diff --git a/.github/workflows/asan.yml b/.github/workflows/asan.yml
index e10e82e4..af84ec01 100644
--- a/.github/workflows/asan.yml
+++ b/.github/workflows/asan.yml
@@ -3,9 +3,9 @@ name: Asan Test
# START OF COMMON SECTION
on:
push:
- branches: [ "*" ]
+ branches: [ '*' ]
pull_request:
- branches: [ "*" ]
+ branches: [ '*' ]
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml
index e37eb4dc..eb3d80c2 100644
--- a/.github/workflows/bind9.yml
+++ b/.github/workflows/bind9.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_bind:
runs-on: ubuntu-22.04
@@ -42,6 +43,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -81,6 +83,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install bind9 test dependencies
run: |
apt-get update
@@ -113,6 +119,7 @@ jobs:
working-directory: bind9
shell: bash
run: |
+
set +o pipefail # ignore errors from make check
autoreconf -ivf
./configure
diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml
index 7463248f..c3f1d01b 100644
--- a/.github/workflows/cjose.yml
+++ b/.github/workflows/cjose.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_cjose:
runs-on: ubuntu-22.04
@@ -43,6 +44,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -88,12 +90,9 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
-
-
- - name: Check wolfProvider is installed
+ - name: Verify wolfProvider is properly installed
run: |
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
- name: Download cjose
uses: actions/checkout@v4
@@ -114,10 +113,6 @@ jobs:
- name: Run cjose tests
working-directory: cjose
run: |
- # wolfProvider is already loaded as the default provider
- echo "Current OpenSSL providers:"
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
export ${{ matrix.force_fail }}
make test 2>&1 | tee cjose-test.log
diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml
index 8647e7c4..677bab46 100644
--- a/.github/workflows/curl.yml
+++ b/.github/workflows/curl.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_curl:
runs-on: ubuntu-22.04
@@ -41,9 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
- exclude:
- - curl_ref: 'master'
- force_fail: 'WOLFPROV_FORCE_FAIL=1'
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -83,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
diff --git a/.github/workflows/debian-package.yml b/.github/workflows/debian-package.yml
index 747a17ef..45b1d6c3 100644
--- a/.github/workflows/debian-package.yml
+++ b/.github/workflows/debian-package.yml
@@ -3,7 +3,7 @@ name: Debian Package Test
# START OF COMMON SECTION
on:
push:
- branches: [ '**' ] # 'master', 'main', 'release/**' ]
+ branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]
@@ -27,6 +27,9 @@ jobs:
replace_default: [ true ]
libwolfprov-standalone:
+ # Standalone mode is disabled until we re-enable support for it in the debian build.
+ if: false
+
runs-on: ubuntu-22.04
needs: build_wolfprovider
# Run inside Debian Bookworm to match packaging environment
@@ -77,11 +80,9 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- - name: Verify installation
+ - name: Verify wolfProvider is properly installed
run: |
- echo "Package Installation Verification:"
- dpkg -l | grep libwolfprov
- dpkg -L libwolfprov
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.fips && '--fips' || '' }}
- name: Test OpenSSL provider functionality
run: |
@@ -184,6 +185,11 @@ jobs:
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
+ - name: Checkout wolfProvider
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 1
+
- name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache
@@ -239,29 +245,9 @@ jobs:
echo "Installed packages after wolfprov:"
dpkg -l | grep -E "(wolfprov|wolfssl|openssl|libssl)"
- - name: Test OpenSSL providers after wolfprov installation
+ - name: Verify wolfProvider is properly installed
run: |
- echo "Testing OpenSSL providers after wolfprov installation..."
- echo "Expected: This should show wolfprov as an available provider"
-
- # Test openssl list -providers
- if openssl list -providers; then
- echo "SUCCESS: openssl list -providers works after wolfprov installation"
- else
- echo "FAILURE: openssl list -providers failed after wolfprov installation"
- exit 1
- fi
-
- echo "Provider list after wolfprov installation:"
- openssl list -providers
-
- # Check if wolfprov provider is available
- if openssl list -providers | grep -i "wolfprov"; then
- echo "SUCCESS: wolfprov provider is available"
- else
- echo "WARNING: wolfprov provider not found in provider list"
- echo "This might be expected if the provider needs to be explicitly loaded"
- fi
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
- name: Verify wolfprov configuration
run: |
diff --git a/.github/workflows/git-ssh-dr.yml b/.github/workflows/git-ssh-dr.yml
new file mode 100644
index 00000000..ddbcda05
--- /dev/null
+++ b/.github/workflows/git-ssh-dr.yml
@@ -0,0 +1,111 @@
+name: Git SSH Default Replace Tests
+
+on:
+ push:
+ branches: [ 'master', 'main', 'release/**', ]
+ pull_request:
+ branches: [ '*' ]
+
+concurrency:
+ group: ${{ github.workflow }}-${{ github.ref }}
+ cancel-in-progress: true
+
+jobs:
+ build_wolfprovider:
+ uses: ./.github/workflows/build-wolfprovider.yml
+ with:
+ wolfssl_ref: ${{ matrix.wolfssl_ref }}
+ openssl_ref: ${{ matrix.openssl_ref }}
+ replace_default: ${{ matrix.replace_default }}
+ strategy:
+ matrix:
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ fips: [ false ]
+
+ git-ssh-default-replace-test:
+ runs-on: ubuntu-22.04
+ container:
+ image: debian:bookworm
+ env:
+ DEBIAN_FRONTEND: noninteractive
+ needs: build_wolfprovider
+ # This should be a safe limit for the tests to run.
+ timeout-minutes: 20
+ strategy:
+ matrix:
+ wolfssl_ref: [ 'v5.8.2-stable' ]
+ openssl_ref: [ 'openssl-3.5.2' ]
+ replace_default: [ true ]
+ fips: [ false ]
+ key_type: [ 'rsa', 'ecdsa', 'ed25519', 'chacha20-poly1305' ]
+ force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
+ iterations: [ 10 ] # Total of 50 runs
+ env:
+ WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
+ OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
+ WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
+
+ steps:
+ - name: Checkout wolfProvider
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 1
+
+ - name: Checking OpenSSL/wolfProvider packages in cache
+ uses: actions/cache/restore@v4
+ id: wolfprov-cache
+ with:
+ path: |
+ ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ${{ env.OPENSSL_PACKAGES_PATH }}
+ ${{ env.WOLFPROV_PACKAGES_PATH }}
+ key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }}
+ fail-on-cache-miss: true
+
+ - name: Install wolfSSL/OpenSSL/wolfprov packages
+ run: |
+ printf "Installing OpenSSL/wolfProvider packages:\n"
+ ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
+ ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+ ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
+ apt install --reinstall -y \
+ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \
+ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb
+
+ apt install --reinstall -y \
+ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Set up environment
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y openssh-client openssh-server expect xxd git \
+ net-tools git-all
+
+ - name: Run git + replace default + ssh test
+ shell: bash
+ run: |
+ echo "=== Running Git + replace default + ssh Test ==="
+ echo "Using the local test script for consistent testing"
+ # Run the test with the matrix parameters
+ echo "Testing with key type: ${{ matrix.key_type }}"
+ echo "Running ${{ matrix.iterations }} iterations"
+
+ # Run the scripts test
+ ${{ matrix.force_fail }} ./scripts/test-git-ssh-dr.sh \
+ --key-types "${{ matrix.key_type }}" \
+ --iterations "${{ matrix.iterations }}" \
+ --verbose
+
+ echo "=== Test completed for ${{ matrix.key_type }} ==="
diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml
index 9d665d90..19f38c12 100644
--- a/.github/workflows/grpc.yml
+++ b/.github/workflows/grpc.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_grpc:
runs-on: ubuntu-22.04
@@ -48,6 +49,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -87,11 +89,15 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install prerequisites
run: |
apt-get update
- apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev \
- iproute2 clang net-tools git python3-six
+ apt-get install -y build-essential autoconf libtool pkg-config clang \
+ libc++-dev iproute2 net-tools git python3-six
- name: Confirm IPv4 and IPv6 support
run: |
@@ -129,6 +135,7 @@ jobs:
- name: Run grpc tests with wolfProvider
working-directory: ./grpc
run: |
+
# Start the port server
./tools/run_tests/start_port_server.py
diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml
index a8af6683..58e26d0f 100644
--- a/.github/workflows/iperf.yml
+++ b/.github/workflows/iperf.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_iperf:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,10 +82,15 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
- apt-get install -y build-essential autoconf libtool pkg-config clang libc++-dev
+ apt-get install -y build-essential autoconf libtool pkg-config clang \
+ libc++-dev
- name: Checkout iperf
uses: actions/checkout@v4
diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml
index 3cf483c5..43adaebe 100644
--- a/.github/workflows/ipmitool.yml
+++ b/.github/workflows/ipmitool.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_ipmitool:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
@@ -97,6 +103,7 @@ jobs:
