156,9 +152,9 @@ jobs: fi # Check if the config file is removed - if [ -f /etc/ssl/openssl.cnf.d/wolfprovider.conf ]; then + if [ -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf ]; then echo "wolfprovider.conf still exists after package removal" - ls -la /etc/ssl/openssl.cnf.d/ + ls -la /usr/lib/ssl/openssl.cnf.d/ exit 1 else echo "wolfprovider.conf successfully removed" @@ -194,10 +190,12 @@ jobs: - name: Move package artifacts run: | - # Move the generated packages to the temp directory - mv ../*.deb $RUNNER_TEMP/ || true - mv ../*.dsc $RUNNER_TEMP/ || true - mv ../*.tar.gz $RUNNER_TEMP/ || true + # Create a clean artifacts directory + mkdir -p "/tmp/wolfprov-packages" + # Move the generated packages to the artifacts directory + mv ../*.deb /tmp/wolfprov-packages/ || true + mv ../*.dsc /tmp/wolfprov-packages/ || true + mv ../*.tar.gz /tmp/wolfprov-packages/ || true # Save the build outputs which for use in release packages - name: Upload package artifacts @@ -206,7 +204,232 @@ jobs: with: name: wolfprovider-debian-packages path: | - ${{ runner.temp }}/*.deb - ${{ runner.temp }}/*.dsc - ${{ runner.temp }}/*.tar.gz + /tmp/wolfprov-packages/*.deb + /tmp/wolfprov-packages/*.dsc + /tmp/wolfprov-packages/*.tar.gz retention-days: 7 + + libwolfprov-with-openssl: + runs-on: ubuntu-22.04 + needs: libwolfprov-standalone + container: + image: debian:bookworm + env: + DEBIAN_FRONTEND: noninteractive + steps: + - name: Download artifacts from previous job + uses: actions/download-artifact@v4 + with: + name: wolfprovider-debian-packages + path: /tmp/artifacts + + - name: Set up environment + run: | + # Update package lists + apt-get update + # Install build dependencies + apt-get install -y \ + build-essential \ + devscripts \ + debhelper \ + dh-autoreconf \ + libtool \ + pkg-config \ + git \ + wget \ + curl \ + ca-certificates \ + openssl \ + dpkg-dev \ + lintian \ + fakeroot \ + dh-exec\ + equivs + # Install additional tools for testing + apt-get install -y \ + expect \ + xxd + + - name: Unpack artifacts + run: | + echo "Downloaded artifacts:" + ls -la /tmp/artifacts/ + + # Create working directory + mkdir -p /tmp/test-installation + cd /tmp/test-installation + + # Copy all artifacts to working directory + cp /tmp/artifacts/* ./ + + echo "Unpacked artifacts in working directory:" + ls -la + + - name: Remove packages needed for artifact retrieval + run: | + # Remove packages that were needed for artifact download but shouldn't interfere with testing + apt-get remove -y wget curl ca-certificates || true + apt-get autoremove -y + + - name: Install libwolfssl and openssl packages + run: | + cd /tmp/test-installation + + # Find and install libwolfssl packages + wolfssl_debs=$(find . -name "*libwolfssl*.deb") + echo "Installing libwolfssl packages: $wolfssl_debs" + if [ -n "$wolfssl_debs" ]; then + apt install -y $wolfssl_debs + fi + + # Find and install openssl packages + openssl_debs=$(find . -name "*openssl*.deb") + libssl3_debs=$(find . -name "*libssl3*.deb") + echo "Installing openssl packages: $openssl_debs $libssl3_debs" + if [ -n "$openssl_debs" ] || [ -n "$libssl3_debs" ]; then + apt install -y $openssl_debs $libssl3_debs + fi + + echo "Installed packages:" + dpkg -l | grep -E "(wolfssl|openssl|libssl)" + + - name: Show OpenSSL version + run: | + echo "OpenSSL version:" + openssl version -a || true + + - name: Test OpenSSL providers before wolfprov installation + run: | + echo "Testing OpenSSL providers before wolfprov installation..." + echo "Expected: This should work normally with default providers" + + # Test openssl list -providers + if openssl list -providers; then + echo "SUCCESS: openssl list -providers works before wolfprov installation" + else + echo "FAILURE: openssl list -providers failed before wolfprov installation" + exit 1 + fi + + echo "Provider list before wolfprov installation:" + openssl list -providers + + - name: Install libwolfprov package + run: | + cd /tmp/test-installation + + # Find and install libwolfprov package + wolfprov_debs=$(find . -name "*libwolfprov*.deb" | head -n1) + echo "Installing libwolfprov package: $wolfprov_debs" + + if [ -z "$wolfprov_debs" ]; then + echo "ERROR: No libwolfprov package found!" + ls -la + exit 1 + fi + + echo "Installing: $wolfprov_debs" + apt install -y ./"$wolfprov_debs" + + echo "Installed packages after wolfprov:" + dpkg -l | grep -E "(wolfprov|wolfssl|openssl|libssl)" + + - name: Test OpenSSL providers after wolfprov installation + run: | + echo "Testing OpenSSL providers after wolfprov installation..." + echo "Expected: This should show wolfprov as an available provider" + + # Test openssl list -providers + if openssl list -providers; then + echo "SUCCESS: openssl list -providers works after wolfprov installation" + else + echo "FAILURE: openssl list -providers failed after wolfprov installation" + exit 1 + fi + + echo "Provider list after wolfprov installation:" + openssl list -providers + + # Check if wolfprov provider is available + if openssl list -providers | grep -i "wolfprov"; then + echo "SUCCESS: wolfprov provider is available" + else + echo "WARNING: wolfprov provider not found in provider list" + echo "This might be expected if the provider needs to be explicitly loaded" + fi + + - name: Verify wolfprov configuration + run: | + echo "Verifying wolfprov configuration..." + + # Check if configuration file exists + if [ -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf ]; then + echo "SUCCESS: wolfprovider.conf exists" + cat /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf + else + echo "WARNING: wolfprovider.conf not found" + fi + + # Check if library file exists + if [ -f /usr/lib/*/ossl-modules/libwolfprov.so ]; then + echo "SUCCESS: libwolfprov.so exists" + find /usr/lib -name "libwolfprov.so*" 2>/dev/null + else + echo "WARNING: libwolfprov.so not found" + fi + + - name: Test basic OpenSSL functionality (digests, AES, ECDH, ECC) + shell: bash + run: | + set -e + echo "Testing OpenSSL digests..." + echo "test" | openssl dgst -sha256 + echo "test" | openssl dgst -sha512 + + echo "Testing OpenSSL AES encryption/decryption..." + echo "secret" | openssl enc -aes-128-cbc -pass pass:mykey -out secret.enc + openssl enc -d -aes-128-cbc -pass pass:mykey -in secret.enc + + echo "Testing OpenSSL ECDH key generation and shared secret..." + openssl ecparam -name prime256v1 -genkey -noout -out ec1.pem + openssl ecparam -name prime256v1 -genkey -noout -out ec2.pem + openssl pkey -in ec1.pem -pubout -out ec1.pub + openssl pkey -in ec2.pem -pubout -out ec2.pub + openssl pkeyutl -derive -inkey ec1.pem -peerkey ec2.pub -out secret1.bin + openssl pkeyutl -derive -inkey ec2.pem -peerkey ec1.pub -out secret2.bin + cmp secret1.bin secret2.bin && echo "ECDH shared secrets match" + + echo "Testing OpenSSL ECC sign/verify..." + openssl ecparam -name prime256v1 -genkey -noout -out ecc_key.pem + echo "message" > msg.txt + openssl dgst -sha256 -sign ecc_key.pem -out msg.sig msg.txt + openssl dgst -sha256 -verify <(openssl pkey -in ecc_key.pem -pubout) -signature msg.sig msg.txt + + - name: Save artifacts + run: | + echo "Saving artifacts..." + ls -la /tmp/test-installation + cp -r /tmp/test-installation /tmp/artifacts + + # Save the build outputs which for use in release packages + - name: Upload package artifacts + if: always() + uses: actions/upload-artifact@v4 + with: + name: ossl-debian-packages + path: | + /tmp/test-installation/*.deb + /tmp/test-installation/*.dsc + /tmp/test-installation/*.tar.gz + retention-days: 1 + + - name: Cleanup test environment + run: | + echo "Cleaning up test environment..." + + # Uninstall test packages + apt-get remove --purge -y libwolfprov || true + apt-get autoremove -y + + echo "Cleanup completed" + diff --git a/.github/workflows/replace-default.yml b/.github/workflows/replace-default.yml deleted file mode 100644 index 4a9860e8..00000000 --- a/.github/workflows/replace-default.