Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/wolfssl/wolfprovider

wolfCrypt and wolfCrypt FIPS provider for OpenSSL
https://github.com/wolfssl/wolfprovider

cryptography fips fips-140-2 fips-140-3 openssl openssl-provider security wolfcrypt wolfssl

Last synced: 2 days ago
JSON representation

wolfCrypt and wolfCrypt FIPS provider for OpenSSL

Awesome Lists containing this project

README 

          
# WolfProvider Debian Packaging

This is the flow for building and installing 



## Local build



From the repo root, run the following command:

```

./scripts/build-wolfprovider.sh --debian

```



For a FIPS build, run the following:

```

./scripts/build-wolfprovider.sh --debian --enable-fips

```



The Debian packages are placed in the parent directory, which should be one level above the repo root.



## CI build

Instead of doing a local build as outlined above, we can alternatively use packages generated from CI.



To use a build from CI for local install, download the artifacts from the Debian CI job. Then install the .deb's from the zip file with `apt` as shown below rather than from the build.



## Install



If not already done, install the WolfSSL Debian package. The script below will clone the wolfSSL repository and build packages from source. This step is only needed once, and can be done prior to the `build-wolfprovider.sh` step above.



Basic usage (builds master branch in temporary directory):

```

./debian/install-wolfssl.sh

```



Build master branch in specific directory:

```

./debian/install-wolfssl.sh /path/to/working/directory

```



Build specific tag or branch:

```

./debian/install-wolfssl.sh --tag v5.6.4

./debian/install-wolfssl.sh --tag v5.6.4 /path/to/working/directory

```



Build with debug mode enabled:

```

./debian/install-wolfssl.sh --debug

./debian/install-wolfssl.sh --debug --tag v5.6.4

./debian/install-wolfssl.sh --debug --tag v5.6.4 /path/to/working/directory

```



The script will automatically detect if wolfSSL is already cloned in the working directory and reuse it. For older tags that don't include debian packaging files, the script will automatically backport the packaging from master.



For the script above, some systems may require additional packages:

```

apt install build-essential devscripts dh-exec

```



### Optionally install custom OpenSSL



**Important**: before proceeding with the wolfProvider install, make sure packages are not present:

```

apt purge -y libwolfprov ; apt purge -y openssl-config ; apt purge -y openssl ; apt purge -y libssl3

```



Get the system architecture which determines the library paths for the following steps:

```

export CURRENT_ARCH=$(dpkg --print-architecture)

```



Then install the wolfProvider-specific OpenSSL. From the repo root:

```

apt install ../openssl*${CURRENT_ARCH}*.deb ../libssl3*${CURRENT_ARCH}*.deb

```



Check that the provider API is disabled since wolfProvider is not installed:

```

$ openssl list -providers

Could not load libwolfprov.so. Is the libwolfprov package installed?

  libwolfprov.so: cannot open shared object file: No such file or directory

```



### Install wolfProvider



Then install wolfProvider:

```

apt install ../libwolfprov*${CURRENT_ARCH}*.deb

```



Confirm that wolfProvider is installed:

```

$ openssl list -providers

```



Output should look like this:

```

Providers:

  default

    name: wolfSSL Provider

    version: 1.0.2

    status: active

```



## Release process

Always use CI to perform the release build to avoid potential errors from building locally.



* Tag the wolfProvider repo in the format `vX.Y.Z`

  * The changelog is generated by the Debian scripts

* Run the Debian job in CI

* Download the artifacts zip file which contains the .deb's

* Generate release archives as needed