- name: Confirm built with OpenSSL and test with wolfProvider
working-directory: ipmitool
run: |
+
# Verify ipmitool was built and linked correctly with OpenSSL
ldd src/ipmitool | grep -E '(libssl|libcrypto)'
ldd src/ipmievd | grep -E '(libssl|libcrypto)'
diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml
index 6f4b1f49..e5e9b6ed 100644
--- a/.github/workflows/krb5.yml
+++ b/.github/workflows/krb5.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_krb5:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install KRB5 dependencies
run: |
apt-get update
@@ -112,6 +118,7 @@ jobs:
working-directory: krb5
shell: bash
run: |
+
set +o pipefail # ignore errors from make check
# Build KRB5
cd src
@@ -132,4 +139,3 @@ jobs:
make check 2>&1 | tee krb5-test.log
TEST_RESULT=${PIPESTATUS[0]}
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} krb5
-
diff --git a/.github/workflows/libcryptsetup.yml b/.github/workflows/libcryptsetup.yml
index a0a92663..4ff27c54 100644
--- a/.github/workflows/libcryptsetup.yml
+++ b/.github/workflows/libcryptsetup.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_cryptsetup:
runs-on: ubuntu-22.04
@@ -42,6 +43,7 @@ jobs:
openssl_ref: ['openssl-3.5.2']
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -82,6 +84,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
diff --git a/.github/workflows/libeac3.yml b/.github/workflows/libeac3.yml
index f569a1d4..7e2a64ad 100644
--- a/.github/workflows/libeac3.yml
+++ b/.github/workflows/libeac3.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_libeac3:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -82,11 +84,15 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install libeac3 dependencies
run: |
apt-get update
- apt-get install -y autoconf automake libtool libc6 help2man gengetopt pkg-config m4 patch\
- autoconf automake libtool pkg-config build-essential
+ apt-get install -y autoconf automake libtool libc6 help2man gengetopt \
+ pkg-config m4 patch autoconf automake libtool pkg-config build-essential
- name: Checkout openpace
uses: actions/checkout@v4
diff --git a/.github/workflows/libfido2.yml b/.github/workflows/libfido2.yml
index 64f346c0..af4dc5a4 100644
--- a/.github/workflows/libfido2.yml
+++ b/.github/workflows/libfido2.yml
@@ -20,6 +20,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_libfido2:
runs-on: ubuntu-22.04
@@ -36,6 +37,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -75,6 +77,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install test dependencies
run: |
apt-get update
diff --git a/.github/workflows/libhashkit2.yml b/.github/workflows/libhashkit2.yml
index 2a3ee264..a3b17975 100644
--- a/.github/workflows/libhashkit2.yml
+++ b/.github/workflows/libhashkit2.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_libhashkit2:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install libmemcached dependencies
run: |
apt-get update
diff --git a/.github/workflows/libnice.yml b/.github/workflows/libnice.yml
index cbbb2904..06e47012 100644
--- a/.github/workflows/libnice.yml
+++ b/.github/workflows/libnice.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_libnice:
runs-on: ubuntu-22.04
@@ -40,6 +41,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -79,6 +81,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt update
diff --git a/.github/workflows/liboauth2.yml b/.github/workflows/liboauth2.yml
index 77b9eb21..77e94286 100644
--- a/.github/workflows/liboauth2.yml
+++ b/.github/workflows/liboauth2.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_liboauth2:
runs-on: ubuntu-22.04
@@ -40,6 +41,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -79,6 +81,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install liboauth2 dependencies
run: |
apt-get update
diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml
index 7845a5ba..cee0ffa1 100644
--- a/.github/workflows/libssh2.yml
+++ b/.github/workflows/libssh2.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_libssh2:
runs-on: ubuntu-22.04
@@ -40,6 +41,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -79,6 +81,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
@@ -117,10 +123,6 @@ jobs:
working-directory: libssh2
shell: bash
run: |
- # wolfProvider is already loaded as the default provider
- echo "Current OpenSSL providers:"
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
export ${{ matrix.force_fail }}
# Always continue on errors to ensure we show test results
set +e
diff --git a/.github/workflows/libwebsockets.yml b/.github/workflows/libwebsockets.yml
index a87d29dd..0a8c9b73 100644
--- a/.github/workflows/libwebsockets.yml
+++ b/.github/workflows/libwebsockets.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_libwebsockets:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -52,11 +54,6 @@ jobs:
with:
fetch-depth: 1
- - name: Install libwebsockets dependencies
- run: |
- apt-get update
- apt-get install -y libc6 libcap2 zlib1g cmake build-essential dpkg-dev
-
- name: Checking OpenSSL/wolfProvider packages in cache
uses: actions/cache/restore@v4
id: wolfprov-cache-restore
@@ -74,14 +71,22 @@ jobs:
ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
+
apt install --reinstall -y \
${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb
+
apt install --reinstall -y \
${{ env.OPENSSL_PACKAGES_PATH }}/openssl*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl3*.deb \
${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev*.deb
+
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+
+ - name: Install libwebsockets dependencies
+ run: |
+ apt-get update
+ apt-get install -y libc6 libcap2 zlib1g cmake build-essential dpkg-dev
- name: Download libwebsockets
uses: actions/checkout@v4
@@ -103,6 +108,7 @@ jobs:
shell: bash
run: |
export ${{ matrix.force_fail }}
+
./build/bin/libwebsockets-test-server --port=11111 --ssl > server.log 2>&1 & SERVER_PID=$!
sleep 5
timeout 10 ./build/bin/libwebsockets-test-client 127.0.0.1 --port=11111 --ssl > client.log 2>&1 || echo "Client exited with error $?"
diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml
index 48744255..b9c84436 100644
--- a/.github/workflows/net-snmp.yml
+++ b/.github/workflows/net-snmp.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_net_snmp:
runs-on: ubuntu-22.04
@@ -42,6 +43,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -81,6 +83,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml
index 337e6392..d8437b62 100644
--- a/.github/workflows/nginx.yml
+++ b/.github/workflows/nginx.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_nginx:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update && \
@@ -97,7 +103,9 @@ jobs:
- name: Build nginx
working-directory: nginx
run: |
- ./auto/configure --with-http_ssl_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_v2_module --with-mail --with-mail_ssl_module
+ ./auto/configure --with-http_ssl_module --with-stream \
+ --with-stream_ssl_module --with-stream_ssl_preread_module \
+ --with-http_v2_module --with-mail --with-mail_ssl_module
make -j
- name: Checkout nginx-tests
diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml
index 8e66a7ee..fb83e3ff 100644
--- a/.github/workflows/openldap.yml
+++ b/.github/workflows/openldap.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_openldap:
runs-on: ubuntu-22.04
@@ -42,6 +43,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -81,6 +83,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
@@ -112,10 +118,6 @@ jobs:
shell: bash
run: |
set -o pipefail
- # wolfProvider is already loaded as the default provider
- echo "Current OpenSSL providers:"
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
# Generate configure script
rm -f aclocal.m4
diff --git a/.github/workflows/opensc.yml b/.github/workflows/opensc.yml
index c2e24233..10fc6be8 100644
--- a/.github/workflows/opensc.yml
+++ b/.github/workflows/opensc.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_opensc:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install OpenSC dependencies
run: |
apt-get update
@@ -112,17 +118,13 @@ jobs:
run: |
# Configure with custom OpenSSL and wolfProvider
./bootstrap
- OPENSSL_CFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include" \
- OPENSSL_LIBS="-L$GITHUB_WORKSPACE/openssl-install/lib64 -lcrypto" \
./configure \
--enable-openssl \
--enable-pcsc \
--disable-doc \
--prefix=$GITHUB_WORKSPACE/opensc-install \
--with-completiondir="$GITHUB_WORKSPACE/opensc-install/share/completions" \
- CFLAGS="-Wno-error" \
- LDFLAGS="-L$GITHUB_WORKSPACE/openssl-install/lib64" \
- CPPFLAGS="-I$GITHUB_WORKSPACE/openssl-install/include"
+ CFLAGS="-Wno-error"
# Build OpenSC
make -j$(nproc)
diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml
index ee438909..1aad0ea4 100644
--- a/.github/workflows/openssh.yml
+++ b/.github/workflows/openssh.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_openssh:
runs-on: ubuntu-22.04
@@ -51,6 +52,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -90,16 +92,15 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
- - name: Install dependencies
+ - name: Verify wolfProvider is properly installed
run: |
- apt-get update
- apt-get install -y build-essential autoconf automake libtool \
- pkg-config patch zlib1g-dev
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
- - name: Install test deps
+ - name: Install dependencies
run: |
apt-get update
- apt-get install -y kmod util-linux cryptsetup-bin
+ apt-get install -y build-essential autoconf automake libtool \
+ pkg-config patch zlib1g-dev kmod util-linux cryptsetup-bin
- name: Ensure kernel modules are present