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: Replace Default Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - replace_default_test: - name: Replace Default Test - runs-on: ubuntu-22.04 - timeout-minutes: 30 - strategy: - matrix: - # Test both standard and replace-default builds - replace_default: ['', '--replace-default'] - # Test with stable versions - wolfssl_ref: ['v5.8.0-stable'] - openssl_ref: ['openssl-3.5.0'] - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Build wolfProvider ${{ matrix.replace_default && 'with replace-default' || 'standard' }} - run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} \ - WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \ - ./scripts/build-wolfprovider.sh ${{ matrix.replace_default }} - - - name: Run standalone test suite - run: | - ./test/standalone/runners/run_standalone_tests.sh - - - name: Print errors on failure - if: ${{ failure() }} - run: | - # Build failure log - if [ -f scripts/build-release.log ]; then - echo "=== Build log (last 50 lines) ===" - tail -n 50 scripts/build-release.log - fi - - # Test suite failure log - if [ -f test-suite.log ]; then - echo "=== Test suite log ===" - cat test-suite.log - fi - - # Standalone test failures - if [ -d test/standalone/runners/test_results ]; then - for log in test/standalone/runners/test_results/*.log; do - if [ -f "$log" ]; then - echo "=== $log ===" - cat "$log" - fi - done - fi diff --git a/.gitignore b/.gitignore index 483d9a6c..2b2f58b9 100644 --- a/.gitignore +++ b/.gitignore @@ -109,8 +109,23 @@ debian/*.deb debian/*.buildinfo debian/files debian/libwolfprov* +debian/libssl-dev* +debian/openssl* +debian/libssl3* !debian/libwolfprov.install !debian/libwolfprov.postinst !debian/libwolfprov.postrm !debian/libwolfprov-dev.docs !debian/libwolfprov-dev.install +!debian/openssl.cnf +!debian/openssl.install +!debian/openssl.postinst +!debian/openssl.postrm +!debian/libssl3.postinst +!debian/libssl3.postrm +!debian/libssl3.install +!debian/libssl3.docs +!debian/libssl3.install +!debian/libssl3.postinst +!debian/libssl3.postrm + diff --git a/Makefile.am b/Makefile.am index 6d3e43af..d1b28091 100644 --- a/Makefile.am +++ b/Makefile.am @@ -14,14 +14,8 @@ AM_CPPFLAGS = -I$(top_srcdir)/include lib_LTLIBRARIES = libwolfprov.la -# Conditionally build libdefault.so when --replace-default is enabled -if BUILD_REPLACE_DEFAULT -# Install libdefault.la directly to OpenSSL lib directory -openssldir = $(OPENSSL_LIB_DIR) -openssl_LTLIBRARIES = libdefault.la -libdefault_la_SOURCES = src/wp_default_replace.c -libdefault_la_LIBADD = libwolfprov.la -endif +# Create only libwolfprov.so, and not .so.X.Y.Z +libwolfprov_la_LDFLAGS = -avoid-version EXTRA_DIST+=ChangeLog.md EXTRA_DIST+=README.md diff --git a/README-packaging.md b/README-packaging.md new file mode 100644 index 00000000..41581fe0 --- /dev/null +++ b/README-packaging.md @@ -0,0 +1,88 @@ +# WolfProvider Debian Packaging +This is the flow for building and installing + +## Local build + +From the repo root, run the following command: +``` +./scripts/build-wolfprovider.sh --debian +``` + +For a FIPS build, run the following: +``` +./scripts/build-wolfprovider.sh --debian --enable-fips +``` + +The Debian packages are placed in the parent directory, which should be one level above the repo root. + +## CI build +Instead of doing a local build as outlined above, we can alternatively use packages generated from CI. + +To use a build from CI for local install, download the artifacts from the Debian CI job. Then install the .deb's from the zip file with `apt` as shown below rather than from the build. + +## Install + +If not already done, install the WolfSSL Debian package. The non-FIPS version is available in this repo and is installed by the script below. This step is only needed once, and can be done prior to the `build-wolfprovider.sh` step above. +``` +./debian/install-wolfssl.sh ./.github/packages/debian-wolfssl.tar.gz +``` + +For the script above, some systems may require additional packages: +``` +apt install build-essential devscripts dh-exec +``` + +### Optionally install custom OpenSSL + +**Important**: before proceeding with the wolfProvider install, make sure packages are not present: +``` +apt purge -y libwolfprov ; apt purge -y openssl-config ; apt purge -y openssl ; apt purge -y libssl3 +``` + +Get the system architecture which determines the library paths for the following steps: +``` +export CURRENT_ARCH=$(dpkg --print-architecture) +``` + +Then install the wolfProvider-specific OpenSSL. From the repo root: +``` +apt install ../openssl*${CURRENT_ARCH}*.deb ../libssl3*${CURRENT_ARCH}*.deb +``` + +Check that the provider API is disabled since wolfProvider is not installed: +``` +$ openssl list -providers +Could not load libwolfprov.so. Is the libwolfprov package installed? + libwolfprov.so: cannot open shared object file: No such file or directory +``` + +### Install wolfProvider + +Then install wolfProvider: +``` +apt install ../libwolfprov*${CURRENT_ARCH}*.deb +``` + +Confirm that wolfProvider is installed: +``` +$ openssl list -providers +``` + +Output should look like this: +``` +Providers: + default + name: wolfSSL Provider + version: 1.0.2 + status: active +``` + +## Release process +Always use CI to perform the release build to avoid potential errors from building locally. + +* Tag the wolfProvider repo in the format `vX.Y.Z` + * The changelog is generated by the Debian scripts +* Run the Debian job in CI +* Download the artifacts zip file which contains the .deb's +* Generate release archives as needed + diff --git a/README.md b/README.md index 99f6fe6a..342a1b27 100644 --- a/README.md +++ b/README.md @@ -78,12 +78,6 @@ To remove all source directories, use the following: ./scripts/build-wolfprovider.sh --distclean ``` -To build a Debian package file, use the following command. -Note this will remove all ignored files in the