From 3f24157a948603c21b2dcff718b7c45c55018615 Mon Sep 17 00:00:00 2001
From: Aidan Garske <aidan@wolfssl.com>
Date: Fri, 6 Jun 2025 21:24:05 -0700
Subject: [PATCH 1/2] Add support for nginx testing with wolfprovider fips

---
 wolfProvider/nginx/README.md                  |   9 +
 .../nginx-tests-FIPS-mater-wolfprov.patch     | 256 ++++++++++++++++++
 2 files changed, 265 insertions(+)
 create mode 100644 wolfProvider/nginx/README.md
 create mode 100644 wolfProvider/nginx/nginx-tests-FIPS-mater-wolfprov.patch

diff --git a/wolfProvider/nginx/README.md b/wolfProvider/nginx/README.md
new file mode 100644
index 00000000..02242b28
--- /dev/null
+++ b/wolfProvider/nginx/README.md
@@ -0,0 +1,9 @@
+This patch is for nginx-tests[https://github.com/nginx/nginx-tests/tree/master] master branch
+used to test nginx with FIPS wolfProvider. This patch is only necessary for testing with `prove`
+command.
+You can enable/disable this patch by setting `WOLFSSL_ISFIPS` environment variable before running
+`prove` command like this:
+```
+WOLFSSL_ISFIPS=1 TEST_NGINX_VERBOSE=y TEST_NGINX_CATLOG=y TEST_NGINX_BINARY=../nginx/objs/nginx prove -v .
+```
+This will enable ngninx testing with FIPS wolfProvider.
\ No newline at end of file
diff --git a/wolfProvider/nginx/nginx-tests-FIPS-mater-wolfprov.patch b/wolfProvider/nginx/nginx-tests-FIPS-mater-wolfprov.patch
new file mode 100644
index 00000000..c63a860a
--- /dev/null
+++ b/wolfProvider/nginx/nginx-tests-FIPS-mater-wolfprov.patch
@@ -0,0 +1,256 @@
+diff --git a/grpc_ssl.t b/grpc_ssl.t
+index 256fe3e..23374ff 100644
+--- a/grpc_ssl.t
++++ b/grpc_ssl.t
+@@ -9,7 +9,6 @@
+
+ use warnings;
+ use strict;
+-
+ use Test::More;
+
+ BEGIN { use FindBin; chdir($FindBin::Bin); }
+@@ -18,6 +17,11 @@ use lib 'lib';
+ use Test::Nginx;
+ use Test::Nginx::HTTP2;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/http_listen.t b/http_listen.t
+index 2b20f33..b9e38c8 100644
+--- a/http_listen.t
++++ b/http_listen.t
+@@ -17,6 +17,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/mail_ssl.t b/mail_ssl.t
+index 8fd68b9..e67e06f 100644
+--- a/mail_ssl.t
++++ b/mail_ssl.t
+@@ -20,6 +20,11 @@ use Test::Nginx::IMAP;
+ use Test::Nginx::POP3;
+ use Test::Nginx::SMTP;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/proxy_ssl_certificate.t b/proxy_ssl_certificate.t
+index 5a2ce63..e08de06 100644
+--- a/proxy_ssl_certificate.t
++++ b/proxy_ssl_certificate.t
+@@ -18,6 +18,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/proxy_ssl_certificate_cache.t b/proxy_ssl_certificate_cache.t
+index c737c5e..e1218c5 100644
+--- a/proxy_ssl_certificate_cache.t
++++ b/proxy_ssl_certificate_cache.t
+@@ -17,6 +17,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/proxy_ssl_certificate_vars.t b/proxy_ssl_certificate_vars.t
+index aff71ff..04da887 100644
+--- a/proxy_ssl_certificate_vars.t
++++ b/proxy_ssl_certificate_vars.t
+@@ -17,6 +17,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/ssl_certificate.t b/ssl_certificate.t
+index b07cea5..953b05b 100644
+--- a/ssl_certificate.t
++++ b/ssl_certificate.t
