From b4f0789ce5b3769812749814bb965e36aad70b70 Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 6 Nov 2024 08:39:23 -0500 Subject: [PATCH 1/2] Ability to bypass './configure' as some tests/scripts run it anyway --- fips-check.sh | 56 +++++++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 26 deletions(-) diff --git a/fips-check.sh b/fips-check.sh index 806c8a1426..6167823e58 100755 --- a/fips-check.sh +++ b/fips-check.sh @@ -17,6 +17,7 @@ TEST_DIR="${TEST_DIR:-XXX-fips-test}" FLAVOR="${FLAVOR:-linux}" KEEP="${KEEP:-no}" MAKECHECK=${MAKECHECK:-yes} +DOCONFIGURE=${DOCONFIGURE:-yes} FIPS_REPO="${FIPS_REPO:-git@github.com:wolfssl/fips.git}" Usage() { @@ -43,6 +44,7 @@ usageText while [ "$1" ]; do if [ "$1" = 'keep' ]; then KEEP='yes'; elif [ "$1" = 'nomakecheck' ]; then MAKECHECK='no'; + elif [ "$1" = 'nodoconfigure' ]; then DOCONFIGURE='no'; else FLAVOR="$1"; fi shift done @@ -368,36 +370,38 @@ fi # run the make test ./autogen.sh -case "$FIPS_OPTION" in -cavp-selftest) - ./configure --enable-selftest - ;; -cavp-selftest-v2) - ./configure --enable-selftest=v2 - ;; -*) - ./configure --enable-fips=$FIPS_OPTION - ;; -esac +if [ "$DOCONFIGURE" = "yes" ]; then + case "$FIPS_OPTION" in + cavp-selftest) + ./configure --enable-selftest + ;; + cavp-selftest-v2) + ./configure --enable-selftest=v2 + ;; + *) + ./configure --enable-fips=$FIPS_OPTION + ;; + esac -if ! $MAKE; then - echo 'fips-check: Make failed. Debris left for analysis.' - exit 3 -fi + if ! $MAKE; then + echo 'fips-check: Make failed. Debris left for analysis.' + exit 3 + fi -if [ -s wolfcrypt/src/fips_test.c ]; then - NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') - if [ -n "$NEWHASH" ]; then - cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak - sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c - make clean + if [ -s wolfcrypt/src/fips_test.c ]; then + NEWHASH=$(./wolfcrypt/test/testwolfcrypt | sed -n 's/hash = \(.*\)/\1/p') + if [ -n "$NEWHASH" ]; then + cp wolfcrypt/src/fips_test.c wolfcrypt/src/fips_test.c.bak + sed "s/^\".*\";/\"${NEWHASH}\";/" wolfcrypt/src/fips_test.c.bak >wolfcrypt/src/fips_test.c + make clean + fi fi -fi -if [ "$MAKECHECK" = "yes" ]; then - if ! $MAKE check; then - echo 'fips-check: Test failed. Debris left for analysis.' - exit 3 + if [ "$MAKECHECK" = "yes" ]; then + if ! $MAKE check; then + echo 'fips-check: Test failed. Debris left for analysis.' + exit 3 + fi fi fi From cbf4f014cd3569ed0d42d589c58ffaad83fe999a Mon Sep 17 00:00:00 2001 From: Andras Fekete Date: Wed, 6 Nov 2024 14:54:02 -0500 Subject: [PATCH 2/2] Fix false positive error on gcc 9.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit "error: ‘nameSz’ may be used uninitialized in this function", but it's not actually going to be used uninitialized. --- tests/api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/api.c b/tests/api.c index 91ef127b4b..106740cd04 100644 --- a/tests/api.c +++ b/tests/api.c @@ -61436,7 +61436,7 @@ static int test_wolfSSL_X509_NID(void) #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) int sigType; - int nameSz; + int nameSz = 0; X509* cert = NULL; EVP_PKEY* pubKeyTmp = NULL;