repo, and there must be no staged changes. -``` -./scripts/build-wolfprovider.sh --debian -``` - Alternatively, you can manually compile each component using the following guide. ### OpenSSL diff --git a/debian/clean b/debian/clean new file mode 100644 index 00000000..fb82819e --- /dev/null +++ b/debian/clean @@ -0,0 +1 @@ +wolfProvider/scripts/build-release.log diff --git a/debian/compat b/debian/compat deleted file mode 100644 index 48082f72..00000000 --- a/debian/compat +++ /dev/null @@ -1 +0,0 @@ -12 diff --git a/debian/control b/debian/control index 1f0a18d8..992b65e4 100644 --- a/debian/control +++ b/debian/control @@ -3,23 +3,25 @@ Section: libs Priority: optional Maintainer: WolfSSL Standards-Version: 4.6.2 -Build-Depends: debhelper (>= 12), - devscripts, - pkgconf, - openssl, - libwolfssl, - libwolfssl-dev - +Rules-Requires-Root: no +Build-Depends: + debhelper-compat (= 13), + devscripts, + dh-exec, + openssl, + git, + pkgconf, + libwolfssl-dev Package: libwolfprov Architecture: any +Multi-Arch: same Depends: ${shlibs:Depends}, ${misc:Depends}, libssl3 (>= 3.0.3), libwolfssl (>= 5.8.2), openssl Provides: ${variant:provides} XB-Variant: ${variant} Description: wolfProvider library for OpenSSL — ${variant:desc} wolfProvider is a library that can be used as a Provider in OpenSSL. It provides cryptographic functionality through wolfSSL including: - . * Hash functions (MD5, SHA-1, SHA-2, SHA-3) * Symmetric encryption (AES, DES) * Asymmetric cryptography (RSA, ECC, DH) @@ -31,7 +33,40 @@ Description: wolfProvider library for OpenSSL — ${variant:desc} Package: libwolfprov-dev Architecture: any Section: libdevel +Multi-Arch: same Depends: libwolfprov (= ${binary:Version}), ${misc:Depends} -Description: Development files for wolfProvider - This package contains the header files and development libraries - needed to build applications using wolfProvider. +XB-Variant: ${variant} +Description: Development files for wolfProvider — ${variant:desc} + This package contains the headers and development files + for applications using wolfProvider. + +Package: openssl +Architecture: any +Section: utils +Multi-Arch: foreign +Depends: ${shlibs:Depends}, ${misc:Depends} +Description: Secure Sockets Layer toolkit - command line interface + This package contains the OpenSSL command line utility. + Built for use with wolfProvider. + +Package: libssl3 +Architecture: any +Multi-Arch: same +Depends: libssl3 (= ${binary:Version}), ${misc:Depends} +Breaks: libssl3 (<< 3.0.0) +Replaces: libssl3 +Recommends: openssl +Description: OpenSSL shared libraries (wolfProvider build) + This package contains the OpenSSL shared libraries built + for use with wolfProvider. + +Package: libssl-dev +Architecture: any +Section: libdevel +Multi-Arch: same +Depends: libssl3 (= ${binary:Version}), ${misc:Depends} +Breaks: libssl-dev (<< 3.0.0) +Replaces: libssl-dev +Description: OpenSSL development files (wolfProvider build) + This package contains headers, pkg-config files and linker symlinks + for the OpenSSL version built for wolfProvider. diff --git a/debian/install-wolfssl.sh b/debian/install-wolfssl.sh new file mode 100755 index 00000000..440a9c79 --- /dev/null +++ b/debian/install-wolfssl.sh @@ -0,0 +1,126 @@ +#!/bin/bash + +# Script to install wolfSSL packages for Debian +# Checks if packages are already installed and installs appropriate architecture-specific packages + +set -e + +# Function to check if packages are installed +check_packages_installed() { + if dpkg -l | grep -q "^ii.*libwolfssl " && dpkg -l | grep -q "^ii.*libwolfssl-dev "; then + echo "libwolfssl and libwolfssl-dev packages are already installed" + dpkg -l | grep wolfssl + return 0 + else + return 1 + fi +} + +# Function to install wolfSSL packages +install_wolfssl_packages() { + local wolfssl_tar_path="$1" + local dest_dir="$2" + + if [ ! -f "$wolfssl_tar_path" ]; then + echo "Error: wolfSSL package archive not found at $wolfssl_tar_path" + exit 1 + fi + + # If no destination directory specified, create one using mktemp + if [ -z "$dest_dir" ]; then + dest_dir=$(mktemp -d) + echo "No destination directory specified, created temporary directory: $dest_dir" + else + echo "Using specified destination directory: $dest_dir" + # Create the directory if it doesn't exist + mkdir -p "$dest_dir" + fi + + echo "Extracting wolfSSL package to: $dest_dir" + tar -xvf "$wolfssl_tar_path" -C "$dest_dir" + + # Get current architecture + CURRENT_ARCH=$(dpkg --print-architecture) + echo "Current architecture: $CURRENT_ARCH" + + # Look for existing .deb files that match the current architecture + cd "$dest_dir/debian-packages" + MATCHING_DEB_FILES=$(find . -name "*_${CURRENT_ARCH}.deb" -o -name "*_${CURRENT_ARCH}_*.deb" 2>/dev/null || true) + + if [ -n "$MATCHING_DEB_FILES" ]; then + echo "Found matching .deb files for architecture $CURRENT_ARCH:" + echo "$MATCHING_DEB_FILES" + echo "Installing existing .deb files..." + + # Install both libwolfssl and libwolfssl-dev packages for the current architecture + LIBWOLFSSL_DEB=$(echo "$MATCHING_DEB_FILES" | grep "libwolfssl_[^-]" | head -n1) + LIBWOLFSSL_DEV_DEB=$(echo "$MATCHING_DEB_FILES" | grep "libwolfssl-dev_" | head -n1) + + if [ -n "$LIBWOLFSSL_DEB" ]; then + echo "Installing libwolfssl package: $LIBWOLFSSL_DEB" + dpkg -i "$LIBWOLFSSL_DEB" + else + echo "No libwolfssl package found for architecture $CURRENT_ARCH" + exit 1 + fi + + if [ -n "$LIBWOLFSSL_DEV_DEB" ]; then + echo "Installing libwolfssl-dev package: $LIBWOLFSSL_DEV_DEB" + dpkg -i "$LIBWOLFSSL_DEV_DEB" + else + echo "No libwolfssl-dev package found for architecture $CURRENT_ARCH" + exit 1 + fi + else + echo "No matching .deb files found for architecture $CURRENT_ARCH, rebuilding from source..." + dpkg-source -x wolfssl*.dsc + cd wolfssl*/ + dpkg-buildpackage -b -us -uc + + # Install both libwolfssl and libwolfssl-dev packages + LIBWOLFSSL_DEB=$(find .. -name "libwolfssl_*${CURRENT_ARCH}.deb" | grep -v "dev" | head -n1) + LIBWOLFSSL_DEV_DEB=$(find .. -name "libwolfssl-dev*_${CURRENT_ARCH}.deb" | head -n1) + + if [ -n "$LIBWOLFSSL_DEB" ]; then + echo "Installing libwolfssl package: $LIBWOLFSSL_DEB" + dpkg -i "$LIBWOLFSSL_DEB" + else + echo "No libwolfssl package found after building for architecture $CURRENT_ARCH" + exit 1 + fi + + if [ -n "$LIBWOLFSSL_DEV_DEB" ]; then + echo "Installing libwolfssl-dev package: $LIBWOLFSSL_DEV_DEB" + dpkg -i "$LIBWOLFSSL_DEV_DEB" + else + echo "No libwolfssl-dev package found after building for architecture $CURRENT_ARCH" + exit 1 + fi + fi +} + +# Main execution +main() { + local wolfssl_tar_path="$1" + local dest_dir="$2" + + if [ -z "$wolfssl_tar_path" ]; then + echo "Usage: $0 [destination-directory]" + echo " If destination-directory is not specified, a temporary directory will be created using mktemp" + exit 1 + fi + + echo "Checking if wolfSSL packages are already installed..." + if check_packages_installed; then + echo "Packages already installed, exiting successfully" + exit 0 + fi + + echo "Installing wolfSSL packages..." + install_wolfssl_packages "$wolfssl_tar_path" "$dest_dir" + + echo "WolfSSL installation completed successfully" +} + +# Run main function with all arguments +main "$@" diff --git a/debian/libssl-dev.install b/debian/libssl-dev.install new file mode 100755 index 00000000..049ee3ed --- /dev/null +++ b/debian/libssl-dev.install @@ -0,0 +1,7 @@ +#!