diff --git a/.github/scripts/check-workflow-result.sh b/.github/scripts/check-workflow-result.sh index 1323bd5f..eacae827 100755 --- a/.github/scripts/check-workflow-result.sh +++ b/.github/scripts/check-workflow-result.sh @@ -275,11 +275,11 @@ if [ "$WOLFPROV_FORCE_FAIL" = "WOLFPROV_FORCE_FAIL=1" ]; then elif [ "$TEST_SUITE" = "tcpdump" ]; then if [ -f "tcpdump-test.log" ]; then # Check for expected 7 failed tests (ESP/crypto segfaults) - if grep -q "7 tests failed" tcpdump-test.log; then - echo "PASS: tcpdump tests failed as expected with force fail enabled (7 tests failed)" + if grep -q "2 tests failed" tcpdump-test.log; then + echo "PASS: tcpdump tests failed as expected with force fail enabled (2 tests failed)" exit 0 else - echo "FAIL: tcpdump tests did not fail as expected (should have 7 failed tests)" + echo "FAIL: tcpdump tests did not fail as expected (should have 2 failed tests)" exit 1 fi else diff --git a/.github/scripts/docker/Dockerfile b/.github/scripts/docker/Dockerfile new file mode 100644 index 00000000..20668001 --- /dev/null +++ b/.github/scripts/docker/Dockerfile @@ -0,0 +1,27 @@ +# Dockerfile used in `.github/workflows/build-wolfprovider.yml` +FROM debian:bookworm + +ENV DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + devscripts \ + debhelper \ + dh-autoreconf \ + libtool \ + pkg-config \ + git \ + wget \ + curl \ + ca-certificates \ + openssl \ + dpkg-dev \ + lintian \ + fakeroot \ + dh-exec \ + equivs \ + expect \ + xxd \ + bc \ + libdistro-info-perl \ + && rm -rf /var/lib/apt/lists/* diff --git a/.github/workflows/bind9.yml b/.github/workflows/bind9.yml index f793232b..68e5345a 100644 --- a/.github/workflows/bind9.yml +++ b/.github/workflows/bind9.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_bind: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -41,9 +42,9 @@ jobs: bind_ref: [ 'v9.18.28' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -54,24 +55,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -85,7 +76,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install bind9 test dependencies run: | @@ -113,7 +106,11 @@ jobs: fetch-depth: 1 - run: | cd bind9 - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/bind9/bind9-${{ matrix.bind_ref }}-wolfprov.patch + if [ "${{ matrix.fips_ref }}" = "FIPS" ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/bind9/bind9-${{ matrix.bind_ref }}-wolfprov-fips.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/bind9/bind9-${{ matrix.bind_ref }}-wolfprov.patch + fi - name: Build and test bind9 with wolfProvider working-directory: bind9 diff --git a/.github/workflows/build-wolfprovider.yml b/.github/workflows/build-wolfprovider.yml index b4059e8c..319c4927 100644 --- a/.github/workflows/build-wolfprovider.yml +++ b/.github/workflows/build-wolfprovider.yml @@ -9,6 +9,9 @@ on: openssl_ref: required: true type: string + fips_ref: + required: false + type: string replace_default: required: false type: boolean @@ -18,44 +21,133 @@ jobs: build_wolfprovider_common: name: Build wolfProvider runs-on: ubuntu-22.04 - # Run inside Debian Bookworm to match packaging environment + # Grant permissions to read packages from ghcr.io + permissions: + contents: read + packages: read + # Run inside Debian Bookworm using container from ghcr.io/wolfssl/build-wolfprovider-debian:bookworm + # We are using this container to avoid having to install all the dependencies on the host machine + # and speed up the build process. + # Note: Docker image paths must be lowercase even though the GitHub org is wolfSSL container: - image: debian:bookworm + image: ghcr.io/wolfssl/build-wolfprovider-debian:bookworm env: DEBIAN_FRONTEND: noninteractive + # Add network capabilities so ifconfig/RTNETLINK operations are permitted + # These are passed to `docker run` as runtime options + options: --cap-add=NET_ADMIN --cap-add=NET_RAW timeout-minutes: 20 env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages + DEBS_PATH: debs steps: - # Install git prior to cloning to ensure we have the full repo - # TODO: create a docker with these pre-installed - - name: Install common dependencies + # Check if artifact already exists from another job in the same workflow run + # When multiple matrix jobs run in parallel, the first one to finish uploads the artifact + # Other jobs can then find it and skip rebuilding (no need to download it, just check it exists) + - name: Check for existing artifact from same run + id: check_artifact + continue-on-error: true + uses: actions/download-artifact@v4 + with: + name: debian-packages-${{ inputs.fips_ref }}${{ inputs.replace_default && '-replace-default' || '' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }} + + # Download pre-built packages from debs branch + - name: Checkout debs branch + if: steps.check_artifact.outcome != 'success' + uses: actions/checkout@v4 + with: + repository: wolfSSL/wolfProvider + ref: debs + sparse-checkout: | + fips + nonfips + openssl + sparse-checkout-cone-mode: false + path: ${{ env.DEBS_PATH }} + + - name: Setup packages from debs branch + if: steps.check_artifact.outcome != 'success' + run: | + mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }} + mkdir -p ${{ env.OPENSSL_PACKAGES_PATH }} + + echo "Available packages in debs branch:" + ls -la ${{ env.DEBS_PATH }}/ + + # Copy packages based on build type + if [ "${{ inputs.fips_ref }}" = "FIPS" ]; then + if [ -d "${{ env.DEBS_PATH }}/fips" ] && [ "$(ls -A ${{ env.DEBS_PATH }}/fips/*.deb 2>/dev/null)" ]; then + echo "Copying FIPS wolfSSL packages..." + cp ${{ env.DEBS_PATH }}/fips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/ + else + echo "ERROR: No FIPS packages found in debs branch" + exit 1 + fi + else + if [ -d "${{ env.DEBS_PATH }}/nonfips" ] && [ "$(ls -A ${{ env.DEBS_PATH }}/nonfips/*.deb 2>/dev/null)" ]; then + echo "Copying non-FIPS wolfSSL packages..." + cp ${{ env.DEBS_PATH }}/nonfips/*.deb ${{ env.WOLFSSL_PACKAGES_PATH }}/ + else + echo "ERROR: No non-FIPS packages found in debs branch" + exit 1 + fi + fi + # Copy OpenSSL packages based on replace_default setting + if [ "${{ inputs.replace_default }}" = "true" ]; then + if [ -d "${{ env.DEBS_PATH }}/openssl/debs-replace-default" ] && [ "$(ls -A ${{ env.DEBS_PATH }}/openssl/debs-replace-default/*.deb 2>/dev/null)" ]; then + echo "Copying OpenSSL replace-default packages..." + cp ${{ env.DEBS_PATH }}/openssl/debs-replace-default/*.deb ${{ env.OPENSSL_PACKAGES_PATH }}/ + else + echo "WARNING: No OpenSSL replace-default packages found in debs branch" + fi + else + if [ -d "${{ env.DEBS_PATH }}/openssl/debs-default" ] && [ "$(ls -A ${{ env.DEBS_PATH }}/openssl/debs-default/*.deb 2>/dev/null)" ]; then + echo "Copying OpenSSL default packages..." + cp ${{ env.DEBS_PATH }}/openssl/debs-default/*.deb ${{ env.OPENSSL_PACKAGES_PATH }}/ + else + echo "WARNING: No OpenSSL default packages found in debs branch" + fi + fi + + echo "" + echo "Packages ready for installation:" + echo "wolfSSL packages:" + ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} + echo "" + echo "OpenSSL packages:" + ls -la ${{ env.OPENSSL_PACKAGES_PATH }} + + - name: Install OpenSSL and wolfSSL packages + if: steps.check_artifact.outcome != 'success' run: | - apt-get update && apt-get install -y --no-install-recommends \ - build-essential \ - devscripts \ - debhelper \ - dh-autoreconf \ - libtool \ - pkg-config \ - git \ - wget \ - curl \ - ca-certificates \ - openssl \ - dpkg-dev \ - lintian \ - fakeroot \ - dh-exec \ - equivs \ - expect \ - xxd \ - bc \ - libdistro-info-perl + echo "Installing OpenSSL and wolfSSL packages (${{ inputs.fips_ref }})..." + + # Install OpenSSL packages first + if [ -n "$(ls -A ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then + echo "Installing OpenSSL packages..." + dpkg -i ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb || true + fi + # Install wolfSSL packages + if [ -n "$(ls -A ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb 2>/dev/null)" ]; then + echo "Installing wolfSSL packages..." + dpkg -i ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb || true + fi + + # Fix any dependency issues + apt-get install -f -y + + echo "" + echo "Packages installed successfully:" + echo "OpenSSL:" + dpkg -l | grep openssl || echo " No OpenSSL packages found" + echo "" + echo "wolfSSL:" + dpkg -l | grep wolfssl || echo " No wolfSSL packages found" - name: Checkout wolfProvider + if: steps.check_artifact.outcome != 'success' uses: actions/checkout@v4 with: fetch-depth: 1 @@ -63,58 +155,53 @@ jobs: # Avoid "detected dubious ownership" warning - name: Ensure the working directory safe + if: steps.check_artifact.outcome != 'success' run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" # When running on a fork the upstream tags are not present, so fetch them explicitly - name: Fetch tags from upstream(for Debian versioning) + if: steps.check_artifact.outcome != 'success' run: | git remote add upstream https://github.com/wolfSSL/wolfProvider.git || true git fetch upstream --tags --no-recurse-submodules - - name: Install wolfSSL - run: | - $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }} - - - name: Install OpenSSL - run: | - $GITHUB_WORKSPACE/debian/install-openssl.sh ${{ inputs.replace_default && '--replace-default' || '' }} ${{ env.OPENSSL_PACKAGES_PATH }} - - name: Install wolfProvider + if: steps.check_artifact.outcome != 'success' run: | - $GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ env.WOLFPROV_PACKAGES_PATH }} + $GITHUB_WORKSPACE/debian/install-wolfprov.sh ${{ inputs.fips_ref == 'FIPS' && '--fips' || '' }} ${{ env.WOLFPROV_PACKAGES_PATH }} - - name: List packages directories + - name: Setup packages directory + if: steps.check_artifact.outcome != 'success' run: | + mkdir -p ${{ env.WOLFPROV_PACKAGES_PATH }} + + # Copy wolfProvider packages (built in previous step) + cp $GITHUB_WORKSPACE/../libwolfprov*.deb ${{ env.WOLFPROV_PACKAGES_PATH }} + cp $GITHUB_WORKSPACE/../libwolfprov*.dsc ${{ env.WOLFPROV_PACKAGES_PATH }} + cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }} + + # Note: OpenSSL and wolfSSL packages already copied from debs branch earlier + + printf "Listing packages directory:\n" + echo "wolfProvider packages:" ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} + echo "" + echo "wolfSSL packages:" ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} + echo "" + echo "OpenSSL packages:" ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - - name: Save all packages to cache for use by other workflows - uses: actions/cache/save@v4 - continue-on-error: true + # Save all packages as artifacts for consumers + # Skip upload if artifact already exists (from a parallel run) + - name: Upload wolfProvider packages + if: steps.check_artifact.outcome != 'success' + uses: actions/upload-artifact@v4 with: + name: debian-packages-${{ inputs.fips_ref }}${{ inputs.replace_default && '-replace-default' || '' }}-${{ inputs.wolfssl_ref }}-${{ inputs.openssl_ref }} path: | ${{ env.WOLFSSL_PACKAGES_PATH }} ${{ env.OPENSSL_PACKAGES_PATH }} ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }} - - # Save all packages in a single artifact for consumers - # TODO: support debug builds - - name: Upload wolfProvider artifacts - uses: actions/upload-artifact@v4 - continue-on-error: true - with: - name: openssl-wolfprov-debian-packages-${{ github.sha }}${{ inputs.replace_default && '-replace-default' || '' }} - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb - ${{ env.WOLFSSL_PACKAGES_PATH }}/*.dsc - ${{ env.WOLFSSL_PACKAGES_PATH }}/*.tar.gz - ${{ env.OPENSSL_PACKAGES_PATH }}/*.deb - ${{ env.OPENSSL_PACKAGES_PATH }}/*.dsc - ${{ env.OPENSSL_PACKAGES_PATH }}/*.tar.gz - ${{ env.WOLFPROV_PACKAGES_PATH }}/*.deb - ${{ env.WOLFPROV_PACKAGES_PATH }}/*.dsc - ${{ env.WOLFPROV_PACKAGES_PATH }}/*.tar.gz retention-days: 1 diff --git a/.github/workflows/cjose.yml b/.github/workflows/cjose.yml index f376b279..7e9a4967 100644 --- a/.github/workflows/cjose.yml +++ b/.github/workflows/cjose.yml @@ -3,7 +3,7 @@ name: cjose Tests # START OF COMMON SECTION on: push: - branches: ['*'] #[ 'master', 'main', 'release/**' ] + branches: [ 'master', 'main', 'release/**' ] pull_request: branches: [ '*' ] @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_cjose: runs-on: ubuntu-22.04 @@ -42,9 +43,9 @@ jobs: cjose_ref: [ 'v0.6.2.1' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -61,25 +62,15 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ + apt install --reinstall -y \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ @@ -87,12 +78,14 @@ jobs: ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ + apt install --reinstall -y \ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Download cjose uses: actions/checkout@v4 diff --git a/.github/workflows/curl.yml b/.github/workflows/curl.yml index ee554ecc..504b4974 100644 --- a/.github/workflows/curl.yml +++ b/.github/workflows/curl.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_curl: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: curl_ref: [ 'curl-8_4_0', 'curl-7_88_1' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/debian-package.yml b/.github/workflows/debian-package.yml index 18edead9..ceccd53e 100644 --- a/.github/workflows/debian-package.yml +++ b/.github/workflows/debian-package.yml @@ -18,15 +18,17 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: - matrix: - # Test 5.8.2 since our .deb is based on that version + matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] + fips_ref: [ 'FIPS', 'non-FIPS' ] + replace_default: [ true, false ] - libwolfprov-standalone: + libwolfprov-replace-default: + name: libwolfprov ${{ matrix.replace_default && 'replace-default' || 'standalone' }} ${{ matrix.fips_ref }} runs-on: ubuntu-22.04 needs: build_wolfprovider # Run inside Debian Bookworm to match packaging environment @@ -40,7 +42,9 @@ jobs: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ false ] + fips_ref: [ 'FIPS', 'non-FIPS' ] + replace_default: [ true, false ] + force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -52,35 +56,30 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - - name: Install package without custom openssl + - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - apt-get update && \ - apt install --reinstall -y openssl libssl3 + apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ + ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ + ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ + ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Test