wolfprovider: fix cmd-test tooling and first-run FIPS detection#169
Open
ColtonWilley wants to merge 1 commit into
Open
wolfprovider: fix cmd-test tooling and first-run FIPS detection#169ColtonWilley wants to merge 1 commit into
ColtonWilley wants to merge 1 commit into
Conversation
- wolfprovidercmd: install scripts/utils-general.sh (cmd-test-common.sh sources it; the command-line suite aborts without it) and RDEPEND wolfproviderenv + openssl-bin so the package runs when installed - wolfproviderenv.sh: detect FIPS by loading the module so the first run on a fresh image is correct before openssl.cnf is seeded
ColtonWilley
force-pushed
the
fix-wolfprovider-fips
branch
from
f986710 to
36cae77
Compare
ColtonWilley
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes two genuine bugs in the wolfProvider example tooling in meta-wolfssl. Both are independent of how wolfSSL FIPS is selected.
wolfprovidercmdinstallsscripts/utils-general.sh, whichcmd-test-common.shsources (the command-line suite aborts withdetect_wolfprovider_mode: command not foundwithout it), and depends onwolfproviderenv+openssl-binso the package runs when installed.wolfproviderenv.shdetects FIPS by loading the provider module directly, so the first run on a fresh image is correct beforeopenssl.cnfhas been seeded (otherwise the first run reports a spurious config/runtime FIPS mismatch).Scope note: an earlier revision of this PR also changed
WOLFSSL_TYPE-based FIPS handling and the commercial/fips-ready bundle recipes. Those were dropped — the documented FIPS path (PREFERRED_PROVIDER_virtual/wolfssl = "wolfssl-fips"viaconf/wolfssl-fips.conf) builds and detects FIPS correctly without them;WOLFSSL_TYPEis the older, undocumented path.Verified on qemux86-64: image builds and boots,
wolfprovidercmdruns the full command-line suite.