Build wolfssl debian

.github/workflows/bind9.yml

@@ -2,10 +2,10 @@ name: Bind9 Tests
 
 # START OF COMMON SECTION
 on:
-  push:
-    branches: [ 'master', 'main', 'release/**' ]
-  pull_request:
-    branches: [ '*' ]
+ push:
+   branches: [ 'master', 'main', 'release/**' ]
+ pull_request:
+   branches: [ '*' ]
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/build-wolfprovider.yml

@@ -35,7 +35,6 @@ jobs:
         run: |
           apt-get update && apt-get install -y --no-install-recommends \
             build-essential \
-            ccache \
             devscripts \
             debhelper \
             dh-autoreconf \
@@ -55,31 +54,31 @@ jobs:
             xxd
 
       # Experimental: use ccache
-      - name: Setup ccache
-        uses: hendrikmuhs/ccache-action@v1.2
-        id: cc
-        with:
-          create-symlink: true
+      # - name: Setup ccache
+      #   uses: hendrikmuhs/ccache-action@v1.2
+      #   id: cc
+      #   with:
+      #     create-symlink: true
 
-      - name: Setup ccache environment variables
-        run: |
-          echo CC=ccache\ gcc >> "$GITHUB_ENV"
-          echo CXX=ccache\ g++ >> "$GITHUB_ENV"
-          echo CCACHE_BASEDIR=${GITHUB_WORKSPACE} >> "$GITHUB_ENV"
-          echo CCACHE_NOHASHDIR=true >> "$GITHUB_ENV"
-          echo CCACHE_COMPILERCHECK=content >> "$GITHUB_ENV"
-          echo "CCACHE_DIR=${XDG_CACHE_HOME:-$HOME/.cache}/ccache" >> "$GITHUB_ENV"
-          mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/ccache"
-
-      - name: Sanity check ccache routing
-        run: |
-          set -x
-          which -a gcc || true
-          gcc --version | head -1
-          ccache --zero-stats
-          printf 'int main(){return 0;}\n' > t.c
-          $CC -c t.c
-          ccache -s
+      # - name: Setup ccache environment variables
+      #   run: |
+      #     echo CC=ccache\ gcc >> "$GITHUB_ENV"
+      #     echo CXX=ccache\ g++ >> "$GITHUB_ENV"
+      #     echo CCACHE_BASEDIR=${GITHUB_WORKSPACE} >> "$GITHUB_ENV"
+      #     echo CCACHE_NOHASHDIR=true >> "$GITHUB_ENV"
+      #     echo CCACHE_COMPILERCHECK=content >> "$GITHUB_ENV"
+      #     echo "CCACHE_DIR=${XDG_CACHE_HOME:-$HOME/.cache}/ccache" >> "$GITHUB_ENV"
+      #     mkdir -p "${XDG_CACHE_HOME:-$HOME/.cache}/ccache"
+
+      # - name: Sanity check ccache routing
+      #   run: |
+      #     set -x
+      #     which -a gcc || true
+      #     gcc --version | head -1
+      #     ccache --zero-stats
+      #     printf 'int main(){return 0;}\n' > t.c
+      #     $CC -c t.c
+      #     ccache -s
 
       - name: Checkout wolfProvider
         uses: actions/checkout@v4
@@ -115,21 +114,34 @@ jobs:
       #     ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
       #     apt install --reinstall -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*wolfssl*.deb
 
-      # # TODO: roll this step into utils-wolfssl.sh
-      # # TODO: specify tag below
+      # TODO: roll this step into utils-wolfssl.sh
+      # TODO: specify tag below
       # - name: Build wolfSSL packages and install
       #   # if: steps.wolfssl_cache.outputs.cache-hit != 'true'
       #   run: | 
       #     # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
       #     $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }}
 
-      # Unpack and install wolfSSL packages
-      - name: Unpack and install wolfSSL packages
+      # # Unpack and install wolfSSL packages
+      # - name: Unpack and install wolfSSL packages
+      #   run: |
+      #     mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }}
+      #     apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+
+      - name: Install baseline openssl
         run: |
-          mkdir -p ${{ env.WOLFSSL_PACKAGES_PATH }}
-          tar -xzf .github/packages/debian-wolfssl.tar.gz -C ${{ env.WOLFSSL_PACKAGES_PATH }}
-          mv ${{ env.WOLFSSL_PACKAGES_PATH }}/debian-packages/* ${{ env.WOLFSSL_PACKAGES_PATH }}
-          apt install -y ${{ env.WOLFSSL_PACKAGES_PATH }}/*.deb
+          apt-get install --allow-downgrades --reinstall \
+            libssl3=3.0.17-1~deb12u2 \
+            libssl-dev=3.0.17-1~deb12u2 \
+            openssl=3.0.17-1~deb12u2
+
+      - name: Build wolfSSL packages and install
+        # if: steps.wolfssl_cache.outputs.cache-hit != 'true'
+        run: | 
+          # $GITHUB_WORKSPACE/debian/install-wolfssl.sh --tag ${{ inputs.wolfssl_ref }} ${{ env.WOLFSSL_PACKAGES_PATH }}
+          $GITHUB_WORKSPACE/debian/install-wolfssl.sh ${{ env.WOLFSSL_PACKAGES_PATH }}
 
