diff --git a/.github/workflows/debian-package.yml b/.github/workflows/debian-package.yml
index 0a13051d..4ce8508f 100644
--- a/.github/workflows/debian-package.yml
+++ b/.github/workflows/debian-package.yml
@@ -82,31 +82,11 @@ jobs:
${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
- name: Test OpenSSL provider functionality
+ shell: bash
run: |
- WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
-
- # Temporarily move wolfprovider config so we can toggle between providers
- echo "Temporarily disabling wolfprovider for default provider tests:"
- mkdir -p /tmp/openssl-test
- if [ -f $WOLFPROV_CONF_FILE ]; then
- mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP
- echo " - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP"
- else
- echo "$WOLFPROV_CONF_FILE not found!"
- exit 1
- fi
-
# Run the do-cmd-test.sh script to execute interoperability tests
echo "Running OpenSSL provider interoperability tests..."
OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
-
- # Restore wolfprovider configuration
- echo "Restoring wolfprovider configuration:"
- if [ -f $WOLFPROV_CONF_BACKUP ]; then
- mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE
- echo " - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP"
- fi
-
echo "PASS: All provider interoperability tests successful"
- name: Uninstall package and verify cleanup
diff --git a/.gitignore b/.gitignore
index ab42bdd7..4d7f623e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -84,8 +84,12 @@ test/**/*.trs
test/**/*.o
test/**/.deps/
test/**/.dirstamp
+aes_outputs
+ecc_outputs
+hash_outputs
req_outputs
-scripts/cmd_test/req-test.log
+rsa_outputs
+scripts/cmd_test/*.log
IDE/Android/android-ndk-r26b/
IDE/Android/openssl-source/
diff --git a/debian/install-wolfprov.sh b/debian/install-wolfprov.sh
index bf51ddda..1aa4f53b 100755
--- a/debian/install-wolfprov.sh
+++ b/debian/install-wolfprov.sh
@@ -188,7 +188,7 @@ main() {
exit 1
fi
- if [ -n "output_dir" ]; then
+ if [ -n "$output_dir" ]; then
output_dir=$(realpath $output_dir)
fi
diff --git a/scripts/cmd_test/aes-cmd-test.sh b/scripts/cmd_test/aes-cmd-test.sh
index e0ed0da4..ef4782de 100755
--- a/scripts/cmd_test/aes-cmd-test.sh
+++ b/scripts/cmd_test/aes-cmd-test.sh
@@ -19,14 +19,18 @@
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see .
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "aes-test.log"
-clean_cmd_test "aes"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
+
+cmd_test_init "aes-test.log"
+clean_cmd_test "aes"
# Create test data and output directories
mkdir -p aes_outputs
@@ -42,8 +46,6 @@ else
MODES=("ecb" "cbc" "ctr" "cfb")
fi
-echo "=== Running AES Algorithm Comparisons ==="
-
# Run tests for each key size and mode
for key_size in "${KEY_SIZES[@]}"; do
for mode in "${MODES[@]}"; do
@@ -67,14 +69,16 @@ for key_size in "${KEY_SIZES[@]}"; do
echo "Interop testing (encrypt with default, decrypt with wolfProvider):"
# Encryption with OpenSSL default provider
- if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+ use_default_provider
+ if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
-in aes_outputs/test_data.txt -out "$enc_file" -p; then
echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL encrypt failed"
FAIL=1
fi
# Decryption with wolfProvider
- if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+ use_wolf_provider
+ if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
-in "$enc_file" -out "$dec_file" -d -p; then
echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider decrypt failed"
FAIL=1
@@ -96,14 +100,16 @@ for key_size in "${KEY_SIZES[@]}"; do
echo "Interop testing (encrypt with wolfProvider, decrypt with default):"
# Encryption with wolfProvider
- if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+ use_wolf_provider
+ if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
-in aes_outputs/test_data.txt -out "$enc_file" -p; then
echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider encrypt failed"
FAIL=1
fi
# Decryption with OpenSSL default provider
- if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+ use_default_provider
+ if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
-in "$enc_file" -out "$dec_file" -d -p; then
echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL decrypt failed"
FAIL=1
diff --git a/scripts/cmd_test/clean-cmd-test.sh b/scripts/cmd_test/clean-cmd-test.sh
index 785388a7..ea416840 100755
--- a/scripts/cmd_test/clean-cmd-test.sh
+++ b/scripts/cmd_test/clean-cmd-test.sh
@@ -17,6 +17,12 @@
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see .