/usr/bin/dh-exec +usr/include/openssl/** +usr/lib/${DEB_HOST_MULTIARCH}/libcrypto.so +usr/lib/${DEB_HOST_MULTIARCH}/libssl.so +usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/openssl.pc +usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/libcrypto.pc +usr/lib/${DEB_HOST_MULTIARCH}/pkgconfig/libssl.pc \ No newline at end of file diff --git a/debian/libssl3.install b/debian/libssl3.install new file mode 100644 index 00000000..fcc40907 --- /dev/null +++ b/debian/libssl3.install @@ -0,0 +1,2 @@ +usr/lib/*/libcrypto.so.3 +usr/lib/*/libssl.so.3 diff --git a/debian/libwolfprov.install b/debian/libwolfprov.install index d2e32928..e0f5fd99 100644 --- a/debian/libwolfprov.install +++ b/debian/libwolfprov.install @@ -1,3 +1,3 @@ usr/lib/*/ossl-modules/libwolfprov.so* -etc/ssl/openssl.cnf.d/ -etc/ssl/openssl.cnf.d/wolfprovider.conf +usr/lib/ssl/openssl.cnf.d +usr/lib/ssl/openssl.cnf.d/wolfprovider.conf diff --git a/debian/libwolfprov.postinst b/debian/libwolfprov.postinst index 4755e4ba..49ad68f2 100755 --- a/debian/libwolfprov.postinst +++ b/debian/libwolfprov.postinst @@ -1,12 +1,42 @@ #!/bin/sh set -e -CONF_FILE="/etc/ssl/openssl.cnf" -INCLUDE_LINE=".include /etc/ssl/openssl.cnf.d/" +INCLUDE_LINE=".include /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf" +CONF_FILE="/usr/lib/ssl/openssl.cnf" +CONF_DEFAULT="/usr/share/openssl-defaults/openssl.cnf" -if ! grep -qF "$INCLUDE_LINE" "$CONF_FILE"; then - echo "Adding include for wolfprovider..." +# Copy from our template if it doesn't exist +if [ ! -f "$CONF_FILE" ]; then + echo "Config file does not exist: $CONF_FILE" + if [ -f "$CONF_DEFAULT" ]; then + install -Dm644 "$CONF_DEFAULT" "$CONF_FILE" + else + echo "Default config file does not exist: $CONF_DEFAULT" + exit 1 + fi +fi + +# Add include for wolfprovider config file if not already present +if grep -qF "$INCLUDE_LINE" "$CONF_FILE"; then + echo "Include line already exists in $CONF_FILE" +else + echo "Adding include for wolfprovider to $CONF_FILE..." sed -i "/^openssl_conf/ a $INCLUDE_LINE" "$CONF_FILE" fi +# Link /usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/libwolfprov.so to /usr/lib/$(DEB_HOST_MULTIARCH)/ +# This is needed for the custom openssl build where libwolfprov is a normal module +# Todo: this could possibly be done with a .links file in debian/ +DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH) +# Loop through /usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/libwolfprov.so* and create the link +for file in "/usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so"*; do + # use the same extension as the original file + extension="${file##*.}" + if [ -f "$file" ]; then + echo "Linking $file to /usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.$extension" + ln -sf "$file" "/usr/lib/${DEB_HOST_MULTIARCH}/libwolfprov.$extension" + fi +done + +#DEBHELPER# exit 0 diff --git a/debian/libwolfprov.postrm b/debian/libwolfprov.postrm index 48e6e07b..9c12481b 100755 --- a/debian/libwolfprov.postrm +++ b/debian/libwolfprov.postrm @@ -3,7 +3,12 @@ set -e case "$1" in remove|purge) - rm -f /etc/ssl/openssl.cnf.d/wolfprovider.conf - rmdir /etc/ssl/openssl.cnf.d 2>/dev/null || true + DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH) + rm -f /usr/lib/ssl/openssl.cnf.d/wolfprovider.conf + rm -f /usr/lib/${DEB_HOST_MULTIARCH}/ossl-modules/libwolfprov.so* + rm -f /usr/lib/${DEB_HOST_MULTIARCH}/libwolfprov.so* ;; esac + +#DEBHELPER# +exit 0 diff --git a/debian/openssl.install b/debian/openssl.install new file mode 100644 index 00000000..dc8bc1fc --- /dev/null +++ b/debian/openssl.install @@ -0,0 +1,2 @@ +usr/bin/openssl +usr/share/openssl-defaults/openssl.cnf diff --git a/debian/openssl.postinst b/debian/openssl.postinst new file mode 100644 index 00000000..6b12047c --- /dev/null +++ b/debian/openssl.postinst @@ -0,0 +1,19 @@ +#!/bin/sh +set -e + +CONF_FILE="/usr/lib/ssl/openssl.cnf" +CONF_DEFAULT="/usr/share/openssl-defaults/openssl.cnf" + +# Copy from our template if it doesn't exist +if [ ! -f "$CONF_FILE" ]; then + echo "Config file does not exist: $CONF_FILE" + if [ -f "$CONF_DEFAULT" ]; then + install -Dm644 "$CONF_DEFAULT" "$CONF_FILE" + else + echo "Default config file does not exist: $CONF_DEFAULT" + exit 1 + fi +fi + +#DEBHELPER# +exit 0 \ No newline at end of file diff --git a/debian/openssl.postrm b/debian/openssl.postrm new file mode 100644 index 00000000..ffb449dd --- /dev/null +++ b/debian/openssl.postrm @@ -0,0 +1,11 @@ +#!/bin/sh +set -e + +case "$1" in + remove|purge) + rm -rf /usr/share/openssl-defaults + ;; +esac + +#DEBHELPER# +exit 0 diff --git a/debian/rules b/debian/rules index 763638ee..284884b5 100755 --- a/debian/rules +++ b/debian/rules @@ -1,7 +1,7 @@ #!/usr/bin/make -f %: - dh $@ --with autoreconf + dh $@ # Multiarch triplet DEB_HOST_MULTIARCH := $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) @@ -11,6 +11,9 @@ DESTDIR=debian/tmp # Grab the base version from debian/changelog BASEVER := $(shell dpkg-parsechangelog -SVersion) +# Get OpenSSL version from the build (this will be set after build) +OPENSSL_VERSION ?= 3.5.0 + # Check if FIPS build is requested WOLFSSL_ISFIPS?=0 # Variant-specific metadata @@ -30,44 +33,108 @@ else FIPS_FLAG := endif -# Override just the control-file generation to inject our values -override_dh_gencontrol: - dh_gencontrol -- \ - -v$(VERSION) \ - -Vvariant=$(VARIANT) \ - -Vvariant:desc="$(VARIANT_DESC)" \ - -Vvariant:provides="$(VARIANT_PROVIDES)" - override_dh_auto_configure: # None, handled below override_dh_auto_build: - ./scripts/build-wolfprovider.sh $(FIPS_FLAG) + # Always build OpenSSL with wolfProvider as the default provider + WOLFPROV_BUILD_DEBIAN=1 ./scripts/build-wolfprovider.sh --replace-default $(FIPS_FLAG) override_dh_auto_install: - # Install library + # Detect OpenSSL library directory (lib or lib64) + $(eval OPENSSL_LIB_DIR := $(shell if test -d ./openssl-install/lib; then echo lib; elif test -d ./openssl-install/lib64; then echo lib64; else echo "ERROR: Neither ./openssl-install/lib nor ./openssl-install/lib64 found"; exit 1; fi)) + + # Install OpenSSL binary for openssl package + install -d $(DESTDIR)/usr/bin + install -m755 ./openssl-install/bin/openssl \ + $(DESTDIR)/usr/bin/ + + # Install OpenSSL shared libraries for libssl3 package + install -d $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH) + install -m755 ./openssl-install/$(OPENSSL_LIB_DIR)/libssl.so* \ + ./openssl-install/$(OPENSSL_LIB_DIR)/libcrypto.so* \ + $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ + + # Install OpenSSL headers and dev files for libssl-dev package + # Copy directly to the destination directory + install -d $(DESTDIR)/usr/include/openssl + cp -a $(CURDIR)/openssl-install/include/openssl/. $(DESTDIR)/usr/include/openssl + + # Install wolfProvider library install -d $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules install -m755 ./.libs/libwolfprov.so* \ $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules/ - # Install headers + # Install wolfProvider headers install -d $(DESTDIR)/usr/include/wolfprovider install -m644 ./include/wolfprovider/*.h \ $(DESTDIR)/usr/include/wolfprovider/ # Install provider config file - install -d $(DESTDIR)/etc/ssl/openssl.cnf.d + install -d $(DESTDIR)/usr/lib/ssl/openssl.cnf.d install -m644 ./$(PROVIDER_CONF) \ - $(DESTDIR)/etc/ssl/openssl.cnf.d/wolfprovider.conf + $(DESTDIR)/usr/lib/ssl/openssl.cnf.d/wolfprovider.conf + + # Install default openssl.cnf template (do NOT ship it directly in /usr/lib/ssl) + # The postinstall script will handle copying it to the system location + install -d $(DESTDIR)/usr/share/openssl-defaults + install -m 0644 ./openssl-source/apps/openssl.cnf \ + $(DESTDIR)/usr/share/openssl-defaults/openssl.cnf + + # Install pkg-config files for libssl-dev + install -d $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig + install -m644 ./openssl-install/$(OPENSSL_LIB_DIR)/pkgconfig/*.pc \ + $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/ + # Normalize .pc to system paths + sed -i -e 's|^prefix=.*|prefix=/usr|' \ + -e 's|^exec_prefix=.*|exec_prefix=${prefix}|' \ + -e 's|^libdir=.*|libdir=/usr/lib/$(DEB_HOST_MULTIARCH)|' \ + -e 's|^includedir=.*|includedir=/usr/include|' \ + -e 's|^enginesdir=.*|enginesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/engines-3|' \ + -e 's|^modulesdir=.*|modulesdir=/usr/lib/$(DEB_HOST_MULTIARCH)/ossl-modules|' \ + $(DESTDIR)/usr/lib/$(DEB_HOST_MULTIARCH)/pkgconfig/*.pc + +override_dh_makeshlibs: + # Create shlibs only for real SONAME’d libs; skip provider modules under ossl-modules/ + dh_makeshlibs -V -p libssl3 + # do NOT run on libwolfprov (plugin-only, no SONAME) + +override_dh_gencontrol: + # Generate control for wolfProvider packages + dh_gencontrol -- \ + -v$(VERSION) \ + -Vvariant=$(VARIANT) \ + -Vvariant:desc="$(VARIANT_DESC)" \ + -Vvariant:provides="$(VARIANT_PROVIDES)" + + # Detect OpenSSL library directory (lib or lib64) + $(eval OPENSSL_LIB_DIR := $(shell if test -d ./openssl-install/lib; then echo lib; elif test -d ./openssl-install/lib64; then echo lib64; else echo "ERROR: Neither ./openssl-install/lib nor ./openssl-install/lib64 found"; exit 1; fi)) + + # Extract OpenSSL version from the current build + $(eval OPENSSL_VERSION := $(shell LD_LIBRARY_PATH=./openssl-install/$(OPENSSL_LIB_DIR):./wolfprovider-install/lib ./openssl-install/bin/openssl version | cut -d' ' -f2)) + + # Generate control for OpenSSL packages with OpenSSL version + dh_gencontrol -popenssl -- \ + -v$(OPENSSL_VERSION)-1 \ + -Vopenssl:Version=$(OPENSSL_VERSION) + dh_gencontrol -plibssl3 -- \ + -v$(OPENSSL_VERSION)-1 \ + -Vopenssl:Version=$(OPENSSL_VERSION) + dh_gencontrol -plibssl-dev -- \ + -v$(OPENSSL_VERSION)-1 \ + -Vopenssl:Version=$(OPENSSL_VERSION) override_dh_auto_clean: dh_auto_clean + rm -rf test/standalone/tests/.libs ./scripts/build-wolfprovider.sh --clean --distclean override_dh_auto_test: @echo "Skipping dh_auto_test (tests already run during build phase)" -# Avoid warnings of the form package-has-unnecessary-activation-of-ldconfig-trigger -override_dh_makeshlibs: - dh_makeshlibs -n +override_dh_install: + dh_install +# Fail the build if anything in debian/tmp (or elsewhere) wasn’t picked up +override_dh_missing: + dh_missing --fail-missing diff --git a/default_stub/.gitignore b/default_stub/.gitignore deleted file mode 100644 index f13db083..00000000 --- a/default_stub/.gitignore +++ /dev/null @@ -1,15 +0,0 @@ -Makefile -Makefile.in -.deps/ -.libs/ -*.la -*.lo -*.o -aclocal.m4 -autom4te.cache/ -config.log -config.status -configure -libtool -*.so -*.so.* diff --git a/default_stub/Makefile.am b/default_stub/Makefile.am deleted file mode 100644 index e31303de..00000000 --- a/default_stub/Makefile.am +++ /dev/null @@ -1,2 +0,0 @@ -lib_LTLIBRARIES = libdefault.la -libdefault_la_SOURCES = wp_default_stub.c diff --git a/default_stub/README.md b/default_stub/README.md deleted file mode 100644 index 3bf15917..00000000 --- a/default_stub/README.md +++ /dev/null @@ -1,21 +0,0 @@ -# libdefault - Default Provider Stub Library - -Minimal autotools build for a stub version of the default provider. - -## Building - -```bash -# Generate build system -./autogen.sh - -# Configure and build -./configure -make - -# Clean build artifacts -make clean -``` - -## Output - -The build produces `libdefault.so` in the `.libs/` directory. diff --git a/default_stub/autogen.sh b/default_stub/autogen.sh deleted file mode 100755 index c350c05b..00000000 --- a/default_stub/autogen.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/bash - -set -e - -autoreconf -fiv diff --git a/default_stub/configure.ac b/default_stub/configure.ac deleted file mode 100644 index 5c44872c..00000000 --- a/default_stub/configure.ac +++ /dev/null @@ -1,7 +0,0 @@ -AC_INIT([libdefault], [1.0], [support@wolfssl.com]) -AM_INIT_AUTOMAKE([-Wall -Werror foreign]) -AC_PROG_CC -AM_PROG_AR -LT_INIT -AC_CONFIG_FILES([Makefile]) -AC_OUTPUT diff --git a/default_stub/wp_default_stub.c b/default_stub/wp_default_stub.c deleted file mode 100644 index 52d9ea28..00000000 --- a/default_stub/wp_default_stub.c +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2006-2024 wolfSSL Inc. - * - * This file is part of wolfProvider. - * - * wolfProvider is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfProvider is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with wolfProvider. If not, see . - */ - -#include - -/* Prototype of public function that initializes the wolfSSL provider. */ -OSSL_provider_init_fn wolfssl_provider_init; - -/* Prototype for the wolfprov_provider_init function */ -int wolfprov_provider_init(const OSSL_CORE_HANDLE* handle, - const OSSL_DISPATCH* in, - const OSSL_DISPATCH** out, - void** provCtx); - -/* - * Provider implementation stub - */ -int wolfprov_provider_init(const OSSL_CORE_HANDLE* handle, - const OSSL_DISPATCH* in, - const OSSL_DISPATCH** out, - void** provCtx) -{ - return 0; -} diff --git a/patches/openssl3-replace-default.patch b/patches/openssl3-replace-default.patch index 37aa2578..511e761a 100644 --- a/patches/openssl3-replace-default.patch +++ b/patches/openssl3-replace-default.patch @@ -1,30 +1,69 @@ diff --git a/crypto/provider_predefined.c b/crypto/provider_predefined.c -index 068e0b7..499a9ca 100644 +index 068e0b7..7bc4ddb 100644 --- a/crypto/provider_predefined.c +++ b/crypto/provider_predefined.c -@@ -10,21 +10,15 @@ +@@ -5,23 +5,56 @@ + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html +- */ ++*/ + #include ++#include ++#include ++#include "internal/dso.h" #include "provider_local.h" -OSSL_provider_init_fn ossl_default_provider_init; -+OSSL_provider_init_fn wolfprov_provider_init; ++static DSO *d = NULL; ++ ++/* Common function to dynamically load libwolfprov and call wolfssl_provider_init */ ++static int load_wolfprov_and_init(const OSSL_CORE_HANDLE *handle, ++ const OSSL_DISPATCH *in, const OSSL_DISPATCH **out, ++ void **provctx) { ++ int ret = 0; ++ OSSL_provider_init_fn *wolfssl_provider_init_fn = NULL; ++ ++ d = DSO_new(); ++ if (!d) { ++ fprintf(stderr, "DSO_new() failed\n"); ++ return 1; ++ } ++ ++ if (!DSO_load(d, "wolfprov", NULL, 0)) { ++ fprintf(stderr, "Could not load libwolfprov.so. Is the libwolfprov package installed?