       # Check for cached OpenSSL packages
       - name: Checking OpenSSL packages in cache
@@ -171,9 +183,9 @@ jobs:
           cp $GITHUB_WORKSPACE/../libwolfprov*.tar.gz ${{ env.WOLFPROV_PACKAGES_PATH }}
 
           printf "Listing packages directory:\n"
-          ls -la ${{ env.WOLFPROV_PACKAGES_PATH }}
-          ls -la ${{ env.WOLFSSL_PACKAGES_PATH }}
-          ls -la ${{ env.OPENSSL_PACKAGES_PATH }}
+          ls -la ${{ env.WOLFPROV_PACKAGES_PATH }} || true
+          ls -la ${{ env.WOLFSSL_PACKAGES_PATH }} || true
+          ls -la ${{ env.OPENSSL_PACKAGES_PATH }} || true
 
       - name: Save to cache
         uses: actions/cache/save@v4

.github/workflows/simple.yml

@@ -13,28 +13,6 @@ concurrency:
 # END OF COMMON SECTION
 
 jobs:
-  build_wolfprovider:
-    uses: ./.github/workflows/build-wolfprovider.yml
-    with:
-      wolfssl_ref: ${{ matrix.wolfssl_ref }}
-      openssl_ref: ${{ matrix.openssl_ref }}
-    strategy:
-      matrix:
-        wolfssl_ref: [ 
-          'master', 
-          'v5.8.2-stable',
-          'v5.8.0-stable']
-        # Test against the newest of each minor version
-        openssl_ref: [
-          'openssl-3.5.2',
-          'openssl-3.4.2',
-          'openssl-3.3.4',
-          'openssl-3.2.5',
-          'openssl-3.1.8',
-          'openssl-3.0.17']
-        force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
-        debug: ['WOLFPROV_DEBUG=1', '']
-
   simple_test:
     name: Simple Test
     runs-on: ubuntu-22.04
@@ -62,28 +40,7 @@ jobs:
         with:
           fetch-depth: 1
 
-      - name: Retrieving wolfProvider from cache
-        # Debug builds are not currently supported by build-wolfprovider.yml
-        # so those are manually built as a separate step.
-        if: ${{ matrix.debug == '' }}
-        uses: actions/cache/restore@v4
-        id: wolfprov-cache-restore
-        with:
-          path: |
-            wolfssl-install
-            wolfprov-install
-            openssl-install/lib64
-            openssl-install/include
-            openssl-install/bin
-
-          key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
-          # Normally we would fail on cache miss, but we rebuild below 
-          # for the DEBUG build.
-          fail-on-cache-miss: false
-
       - name: Build and test wolfProvider
-        # Only run the test for a cache miss. On hit, we've already run the test.
-        if: steps.wolfprov-cache-restore.cache-hit != 'true'
         run: |
           ${{ matrix.debug }} \
             OPENSSL_TAG=${{ matrix.openssl_ref }} \

debian/install-wolfssl.sh

@@ -117,9 +117,9 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
         fi
 
         # Patch debian/rules.in to disable dh_strip
-        echo "Patching debian/rules.in to disable dh_strip..."
-        sed -i 's/^[[:space:]]*dh_strip.*/:/' debian/rules.in
-        echo "debian/rules.in patched successfully"
+        # echo "Patching debian/rules.in to disable dh_strip..."
+        # sed -i 's/^[[:space:]]*dh_strip.*/:/' debian/rules.in
+        # echo "debian/rules.in patched successfully"
 
     else
         echo "debian/rules.in found, using existing debian packaging"
@@ -153,7 +153,11 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
         --enable-shake256 \
         --enable-wolfprovider \
         --enable-rsapss \
-        --enable-scrypt"
+        --enable-scrypt \
+        --enable-keylog-export \
+        --enable-debug-trace-errcodes=backtrace \
+        --with-max-ecc-bits=1024 \
+        --enable-sha"
 
     if [ "$debug_mode" = "true" ]; then
         configure_opts="$configure_opts --enable-debug"
@@ -179,7 +183,10 @@ AC_CONFIG_FILES([debian/rules],[chmod +x debian/rules])' configure.ac
             -DWC_RSA_DIRECT \
             -DWC_RSA_NO_PADDING \
             -DACVP_VECTOR_TESTING \
-            -DWOLFSSL_ECDSA_SET_K" \
+            -DWOLFSSL_ECDSA_SET_K \
+            -DHAVE_PUBLIC_FFDHE \
+            -DWOLFSSL_PSS_LONG_SALT \
+            -DWOLFSSL_LOGGINGENABLED_DEFAULT=1" \
             LIBS="-lm"
 
     # Build Debian packages

scripts/utils-openssl.sh

@@ -310,7 +310,7 @@ install_openssl() {
 }
 
 init_openssl() {
-    if [ $WOLFPROV_BUILD_DEBIAN -eq 1 ]; then
+    if [ "${WOLFPROV_BUILD_DEBIAN:-0}" -eq 1 ]; then
         install_openssl_deb
     else
         install_openssl

scripts/utils-wolfssl.sh

@@ -184,6 +184,8 @@ install_wolfssl() {
             cd XXX-fips-test
         fi
 
+        printf "Running ./configure with: ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS=\"${WOLFSSL_CONFIG_CFLAGS}\"\n"
+        printf "Running ./configure with: ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS=\"${WOLFSSL_CONFIG_CFLAGS}\"\n" >>$LOG_FILE 2>&1
         ./configure ${CONF_ARGS} ${WOLFSSL_CONFIG_OPTS} CFLAGS="${WOLFSSL_CONFIG_CFLAGS}" >>$LOG_FILE 2>&1
         if [ $? != 0 ]; then
             printf "ERROR running ./configure\n"