OpenSSL provider functionality run: | @@ -99,7 +98,7 @@ jobs: # Run the do-cmd-test.sh script to execute interoperability tests echo "Running OpenSSL provider interoperability tests..." - OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh + OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh # Restore wolfprovider configuration echo "Restoring wolfprovider configuration:" @@ -115,8 +114,10 @@ jobs: # Uninstall the package apt-get remove -y libwolfprov - # Verify default OpenSSL provider is active - $GITHUB_WORKSPACE/scripts/verify-install.sh --no-wp ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + if openssl list -providers | grep -q "wolfSSL Provider"; then + echo "wolfprovider is still listed as an OpenSSL provider" + exit 1 + fi # Purge the package to remove all files apt-get remove --purge -y libwolfprov @@ -149,159 +150,4 @@ jobs: echo "libwolfprov.so successfully removed" fi - # Verify that the default provider is present and active - $GITHUB_WORKSPACE/scripts/verify-install.sh --no-wp ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - echo "Package uninstallation and cleanup verification successful" - - - libwolfprov-replace-default: - runs-on: ubuntu-22.04 - needs: build_wolfprovider - # Run inside Debian Bookworm to match packaging environment - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - WOLFPROV_CONF_FILE: /etc/ssl/openssl.cnf.d/wolfprovider.conf - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - - name: Show OpenSSL version - run: | - echo "OpenSSL version:" - openssl version -a || true - - - name: Test OpenSSL providers before wolfprov installation - run: | - echo "Testing OpenSSL providers before wolfprov installation..." - echo "Expected: This should work normally with default providers" - - # Test openssl list -providers - if openssl list -providers; then - echo "SUCCESS: openssl list -providers works before wolfprov installation" - else - echo "FAILURE: openssl list -providers failed before wolfprov installation" - exit 1 - fi - - echo "Provider list before wolfprov installation:" - openssl list -providers - - - name: Install libwolfprov package - run: | - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - echo "Installed packages after wolfprov:" - dpkg -l | grep -E "(wolfprov|wolfssl|openssl|libssl)" - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Verify wolfprov configuration - run: | - echo "Verifying wolfprov configuration..." - - # Check if configuration file exists - if [ -f $WOLFPROV_CONF_FILE ]; then - echo "SUCCESS: wolfprovider.conf exists" - cat $WOLFPROV_CONF_FILE - else - echo "WARNING: wolfprovider.conf not found" - fi - - # Check if library file exists - WOLFPROV_OBJS=$(find /usr/lib -name "libwolfprov.so*") - if [ -n "$WOLFPROV_OBJS" ]; then - echo "SUCCESS: libwolfprov.so exists" - echo "$WOLFPROV_OBJS" - else - echo "WARNING: libwolfprov.so not found" - fi - - - name: Test basic OpenSSL functionality (digests, AES, ECDH, ECC) - shell: bash - run: | - set -e - echo "Testing OpenSSL digests..." - echo "test" | openssl dgst -sha256 - echo "test" | openssl dgst -sha512 - - echo "Testing OpenSSL AES encryption/decryption..." - echo "secret" | openssl enc -aes-128-cbc -pass pass:mykey -out secret.enc - openssl enc -d -aes-128-cbc -pass pass:mykey -in secret.enc - - echo "Testing OpenSSL ECDH key generation and shared secret..." - openssl ecparam -name prime256v1 -genkey -noout -out ec1.pem - openssl ecparam -name prime256v1 -genkey -noout -out ec2.pem - openssl pkey -in ec1.pem -pubout -out ec1.pub - openssl pkey -in ec2.pem -pubout -out ec2.pub - openssl pkeyutl -derive -inkey ec1.pem -peerkey ec2.pub -out secret1.bin - openssl pkeyutl -derive -inkey ec2.pem -peerkey ec1.pub -out secret2.bin - cmp secret1.bin secret2.bin && echo "ECDH shared secrets match" - - echo "Testing OpenSSL ECC sign/verify..." - openssl ecparam -name prime256v1 -genkey -noout -out ecc_key.pem - echo "message" > msg.txt - openssl dgst -sha256 -sign ecc_key.pem -out msg.sig msg.txt - openssl dgst -sha256 -verify <(openssl pkey -in ecc_key.pem -pubout) -signature msg.sig msg.txt - - - name: Run cmd tests - shell: bash - run: | - # Run the do-cmd-test.sh script to execute interoperability tests - echo "Running OpenSSL provider interoperability tests..." - OPENSSL_BIN=$(eval which openssl) ./scripts/cmd_test/do-cmd-tests.sh - - - name: Cleanup test environment - run: | - echo "Cleaning up test environment..." - - # Uninstall test packages - apt-get remove --purge -y libwolfprov || true - apt-get autoremove -y - - echo "Cleanup completed" - diff --git a/.github/workflows/git-ssh-dr.yml b/.github/workflows/git-ssh-dr.yml index 0fbfa686..329e5d31 100644 --- a/.github/workflows/git-ssh-dr.yml +++ b/.github/workflows/git-ssh-dr.yml @@ -2,7 +2,7 @@ name: Git SSH Default Replace Tests on: push: - branches: [ 'master', 'main', 'release/**', ] + branches: [ 'master', 'main', 'release/**' ] pull_request: branches: [ '*' ] @@ -16,13 +16,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] git-ssh-default-replace-test: runs-on: ubuntu-22.04 @@ -37,8 +38,8 @@ jobs: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] key_type: [ 'rsa', 'ecdsa', 'ed25519', 'chacha20-poly1305' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] iterations: [ 10 ] # Total of 50 runs @@ -53,25 +54,15 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ + apt install --reinstall -y \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ @@ -79,12 +70,14 @@ jobs: ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ + apt install --reinstall -y \ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Set up environment run: | diff --git a/.github/workflows/grpc.yml b/.github/workflows/grpc.yml index 94efafc3..c5cb373b 100644 --- a/.github/workflows/grpc.yml +++ b/.github/workflows/grpc.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_grpc: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 30 strategy: @@ -48,8 +49,9 @@ jobs: h2_ssl_cert_test h2_ssl_session_reuse_test wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] + force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -60,24 +62,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -91,7 +83,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install prerequisites run: | @@ -116,6 +110,17 @@ jobs: path: grpc ref: ${{ matrix.grpc_ref }} + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + fetch-depth: 1 + - run: | + cd grpc + # Apply the wolfProvider patch + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/grpc/grpc-FIPS-${{ matrix.grpc_ref }}-wolfprov.patch + - name: Build grpc with wolfProvider working-directory: ./grpc run: | @@ -139,7 +144,33 @@ jobs: # Start the port server ./tools/run_tests/start_port_server.py + export ${{ matrix.force_fail }} + set +e + # Run the tests + all_passed=1 for t in ${{ matrix.tests }} ; do + echo "===================================" + echo "Running test: $t" + echo "Force fail: ${{ matrix.force_fail }}" + echo "===================================" ./cmake/build/$t + exit_code=$? + if [ $exit_code -ne 0 ]; then + echo "Test $t FAILED with exit code $exit_code" + echo "Force fail: ${{ matrix.force_fail }}" + all_passed=0 + fi done + + set -e + if [ $all_passed -eq 1 ]; then + echo "ALL TESTS PASSED" + TEST_RESULT=0 + else + echo "SOME TESTS FAILED" + TEST_RESULT=1 + fi + + # Check results + $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} grpc diff --git a/.github/workflows/hostap.yml b/.github/workflows/hostap.yml index a500b618..c776cd93 100644 --- a/.github/workflows/hostap.yml +++ b/.github/workflows/hostap.yml @@ -18,11 +18,13 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] test_hostap: @@ -42,6 +44,7 @@ jobs: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages @@ -55,24 +58,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -96,7 +89,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install hostap dependencies run: | @@ -125,12 +120,7 @@ jobs: - name: Apply hostap patches for wolfProvider run: | cd hostap - if [ -f "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch" ]; then - echo "Applying OSP hostap patch..." - patch -p1 < "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch" - else - echo "No OSP patch found for hostap-${{ matrix.hostap_ref }}" - fi + patch -p1 < "$GITHUB_WORKSPACE/osp/wolfProvider/hostap/hostap-${{ matrix.hostap_ref }}-wolfprov.patch" - name: Checkout linux uses: actions/checkout@v4 diff --git a/.github/workflows/iperf.yml b/.github/workflows/iperf.yml index d7ac3a0d..6a63e7be 100644 --- a/.github/workflows/iperf.yml +++ b/.github/workflows/iperf.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_iperf: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: iperf_ref: [ '3.12' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/ipmitool.yml b/.github/workflows/ipmitool.yml deleted file mode 100644 index 28ed2ae1..00000000 --- a/.github/workflows/ipmitool.yml +++ /dev/null @@ -1,112 +0,0 @@ -name: IPMItool Tests - -# START OF COMMON SECTION -on: - push: - branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true -# END OF COMMON SECTION - -jobs: - build_wolfprovider: - uses: ./.github/workflows/build-wolfprovider.yml - with: - wolfssl_ref: ${{ matrix.wolfssl_ref }} - openssl_ref: ${{ matrix.openssl_ref }} - replace_default: ${{ matrix.replace_default }} - strategy: - matrix: - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - - test_ipmitool: - runs-on: ubuntu-22.04 - container: - image: debian:bookworm - env: - DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider - # This should be a safe limit for the tests to run. - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - ipmitool_ref: [ 'IPMITOOL_1_8_19' ] - wolfssl_ref: [ 'v5.8.2-stable' ] - openssl_ref: [ 'openssl-3.5.2' ] - replace_default: [ true ] - fips: [ false ] - env: - WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages - OPENSSL_PACKAGES_PATH: /tmp/openssl-packages - WOLFPROV_PACKAGES_PATH: /tmp/wolfprov-packages - steps: - - name: Checkout wolfProvider - uses: actions/checkout@v4 - with: - fetch-depth: 1 - - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache - with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true - - - name: Install wolfSSL/OpenSSL/wolfprov packages - run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ - ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ - ${{ env.OPENSSL_PACKAGES_PATH }}/openssl_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl3_*.deb \ - ${{ env.OPENSSL_PACKAGES_PATH }}/libssl-dev_*.deb - - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ - ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Verify wolfProvider is properly installed - run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} - - - name: Install dependencies - run: | - apt-get update - apt-get install -y libreadline-dev build-essential autoconf \ - automake libtool pkg-config autoconf-archive wget - - - name: Build ipmitool with wolfProvider - uses: wolfSSL/actions-build-autotools-project@v1 - with: - repository: ipmitool/ipmitool - ref: ${{ matrix.ipmitool_ref }} - path: ipmitool - check: false - - - name: Confirm built with OpenSSL and test with wolfProvider - working-directory: ipmitool - run: | - - # Verify ipmitool was built and linked correctly with OpenSSL - ldd src/ipmitool | grep -E '(libssl|libcrypto)' - ldd src/ipmievd | grep -E '(libssl|libcrypto)' - - # Run a simple command to verify functionality - ./src/ipmitool -V diff --git a/.github/workflows/krb5.yml b/.github/workflows/krb5.yml index a44f5ba7..c3e072ba 100644 --- a/.github/workflows/krb5.yml +++ b/.github/workflows/krb5.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_krb5: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 30 strategy: @@ -40,9 +41,9 @@ jobs: krb5_ref: [ 'krb5-1.20.1-final' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install KRB5 dependencies run: | @@ -112,7 +105,11 @@ jobs: - run: | cd krb5 # Apply the wolfProvider patch - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/krb5/krb5-1.20.1-final-wolfprov.patch + if [ "${{ matrix.fips_ref }}" = "FIPS" ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/krb5/${{ matrix.krb5_ref }}-wolfprov-fips.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/krb5/${{ matrix.krb5_ref }}-wolfprov.patch + fi - name: Build and test KRB5 with wolfProvider working-directory: krb5 diff --git a/.github/workflows/libcryptsetup.yml b/.github/workflows/libcryptsetup.yml index f2e2306e..bb69d8b8 100644 --- a/.github/workflows/libcryptsetup.yml +++ b/.github/workflows/libcryptsetup.yml @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_cryptsetup: runs-on: ubuntu-22.04 @@ -41,9 +42,9 @@ jobs: cryptsetup_ref: ['v2.6.1'] wolfssl_ref: ['v5.8.2-stable'] openssl_ref: ['openssl-3.5.2'] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -55,24 +56,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -86,7 +77,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/libeac3.yml b/.github/workflows/libeac3.yml index 0a05c288..2105a402 100644 --- a/.github/workflows/libeac3.yml +++ b/.github/workflows/libeac3.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_libeac3: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: openpace_ref: [ '1.1.3' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -55,24 +56,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -86,7 +77,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install libeac3 dependencies run: | @@ -110,7 +103,11 @@ jobs: fetch-depth: 1 - run: | cd openpace - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openpace/openpace-${{ matrix.openpace_ref }}-wolfprov.patch + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openpace/openpace-FIPS-${{ matrix.openpace_ref }}-wolfprov.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/openpace/openpace-${{ matrix.openpace_ref }}-wolfprov.patch + fi - name: Build openpace working-directory: openpace diff --git a/.github/workflows/libfido2.yml b/.github/workflows/libfido2.yml index a617a120..ca954d2e 100644 --- a/.github/workflows/libfido2.yml +++ b/.github/workflows/libfido2.yml @@ -14,30 +14,31 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_libfido2: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 15 strategy: matrix: libfido2_ref: [ '1.15.0' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -48,24 +49,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -79,7 +70,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install test dependencies run: | @@ -95,12 +88,31 @@ jobs: ref: ${{ matrix.libfido2_ref }} fetch-depth: 1 + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + fetch-depth: 1 + - run: | + cd libfido2_repo + # Apply the wolfProvider patch + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libfido2/libfido2-FIPS-${{ matrix.libfido2_ref }}-wolfprov.