run: |
diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml
index 6e0c8cee..fe8b143e 100644
--- a/.github/workflows/openvpn.yml
+++ b/.github/workflows/openvpn.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_openvpn:
runs-on: ubuntu-22.04
@@ -43,23 +44,13 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Set up environment
- run: |
- export DEBIAN_FRONTEND=noninteractive
- apt-get update
- apt-get install -y git sudo build-essential autoconf automake \
- libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \
- liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
- linux-libc-dev man2html libcmocka-dev python3-docutils \
- iproute2 libtool automake autoconf libnl-genl-3-dev \
- libnl-genl-3-200
-
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
@@ -94,6 +85,21 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Set up environment
+ run: |
+ export DEBIAN_FRONTEND=noninteractive
+ apt-get update
+ apt-get install -y git sudo build-essential autoconf automake \
+ libtool pkg-config libjansson-dev check ca-certificates dpkg-dev \
+ liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev \
+ linux-libc-dev man2html libcmocka-dev python3-docutils \
+ iproute2 libtool automake autoconf libnl-genl-3-dev \
+ libnl-genl-3-200
+
- name: Find ossl headers
run: |
find / -name ssl.h 2>/dev/null || true
@@ -128,10 +134,6 @@ jobs:
shell: bash
run: |
set +o pipefail # ignore errors from make check
- # wolfProvider is already loaded as the default provider
- echo "Current OpenSSL providers:"
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
export ${{ matrix.force_fail }}
if [ -n "${{ matrix.force_fail }}" ]; then
set +e
diff --git a/.github/workflows/pam-pkcs11.yml b/.github/workflows/pam-pkcs11.yml
index bee0baca..999fa2ce 100644
--- a/.github/workflows/pam-pkcs11.yml
+++ b/.github/workflows/pam-pkcs11.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_pam_pkcs11:
runs-on: ubuntu-22.04
@@ -41,23 +42,22 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Install test dependencies
- run: |
- apt-get update
- apt-get install -y pkg-config build-essential autoconf automake libtool \
- git
-
- # Checkout the source so we can run the check-workflow-result script
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
fetch-depth: 1
+ - name: Install git and basic dependencies
+ run: |
+ apt-get update
+ apt-get install -y git
+
# Avoid "detected dubious ownership" warning
- name: Ensure the working directory safe
run: |
@@ -92,6 +92,15 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Install test dependencies
+ run: |
+ apt-get update
+ apt-get install -y pkg-config build-essential autoconf automake libtool
+
- name: Run pam_pkcs11 tests
shell: bash
run: |
diff --git a/.github/workflows/ppp.yml b/.github/workflows/ppp.yml
index eb0ff574..4f93151d 100644
--- a/.github/workflows/ppp.yml
+++ b/.github/workflows/ppp.yml
@@ -22,6 +22,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_ppp:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
diff --git a/.github/workflows/python3-ntp.yml b/.github/workflows/python3-ntp.yml
index 14f2db41..d34eb283 100644
--- a/.github/workflows/python3-ntp.yml
+++ b/.github/workflows/python3-ntp.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_python3-ntp:
runs-on: ubuntu-22.04
@@ -45,6 +46,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install python3-ntp dependencies
run: |
apt-get update
@@ -114,6 +120,7 @@ jobs:
working-directory: ntpsec
run: |
export ${{ matrix.force_fail }}
+
# Run tests
./waf check | tee python3-ntp-test.log
if grep -q "'check' finished successfully" python3-ntp-test.log; then
diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml
index 3426a75c..5c4c7367 100644
--- a/.github/workflows/qt5network5.yml
+++ b/.github/workflows/qt5network5.yml
@@ -21,6 +21,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_qtbase_network:
runs-on: ubuntu-22.04
@@ -37,18 +38,12 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Install Qt dependencies
- run: |
- apt-get update
- apt-get install -y build-essential pkg-config dpkg-dev \
- python3 perl libpcre2-dev zlib1g-dev cmake ninja-build \
- bison flex libpng-dev libjpeg-dev git ca-certificates
-
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
@@ -83,6 +78,17 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Install Qt dependencies
+ run: |
+ apt-get update
+ apt-get install -y build-essential pkg-config dpkg-dev \
+ python3 perl libpcre2-dev zlib1g-dev cmake ninja-build \
+ bison flex libpng-dev libjpeg-dev git ca-certificates
+
- name: Checkout OSP
uses: actions/checkout@v4
with:
@@ -107,22 +113,6 @@ jobs:
-nomake examples -no-dbus -no-opengl \
-openssl-linked
- - name: Build Qt (dev version - CMake)
- if: matrix.qt_ref == 'dev'
- working-directory: qt5_repo
- run: |
- # Apply patch from OSP repo
- patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/qtbase/qtbase-v6.10-wolfprov.patch
-
- # Build the OpenSSL TLS backend plugin first
- ninja QTlsBackendOpenSSLPlugin
-
- # Build only the SSL test and its dependencies
- cmake --build . --target tst_qsslsocket --parallel $(nproc)
-
- #disable tests that both openssl and wolfprovider fail
- cp $GITHUB_WORKSPACE/.github/scripts/qtbase/BLACKLIST tests/auto/network/ssl/qsslsocket/BLACKLIST
-
- name: Build Qt (v5.15.8 - qmake)
if: matrix.qt_ref != 'dev'
working-directory: qt5_repo
@@ -147,22 +137,12 @@ jobs:
QTEST_ENVIRONMENT=ci ./tests/auto/network/ssl/qsslsocket/tst_qsslsocket 2>&1 | tee qsslsocket-test.log
# Check test results based on qt_ref
- if [[ "${{ matrix.qt_ref }}" == "dev" ]]; then
- if grep -q "0 failed" qsslsocket-test.log; then
- TEST_RESULT=0
- else
- TEST_RESULT=1
- echo "Tests failed unexpectedly for 'dev' branch."
- fi
+ if grep -q "521 passed" qsslsocket-test.log; then
+ TEST_RESULT=0
+ echo "SUCCESS: Found 521 passed tests as expected"
else
- #No easy way to disable tests in v5.15.8. Both openssl and wolfprovider should always pass 521 tests on this version though
- if grep -q "521 passed" qsslsocket-test.log; then
- TEST_RESULT=0
- echo "SUCCESS: Found 521 passed tests as expected"
- else
- TEST_RESULT=1
- echo "Tests failed unexpectedly for 'v5.15.8-lts-lgpl' branch."
- fi
+ TEST_RESULT=1
+ echo "Tests failed unexpectedly for 'v5.15.8-lts-lgpl' branch."
fi
$GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} qtbase-qsslsocket
diff --git a/.github/workflows/rsync.yml b/.github/workflows/rsync.yml
index 80db7507..4cd26f4b 100644
--- a/.github/workflows/rsync.yml
+++ b/.github/workflows/rsync.yml
@@ -21,6 +21,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_rsync:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
@@ -76,6 +78,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install rsync dependencies
run: |
apt-get update
diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml
index 6bcb9e84..7a4c34ff 100644
--- a/.github/workflows/socat.yml
+++ b/.github/workflows/socat.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_socat:
runs-on: ubuntu-22.04
@@ -39,6 +40,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -78,6 +80,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
@@ -109,10 +115,6 @@ jobs:
mkdir -p /dev
touch /dev/vsock
- # wolfProvider is already loaded as the default provider
- echo "Current OpenSSL providers:"
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
# Show socat version (includes OpenSSL version info)
./socat -V
diff --git a/.github/workflows/sscep.yml b/.github/workflows/sscep.yml
index 09b07b80..b9523028 100644
--- a/.github/workflows/sscep.yml
+++ b/.github/workflows/sscep.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_sscep:
runs-on: ubuntu-22.04
@@ -44,6 +45,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
steps:
- name: Checkout wolfProvider
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install sscep dependencies
run: |
apt-get update
diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml
index fec7a22b..38d77482 100644
--- a/.github/workflows/stunnel.yml
+++ b/.github/workflows/stunnel.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_stunnel:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
@@ -126,13 +132,6 @@ jobs:
python3 -m venv myenv
source myenv/bin/activate
- - name: Apply patch to disable pkcs12 test
- if : ${{ matrix.stunnel_ref == 'master' }}
- working-directory: ./stunnel
- run: |
- # Bypass the Certp12Test test
- perl -pe 's/^( \s*)stunnel = Certp12Test\(cfg, logger\)/$1return\n$1stunnel = Certp12Test(cfg, logger)/' -i tests/plugins/p07_p12cert.py
-
- name: Verify stunnel with wolfProvider
working-directory: ./stunnel
shell: bash
diff --git a/.github/workflows/systemd.yml b/.github/workflows/systemd.yml
index 323217db..542b6d06 100644
--- a/.github/workflows/systemd.yml
+++ b/.github/workflows/systemd.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: ['v5.8.2-stable']
openssl_ref: ['openssl-3.5.2']
replace_default: [ true ]
+ fips: [ false ]
test_systemd:
runs-on: ubuntu-22.04
@@ -45,6 +46,7 @@ jobs:
openssl_ref: ['openssl-3.5.2']
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
steps:
- name: Checkout wolfProvider
uses: actions/checkout@v4
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
export DEBIAN_FRONTEND=noninteractive
@@ -112,10 +118,6 @@ jobs:
shell: bash
run: |
set +e
- # wolfProvider is already loaded as the default provider
- echo "Current OpenSSL providers:"
- openssl list -providers
- openssl list -providers | grep -q "wolfSSL Provider" || (echo "ERROR: libwolfprov not found in OpenSSL providers" && exit 1)