+@@ -19,6 +19,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx qw/ :DEFAULT http_end /;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/ssl_password_file.t b/ssl_password_file.t
+index 281b524..1daf721 100644
+--- a/ssl_password_file.t
++++ b/ssl_password_file.t
+@@ -20,6 +20,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/stream_proxy_ssl_certificate.t b/stream_proxy_ssl_certificate.t
+index 973f08a..bf9e321 100644
+--- a/stream_proxy_ssl_certificate.t
++++ b/stream_proxy_ssl_certificate.t
+@@ -18,6 +18,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/stream_proxy_ssl_certificate_cache.t b/stream_proxy_ssl_certificate_cache.t
+index c8b80ac..382a09f 100644
+--- a/stream_proxy_ssl_certificate_cache.t
++++ b/stream_proxy_ssl_certificate_cache.t
+@@ -17,6 +17,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/stream_proxy_ssl_certificate_vars.t b/stream_proxy_ssl_certificate_vars.t
+index 8d198ac..c0a336d 100644
+--- a/stream_proxy_ssl_certificate_vars.t
++++ b/stream_proxy_ssl_certificate_vars.t
+@@ -17,6 +17,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/stream_ssl.t b/stream_ssl.t
+index 787bdfe..8c9ee99 100644
+--- a/stream_ssl.t
++++ b/stream_ssl.t
+@@ -9,7 +9,6 @@
+
+ use warnings;
+ use strict;
+-
+ use Test::More;
+
+ use POSIX qw/ mkfifo /;
+@@ -21,6 +20,11 @@ use lib 'lib';
+ use Test::Nginx;
+ use Test::Nginx::Stream qw/ stream /;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/stream_ssl_certificate.t b/stream_ssl_certificate.t
+index ed0a831..174baa7 100644
+--- a/stream_ssl_certificate.t
++++ b/stream_ssl_certificate.t
+@@ -18,6 +18,11 @@ use lib 'lib';
+ use Test::Nginx;
+ use Test::Nginx::Stream qw/ stream /;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/uwsgi_ssl_certificate.t b/uwsgi_ssl_certificate.t
+index fbb9750..0654b36 100644
+--- a/uwsgi_ssl_certificate.t
++++ b/uwsgi_ssl_certificate.t
+@@ -18,6 +18,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;
+diff --git a/uwsgi_ssl_certificate_vars.t b/uwsgi_ssl_certificate_vars.t
+index c51e5f5..85566f1 100644
+--- a/uwsgi_ssl_certificate_vars.t
++++ b/uwsgi_ssl_certificate_vars.t
+@@ -17,6 +17,11 @@ BEGIN { use FindBin; chdir($FindBin::Bin); }
+ use lib 'lib';
+ use Test::Nginx;
+
++# Skip test in FIPS mode
++if ($ENV{WOLFSSL_ISFIPS} eq '1') {
++    plan(skip_all => 'SSL tests disabled in FIPS mode');
++}
++
+ ###############################################################################
+
+ select STDERR; $| = 1;

From 9e10f05ce1c4cc82aa1b6210e6d89949e3aaab4f Mon Sep 17 00:00:00 2001
From: Aidan Garske <aidan@wolfssl.com>
Date: Mon, 9 Jun 2025 08:14:04 -0700
Subject: [PATCH 2/2] Rename to stable version

---
 ...fprov.patch => nginx-tests-FIPS-release-1.27.4-wolfprov.patch} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename wolfProvider/nginx/{nginx-tests-FIPS-mater-wolfprov.patch => nginx-tests-FIPS-release-1.27.4-wolfprov.patch} (100%)

diff --git a/wolfProvider/nginx/nginx-tests-FIPS-mater-wolfprov.patch b/wolfProvider/nginx/nginx-tests-FIPS-release-1.27.4-wolfprov.patch
similarity index 100%
rename from wolfProvider/nginx/nginx-tests-FIPS-mater-wolfprov.patch
rename to wolfProvider/nginx/nginx-tests-FIPS-release-1.27.4-wolfprov.patch