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libfido2/libfido2-${{ matrix.libfido2_ref }}-wolfprov.patch + fi + - name: Build and install libfido2 working-directory: libfido2_repo run: | mkdir build cd build - cmake -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install .. + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + cmake -DHAVE_FIPS=ON -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install .. + else + cmake -DCMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/libfido2-install .. + fi make -j$(nproc) make install @@ -120,6 +132,3 @@ jobs: fi $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} libfido2 - - - diff --git a/.github/workflows/libhashkit2.yml b/.github/workflows/libhashkit2.yml index 25dd637c..1ac70e0d 100644 --- a/.github/workflows/libhashkit2.yml +++ b/.github/workflows/libhashkit2.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_libhashkit2: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: libhashkit2_ref: [ '1.1.4' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install libmemcached dependencies run: | diff --git a/.github/workflows/libnice.yml b/.github/workflows/libnice.yml index 6cbcd9d6..13d5d0e6 100644 --- a/.github/workflows/libnice.yml +++ b/.github/workflows/libnice.yml @@ -18,30 +18,31 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_libnice: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 20 strategy: matrix: libnice_ref: [ '0.1.21' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -52,24 +53,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -83,7 +74,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | @@ -99,6 +92,18 @@ jobs: ref: ${{ matrix.libnice_ref }} path: libnice + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + fetch-depth: 1 + - run: | + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + cd libnice + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/libnice/libnice-${{ matrix.libnice_ref }}-wolfprov.patch + fi + - name: Build libnice working-directory: libnice run: | diff --git a/.github/workflows/liboauth2.yml b/.github/workflows/liboauth2.yml index a0cd5a89..590b0795 100644 --- a/.github/workflows/liboauth2.yml +++ b/.github/workflows/liboauth2.yml @@ -18,30 +18,31 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_liboauth2: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 20 strategy: matrix: liboauth2_ref: [ 'v1.4.5.4' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -52,24 +53,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -83,7 +74,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install liboauth2 dependencies run: | diff --git a/.github/workflows/libssh2.yml b/.github/workflows/libssh2.yml index 4131af8a..11c6770b 100644 --- a/.github/workflows/libssh2.yml +++ b/.github/workflows/libssh2.yml @@ -18,30 +18,31 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_libssh2: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 20 strategy: matrix: libssh2_ref: [ 'libssh2-1.10.0' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -52,24 +53,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -83,7 +74,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/libwebsockets.yml b/.github/workflows/libwebsockets.yml index f406a869..456e4e14 100644 --- a/.github/workflows/libwebsockets.yml +++ b/.github/workflows/libwebsockets.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_libwebsockets: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: libwebsockets_ref: [ 'v4.3.3' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -54,24 +55,19 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Install libwebsockets dependencies + run: | + apt-get update + apt-get install -y libc6 libcap2 zlib1g cmake build-essential dpkg-dev + + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb @@ -82,11 +78,6 @@ jobs: apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb - - - name: Install libwebsockets dependencies - run: | - apt-get update - apt-get install -y libc6 libcap2 zlib1g cmake build-essential dpkg-dev - name: Download libwebsockets uses: actions/checkout@v4 diff --git a/.github/workflows/net-snmp.yml b/.github/workflows/net-snmp.yml index ab616b44..27a61742 100644 --- a/.github/workflows/net-snmp.yml +++ b/.github/workflows/net-snmp.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_net_snmp: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -41,9 +42,9 @@ jobs: net_snmp_ref: [ 'v5.9.3' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -54,24 +55,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -85,26 +76,57 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | apt-get update apt-get install -y libperl-dev build-essential autoconf \ libtool pkg-config gettext net-tools - - - name: Build net-snmp with wolfProvider - uses: wolfSSL/actions-build-autotools-project@v1 + + - name: Checkout net-snmp + uses: actions/checkout@v4 with: repository: net-snmp/net-snmp ref: ${{ matrix.net_snmp_ref }} path: net-snmp - configure: >- - --disable-shared - --with-default-snmp-version="3" --with-sys-contact="@@no.where" - --with-sys-location="Unknown" --with-logfile="/var/log/snmpd.log" - --with-persistent-directory="/var/net-snmp" - check: false + fetch-depth: 1 + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + fetch-depth: 1 + - run: | + cd net-snmp + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/net-snmp/net-snmp-FIPS-${{ matrix.net_snmp_ref }}-wolfprov.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/net-snmp/net-snmp-${{ matrix.net_snmp_ref }}-wolfprov.patch + fi + + - name: Build net-snmp with wolfProvider + working-directory: net-snmp + run: | + autoreconf -ivf + if [ "${{ matrix.fips_ref }}" = "FIPS" ]; then + ./configure --enable-wolfprov-fips \ + --disable-shared \ + --with-default-snmp-version="3" \ + --with-sys-contact="@@no.where" \ + --with-sys-location="Unknown" \ + --with-logfile="$SNMP_LOGFILE" \ + --with-persistent-directory="$SNMP_PERSISTENT_DIR" + else + ./configure --disable-shared \ + --with-default-snmp-version="3" --with-sys-contact="@@no.where" \ + --with-sys-location="Unknown" --with-logfile="/var/log/snmpd.log" \ + --with-persistent-directory="/var/net-snmp" + fi + make -j$(nproc) - name: Run tests working-directory: net-snmp diff --git a/.github/workflows/nginx.yml b/.github/workflows/nginx.yml index c519cd6e..ce419ad2 100644 --- a/.github/workflows/nginx.yml +++ b/.github/workflows/nginx.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_nginx: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: nginx_ref: [ 'release-1.27.4' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/openldap.yml b/.github/workflows/openldap.yml index b26d09ad..2330d612 100644 --- a/.github/workflows/openldap.yml +++ b/.github/workflows/openldap.