# The following test cases link directly to libcrypto.
TEST_CASES="fuzz-dns-packet fuzz-etc-hosts fuzz-resource-record \
resolvectl systemd-resolved test-cryptolib \
diff --git a/.github/workflows/tcpdump.yml b/.github/workflows/tcpdump.yml
index 0d821903..a4e90d3a 100644
--- a/.github/workflows/tcpdump.yml
+++ b/.github/workflows/tcpdump.yml
@@ -21,6 +21,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_tcpdump:
runs-on: ubuntu-22.04
@@ -37,6 +38,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -76,6 +78,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install test dependencies
run: |
apt-get update
diff --git a/.github/workflows/tnftp.yml b/.github/workflows/tnftp.yml
index f35b00f1..6590d9f5 100644
--- a/.github/workflows/tnftp.yml
+++ b/.github/workflows/tnftp.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_tnftp:
runs-on: ubuntu-22.04
@@ -41,6 +42,7 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
@@ -80,6 +82,10 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
- name: Install dependencies
run: |
apt-get update
diff --git a/.github/workflows/tpm2-tools.yml b/.github/workflows/tpm2-tools.yml
index 2ef148b1..d713052f 100644
--- a/.github/workflows/tpm2-tools.yml
+++ b/.github/workflows/tpm2-tools.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_tpm2_tools:
runs-on: ubuntu-22.04
@@ -42,19 +43,12 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Install tpm2-tools test dependencies
- run: |
- apt-get update
- apt-get install -y git build-essential expect vim dbus vim-common \
- autoconf-archive python3 python3-yaml python3-pip libefivar-dev \
- libcmocka-dev automake libtool pkg-config build-essential pandoc \
- libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev
-
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
@@ -89,6 +83,18 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Install tpm2-tools test dependencies
+ run: |
+ apt-get update
+ apt-get install -y git build-essential expect vim dbus vim-common \
+ autoconf-archive python3 python3-yaml python3-pip libefivar-dev \
+ libcmocka-dev automake libtool pkg-config build-essential pandoc \
+ libtss2-dev tpm2-abrmd swtpm tpm2-tools iproute2 libcurl4-openssl-dev
+
- name: Download tpm2-tools
uses: actions/checkout@v4
with:
diff --git a/.github/workflows/x11vnc.yml b/.github/workflows/x11vnc.yml
index d4868d58..7ad6d2ec 100644
--- a/.github/workflows/x11vnc.yml
+++ b/.github/workflows/x11vnc.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_x11vnc:
runs-on: ubuntu-22.04
@@ -40,29 +41,13 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Install x11vnc dependencies
- run: |
- apt-get update
-
- # common build dependencies
- apt-get install -y build-essential autoconf automake libtool \
- pkg-config gcc make ca-certificates
-
- # x11vnc dependencies
- apt-get install -y libc6-dev libjpeg-dev x11proto-core-dev \
- libxss-dev zlib1g-dev libavahi-client-dev libvncserver-dev \
- libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev \
- libxinerama-dev libxrandr-dev libxtst-dev
-
- # packages for testing script
- apt-get install -y xvfb tigervnc-viewer psmisc expect curl
-
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
@@ -97,6 +82,27 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Install x11vnc dependencies
+ run: |
+ apt-get update
+
+ # common build dependencies
+ apt-get install -y build-essential autoconf automake libtool \
+ pkg-config gcc make ca-certificates
+
+ # x11vnc dependencies
+ apt-get install -y libc6-dev libjpeg-dev x11proto-core-dev \
+ libxss-dev zlib1g-dev libavahi-client-dev libvncserver-dev \
+ libx11-dev libxdamage-dev libxext-dev libxfixes-dev libxi-dev \
+ libxinerama-dev libxrandr-dev libxtst-dev
+
+ # packages for testing script
+ apt-get install -y xvfb tigervnc-viewer psmisc expect curl
+
- name: Download x11vnc
uses: actions/checkout@v4
with:
@@ -119,6 +125,7 @@ jobs:
make install
- name: Run x11vnc tests
+ shell: bash
run: |
export ${{ matrix.force_fail }}
export WOLFPROV_FORCE_FAIL_STR="${{ matrix.force_fail }}"
@@ -141,3 +148,5 @@ jobs:
fi
exit $X11VNC_TEST_STATUS
+ $GITHUB_WORKSPACE/.github/scripts/x11vnc/test_x11vnc.sh
+
diff --git a/.github/workflows/xmlsec.yml b/.github/workflows/xmlsec.yml
index 0910b644..39cd5d50 100644
--- a/.github/workflows/xmlsec.yml
+++ b/.github/workflows/xmlsec.yml
@@ -24,6 +24,7 @@ jobs:
wolfssl_ref: [ 'v5.8.2-stable' ]
openssl_ref: [ 'openssl-3.5.2' ]
replace_default: [ true ]
+ fips: [ false ]
test_xmlsec:
runs-on: ubuntu-22.04
@@ -42,19 +43,12 @@ jobs:
openssl_ref: [ 'openssl-3.5.2' ]
force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ]
replace_default: [ true ]
+ fips: [ false ]
env:
WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages
OPENSSL_PACKAGES_PATH: /tmp/openssl-packages
WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages
steps:
- - name: Install xmlsec dependencies
- run: |
- apt-get update
- apt-get install -y automake autoconf libtool libtool-bin \
- libltdl-dev libltdl7 libxml2-dev patch build-essential \
- pkg-config libxml2-dev
-
- # Checkout the source so we can run the check-workflow-result script
- name: Checkout wolfProvider
uses: actions/checkout@v4
with:
@@ -89,6 +83,17 @@ jobs:
apt install --reinstall -y \
${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb
+ - name: Verify wolfProvider is properly installed
+ run: |
+ $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }}
+
+ - name: Install xmlsec dependencies
+ run: |
+ apt-get update
+ apt-get install -y automake autoconf libtool libtool-bin \
+ libltdl-dev libltdl7 libxml2-dev patch build-essential \
+ pkg-config libxml2-dev
+
- name: Checkout OSP
uses: actions/checkout@v4
with:
diff --git a/scripts/test-git-ssh-dr.sh b/scripts/test-git-ssh-dr.sh
new file mode 100755
index 00000000..08ce4789
--- /dev/null
+++ b/scripts/test-git-ssh-dr.sh
@@ -0,0 +1,1132 @@
+#!/bin/bash
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see .
+#
+# Local test script for wolfProvider git operations
+# This script tests git operations with wolfProvider
+# as the default replace provider
+
+echo "=== wolfProvider Git Operations Local Test ==="
+echo "Testing git operations with wolfProvider default replace functionality"
+echo ""
+
+# Configuration
+KEY_TYPES=("rsa" "ecdsa" "ed25519" "chacha20-poly1305")
+ITERATIONS=10
+GITHUB_ITERATIONS=5
+TEST_BASE_DIR="/tmp/git-wolfprovider-test"
+SSH_TEST_ENABLED=${SSH_TEST_ENABLED:-true}
+
+# Non-interactive settings
+VERBOSE_OUTPUT=${VERBOSE_OUTPUT:-false}
+QUIET_MODE=${QUIET_MODE:-false}
+MAX_LOG_LINES=${MAX_LOG_LINES:-5}
+
+# Force fail functionality
+WOLFPROV_FORCE_FAIL=${WOLFPROV_FORCE_FAIL:-0}
+FORCE_FAIL_PASSED=0
+FAIL=0
+
+source "scripts/cmd-test/cmd-test-common.sh"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Function to print colored output
+print_status() {
+ local status=$1
+ local message=$2
+ case $status in
+ "SUCCESS")
+ echo -e "${GREEN}✓ SUCCESS:${NC} $message"
+ ;;
+ "FAILURE")
+ echo -e "${RED}✗ FAILURE:${NC} $message"
+ ;;
+ "WARNING")
+ echo -e "${YELLOW}⚠ WARNING:${NC} $message"
+ ;;
+ "INFO")
+ echo -e "${BLUE}ℹ INFO:${NC} $message"
+ ;;
+ *)
+ echo "$message"
+ ;;
+ esac
+}
+
+# Function to handle force fail scenarios
+check_force_fail() {
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ ((FORCE_FAIL_PASSED++))
+ fi
+}
+
+# Function to setup git test environment
+setup_git_environment() {
+ echo "=== Setting up Git Test Environment ==="
+
+ # Clean up any existing test directory
+ rm -rf "$TEST_BASE_DIR"
+ mkdir -p "$TEST_BASE_DIR"
+ cd "$TEST_BASE_DIR"
+
+ # Configure git
+ git config --global user.name "Test User"
+ git config --global user.email "test@example.com"
+ git config --global init.defaultBranch main
+
+ # Create bare repository
+ git init --bare test-repo.git
+ print_status "SUCCESS" "Created bare repository at $TEST_BASE_DIR/test-repo.git"
+
+ # Create workspace and initial commit
+ mkdir test-workspace
+ cd test-workspace
+ git init
+ echo "# Test Repository" > README.md
+ git add README.md
+ git commit -m "Initial commit"
+ git remote add origin "$TEST_BASE_DIR/test-repo.git"
+ git push origin main
+ print_status "SUCCESS" "Created initial commit and pushed to bare repository"
+
+ cd "$TEST_BASE_DIR"
+ echo ""
+}
+
+# Function to verify repository setup
+verify_repository() {
+ echo "=== Repository Setup Verification ==="
+ echo "Checking test repository:"
+ ls -la "$TEST_BASE_DIR/"
+ echo ""
+ echo "Repository contents:"
+ ls -la "$TEST_BASE_DIR/test-repo.git/"
+ echo ""
+ echo "Git log in bare repository:"
+ cd "$TEST_BASE_DIR/test-repo.git" && git log --oneline
+ echo ""
+ echo "Git branches in bare repository:"
+ cd "$TEST_BASE_DIR/test-repo.git" && git branch -a
+ echo ""
+ echo "Git refs in bare repository:"
+ cd "$TEST_BASE_DIR/test-repo.git" && git show-ref
+ echo ""
+
+ echo "Git information:"
+ which git
+ git --version
+ echo "Git help (first 10 lines):"
+ git help -a | head -10
+ echo ""
+}
+
+# Function to verify SSH setup and algorithm negotiation
+verify_ssh_setup() {
+ echo "=== SSH Setup and Algorithm Verification ==="
+ echo ""
+
+ # Check for force fail mode and provide context
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ print_status "INFO" "Force fail mode enabled - testing SSH algorithm behavior"
+ echo "Note: SSH defaults to ed25519 and chacha20-poly1305"
+ echo "These algorithms use OpenSSH's inline crypto, not OpenSSL/wolfProvider"
+ echo "Force fail will pass for default behavior since wolfProvider is not used"
+ echo ""
+ echo "SSH-specific forced key generation tests will fail successfully as expected."
+ echo "Since openssl is used for trivial things surrounding the operation WPFF will"
+ echo "make the test fail. However, this DOES NOT mean that wolfProvider/openssl is"
+ echo "being used."
+ echo ""
+ fi
+
+ # Git SSH environment variables
+ echo "=== Git SSH Environment ==="
+ echo "GIT_SSH: ${GIT_SSH:-not set}"
+ echo "GIT_SSH_COMMAND: ${GIT_SSH_COMMAND:-not set}"
+ echo ""
+
+ # SSH binary information
+ echo "=== SSH Binary Information ==="
+ local ssh_binary=$(which ssh)
+ echo "SSH binary: $ssh_binary"
+ echo "SSH version: $(ssh -V 2>&1)"
+ echo ""
+
+ # Detect git remote host
+ local git_remote_url=$(git remote get-url origin 2>/dev/null || echo "")
+ local git_host="github.com"
+ if [[ -n "$git_remote_url" ]]; then
+ if [[ "$git_remote_url" =~ ^git@([^:]+): ]]; then
+ git_host="${BASH_REMATCH[1]}"
+ elif [[ "$git_remote_url" =~ ^ssh://([^/]+)/ ]]; then
+ git_host="${BASH_REMATCH[1]}"
+ elif [[ "$git_remote_url" =~ ^https?://([^/]+)/ ]]; then
+ git_host="${BASH_REMATCH[1]}"
+ fi
+ fi
+
+ local ssh_host="git@$git_host"
+ echo "Target SSH host: $ssh_host"
+ echo ""
+
+ # SSH algorithm negotiation test
+ echo "=== SSH Algorithm Negotiation Test ==="
+ local ssh_log="/tmp/ssh-negotiation.log"
+ local ssh_error_log="/tmp/ssh-negotiation-errors.log"
+
+ print_status "INFO" "Testing SSH connection with verbose output..."