\n"); ++ DSO_free(d); ++ return 1; ++ } ++ ++ wolfssl_provider_init_fn = (OSSL_provider_init_fn*)DSO_bind_func(d, "wolfssl_provider_init"); ++ if (!wolfssl_provider_init_fn) { ++ fprintf(stderr, "Failed to find wolfssl_provider_init symbol\n"); ++ DSO_free(d); ++ return 1; ++ } ++ ++ // Intentionally preserve the DSO 'd' here, since it needs to stay loaded ++ ret = wolfssl_provider_init_fn(handle, in, out, provctx); ++ ++ return ret; ++} ++ OSSL_provider_init_fn ossl_base_provider_init; OSSL_provider_init_fn ossl_null_provider_init; -OSSL_provider_init_fn ossl_fips_intern_provider_init; -#ifdef STATIC_LEGACY -OSSL_provider_init_fn ossl_legacy_provider_init; -#endif ++ const OSSL_PROVIDER_INFO ossl_predefined_providers[] = { #ifdef FIPS_MODULE - { "fips", NULL, ossl_fips_intern_provider_init, NULL, 1 }, -+ { "fips", NULL, wolfprov_provider_init, NULL, 1 }, ++ { "fips", NULL, load_wolfprov_and_init, NULL, 1 }, #else - { "default", NULL, ossl_default_provider_init, NULL, 1 }, --# ifdef STATIC_LEGACY -- { "legacy", NULL, ossl_legacy_provider_init, NULL, 0 }, --# endif -+ { "default", NULL, wolfprov_provider_init, NULL, 1 }, -+ { "legacy", NULL, wolfprov_provider_init, NULL, 0 }, - { "base", NULL, ossl_base_provider_init, NULL, 0 }, - { "null", NULL, ossl_null_provider_init, NULL, 0 }, - #endif ++ { "default", NULL, load_wolfprov_and_init, NULL, 1 }, + # ifdef STATIC_LEGACY + { "legacy", NULL, ossl_legacy_provider_init, NULL, 0 }, + # endif diff --git a/scripts/build-debian.sh b/scripts/build-debian.sh index 2a73d9a0..6c6bbc1b 100755 --- a/scripts/build-debian.sh +++ b/scripts/build-debian.sh @@ -111,6 +111,6 @@ git archive --format=tar.gz --prefix="${TARBALL_PREFIX}/" \ # Step 10: Build package echo "⚙️ Building package..." WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS:-0} -debuild --set-envvar WOLFSSL_ISFIPS=${WOLFSSL_ISFIPS} -us -uc +debuild -e WOLFSSL_ISFIPS -us -uc echo "✅ Build completed for version $VERSION" diff --git a/scripts/build-wolfprovider.sh b/scripts/build-wolfprovider.sh index 79c8c274..ad25d106 100755 --- a/scripts/build-wolfprovider.sh +++ b/scripts/build-wolfprovider.sh @@ -160,10 +160,6 @@ source ${SCRIPT_DIR}/utils-wolfprovider.sh echo "Using openssl: $OPENSSL_TAG, wolfssl: $WOLFSSL_TAG" -if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then - build_default_stub -fi - init_wolfprov exit $? diff --git a/scripts/env-setup b/scripts/env-setup index c7e84302..15bae7c7 100755 --- a/scripts/env-setup +++ b/scripts/env-setup @@ -24,7 +24,16 @@ else fi pushd $SCRIPT_DIR -REPO_ROOT="${GITHUB_WORKSPACE:-$(git rev-parse --show-toplevel)}" +if [ -n "${GITHUB_WORKSPACE:-}" ]; then + # In a GitHub Actions workflow, GITHUB_WORKSPACE is set to the root of the repository + REPO_ROOT="$GITHUB_WORKSPACE" +elif git rev-parse --show-toplevel >/dev/null 2>&1; then + # In a local environment, use the output of git rev-parse --show-toplevel + REPO_ROOT="$(git rev-parse --show-toplevel)" +else + # Fallback: use parent directory of scripts folder + REPO_ROOT="$(dirname "$SCRIPT_DIR")" +fi popd echo "SCRIPT_DIR: $SCRIPT_DIR" @@ -46,7 +55,7 @@ WOLFPROV_LIB_PATH="$REPO_ROOT/wolfprov-install/lib" # Always reconstruct LD_LIBRARY_PATH with correctly detected OPENSSL_LIB_PATH # ${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} expands to :$LD_LIBRARY_PATH only if LD_LIBRARY_PATH was already set -export LD_LIBRARY_PATH="$WOLFSSL_LIB_PATH:$OPENSSL_LIB_PATH${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" +export LD_LIBRARY_PATH="$WOLFPROV_LIB_PATH:$WOLFSSL_LIB_PATH:$OPENSSL_LIB_PATH${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" # Auto-detect FIPS mode and use appropriate config if [ "${WOLFSSL_ISFIPS:-0}" = "1" ]; then diff --git a/scripts/test-wp-cs.sh b/scripts/test-wp-cs.sh index a577405a..514aa0f6 100755 --- a/scripts/test-wp-cs.sh +++ b/scripts/test-wp-cs.sh @@ -271,23 +271,30 @@ CURVES=prime256v1 OPENSSL_ALL_CIPHERS="-cipher ALL -ciphersuites $TLS13_ALL_CIPHERS" OPENSSL_PORT=$(generate_port) -# ensure we are doing a clean build -printf "Cleaning up previous builds\n" -rm -rf ${SCRIPT_DIR}/../*-install -if [ -d ${OPENSSL_SOURCE_DIR} ]; then - pushd ${OPENSSL_SOURCE_DIR} > /dev/null - git clean -xdf > /dev/null 2>&1 - popd > /dev/null -fi -if [ -d ${WOLFSSL_SOURCE_DIR} ]; then - pushd ${WOLFSSL_SOURCE_DIR} > /dev/null - git clean -xdf > /dev/null 2>&1 - popd > /dev/null -fi +# Debug git and openssl versions +printf "Environment variables:\n" +env | sort -init_wolfprov +printf "Git and OpenSSL versions:\n" +which git +git --version || true +which openssl +openssl version -a || true if [ "${AM_BWRAPPED-}" != "yes" ]; then + # Perform the build only if not in the bubble + printf "Cleaning up previous builds\n" + ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean + printf "Building wolfProvider\n" + ${SCRIPT_DIR}/build-wolfprovider.sh + + printf "OPENSSL_BIN: $OPENSSL_BIN\n" + $OPENSSL_BIN version -a || true + + source ${SCRIPT_DIR}/env-setup + printf "Updated environment variables:\n" + env | sort + bwrap_path="$(command -v bwrap)" if [ -n "$bwrap_path" ]; then export AM_BWRAPPED=yes diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh index cd3d5780..f11e4a4d 100755 --- a/scripts/utils-openssl.sh +++ b/scripts/utils-openssl.sh @@ -32,7 +32,6 @@ OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install OPENSSL_BIN=${OPENSSL_INSTALL_DIR}/bin/openssl OPENSSL_TEST=${OPENSSL_SOURCE_DIR}/test OPENSSL_LIB_DIRS="${OPENSSL_INSTALL_DIR}/lib:${OPENSSL_INSTALL_DIR}/lib64" -OPENSSL_STUB_INSTALL_DIR=${SCRIPT_DIR}/../libdefault-stub-install NUMCPU=${NUMCPU:-8} WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0} @@ -63,8 +62,6 @@ clone_openssl() { if [ ! -d ${OPENSSL_SOURCE_DIR} ]; then printf "\tOpenSSL source directory not found: ${OPENSSL_SOURCE_DIR}\n" - printf "\tParent directory:\n" - tree -L 2 $(dirname ${OPENSSL_SOURCE_DIR}/..) || true CLONE_TAG=${USE_CUR_TAG:+${OPENSSL_TAG_CUR}} CLONE_TAG=${CLONE_TAG:-${OPENSSL_TAG}} @@ -72,11 +69,12 @@ clone_openssl() { DEPTH_ARG=${DEPTH_ARG:---depth=1} printf "\tClone OpenSSL ${CLONE_TAG} from ${OPENSSL_GIT_URL} ... " - git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${OPENSSL_GIT_URL} ${OPENSSL_SOURCE_DIR} + git clone ${DEPTH_ARG} -b ${CLONE_TAG} ${OPENSSL_GIT_URL} ${OPENSSL_SOURCE_DIR} >>$LOG_FILE 2>&1 RET=$? if [ $RET != 0 ]; then printf "ERROR.