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_openldap: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -41,9 +42,9 @@ jobs: openldap_ref: [ 'OPENLDAP_REL_ENG_2_6_7' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -54,24 +55,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -85,7 +76,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/opensc.yml b/.github/workflows/opensc.yml index d9f972fa..2a70abfa 100644 --- a/.github/workflows/opensc.yml +++ b/.github/workflows/opensc.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_opensc: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 30 strategy: @@ -40,9 +41,9 @@ jobs: opensc_ref: [ '0.25.1' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install OpenSC dependencies run: | diff --git a/.github/workflows/openssh.yml b/.github/workflows/openssh.yml index 227ed679..11f39c67 100644 --- a/.github/workflows/openssh.yml +++ b/.github/workflows/openssh.yml @@ -18,16 +18,18 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_openssh: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm # Extra permissions needed for Debian Bookworm @@ -42,7 +44,6 @@ jobs: -v /lib/modules:/lib/modules:ro env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -50,9 +51,9 @@ jobs: openssh_ref: [ 'V_10_0_P2', 'V_9_9_P1' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'non-FIPS' ] # FIPS is not yet supported for OpenSSH force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -63,24 +64,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -94,7 +85,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/openssl-version.yml b/.github/workflows/openssl-version.yml index 2e687db9..d5a09123 100644 --- a/.github/workflows/openssl-version.yml +++ b/.github/workflows/openssl-version.yml @@ -14,6 +14,7 @@ concurrency: jobs: openssl_version_test: + continue-on-error: true name: OpenSSL Version Test runs-on: ubuntu-22.04 timeout-minutes: 30 @@ -22,7 +23,6 @@ jobs: wolfssl_ref: ['v5.8.2-stable'] openssl_ref: [ 'openssl-3.0.3', - 'openssl-3.0.4', 'openssl-3.0.5', 'openssl-3.0.6', 'openssl-3.0.7', @@ -69,7 +69,8 @@ jobs: - name: Build and test wolfProvider run: | - OPENSSL_TAG=${{ matrix.openssl_ref }} \ + WOLFPROV_CONFIG_CFLAGS="-static-libasan -fsanitize=address,undefined -g" \ + OPENSSL_TAG=${{ matrix.openssl_ref }} \ WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \ ./scripts/build-wolfprovider.sh diff --git a/.github/workflows/openvpn.yml b/.github/workflows/openvpn.yml index ce6f3286..72449869 100644 --- a/.github/workflows/openvpn.yml +++ b/.github/workflows/openvpn.yml @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_openvpn: runs-on: ubuntu-22.04 @@ -42,9 +43,9 @@ jobs: openvpn_ref: [ 'v2.6.12' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -56,24 +57,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -87,7 +78,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Set up environment run: | diff --git a/.github/workflows/pam-pkcs11.yml b/.github/workflows/pam-pkcs11.yml index 5b5ee64c..6eec16c7 100644 --- a/.github/workflows/pam-pkcs11.yml +++ b/.github/workflows/pam-pkcs11.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_pam_pkcs11: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: pam_pkcs11_ref: [ 'pam_pkcs11-0.6.12' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -63,24 +64,14 @@ jobs: run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -94,7 +85,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install test dependencies run: | diff --git a/.github/workflows/ppp.yml b/.github/workflows/ppp.yml index c4436f2a..3f7f42dd 100644 --- a/.github/workflows/ppp.yml +++ b/.github/workflows/ppp.yml @@ -16,21 +16,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_ppp: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 15 strategy: matrix: @@ -40,9 +41,9 @@ jobs: ppp_ref: [ 'v2.5.2' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -55,24 +56,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl*.deb @@ -84,6 +75,12 @@ jobs: apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFPROV_PACKAGES_PATH }}/libwolfprov_*.deb + - name: Verify wolfProvider is properly installed + run: | + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} + - name: Install dependencies run: | apt-get update @@ -105,7 +102,11 @@ jobs: fetch-depth: 1 - run: | cd ppp_repo - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/ppp/ppp-${{ matrix.ppp_ref }}-wolfprov.patch + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/ppp/ppp-FIPS-${{ matrix.ppp_ref }}-wolfprov.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/ppp/ppp-${{ matrix.ppp_ref }}-wolfprov.patch + fi - name: Build and install PPP working-directory: ppp_repo @@ -115,7 +116,11 @@ jobs: elif [ ! -f ./configure ]; then autoreconf -fiv fi - ./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + ./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions --enable-wolfprov-fips + else + ./configure --prefix=$GITHUB_WORKSPACE/ppp-install --disable-microsoft-extensions + fi make -j$(nproc) make install diff --git a/.github/workflows/python3-ntp.yml b/.github/workflows/python3-ntp.yml index 92c84d0f..1d6fbbc8 100644 --- a/.github/workflows/python3-ntp.yml +++ b/.github/workflows/python3-ntp.yml @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_python3-ntp: runs-on: ubuntu-22.04 @@ -44,33 +45,23 @@ jobs: python3-ntp_ref: [ 'NTPsec_1_2_2' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] steps: - name: Checkout wolfProvider uses: actions/checkout@v4 with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install python3-ntp dependencies run: | @@ -108,7 +101,7 @@ jobs: fetch-depth: 1 - run: | cd ntpsec - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/python3-ntp/python3-ntp-${{ matrix.python3-ntp_ref }}-wolfprov.patch + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/python3-ntp/python3-ntp-FIPS-${{ matrix.python3-ntp_ref }}-wolfprov.patch - name: Build ntpsec working-directory: ntpsec diff --git a/.github/workflows/qt5network5.yml b/.github/workflows/qt5network5.yml index 2e04d4d2..e8d03a44 100644 --- a/.github/workflows/qt5network5.yml +++ b/.github/workflows/qt5network5.yml @@ -15,30 +15,31 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_qtbase_network: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 40 strategy: matrix: qt_ref: [ 'v5.15.8-lts-lgpl' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -49,24 +50,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -80,7 +71,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install Qt dependencies run: | diff --git a/.github/workflows/rsync.yml b/.github/workflows/rsync.yml index 7a5ef352..efd0c11a 100644 --- a/.github/workflows/rsync.yml +++ b/.github/workflows/rsync.yml @@ -15,13 +15,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_rsync: runs-on: ubuntu-22.04 @@ -40,33 +41,23 @@ jobs: rsync_ref: [ 'v3.2.7' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] steps: - name: Checkout wolfProvider uses: actions/checkout@v4 with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -80,7 +71,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install rsync dependencies run: | diff --git a/.github/workflows/socat.yml b/.github/workflows/socat.yml index 12372220..1b4506a7 100644 --- a/.github/workflows/socat.yml +++ b/.github/workflows/socat.yml @@ -18,29 +18,34 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_socat: runs-on: ubuntu-22.04 + needs: build_wolfprovider + continue-on-error: true container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: + fail-fast: false matrix: + socat_ref: [ 'socat-1.8.0.0' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] + force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -51,24 +56,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -82,7 +77,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | @@ -93,10 +90,10 @@ jobs: clang libc++-dev curl net-tools netcat-openbsd procps - name: Download socat - run: curl -O http://www.dest-unreach.org/socat/download/socat-1.8.0.0.tar.gz && tar xvf socat-1.8.0.0.tar.gz + run: curl -O http://www.dest-unreach.org/socat/download/${{ matrix.socat_ref }}.tar.gz && tar xvf ${{ matrix.socat_ref }}.tar.gz - name: Build socat - working-directory: ./socat-1.8.0.0 + working-directory: ./${{ matrix.socat_ref }} run: | # Configure with OpenSSL ./configure @@ -104,8 +101,20 @@ jobs: # Build socat make + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + fetch-depth: 1 + + - name: Apply OSP patch to socat + working-directory: ./${{ matrix.socat_ref }} + run: | + patch -p0 < $GITHUB_WORKSPACE/osp/wolfProvider/socat/${{ matrix.socat_ref }}-wolfprov.patch + - name: Run socat tests - working-directory: ./socat-1.8.0.0 + working-directory: ./${{ matrix.socat_ref }} shell: bash env: SHELL: /bin/bash @@ -115,9 +124,13 @@ jobs: mkdir -p /dev touch /dev/vsock - # Show socat version (includes OpenSSL version info) ./socat -V + export ${{ matrix.force_fail }} + + set +e # Run the tests with expected failures - SOCAT=$GITHUB_WORKSPACE/socat-1.8.0.0/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,410,418,453,459,460,467,468,475,478,491,492,528,529,530 + SOCAT=$GITHUB_WORKSPACE/${{ matrix.socat_ref }}/socat ./test.sh -t 0.5 --expect-fail 36,64,146,214,216,217,309,310,386,399,402,403,408,409,410,416,417,418,451,452,453,459,460,467,468,475,476,477,478,491,492,526,527,528,529,530 + TEST_RESULT=$? + $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} socat diff --git a/.github/workflows/sscep.yml b/.github/workflows/sscep.yml index 9bb954e2..2a286288 100644 --- a/.github/workflows/sscep.yml +++ b/.github/workflows/sscep.yml @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_sscep: runs-on: ubuntu-22.04 @@ -43,9 +44,9 @@ jobs: sscep_ref: [ 'v0.10.0' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] steps: - name: Checkout wolfProvider @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install sscep dependencies run: | @@ -101,6 +94,9 @@ jobs: - name: Build sscep working-directory: sscep run: | + # Patch unsupported algorithms + # RSA:1024 -> RSA:2048 + perl -pi -e 's/KEYBITS=1024/KEYBITS=2048/' mkrequest autoreconf -vfi ./configure make -j $(nproc) diff --git a/.github/workflows/stunnel.yml b/.github/workflows/stunnel.yml index 9fb2a3b1..1aad69a8 100644 --- a/.github/workflows/stunnel.yml +++ b/.github/workflows/stunnel.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_stunnel: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 10 strategy: @@ -40,9 +41,9 @@ jobs: stunnel_ref: [ 'stunnel-5.67' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/systemd.yml b/.github/workflows/systemd.yml index a359484b..90665c92 100644 --- a/.github/workflows/systemd.yml +++ b/.github/workflows/systemd.yml @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: - wolfssl_ref: ['v5.8.2-stable'] - openssl_ref: ['openssl-3.5.2'] + wolfssl_ref: [ 'v5.8.2-stable' ] + openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_systemd: runs-on: ubuntu-22.04 @@ -44,33 +45,23 @@ jobs: systemd_ref: ['v254'] wolfssl_ref: ['v5.8.2-stable'] openssl_ref: ['openssl-3.5.2'] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] steps: - name: Checkout wolfProvider uses: actions/checkout@v4 with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache-restore + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/tcpdump.yml b/.github/workflows/tcpdump.yml index 8bc455af..cfabec0a 100644 --- a/.github/workflows/tcpdump.yml +++ b/.github/workflows/tcpdump.yml @@ -15,30 +15,32 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_tcpdump: runs-on: ubuntu-22.04 + needs: build_wolfprovider + continue-on-error: true container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 15 strategy: matrix: tcpdump_ref: [ 'tcpdump-4.99.3' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -49,24 +51,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -80,7 +72,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install test dependencies run: | @@ -109,6 +103,20 @@ jobs: path: tcpdump_repo ref: ${{ matrix.tcpdump_ref }} + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfssl/osp + path: osp + fetch-depth: 1 + - run: | + cd tcpdump_repo + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/tcpdump/tcpdump-FIPS-${{ matrix.tcpdump_ref }}-wolfprov.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/tcpdump/tcpdump-${{ matrix.tcpdump_ref }}-wolfprov.patch + fi + - name: Build and install tcpdump working-directory: tcpdump_repo run: | @@ -118,7 +126,11 @@ jobs: autoreconf -fiv fi export PKG_CONFIG_PATH=$GITHUB_WORKSPACE/libpcap-install/lib/pkgconfig:$PKG_CONFIG_CONFIG:$PKG_CONFIG_PATH - ./configure --prefix=$GITHUB_WORKSPACE/tcpdump-install --with-pcap=$GITHUB_WORKSPACE/libpcap-install + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + ./configure --prefix=$GITHUB_WORKSPACE/tcpdump-install --with-pcap=$GITHUB_WORKSPACE/libpcap-install --enable-wolfprov-fips + else + ./configure --prefix=$GITHUB_WORKSPACE/tcpdump-install --with-pcap=$GITHUB_WORKSPACE/libpcap-install + fi make -j$(nproc) make install @@ -134,4 +146,3 @@ jobs: # Capture the test result using PIPESTATUS (Bash only) TEST_RESULT=${PIPESTATUS[0]} $GITHUB_WORKSPACE/.github/scripts/check-workflow-result.sh $TEST_RESULT ${{ matrix.force_fail }} tcpdump - diff --git a/.github/workflows/tnftp.yml b/.github/workflows/tnftp.yml index 461753e3..85f05045 100644 --- a/.github/workflows/tnftp.yml +++ b/.github/workflows/tnftp.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_tnftp: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -40,9 +41,9 @@ jobs: tnftp_ref: [ 'tnftp-20210827' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: ['WOLFPROV_FORCE_FAIL=1', ''] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install dependencies run: | diff --git a/.github/workflows/tpm2-tools.yml b/.github/workflows/tpm2-tools.yml index aef95e1e..230c8445 100644 --- a/.github/workflows/tpm2-tools.yml +++ b/.github/workflows/tpm2-tools.yml @@ -18,21 +18,22 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_tpm2_tools: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider # This should be a safe limit for the tests to run. timeout-minutes: 20 strategy: @@ -41,9 +42,9 @@ jobs: tpm2_tools_ref: [ '5.7' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -54,24 +55,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -85,7 +76,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install tpm2-tools test dependencies run: | diff --git a/.github/workflows/x11vnc.yml b/.github/workflows/x11vnc.yml index 8d0098fc..96d87fe3 100644 --- a/.github/workflows/x11vnc.yml +++ b/.github/workflows/x11vnc.yml @@ -18,30 +18,31 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_x11vnc: runs-on: ubuntu-22.04 + needs: build_wolfprovider container: image: debian:bookworm env: DEBIAN_FRONTEND: noninteractive - needs: build_wolfprovider timeout-minutes: 10 strategy: matrix: x11vnc_ref: [ '0.9.17' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -53,24 +54,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -84,7 +75,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install x11vnc dependencies run: | diff --git a/.github/workflows/xmlsec.yml b/.github/workflows/xmlsec.yml index 18741b36..d23eb138 100644 --- a/.github/workflows/xmlsec.yml +++ b/.github/workflows/xmlsec.yml @@ -4,8 +4,8 @@ name: xmlsec Tests on: push: branches: [ 'master', 'main', 'release/**' ] - pull_request: - branches: [ '*' ] + #pull_request: + #branches: [ '*' ] concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -18,13 +18,14 @@ jobs: with: wolfssl_ref: ${{ matrix.wolfssl_ref }} openssl_ref: ${{ matrix.openssl_ref }} + fips_ref: ${{ matrix.fips_ref }} replace_default: ${{ matrix.replace_default }} strategy: matrix: wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] replace_default: [ true ] - fips: [ false ] test_xmlsec: runs-on: ubuntu-22.04 @@ -41,9 +42,9 @@ jobs: xmlsec_ref: [ 'xmlsec-1_2_37' ] wolfssl_ref: [ 'v5.8.2-stable' ] openssl_ref: [ 'openssl-3.5.2' ] + fips_ref: [ 'FIPS', 'non-FIPS' ] force_fail: [ 'WOLFPROV_FORCE_FAIL=1', '' ] replace_default: [ true ] - fips: [ false ] env: WOLFSSL_PACKAGES_PATH: /tmp/wolfssl-packages OPENSSL_PACKAGES_PATH: /tmp/openssl-packages @@ -54,24 +55,14 @@ jobs: with: fetch-depth: 1 - - name: Checking OpenSSL/wolfProvider packages in cache - uses: actions/cache/restore@v4 - id: wolfprov-cache + - name: Download packages from build job + uses: actions/download-artifact@v4 with: - path: | - ${{ env.WOLFSSL_PACKAGES_PATH }} - ${{ env.OPENSSL_PACKAGES_PATH }} - ${{ env.WOLFPROV_PACKAGES_PATH }} - key: openssl-wolfprov-debian-packages-${{ github.sha }}${{ matrix.replace_default && '-replace-default' || '' }} - fail-on-cache-miss: true + name: debian-packages-${{ matrix.fips_ref }}${{ matrix.replace_default && '-replace-default' || '' }}-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }} + path: /tmp - name: Install wolfSSL/OpenSSL/wolfprov packages run: | - printf "Installing OpenSSL/wolfProvider packages:\n" - ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} - ls -la ${{ env.OPENSSL_PACKAGES_PATH }} - ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} - apt install --reinstall -y --allow-downgrades --allow-change-held-packages \ ${{ env.WOLFSSL_PACKAGES_PATH }}/libwolfssl_*.deb @@ -85,7 +76,9 @@ jobs: - name: Verify wolfProvider is properly installed run: | - $GITHUB_WORKSPACE/scripts/verify-install.sh ${{ matrix.replace_default && '--replace-default' || '' }} ${{ matrix.fips && '--fips' || '' }} + $GITHUB_WORKSPACE/scripts/verify-install.sh \ + ${{ matrix.replace_default && '--replace-default' || '' }} \ + ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }} - name: Install xmlsec dependencies run: | @@ -94,13 +87,6 @@ jobs: libltdl-dev libltdl7 libxml2-dev patch build-essential \ pkg-config libxml2-dev - - name: Checkout OSP - uses: actions/checkout@v4 - with: - repository: wolfSSL/osp - path: osp - fetch-depth: 1 - - name: Download xmlsec uses: actions/checkout@v4 with: @@ -109,12 +95,26 @@ jobs: path: xmlsec fetch-depth: 1 + + - name: Checkout OSP + uses: actions/checkout@v4 + with: + repository: wolfSSL/osp + path: osp + fetch-depth: 1 + - run: | + cd xmlsec + if [ ${{ matrix.fips_ref == 'FIPS' }} ]; then + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/xmlsec/xmlsec-FIPS-${{ matrix.xmlsec_ref }}-wolfprov.patch + else + patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/xmlsec/xmlsec-${{ matrix.xmlsec_ref }}-wolfprov.patch + fi + - name: Build xmlsec working-directory: xmlsec env: XMLSEC_REF: ${{ matrix.xmlsec_ref }} run: | - patch -p1 < $GITHUB_WORKSPACE/osp/wolfProvider/xmlsec/xmlsec-${{ matrix.xmlsec_ref }}-wolfprov.patch ./autogen.sh --disable-openssl3-engines --disable-dsa --without-nss \ --without-gnutls --without-gcrypt --disable-xmldsig \ --disable-crypto-dl --disable-apps-crypto-dl \ diff --git a/debian/rules b/debian/rules index df5378d5..c4751089 100755 --- a/debian/rules +++ b/debian/rules @@ -98,17 +98,28 @@ override_dh_auto_clean: rm -rf test/standalone/tests/.libs override_dh_auto_test: - @if [ -n "$(DEB_LDFLAGS_APPEND)" ]; then \ - # If DEB_LDFLAGS_APPEND is set, it usually means the \ - # build system is using a custom library path, rather \ - # than the system path. So let's set up LD_LIBRARY_PATH \ - # to use it when running `make test`. \ - echo "Setting up LD_LIBRARY_PATH from DEB_LDFLAGS_APPEND"; \ - LD_LIBRARY_PATH="$$(echo $(DEB_LDFLAGS_APPEND) | \ - grep -oE -- '-L[^ ]+' | sed 's/^-L//' | awk '!seen[$$0]++' | paste -sd: -)" \ - $(MAKE) test; \ + @REPLACE_DEFAULT=0; \ + if command -v openssl >/dev/null 2>&1; then \ + OPENSSL_VERSION=$$(openssl version 2>/dev/null || echo ""); \ + if echo "$$OPENSSL_VERSION" | grep -qi "wolfProvider"; then \ + REPLACE_DEFAULT=1; \ + fi; \ + fi; \ + if [ $$REPLACE_DEFAULT -eq 1 ]; then \ + echo "Skipping unit tests (OpenSSL built with replace-default mode)"; \ else \ - $(MAKE) test; \ + if [ -n "$(DEB_LDFLAGS_APPEND)" ]; then \ + # If DEB_LDFLAGS_APPEND is set, it usually means the \ + # build system is using a custom library path, rather \ + # than the system path. So let's set up LD_LIBRARY_PATH \ + # to use it when running `make test`. \ + echo "Setting up LD_LIBRARY_PATH from DEB_LDFLAGS_APPEND"; \ + LD_LIBRARY_PATH="$$(echo $(DEB_LDFLAGS_APPEND) | \ + grep -oE -- '-L[^ ]+' | sed 's/^-L//' | awk '!seen[$$0]++' | paste -sd: -)" \ + $(MAKE) test; \ + else \ + $(MAKE) test; \ + fi; \ fi override_dh_shlibdeps: diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh index 5afb98bb..f7cd123f 100755 --- a/scripts/verify-install.sh +++ b/scripts/verify-install.sh @@ -200,8 +200,7 @@ verify_wolfprovider() { local replace_default="$2" local no_wp="$3" - is_openssl_fips=$(echo "$openssl_version" | grep -v "nonfips" | grep -qi "fips" && echo 1 || echo 0) - is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "wolfProvider" && echo 1 || echo 0) + is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "wolfProvider-replace-default" && echo 1 || echo 0) is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0) is_wp_active=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider" && echo 1 || echo 0) @@ -215,7 +214,6 @@ verify_wolfprovider() { echo "fips: $fips" echo "replace_default: $replace_default" echo "no_wp: $no_wp" - echo "DEBUG: is_openssl_fips: $is_openssl_fips" echo "DEBUG: is_openssl_replace_default: $is_openssl_replace_default" echo "DEBUG: is_openssl_default_provider: $is_openssl_default_provider" echo "DEBUG: is_wp_active: $is_wp_active" @@ -251,16 +249,7 @@ verify_wolfprovider() { elif [ $is_wp_default -ne 1 ]; then handle_error "wolfProvider is not the default provider" fi - - if [ $fips -eq 1 ]; then - if [ $is_openssl_fips -ne 1 ]; then - handle_error "OpenSSL is not FIPS" - fi - else - if [ $is_openssl_fips -eq 1 ]; then - handle_error "OpenSSL is FIPS" - fi - fi + else if [ $is_openssl_replace_default -eq 1 ]; then handle_error "OpenSSL is replace default"