+ if timeout 10 ssh -vvv -o ConnectTimeout=5 -o BatchMode=yes "$ssh_host" 2>"$ssh_error_log" >"$ssh_log" 2>&1; then
+ print_status "SUCCESS" "SSH connection test completed"
+ else
+ print_status "INFO" "SSH connection test completed (connection may have failed as expected)"
+ fi
+
+ # Parse algorithm negotiation results
+ echo "=== Algorithm Negotiation Results ==="
+ if [ -f "$ssh_log" ] && [ -s "$ssh_log" ]; then
+ # Extract key algorithms
+ local kex_algo=$(grep "kex: algorithm:" "$ssh_log" | tail -1 | awk '{print $NF}' || echo "unknown")
+ local hostkey_algo=$(grep "kex: host key algorithm:" "$ssh_log" | tail -1 | awk '{print $NF}' || echo "unknown")
+ local cipher_sc=$(grep "server->client cipher:" "$ssh_log" | tail -1 | awk '{print $5}' || echo "unknown")
+ local cipher_cs=$(grep "client->server cipher:" "$ssh_log" | tail -1 | awk '{print $5}' || echo "unknown")
+
+ echo "Key Exchange Algorithm: $kex_algo"
+ echo "Host Key Algorithm: $hostkey_algo"
+ echo "Server->Client Cipher: $cipher_sc"
+ echo "Client->Server Cipher: $cipher_cs"
+ echo ""
+
+ # Check for ed25519 and chacha20-poly1305 usage
+ local uses_ed25519=false
+ local uses_chacha20=false
+
+ if [[ "$hostkey_algo" == *"ed25519"* ]]; then
+ uses_ed25519=true
+ fi
+ if [[ "$cipher_sc" == *"chacha20"* ]] || [[ "$cipher_cs" == *"chacha20"* ]]; then
+ uses_chacha20=true
+ fi
+
+ if [ "$uses_ed25519" = true ] || [ "$uses_chacha20" = true ]; then
+ print_status "INFO" "Modern SSH algorithms detected"
+ if [ "$uses_ed25519" = true ]; then
+ echo " - ed25519 host key algorithm detected (OpenSSH inline crypto)"
+ fi
+ if [ "$uses_chacha20" = true ]; then
+ echo " - chacha20-poly1305 cipher detected (OpenSSH inline crypto)"
+ fi
+ echo " - These algorithms bypass OpenSSL/wolfProvider"
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ print_status "SUCCESS" "Force fail will pass - wolfProvider not used by default SSH algorithms"
+ fi
+ else
+ print_status "INFO" "Traditional SSH algorithms detected"
+ echo " - These algorithms may use OpenSSL/wolfProvider"
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ print_status "WARNING" "Force fail may not pass - wolfProvider may be used"
+ fi
+ fi
+ else
+ print_status "WARNING" "Could not parse SSH negotiation results"
+ echo "SSH log file: $ssh_log"
+ echo "SSH error log: $ssh_error_log"
+ fi
+ echo ""
+
+ # Library linkage analysis
+ echo "=== SSH Binary Library Analysis ==="
+ if command -v ldd >/dev/null 2>&1; then
+ echo "Library dependencies:"
+ ldd "$ssh_binary" | grep -E -i 'ssl|crypto|wolf|gnutls' || echo " No SSL/Crypto/Wolf/GnuTLS libraries linked"
+ else
+ echo "ldd not available for library analysis"
+ fi
+ echo ""
+
+ # Force OpenSSL codepath instructions
+ echo "=== Force OpenSSL Codepath Instructions ==="
+ echo "To test with OpenSSL/wolfProvider algorithms, use:"
+ echo " ssh -o Ciphers=aes256-ctr -o KexAlgorithms=diffie-hellman-group14-sha256 -vvv $ssh_host"
+ echo " ssh -o HostKeyAlgorithms=rsa-sha2-512,rsa-sha2-256 -vvv $ssh_host"
+ echo ""
+
+ # Clean up temporary files
+ rm -f "$ssh_log" "$ssh_error_log"
+}
+
+# Function to test GitHub SSH connectivity
+test_github_ssh_connectivity() {
+ echo "=== Testing GitHub SSH Connectivity ==="
+ echo "Testing lightweight git operation to GitHub via SSH"
+ echo ""
+
+ local github_repo="git@github.com:wolfSSL/wolfProvider.git"
+ local test_iterations=${1:-1} # Default to 1 iteration for GitHub test
+ local success_count=0
+ local failure_count=0
+ local timing_log="/tmp/github-ssh-timing.log"
+ local error_log="/tmp/github-ssh-errors.log"
+
+ # Clear previous logs
+ > "$timing_log"
+ > "$error_log"
+
+ echo "Testing git ls-remote to $github_repo"
+ echo "This tests SSH connectivity and crypto without heavy operations"
+ echo ""
+
+ # Ensure we're in a valid directory for git operations
+ local original_dir=$(pwd)
+ cd /tmp || cd / || cd "$HOME" || true
+ echo "Current directory: $(pwd)"
+ echo ""
+
+ for ((attempt=1; attempt<=test_iterations; attempt++)); do
+ echo "--- GitHub SSH Test $attempt ---"
+
+ local start_time=$(date +%s.%N)
+ local status="UNKNOWN"
+
+ echo "Attempting git ls-remote to GitHub..."
+
+ # Test the lightweight git operation
+ if timeout 30 git ls-remote "$github_repo" HEAD 2>>"$error_log" | head -1 >/dev/null; then
+ local end_time=$(date +%s.%N)
+ local duration=$(echo "$end_time - $start_time" | bc -l)
+
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "GitHub SSH operation successful (with WPFF=1"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "GitHub SSH operation successful"
+ fi
+
+ echo " GitHub SSH test: $status ($(printf "%.6f" "$duration")s)"
+ echo "$attempt,$status,$duration" >> "$timing_log"
+ else
+ local end_time=$(date +%s.%N)
+ local duration=$(echo "$end_time - $start_time" | bc -l)
+
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "GitHub SSH operation failed as expected (WPFF=1)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ print_status "FAILURE" "GitHub SSH operation failed on attempt $attempt"
+ fi
+
+ echo " GitHub SSH test: $status ($(printf "%.6f" "$duration")s)"
+ echo "$attempt,$status,$duration" >> "$timing_log"
+ fi
+
+ echo ""
+ done
+
+ # Summary
+ echo "=== GITHUB SSH TEST SUMMARY ==="
+ echo "Total operations: $((success_count + failure_count))"
+ echo "Successful operations: $success_count"
+ echo "Failed operations: $failure_count"
+ if [ $((success_count + failure_count)) -gt 0 ]; then
+ local failure_rate=$((failure_count * 100 / (success_count + failure_count)))
+ echo "Failure rate: ${failure_rate}%"
+ else
+ echo "Failure rate: 0%"
+ fi
+ echo ""
+ echo "GitHub SSH timing data saved to: $timing_log"
+ echo "GitHub SSH error log saved to: $error_log"
+ echo ""
+
+ # Show error log summary if there were errors
+ if [ -s "$error_log" ]; then
+ echo "=== GITHUB SSH ERROR LOG SUMMARY ==="
+ head -20 "$error_log"
+ if [ $(wc -l < "$error_log") -gt 20 ]; then
+ echo "... (showing first 20 lines, see $error_log for full log)"
+ fi
+ echo ""
+ fi
+
+ # Return to original directory
+ cd "$original_dir" 2>/dev/null || true
+}
+
+# Function to test git operations
+test_git_operations() {
+ local key_type=$1
+ local iterations=$2
+
+ echo "=== Testing Git Operations for $key_type ==="
+
+ local success_count=0
+ local failure_count=0
+ local timing_log="/tmp/git-timing-$key_type.log"
+ local error_log="/tmp/git-errors-$key_type.log"
+
+ echo "Iteration,Operation,Status,Duration,Error" > "$timing_log"
+
+ for attempt in $(seq 1 "$iterations"); do
+ echo "--- Attempt $attempt for $key_type ---"
+ local test_dir="$TEST_BASE_DIR/git-test-$attempt"
+ mkdir -p "$test_dir"
+ cd "$test_dir"
+
+ for operation in "clone" "push" "pull" "fetch"; do
+ echo "Testing $operation operation..."
+ local start_time=$(date +%s.%N)
+ local status="UNKNOWN"
+
+ case "$operation" in
+ "clone")
+ echo "Attempting to clone from $TEST_BASE_DIR/test-repo.git"
+ echo "Current directory: $(pwd)"
+ echo "Repository exists: $(test -d "$TEST_BASE_DIR/test-repo.git" && echo 'YES' || echo 'NO')"
+
+ if git clone --verbose "$TEST_BASE_DIR/test-repo.git" cloned-repo 2>&1 | tee -a "$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Clone successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Clone successful"
+ fi
+
+ # Verify the clone worked
+ if [ -d "cloned-repo" ]; then
+ echo "Cloned repository exists and contains:"
+ ls -la cloned-repo/
+ echo "Git status in cloned repo:"
+ cd cloned-repo
+ if ! git status 2>/dev/null; then
+ echo "WARNING: Git status failed - potential wolfProvider interference"
+ print_status "WARNING" "Git status failed in cloned repo"
+ fi
+ echo "Git log in cloned repo:"
+ if ! git log --oneline | head -${MAX_LOG_LINES} 2>/dev/null; then
+ echo "WARNING: Git log failed - potential wolfProvider interference"
+ print_status "WARNING" "Git log failed in cloned repo"
+ fi
+ cd ..