\n" + tail -n 100 $LOG_FILE do_cleanup exit 1 fi @@ -96,15 +94,24 @@ clone_openssl() { fi } +is_openssl_patched() { + if [ ! -f "${OPENSSL_SOURCE_DIR}/crypto/provider_predefined.c" ]; then + return 0 + fi + + pushd ${OPENSSL_SOURCE_DIR} &> /dev/null + patch_applied=$(git diff --quiet "crypto/provider_predefined.c" 2>/dev/null && echo 1 || echo 0) + popd &> /dev/null + return $patch_applied +} + check_openssl_replace_default_mismatch() { local openssl_is_patched=0 # Check if the source was patched for --replace-default - if [ -f "${OPENSSL_SOURCE_DIR}/crypto/provider_predefined.c" ]; then - if grep -q "wolfprov_provider_init" "${OPENSSL_SOURCE_DIR}/crypto/provider_predefined.c" 2>/dev/null; then - openssl_is_patched=1 - printf "INFO: OpenSSL source modified - wolfProvider integrated as default provider (non-stock build).\n" - fi + if is_openssl_patched; then + openssl_is_patched=1 + printf "INFO: OpenSSL source modified - wolfProvider integrated as default provider (non-stock build).\n" fi # Check for mismatch @@ -125,6 +132,19 @@ check_openssl_replace_default_mismatch() { fi } +patch_openssl_version() { + # Patch the OpenSSL version (wolfProvider/openssl-source/VERSION.dat) + # with our BUILD_METADATA, depending on the FIPS flag. Either "wolfProvider" or "wolfProvider-fips". + if [ "$WOLFSSL_ISFIPS" = "1" ]; then + sed -i 's/BUILD_METADATA=.*/BUILD_METADATA=wolfProvider-fips/g' ${OPENSSL_SOURCE_DIR}/VERSION.dat + else + sed -i 's/BUILD_METADATA=.*/BUILD_METADATA=wolfProvider-nonfips/g' ${OPENSSL_SOURCE_DIR}/VERSION.dat + fi + + # Patch the OpenSSL RELEASE_DATE field with the current date in the format DD MMM YYYY + sed -i "s/RELEASE_DATE=.*/RELEASE_DATE=$(date '+%d %b %Y')/g" ${OPENSSL_SOURCE_DIR}/VERSION.dat +} + patch_openssl() { if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then @@ -137,11 +157,12 @@ patch_openssl() { fi printf "\tApplying OpenSSL default provider patch ... " - cd ${OPENSSL_SOURCE_DIR} + pushd ${OPENSSL_SOURCE_DIR} &> /dev/null # Check if patch is already applied - if grep -q "wolfprov_provider_init" crypto/provider_predefined.c 2>/dev/null; then + if is_openssl_patched; then printf "Already applied.\n" + popd &> /dev/null return 0 fi @@ -154,10 +175,78 @@ patch_openssl() { do_cleanup exit 1 fi + patch_openssl_version printf "Done.\n" - cd ${SCRIPT_DIR}/.. + popd &> /dev/null + fi +} + +install_openssl_deb() { + printf "\nInstalling OpenSSL ${OPENSSL_TAG} for Debian packaging ...\n" + clone_openssl + patch_openssl + check_openssl_replace_default_mismatch + + pushd ${OPENSSL_SOURCE_DIR} &> /dev/null + + if [ -d ${OPENSSL_INSTALL_DIR} ]; then + printf "\tOpenSSL install directory already exists: ${OPENSSL_INSTALL_DIR}\n" + printf "\tRemoving existing install directory...\n" + rm -rf ${OPENSSL_INSTALL_DIR} + fi + + # Build configure command + CONFIG_CMD="./config shared" + + # Determine the install paths for Debian Bookworm + DEB_HOST_MULTIARCH=$(dpkg-architecture -qDEB_HOST_MULTIARCH) + CONFIG_CMD+=" --prefix=/usr --openssldir=/usr/lib/ssl --libdir=lib/${DEB_HOST_MULTIARCH} " + + if [ "$WOLFPROV_DEBUG" = "1" ]; then + CONFIG_CMD+=" enable-trace --debug" fi + + if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then + CONFIG_CMD+=" no-external-tests no-tests" + fi + + printf "\tConfigure OpenSSL ${OPENSSL_TAG} ... " + $CONFIG_CMD >>$LOG_FILE 2>&1 + RET=$? + if [ $RET != 0 ]; then + printf "ERROR.\n" + rm -rf ${OPENSSL_INSTALL_DIR} + do_cleanup + exit 1 + fi + printf "Done.\n" + + printf "\tBuild OpenSSL ${OPENSSL_TAG} ... " + make -j$NUMCPU >>$LOG_FILE 2>&1 + if [ $? != 0 ]; then + printf "ERROR.\n" + rm -rf ${OPENSSL_INSTALL_DIR} + do_cleanup + exit 1 + fi + printf "Done.\n" + + # Manually set up the install directory rather than running 'make install' + # so that we don't modify the system OpenSSL installation + printf "\tCopying outputs to ${OPENSSL_INSTALL_DIR} for OpenSSL ${OPENSSL_TAG} ... " + mkdir -p ${OPENSSL_INSTALL_DIR}/bin + mkdir -p ${OPENSSL_INSTALL_DIR}/lib + mkdir -p ${OPENSSL_INSTALL_DIR}/include/openssl + mkdir -p ${OPENSSL_INSTALL_DIR}/lib/pkgconfig + cp -r apps/openssl ${OPENSSL_INSTALL_DIR}/bin/openssl + cp -r libcrypto.so* libcrypto.a ${OPENSSL_INSTALL_DIR}/lib/ + cp -r libssl.so* libssl.a ${OPENSSL_INSTALL_DIR}/lib/ + cp -r include/openssl/* ${OPENSSL_INSTALL_DIR}/include/openssl/ + cp -r *.pc ${OPENSSL_INSTALL_DIR}/lib/pkgconfig/ + printf "Done.\n" + + popd &> /dev/null } install_openssl() { @@ -165,7 +254,8 @@ install_openssl() { clone_openssl patch_openssl check_openssl_replace_default_mismatch - cd ${OPENSSL_SOURCE_DIR} + + pushd ${OPENSSL_SOURCE_DIR} &> /dev/null if [ ! -d ${OPENSSL_INSTALL_DIR} ]; then printf "\tConfigure OpenSSL ${OPENSSL_TAG} ... " @@ -177,19 +267,6 @@ install_openssl() { fi if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then CONFIG_CMD+=" no-external-tests no-tests" - - # Set up library paths to find the stub libdefault - if [ -d "${OPENSSL_STUB_INSTALL_DIR}" ]; then - # Link the stub library directly into libcrypto using LDFLAGS and LDLIBS - CONFIGURE_LDFLAGS="-L${OPENSSL_STUB_INSTALL_DIR}/lib" - CONFIGURE_LDLIBS="-ldefault" - else - printf "ERROR - stub libdefault not found in: ${OPENSSL_STUB_INSTALL_DIR}\n" - do_cleanup - exit 1 - fi - - CONFIG_CMD+=" LDFLAGS=${CONFIGURE_LDFLAGS} LDLIBS=${CONFIGURE_LDLIBS}" fi $CONFIG_CMD >>$LOG_FILE 2>&1 @@ -223,26 +300,13 @@ install_openssl() { printf "Done.\n" fi - cd .. + popd &> /dev/null } init_openssl() { install_openssl printf "\tOpenSSL ${OPENSSL_TAG} installed in: ${OPENSSL_INSTALL_DIR}\n" - # Skip version check for replace-default mode since we only build libraries - if [ "$WOLFPROV_REPLACE_DEFAULT" != "1" ]; then - OSSL_VER=`LD_LIBRARY_PATH=${OPENSSL_LIB_DIRS} $OPENSSL_BIN version | tail -n1` - case $OSSL_VER in - OpenSSL\ 3.*) ;; - *) - echo "OpenSSL ($OPENSSL_BIN) has wrong version: $OSSL_VER" - echo "Set: OPENSSL_DIR" - exit 1 - ;; - esac - fi - if [ -z $LD_LIBRARY_PATH ]; then export LD_LIBRARY_PATH=${OPENSSL_LIB_DIRS} else diff --git a/scripts/utils-wolfprovider.sh b/scripts/utils-wolfprovider.sh index e3dc5696..4f46a2d9 100644 --- a/scripts/utils-wolfprovider.sh +++ b/scripts/utils-wolfprovider.sh @@ -25,13 +25,13 @@ source ${SCRIPT_DIR}/utils-general.sh WOLFPROV_SOURCE_DIR=${SCRIPT_DIR}/.. WOLFPROV_INSTALL_DIR=${SCRIPT_DIR}/../wolfprov-install +LIBDEFAULT_INSTALL_DIR=${WOLFPROV_INSTALL_DIR} LIBDEFAULT_STUB_INSTALL_DIR=${SCRIPT_DIR}/../libdefault-stub-install WOLFPROV_WITH_WOLFSSL=--with-wolfssl=${WOLFSSL_INSTALL_DIR} # Check if using system wolfSSL installation if command -v dpkg >/dev/null 2>&1; then if dpkg -l | grep -q "^ii.*libwolfssl[[:space:]]" && dpkg -l | grep -q "^ii.