Merge pull request #56 from bandi13/fixFIPSclone

Easier to use system's openssl library to clone
wolfSSL · Nov 14, 2024 · 4b118eb · 4b118eb
2 parents 609f7dc + b99e65d
commit 4b118eb
Show file tree

Hide file tree

Showing 4 changed files with 17 additions and 14 deletions.
diff --git a/scripts/utils-openssl.sh b/scripts/utils-openssl.sh
@@ -33,12 +33,6 @@ OPENSSL_INSTALL_DIR=${SCRIPT_DIR}/../openssl-install
 NUMCPU=${NUMCPU:-8}
 WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
 
-if [ -z $LD_LIBRARY_PATH ]; then
-  export LD_LIBRARY_PATH=$OPENSSL_INSTALL_DIR/lib64
-else
-  export LD_LIBRARY_PATH=$OPENSSL_INSTALL_DIR/lib64:$LD_LIBRARY_PATH
-fi
-
 clone_openssl() {
     if [ -d ${OPENSSL_SOURCE_DIR} ]; then
         OPENSSL_TAG_CUR=$(cd ${OPENSSL_SOURCE_DIR} && (git describe --tags 2>/dev/null || git branch --show-current))
@@ -130,5 +124,11 @@ init_openssl() {
             exit 1
             ;;
     esac
+
+    if [ -z $LD_LIBRARY_PATH ]; then
+      export LD_LIBRARY_PATH=$OPENSSL_INSTALL_DIR/lib64
+    else
+      export LD_LIBRARY_PATH=$OPENSSL_INSTALL_DIR/lib64:$LD_LIBRARY_PATH
+    fi
 }
 
diff --git a/scripts/utils-wolfprovider.sh b/scripts/utils-wolfprovider.sh
@@ -40,6 +40,8 @@ install_wolfprov() {
 
     init_openssl
     init_wolfssl
+    unset OPENSSL_MODULES
+    unset OPENSSL_CONF
     printf "LD_LIBRARY_PATH: $LD_LIBRARY_PATH\n"
 
     if [ ! -d ${WOLFPROV_INSTALL_DIR} ] || [ $(check_folder_age "${WOLFPROV_INSTALL_DIR}" "${WOLFSSL_INSTALL_DIR}") -lt 0 ] || [ $(check_folder_age "${WOLFPROV_INSTALL_DIR}" "${OPENSSL_INSTALL_DIR}") -lt 0 ]; then

diff --git a/scripts/utils-wolfssl.sh b/scripts/utils-wolfssl.sh
@@ -31,12 +31,6 @@ WOLFSSL_CONFIG_CFLAGS=${WOLFSSL_CONFIG_CFLAGS:-"-I${OPENSSL_INSTALL_DIR}/include
 
 WOLFPROV_DEBUG=${WOLFPROV_DEBUG:-0}
 
-if [ -z $LD_LIBRARY_PATH ]; then
-  export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib"
-else
-  export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib:$LD_LIBRARY_PATH"
-fi
-
 # Depends on OPENSSL_INSTALL_DIR
 clone_wolfssl() {
     if [ -d ${WOLFSSL_SOURCE_DIR} ]; then
@@ -86,7 +80,8 @@ install_wolfssl() {
             printf "with FIPS ... "
             CONF_ARGS+=" --enable-fips=ready"
             if [ ! -e "XXX-fips-test" ]; then
-                ./fips-check.sh keep nomakecheck fips-ready >>$LOG_FILE 2>&1
+                # Sometimes the system OpenSSL is different than the one we're using. So for the 'git' commands, we'll just use whatever the system comes with
+                LD_LIBRARY_PATH="" ./fips-check.sh keep nomakecheck fips-ready >>$LOG_FILE 2>&1
                 if [ $? != 0 ]; then
                     printf "ERROR checking out FIPS\n"
                     rm -rf ${WOLFSSL_INSTALL_DIR}
@@ -143,5 +138,11 @@ install_wolfssl() {
 init_wolfssl() {
     install_wolfssl
     printf "\twolfSSL ${WOLFSSL_TAG} installed in: ${WOLFSSL_INSTALL_DIR}\n"
+
+    if [ -z $LD_LIBRARY_PATH ]; then
+      export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib"
+    else
+      export LD_LIBRARY_PATH="$WOLFSSL_INSTALL_DIR/lib:$LD_LIBRARY_PATH"
+    fi
 }
 
diff --git a/test/test_pbe.c b/test/test_pbe.c
@@ -369,8 +369,8 @@ int test_pbe(void *data)
     PRINT_MSG("Not using wolfProvider - PBKDF not available in wolfCrypt");
 #endif
 
-    PRINT_MSG("PBE DES-EDE3-CBC SHA-1");
 #if !defined(NO_DES3) && defined(WP_HAVE_SHA1)
+    PRINT_MSG("PBE DES-EDE3-CBC SHA-1");
     err = test_pbe_sha1_des3_pbkdf1();
 #endif
 #if defined(WP_HAVE_SHA256) && defined(WP_HAVE_AESCBC)