+ else
+ print_status "FAILURE" "cloned-repo directory not found after successful clone"
+ status="FAILURE"
+ ((failure_count++))
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Clone failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Clone failed on attempt $attempt"
+ fi
+ fi
+ ;;
+
+ "push")
+ if [ -d "cloned-repo" ]; then
+ echo "Entering cloned-repo directory..."
+ cd cloned-repo
+ echo "Test change $attempt" >> test-file.txt
+ git add test-file.txt
+ git commit -m "Test commit $attempt" || true
+ echo "Attempting git push..."
+ if timeout 30 git push origin main 2>>"$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Push successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Push successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Push failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Push failed on attempt $attempt"
+ fi
+ fi
+ cd ..
+ else
+ status="SKIPPED"
+ echo "Skipping push - clone failed"
+ fi
+ ;;
+
+ "pull")
+ if [ -d "cloned-repo" ]; then
+ echo "Entering cloned-repo directory for pull..."
+ cd cloned-repo
+ echo "Attempting git pull..."
+ if timeout 30 git pull origin main 2>>"$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Pull successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Pull successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Pull failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Pull failed on attempt $attempt"
+ fi
+ fi
+ cd ..
+ else
+ status="SKIPPED"
+ echo "Skipping pull - clone failed"
+ fi
+ ;;
+
+ "fetch")
+ if [ -d "cloned-repo" ]; then
+ echo "Entering cloned-repo directory for fetch..."
+ cd cloned-repo
+ echo "Attempting git fetch..."
+ if timeout 30 git fetch origin 2>>"$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Fetch successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Fetch successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Fetch failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Fetch failed on attempt $attempt"
+ fi
+ fi
+ cd ..
+ else
+ status="SKIPPED"
+ echo "Skipping fetch - clone failed"
+ fi
+ ;;
+ esac
+
+ local end_time=$(date +%s.%N)
+ local duration=$(echo "$end_time - $start_time" | bc -l 2>/dev/null || echo "0")
+ echo "$attempt,$operation,$status,$duration," >> "$timing_log"
+ echo " $operation: $status (${duration}s)"
+ done
+
+ rm -rf "$test_dir"
+ done
+
+ # Print summary
+ echo ""
+ echo "=== SUMMARY FOR $key_type ==="
+ echo "Total operations: $((success_count + failure_count))"
+ echo "Successful operations: $success_count"
+ echo "Failed operations: $failure_count"
+
+ if [ $failure_count -gt 0 ]; then
+ local failure_rate=$(echo "scale=2; $failure_count * 100 / ($success_count + failure_count)" | bc -l)
+ echo "Failure rate: ${failure_rate}%"
+ else
+ echo "Failure rate: 0%"
+ fi
+
+ echo ""
+ echo "Timing data saved to: $timing_log"
+ echo "Error log saved to: $error_log"
+
+ if [ -f "$error_log" ] && [ -s "$error_log" ]; then
+ echo ""
+ echo "=== ERROR LOG SUMMARY ==="
+ tail -20 "$error_log"
+ fi
+ echo ""
+}
+
+# Function to test git operations with different SSH key types
+test_ssh_key_operations() {
+ local key_type=$1
+ local iterations=$2
+
+ echo "=== Testing Git Operations with $key_type SSH Keys ==="
+ echo "Investigating intermittent failures with wolfProvider + git + SSH keys"
+ echo ""
+
+ # Verify wolfProvider is still active (if available)
+ echo "Pre-SSH wolfProvider Verification:"
+ if openssl list -providers | grep -q "wolfSSL Provider"; then
+ print_status "SUCCESS" "wolfProvider is active before SSH key operations"
+ else
+ print_status "INFO" "wolfProvider not detected - testing SSH keys without wolfProvider"
+ fi
+ echo ""
+
+ local success_count=0
+ local failure_count=0
+ local timing_log="/tmp/ssh-key-timing-$key_type.log"
+ local error_log="/tmp/ssh-key-errors-$key_type.log"
+
+ echo "Iteration,Operation,Status,Duration,Error" > "$timing_log"
+
+ # Test SSH key generation and git operations
+ for attempt in $(seq 1 "$iterations"); do
+ echo "--- SSH Key Test $attempt for $key_type ---"
+ local test_dir="$TEST_BASE_DIR/ssh-key-test-$attempt"
+ mkdir -p "$test_dir"
+ cd "$test_dir"
+
+ # Generate SSH key for this attempt
+ local ssh_key="/tmp/test_${key_type}_key_$attempt"
+ local ssh_pub_key="${ssh_key}.pub"
+
+ echo "Generating $key_type SSH key (attempt $attempt)..."
+ local key_gen_start=$(date +%s.%N)
+ local key_gen_status="UNKNOWN"
+
+ case "$key_type" in
+ "rsa")
+ if ssh-keygen -t rsa -b 4096 -f "$ssh_key" -N "" -C "test-rsa-key-$attempt" 2>/dev/null; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "RSA key generation successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "RSA key generation successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="EXPECTED_FAIL"
+ print_status "SUCCESS" "RSA key generation failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ key_gen_status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "RSA key generation failed"
+ fi
+ fi
+ ;;
+ "ecdsa")
+ if ssh-keygen -t ecdsa -b 521 -f "$ssh_key" -N "" -C "test-ecdsa-key-$attempt" 2>/dev/null; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "ECDSA key generation successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "ECDSA key generation successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="EXPECTED_FAIL"
+ print_status "SUCCESS" "ECDSA key generation failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ key_gen_status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "ECDSA key generation failed"
+ fi
+ fi
+ ;;
+ "ed25519")
+ if ssh-keygen -t ed25519 -f "$ssh_key" -N "" -C "test-ed25519-key-$attempt" 2>/dev/null; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "ED25519 key generation successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "ED25519 key generation successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="EXPECTED_FAIL"
+ print_status "SUCCESS" "ED25519 key generation failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ key_gen_status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "ED25519 key generation failed"
+ fi
+ fi
+ ;;
+ "chacha20-poly1305")
+ # Use chacha20-poly1305 cipher for SSH key encryption (default cipher in SSH)
+ if ssh-keygen -t ed25519 -Z chacha20-poly1305@openssh.com -f "$ssh_key" -N "" -C "test-chacha20-poly1305-key-$attempt" 2>/dev/null; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "chacha20-poly1305 SSH key generation successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ key_gen_status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "chacha20-poly1305 SSH key generation successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ key_gen_status="EXPECTED_FAIL"
+ print_status "SUCCESS" "chacha20-poly1305 SSH key generation failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ key_gen_status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "chacha20-poly1305 SSH key generation failed"
+ fi
+ fi
+ ;;
+ esac
+
+ local key_gen_end=$(date +%s.%N)
+ local key_gen_duration=$(echo "$key_gen_end - $key_gen_start" | bc -l 2>/dev/null || echo "0")
+ echo "$attempt,key_generation,$key_gen_status,$key_gen_duration," >> "$timing_log"
+ echo " Key generation: $key_gen_status (${key_gen_duration}s)"
+
+ if [ "$key_gen_status" = "SUCCESS" ] && [ -f "$ssh_key" ]; then
+ echo "Key fingerprint: $(ssh-keygen -lf "$ssh_pub_key" 2>/dev/null | awk '{print $2}')"
+ echo "Key size: $(stat -c%s "$ssh_key") bytes"
+
+ # Test git operations with this SSH key
+ for operation in "clone" "push" "pull" "fetch"; do
+ echo "Testing git $operation with $key_type SSH key..."
+ local start_time=$(date +%s.%N)
+ local status="UNKNOWN"
+
+ case "$operation" in
+ "clone")
+ echo "Setting up SSH key for git operations..."
+ mkdir -p ~/.ssh
+ cp "$ssh_key" ~/.ssh/id_${key_type}_test
+ cp "$ssh_pub_key" ~/.ssh/id_${key_type}_test.pub
+ chmod 600 ~/.ssh/id_${key_type}_test
+ chmod 644 ~/.ssh/id_${key_type}_test.pub
+
+ # Test git clone with SSH key (using local path but with SSH key setup)
+ if git clone --verbose "$TEST_BASE_DIR/test-repo.git" cloned-repo 2>&1 | tee -a "$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git clone with $key_type key successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git clone with $key_type key successful"
+ fi
+
+ if [ -d "cloned-repo" ]; then
+ echo "Cloned repository exists and contains:"
+ ls -la cloned-repo/
+ echo "Git status in cloned repo:"
+ cd cloned-repo
+ git status || echo "Git status failed (this may be normal)"
+ echo "Git log in cloned repo:"
+ git log --oneline | head -${MAX_LOG_LINES} || echo "Git log failed"
+ cd ..
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Git clone with $key_type key failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Git clone with $key_type key failed"
+ fi
+ fi
+ ;;
+
+ "push")
+ if [ -d "cloned-repo" ]; then
+ echo "Entering cloned-repo directory for git push..."
+ cd cloned-repo
+ echo "Test change $attempt with $key_type key" >> test-file.txt
+ git add test-file.txt
+ git commit -m "$key_type Test commit $attempt" || true
+ echo "Attempting git push..."
+ if timeout 30 git push origin main 2>>"$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git push with $key_type key successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git push with $key_type key successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Git push with $key_type key failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Git push with $key_type key failed"
+ fi
+ fi
+ cd ..