*libwolfssl-dev[[:space:]]"; then - printf "\nSkipping wolfSSL installation - libwolfssl and libwolfssl-dev packages are already installed.\n" WOLFPROV_WITH_WOLFSSL= fi fi @@ -39,7 +39,6 @@ fi WOLFPROV_CONFIG_OPTS=${WOLFPROV_CONFIG_OPTS:-"--with-openssl=${OPENSSL_INSTALL_DIR} ${WOLFPROV_WITH_WOLFSSL} --prefix=${WOLFPROV_INSTALL_DIR}"} WOLFPROV_CONFIG_CFLAGS=${WOLFPROV_CONFIG_CFLAGS:-''} - if [ "${WOLFPROV_QUICKTEST}" = "1" ]; then WOLFPROV_CONFIG_CFLAGS="${WOLFPROV_CONFIG_CFLAGS} -DWOLFPROV_QUICKTEST" fi @@ -58,55 +57,6 @@ WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0} WOLFPROV_CLEAN=${WOLFPROV_CLEAN:-0} WOLFPROV_DISTCLEAN=${WOLFPROV_DISTCLEAN:-0} -build_default_stub() { - printf "\nBuilding default stub library ...\n" - cd ${SCRIPT_DIR}/../default_stub - - printf "\tGenerate build system ... " - if [ ! -e "configure" ]; then - ./autogen.sh >>$LOG_FILE 2>&1 - if [ $? != 0 ]; then - printf "\n\n...\n" - tail -n 40 $LOG_FILE - do_cleanup - exit 1 - fi - fi - printf "Done.\n" - - printf "\tConfigure default stub ... " - ./configure --prefix=${LIBDEFAULT_STUB_INSTALL_DIR} >>$LOG_FILE 2>&1 - if [ $? != 0 ]; then - printf "\n\n...\n" - tail -n 40 $LOG_FILE - do_cleanup - exit 1 - fi - printf "Done.\n" - - printf "\tBuild default stub ... " - make >>$LOG_FILE 2>&1 - if [ $? != 0 ]; then - printf "\n\n...\n" - tail -n 40 $LOG_FILE - do_cleanup - exit 1 - fi - printf "Done.\n" - - printf "\tInstall default stub ... " - make install >>$LOG_FILE 2>&1 - if [ $? != 0 ]; then - printf "\n\n...\n" - tail -n 40 $LOG_FILE - do_cleanup - exit 1 - fi - printf "Done.\n" - - cd ${SCRIPT_DIR}/.. -} - clean_wolfprov() { printf "\n" @@ -115,42 +65,23 @@ clean_wolfprov() { if [ -f "Makefile" ]; then make clean >>$LOG_FILE 2>&1 fi - # Clean default_stub build artifacts - if [ -f "default_stub/Makefile" ]; then - printf "Cleaning default stub ...\n" - make -C default_stub clean >>$LOG_FILE 2>&1 - fi - # Remove root libdefault.la file - rm -f libdefault.la + # Remove entire wolfProvider install directory rm -rf ${WOLFPROV_INSTALL_DIR} + rm -rf ${LOG_FILE} fi if [ "$WOLFPROV_DISTCLEAN" -eq "1" ]; then printf "Removing wolfProvider install ...\n" rm -rf ${WOLFPROV_INSTALL_DIR} - rm -rf ${LIBDEFAULT_STUB_INSTALL_DIR} fi } install_wolfprov() { - cd ${WOLFPROV_SOURCE_DIR} - - # Add stub library path for replace-default functionality after dependencies are installed - if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then - if [ -z "$LD_LIBRARY_PATH" ]; then - export LD_LIBRARY_PATH="${LIBDEFAULT_STUB_INSTALL_DIR}/lib" - else - export LD_LIBRARY_PATH="${LIBDEFAULT_STUB_INSTALL_DIR}/lib:$LD_LIBRARY_PATH" - fi - fi + pushd ${WOLFPROV_SOURCE_DIR} &> /dev/null init_openssl init_wolfssl - printf "\nConsolidating wolfProvider ...\n" - unset OPENSSL_MODULES - unset OPENSSL_CONF - - printf "LD_LIBRARY_PATH: $LD_LIBRARY_PATH\n" + printf "\nInstalling wolfProvider ...\n" printf "\tConfigure wolfProvider ... " if [ ! -e "${WOLFPROV_SOURCE_DIR}/configure" ]; then @@ -171,7 +102,6 @@ install_wolfprov() { ./configure ${WOLFPROV_CONFIG_OPTS} CFLAGS="${WOLFPROV_CONFIG_CFLAGS}" >>$LOG_FILE 2>&1 RET=$? - if [ $RET != 0 ]; then printf "\n\n...\n" tail -n 40 $LOG_FILE @@ -190,15 +120,21 @@ install_wolfprov() { fi printf "Done.\n" - printf "\tTest wolfProvider ... " - make test >>$LOG_FILE 2>&1 - if [ $? != 0 ]; then - printf "\n\n...\n" - tail -n 40 $LOG_FILE - do_cleanup - exit 1 + # Build the replacement default library after wolfprov to avoid linker errors + # but before testing so that the library is present if needed + if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then + printf "\tWARNING: Skipping tests in replace mode...\n" + else + printf "\tTest wolfProvider ... " + make test >>$LOG_FILE 2>&1 + if [ $? != 0 ]; then + printf "\n\n...\n" + tail -n 40 $LOG_FILE + do_cleanup + exit 1 + fi + printf "Done.\n" fi - printf "Done.\n" printf "\tInstall wolfProvider ... " make install >>$LOG_FILE 2>&1 @@ -209,6 +145,8 @@ install_wolfprov() { exit 1 fi printf "Done.\n" + + popd &> /dev/null } init_wolfprov() { diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh index 481929d9..52dea336 100644 --- a/scripts/utils-wolfssl.sh +++ b/scripts/utils-wolfssl.sh @@ -98,6 +98,19 @@ install_wolfssl() { # use the custom OpenSSL built with wolfProvider. if command -v dpkg >/dev/null 2>&1; then if dpkg -l | grep -q "^ii.*libwolfssl[[:space:]]" && dpkg -l | grep -q "^ii.*libwolfssl-dev[[:space:]]"; then + # Check if there is a FIPS mismatch + # If the system wolfSSL is FIPS, we need to be doing a FIPS build + dpkg -l | grep "^ii.*libwolfssl[[:space:]]" | grep -q "fips" + if [ $? -eq 0 ] && [ "$WOLFSSL_ISFIPS" != "1" ]; then + printf "ERROR: System wolfSSL is FIPS, but WOLFSSL_ISFIPS is not set to 1\n" + do_cleanup + exit 1 + elif [ $? -eq 0 ] && [ "$WOLFSSL_ISFIPS" != "0" ]; then + printf "ERROR: System wolfSSL is non-FIPS, but WOLFSSL_ISFIPS is set to 1\n" + do_cleanup + exit 1 + fi + printf "\nSkipping wolfSSL installation - libwolfssl and libwolfssl-dev packages are already installed.\n" # Set WOLFSSL_INSTALL_DIR to system installation directory WOLFSSL_INSTALL_DIR="/usr" diff --git a/src/wp_default_replace.c b/src/wp_default_replace.c deleted file mode 100644 index 046a48ec..00000000 --- a/src/wp_default_replace.c +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Copyright (C) 2006-2024 wolfSSL Inc. - * - * This file is part of wolfProvider. - * - * wolfProvider is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * wolfProvider is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with wolfProvider. If not, see . - */ - -/* - * wolfProvider Real Implementation for libdefault.so - * - * This is the real implementation of wolfprov_provider_init that bridges - * OpenSSL's default provider interface to wolfProvider by dynamically - * loading libwolfprov.so and calling wolfssl_provider_init. - * - * This replaces the stub implementation after wolfProvider is fully built. - */ - -#include - -/* Prototype of public function that initializes the wolfSSL provider. */ -OSSL_provider_init_fn wolfssl_provider_init; - -/* Prototype for the wolfprov_provider_init function */ -int wolfprov_provider_init(const OSSL_CORE_HANDLE* handle, - const OSSL_DISPATCH* in, - const OSSL_DISPATCH** out, - void** provCtx); - -/* - * Real implementation of wolfprov_provider_init. - * - * This function dynamically loads libwolfprov.so and calls its - * wolfssl_provider_init function to provide full wolfProvider functionality. - * - * @param [in] handle Handle to the core. - * @param [in] in Dispatch table from previous provider. - * @param [out] out Dispatch table of wolfSSL provider. - * @param [out] provCtx New provider context. - * @return 1 on success, 0 on failure. - */ -int wolfprov_provider_init(const OSSL_CORE_HANDLE* handle, - const OSSL_DISPATCH* in, - const OSSL_DISPATCH** out, - void** provCtx) -{ - return wolfssl_provider_init(handle, in, out, provCtx); -}