+ else
+ status="SKIPPED"
+ echo "Skipping push - clone failed"
+ fi
+ ;;
+
+ "pull")
+ if [ -d "cloned-repo" ]; then
+ echo "Entering cloned-repo directory for git pull..."
+ cd cloned-repo
+ echo "Attempting git pull..."
+ if timeout 30 git pull origin main 2>>"$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git pull with $key_type key successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git pull with $key_type key successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Git pull with $key_type key failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Git pull with $key_type key failed"
+ fi
+ fi
+ cd ..
+ else
+ status="SKIPPED"
+ echo "Skipping pull - clone failed"
+ fi
+ ;;
+
+ "fetch")
+ if [ -d "cloned-repo" ]; then
+ echo "Entering cloned-repo directory for git fetch..."
+ cd cloned-repo
+ echo "Attempting git fetch..."
+ if timeout 30 git fetch origin 2>>"$error_log"; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git fetch with $key_type key successful (with WPFF=1 - using OpenSSH inline crypto as expected)"
+ check_force_fail
+ else
+ status="SUCCESS"
+ ((success_count++))
+ print_status "SUCCESS" "Git fetch with $key_type key successful"
+ fi
+ else
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ status="EXPECTED_FAIL"
+ print_status "SUCCESS" "Git fetch with $key_type key failed as expected (WPFF=1 - wolfProvider IS being used!)"
+ else
+ status="FAILURE"
+ ((failure_count++))
+ FAIL=1
+ print_status "FAILURE" "Git fetch with $key_type key failed"
+ fi
+ fi
+ cd ..
+ else
+ status="SKIPPED"
+ echo "Skipping fetch - clone failed"
+ fi
+ ;;
+ esac
+
+ local end_time=$(date +%s.%N)
+ local duration=$(echo "$end_time - $start_time" | bc -l 2>/dev/null || echo "0")
+ echo "$attempt,git_${operation},$status,$duration," >> "$timing_log"
+ echo " Git $operation with $key_type: $status (${duration}s)"
+ done
+
+ # Clean up SSH key for this attempt
+ rm -f ~/.ssh/id_${key_type}_test ~/.ssh/id_${key_type}_test.pub
+ fi
+
+ # Clean up test files
+ rm -f "$ssh_key" "$ssh_pub_key"
+ rm -rf "$test_dir"
+ done
+
+ # Print summary
+ echo ""
+ echo "=== SSH KEY TEST SUMMARY FOR $key_type ==="
+ echo "Total operations: $((success_count + failure_count))"
+ echo "Successful operations: $success_count"
+ echo "Failed operations: $failure_count"
+
+ if [ $failure_count -gt 0 ]; then
+ local failure_rate=$(echo "scale=2; $failure_count * 100 / ($success_count + failure_count)" | bc -l)
+ echo "Failure rate: ${failure_rate}%"
+ else
+ echo "Failure rate: 0%"
+ fi
+
+ echo ""
+ echo "SSH Key timing data saved to: $timing_log"
+ echo "SSH Key error log saved to: $error_log"
+
+ if [ -f "$error_log" ] && [ -s "$error_log" ]; then
+ echo ""
+ echo "=== SSH KEY ERROR LOG SUMMARY ==="
+ tail -20 "$error_log"
+ fi
+ echo ""
+}
+
+# Function to cleanup
+cleanup() {
+ echo "=== Cleanup ==="
+
+ # Stop SSH server if running
+ if pgrep -f "sshd.*2222" > /dev/null; then
+ echo "Stopping SSH test server..."
+ pkill -f "sshd.*2222" || true
+ fi
+
+ # Clean up test directory
+ rm -rf "$TEST_BASE_DIR"
+ print_status "SUCCESS" "Cleaned up test directory: $TEST_BASE_DIR"
+ echo ""
+}
+
+# Function to show usage
+show_usage() {
+ echo "Usage: $0 [OPTIONS]"
+ echo ""
+ echo "Options:"
+ echo " -h, --help Show this help message"
+ echo " -v, --verbose Enable verbose debug output"
+ echo " -q, --quiet Enable quiet mode (minimal output)"
+ echo " -s, --ssh Enable SSH key testing (default: enabled)"
+ echo " -n, --no-ssh Disable SSH key testing"
+ echo " -i, --iterations N Number of iterations per test (default: 10)"
+ echo " -g, --github-iterations N Number of GitHub SSH test iterations (default: 5)"
+ echo " -k, --key-types TYPES Comma-separated key types (default: rsa,ecdsa,ed25519)"
+ echo " -l, --log-lines N Maximum git log lines to show (default: 5)"
+ echo ""
+ echo "Environment Variables:"
+ echo " VERBOSE_OUTPUT=true Enable verbose output"
+ echo " QUIET_MODE=true Enable quiet mode"
+ echo " SSH_TEST_ENABLED=false Disable SSH testing"
+ echo " MAX_LOG_LINES=10 Set maximum log lines"
+ echo " WOLFPROV_FORCE_FAIL=1 Test if wolfProvider is being used (operations should fail)"
+ echo ""
+ echo "Examples:"
+ echo " $0 # Run all tests with default settings"
+ echo " $0 --verbose # Run with verbose debug output"
+ echo " $0 --no-ssh # Skip SSH key testing"
+ echo " $0 --iterations 20 # Run 20 iterations per test"
+ echo " $0 --github-iterations 10 # Run 10 GitHub SSH tests"
+ echo " $0 --key-types rsa,ed25519 # Test only RSA and ED25519 keys"
+ echo " WOLFPROV_FORCE_FAIL=1 $0 # Test with force fail to verify wolfProvider usage"
+ echo ""
+}
+
+# Function to parse command line arguments
+parse_args() {
+ while [[ $# -gt 0 ]]; do
+ case $1 in
+ -h|--help)
+ show_usage
+ exit 0
+ ;;
+ -v|--verbose)
+ VERBOSE_OUTPUT=true
+ shift
+ ;;
+ -q|--quiet)
+ QUIET_MODE=true
+ shift
+ ;;
+ -s|--ssh)
+ SSH_TEST_ENABLED=true
+ shift
+ ;;
+ -n|--no-ssh)
+ SSH_TEST_ENABLED=false
+ shift
+ ;;
+ -i|--iterations)
+ ITERATIONS="$2"
+ shift 2
+ ;;
+ -g|--github-iterations)
+ GITHUB_ITERATIONS="$2"
+ shift 2
+ ;;
+ -k|--key-types)
+ IFS=',' read -ra KEY_TYPES <<< "$2"
+ shift 2
+ ;;
+ -l|--log-lines)
+ MAX_LOG_LINES="$2"
+ shift 2
+ ;;
+ *)
+ echo "Unknown option: $1"
+ show_usage
+ exit 1
+ ;;
+ esac
+ done
+}
+
+# Main execution
+main() {
+ # Parse command line arguments
+ parse_args "$@"
+
+ echo "Starting wolfProvider Git Operations Test"
+ echo "=========================================="
+ echo ""
+
+ # Check if running as root
+ if [ "$EUID" -ne 0 ]; then
+ print_status "WARNING" "Not running as root. Some operations may fail due to permissions."
+ echo "Consider running with: sudo $0"
+ echo ""
+ fi
+
+ # Verify wolfProvider is properly installed
+ ./scripts/verify-debian.sh
+
+ # Verify SSH setup and algorithm negotiation
+ verify_ssh_setup
+
+ # Setup git environment
+ setup_git_environment
+
+ # Verify repository setup
+ verify_repository
+
+ # Test git operations for each key type
+ for key_type in "${KEY_TYPES[@]}"; do
+ test_git_operations "$key_type" "$ITERATIONS"
+ done
+
+ # Test SSH key operations if enabled
+ if [ "$SSH_TEST_ENABLED" = "true" ]; then
+ echo "=== SSH Key Testing Enabled ==="
+ echo "Testing SSH key generation and validation with different key types"
+ echo ""
+
+ for key_type in "${KEY_TYPES[@]}"; do
+ test_ssh_key_operations "$key_type" "$ITERATIONS"
+ done
+ else
+ echo "=== SSH Key Testing Disabled ==="
+ echo "Set SSH_TEST_ENABLED=true to enable SSH key testing"
+ echo ""
+ fi
+
+ # Test GitHub SSH connectivity
+ test_github_ssh_connectivity "$GITHUB_ITERATIONS"
+
+ # Final verification
+ echo "=== Final wolfProvider Verification ==="
+ if openssl list -providers | grep -q "wolfSSL Provider"; then
+ print_status "SUCCESS" "wolfProvider is still active after git operations"
+ else
+ print_status "WARNING" "wolfProvider may have been affected by git operations"
+ fi
+ echo ""
+
+ # Cleanup
+ cleanup
+
+ # Handle force fail results like cmd tests
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ if [ $FORCE_FAIL_PASSED -eq 1 ]; then
+ echo ""
+ print_status "FAILURE" "Git Tests Failed With Force Fail Enabled"
+ echo "ERROR: Some tests passed when they should have failed"
+ exit 1
+ else
+ echo ""
+ print_status "SUCCESS" "Git Tests Passed With Force Fail Enabled"
+ echo "SUCCESS: All tests failed as expected"
+ exit 0
+ fi
+ else
+ if [ $FAIL -eq 0 ]; then
+ print_status "SUCCESS" "wolfProvider Git Operations Test completed successfully!"
+ exit 0
+ else
+ print_status "FAILURE" "wolfProvider Git Operations Test completed with failures!"
+ exit 1
+ fi
+ fi
+}
+
+# Run main function
+main "$@"
diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh
index 7f6507c8..763a326a 100755
--- a/scripts/utils-openssl.sh
+++ b/scripts/utils-openssl.sh
@@ -167,7 +167,7 @@ check_openssl_replace_default_mismatch() {
patch_openssl_version() {
# Patch the OpenSSL version (wolfProvider/openssl-source/VERSION.dat)
# with our BUILD_METADATA, depending on the FIPS flag. Either "wolfProvider" or "wolfProvider-fips".
- if [ "$WOLFSSL_ISFIPS" = "1" ]; then
+ if [ ${WOLFSSL_ISFIPS:-0} -eq 1 ]; then
sed -i 's/BUILD_METADATA=.*/BUILD_METADATA=wolfProvider-fips/g' ${OPENSSL_SOURCE_DIR}/VERSION.dat
else
sed -i 's/BUILD_METADATA=.*/BUILD_METADATA=wolfProvider-nonfips/g' ${OPENSSL_SOURCE_DIR}/VERSION.dat
diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh
index aa7b157e..dbe1a85e 100644
--- a/scripts/utils-wolfssl.sh
+++ b/scripts/utils-wolfssl.sh
@@ -35,6 +35,7 @@ WOLFSSL_CONFIG_CFLAGS=${WOLFSSL_CONFIG_CFLAGS:-"-I${OPENSSL_INSTALL_DIR}/include
WOLFSSL_DEBUG_ASN_TEMPLATE=${DWOLFSSL_DEBUG_ASN_TEMPLATE:-0}
WOLFPROV_DISABLE_ERR_TRACE=${WOLFPROV_DISABLE_ERR_TRACE:-0}
WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
+WOLFPROV_BUILD_DEBIAN=${WOLFPROV_BUILD_DEBIAN:-0}
USE_CUR_TAG=${USE_CUR_TAG:-0}
clean_wolfssl() {
@@ -106,7 +107,7 @@ install_wolfssl() {
printf "ERROR: System wolfSSL is FIPS, but WOLFSSL_ISFIPS is not set to 1\n"
do_cleanup
exit 1
- elif [ $? -eq 0 ] && [ "$WOLFSSL_ISFIPS" != "0" ]; then
+ elif [ $? -ne 0 ] && [ "$WOLFSSL_ISFIPS" != "0" ]; then
printf "ERROR: System wolfSSL is non-FIPS, but WOLFSSL_ISFIPS is set to 1\n"
do_cleanup
exit 1
diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh
new file mode 100755
index 00000000..afb727fd
--- /dev/null
+++ b/scripts/verify-install.sh
@@ -0,0 +1,211 @@
+#!/bin/bash
+#
+# Copyright (C) 2006-2024 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see .
+#
+# This script verifies that wolfProvider is correctly installed and configured.
+
+# Default values
+REPLACE_DEFAULT=0
+FIPS=0
+
+# Parse command line arguments
+while [[ $# -gt 0 ]]; do
+ case $1 in
+ --replace-default)
+ REPLACE_DEFAULT=1
+ shift
+ ;;
+ --fips)
+ FIPS=1
+ shift
+ ;;
+ --help|-h)
+ echo "Usage: $0 [--replace-default] [--fips]"
+ echo " --replace-default Set replace default to 1 (default: 0)"
+ echo " --fips Set FIPS to 1 (default: 0)"
+ echo " --help, -h Show this help message"
+ exit 0
+ ;;
+ *)
+ echo "Unknown option: $1"
+ echo "Use --help for usage information"
+ exit 1
+ ;;
+ esac
+done
+
+handle_error() {
+ local message="$1"
+ local exit_code="${2:-1}"
+
+ echo "ERROR: $message" >&2
+ exit $exit_code
+}
+
+log_success() {
+ echo "SUCCESS: $1"
+}
+log_info() {
+ echo "INFO: $1"
+}
+
+verify_provider_loaded() {
+ local replace_default="$1"
+ local fips="$2"
+
+ # When replace-default is 0, expect something like this:
+ # $ openssl list -providers
+ # Providers:
+ # libwolfprov
+ # name: wolfSSL Provider
+ # version: 1.0.2
+ # status: active
+
+ # When replace-default is 1, expect something like this:
+ # $ openssl list -providers
+ # Providers:
+ # default
+ # name: wolfSSL Provider
+ # version: 1.0.2
+ # status: active
+
+ log_info "Verifying wolfProvider is active..."
+
+ local provider_output
+ provider_output=$(openssl list -providers 2>&1)
+
+ echo "Provider list:"
+ echo "$provider_output"
+
+ # Check for the presence of "wolfSSL Provider" and "status: active"
+ if echo "$provider_output" | grep -qi "wolfSSL Provider" && echo "$provider_output" | grep -qi "status: active"; then
+ log_success "wolfProvider is loaded"
+ else
+ handle_error "wolfProvider not found in provider list"
+ fi
+
+ if [ $replace_default -eq 0 ]; then
+ if echo "$provider_output" | grep -qi "libwolfprov"; then
+ log_success "wolfProvider is non-default"
+ else
+ handle_error "wolfProvider is default"
+ fi
+ else
+ if echo "$provider_output" | grep -qi "default"; then
+ log_success "wolfProvider is default"
+ else
+ handle_error "wolfProvider is non-default"
+ fi
+ fi
+
+ # Expect "wolfSSL Provider" for non-FIPS, "wolfSSL Provider FIPS" for FIPS
+ if [ $fips -eq 0 ]; then
+ if echo "$provider_output" | grep -q "wolfSSL Provider FIPS"; then
+ handle_error "wolfSSL Provider is FIPS"
+ else
+ log_success "wolfSSL Provider is non-FIPS"
+ fi
+ else
+ if echo "$provider_output" | grep -q "wolfSSL Provider FIPS"; then
+ log_success "wolfSSL Provider is FIPS"
+ else
+ handle_error "wolfSSL Provider is non-FIPS"
+ fi
+ fi
+}
+
+verify_openssl_version() {
+ local replace_default="$1"
+ local fips="$2"
+
+ # When replace-default is 0, expect something like this:
+ # $openssl version
+ # OpenSSL 3.0.17 1 Jul 2025 (Library: OpenSSL 3.0.17 1 Jul 2025
+
+ # When replace-default is 1 and fips is 0, expect something like this:
+ # $ openssl version
+ # OpenSSL 3.5.2+wolfProvider-nonfips 03 Oct 2025 (Library: OpenSSL 3.5.2+wolfProvider-nonfips 03 Oct 2025)
+
+ log_info "Verifying OpenSSL version..."
+
+ local version_output
+ version_output=$(openssl version -a 2>&1)
+
+ echo "OpenSSL version information:"
+ echo "$version_output"
+
+ if [ $replace_default -eq 0 ]; then
+ # Verify that wolfProv (case-insensitive) is in the version output
+ if echo "$version_output" | grep -qi "wolfProv"; then
+ log_success "wolfProv is in the version output"
+ else
+ handle_error "wolfProv is not in the version output"
+ fi
+ else
+ # Verify that wolfProvider (case-insensitive) is in the version output
+ # for both the OpenSSL version and the Library version
+ # Check for both "# OpenSSL 3.x.y+wolfProvider" and "Library: OpenSSL 3.x.y+wolfProvider" separately
+ if echo "$version_output" | grep -qiE "OpenSSL 3\.[0-9]+\.[0-9]+\+wolfProvider"; then
+ log_success "OpenSSL version is correct"
+ else
+ handle_error "OpenSSL version is incorrect for replace default"
+ fi
+
+ if echo "$version_output" | grep -qiE "Library: OpenSSL 3\.[0-9]+\.[0-9]+\+wolfProvider"; then
+ log_success "libssl3 version is correct"
+ else
+ handle_error "libssl3 version is incorrect for replace default"
+ fi
+
+ if [ $fips -eq 0 ]; then
+ # For non-FIPS, expect "wolfProvider-nonfips" in the version output
+ # For FIPS, expect "wolfProvider-fips" in the version output
+ if echo "$version_output" | grep -qi "wolfProvider-nonfips"; then
+ log_success "wolfProvider-nonfips is in the version output"
+ else
+ handle_error "wolfProvider-nonfips is not in the version output"
+ fi
+ else
+ if echo "$version_output" | grep -qi "wolfProvider-fips"; then
+ log_success "wolfProvider-fips is in the version output"
+ else
+ handle_error "wolfProvider-fips is not in the version output"
+ fi
+ fi
+ fi
+}
+
+# Main verification function
+verify_wolfprovider() {
+ local replace_default="$1"
+ local fips="$2"
+
+ # echo "Replace default value: $replace_default"
+ # echo "FIPS value: $fips"
+
+ echo "--------------------------------"
+ verify_provider_loaded $replace_default $fips
+ echo "--------------------------------"
+ verify_openssl_version $replace_default $fips
+ echo "--------------------------------"
+ echo "wolfProvider installed correctly"
+
+ return 0
+}
+
+verify_wolfprovider "$REPLACE_DEFAULT" "$FIPS"
diff --git a/src/wp_wolfprov.c b/src/wp_wolfprov.c
index 84e08db2..ac8afcd6 100644
--- a/src/wp_wolfprov.c
+++ b/src/wp_wolfprov.c
@@ -310,6 +310,12 @@ static int wolfprov_get_params(void* provCtx, OSSL_PARAM params[])
int ok = 1;
OSSL_PARAM* p;
+#ifdef HAVE_FIPS
+ static const char* provider_name = "wolfSSL Provider FIPS";
+#else
+ static const char* provider_name = "wolfSSL Provider";
+#endif
+
WOLFPROV_ENTER(WP_LOG_PROVIDER, "wolfprov_get_params");
(void)provCtx;
@@ -317,7 +323,7 @@ static int wolfprov_get_params(void* provCtx, OSSL_PARAM params[])
/* Look for provider name as a parameter to return. */
p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_NAME);
/* Set the string if name requested. */
- if ((p != NULL) && (!OSSL_PARAM_set_utf8_ptr(p, "wolfSSL Provider"))) {
+ if ((p != NULL) && (!OSSL_PARAM_set_utf8_ptr(p, provider_name))) {
ok = 0;
}
if (ok) {