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
+
# Function to clean up specific command test artifacts
clean_cmd_test() {
local test_type=$1
diff --git a/scripts/cmd_test/cmd-test-common.sh b/scripts/cmd_test/cmd-test-common.sh
index e4190c1d..910eb01c 100644
--- a/scripts/cmd_test/cmd-test-common.sh
+++ b/scripts/cmd_test/cmd-test-common.sh
@@ -17,132 +17,151 @@
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see .
-COMMON_SETUP_DONE=0
+# Global variables to store wolfProvider installation mode
+# Only initialize if not already set (allows parent script to export values)
-cmd_test_env_setup() {
- # Fail flags
- FAIL=0
- FORCE_FAIL_PASSED=0
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
- if [ $COMMON_SETUP_DONE -ne 0 ]; then
- echo "Setup already completed, skipping."
- return
- fi
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/../utils-general.sh"
- local log_file_name=$1
- SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
- # Set up environment
- export LOG_FILE="${SCRIPT_DIR}/${log_file_name}"
- touch "$LOG_FILE"
+# Function to setup the environment for the command-line tests
+cmd_test_env_setup() {
+ export OPENSSL_BIN=${OPENSSL_BIN:-$(which openssl)}
+ printf "Using OPENSSL_BIN: %s\n" "$OPENSSL_BIN"
- # If OPENSSL_BIN is not set, assume we are using a local build
- if [ -z "${OPENSSL_BIN:-}" ]; then
- echo "OPENSSL_BIN not set, assuming local build"
- # Check if the install directories exist
- if [ ! -d "${REPO_ROOT}/openssl-install" ] ||
- [ ! -d "${REPO_ROOT}/wolfssl-install" ]; then
- echo "[FAIL] OpenSSL or wolfSSL install directories not found"
- echo "Please set OPENSSL_BIN or run build-wolfprovider.sh first"
- exit 1
- fi
+ OPENSSL_CONF_ORIG="${OPENSSL_CONF:-}"
+ OPENSSL_MODULES_ORIG="${OPENSSL_MODULES:-}"
+}
- # Setup the environment for a local build
- source "${REPO_ROOT}/scripts/env-setup"
- else
- echo "Using user-provided OPENSSL_BIN: ${OPENSSL_BIN}"
- # We are using a user-provided OpenSSL binary, manually set the test
- # environment variables rather than using env-setup.
- # Find the location of the wolfProvider modules
- if [ -z "${WOLFPROV_PATH:-}" ]; then
- export WOLFPROV_PATH=$(find /usr/lib /usr/local/lib -type d -name ossl-modules 2>/dev/null | head -n 1)
- fi
- # Set the path to the wolfProvider config file
- if [ -z "${WOLFPROV_CONFIG:-}" ]; then
- if [ "${WOLFSSL_ISFIPS:-0}" = "1" ]; then
- export WOLFPROV_CONFIG="${REPO_ROOT}/provider-fips.conf"
- else
- export WOLFPROV_CONFIG="${REPO_ROOT}/provider.conf"
- fi
- fi
- fi
- # Get the force fail parameter
- if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
- echo "Force fail mode enabled"
- fi
- if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
- echo "FIPS mode enabled"
- fi
+# Individual test setup (called by each test script)
+cmd_test_init() {
+ local log_file_name=$1
+ CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
- # Print environment for verification
- echo "Environment variables:"
- echo "OPENSSL_MODULES: ${OPENSSL_MODULES}"
- echo "OPENSSL_BIN: ${OPENSSL_BIN}"
- echo "WOLFPROV_PATH: ${WOLFPROV_PATH}"
- echo "WOLFPROV_CONFIG: ${WOLFPROV_CONFIG}"
- echo "LOG_FILE: ${LOG_FILE}"
+ # Set up log file
+ export LOG_FILE="${CMD_TEST_DIR}/${log_file_name}"
+ touch "$LOG_FILE"
- COMMON_SETUP_DONE=1
-}
+ # Redirect all output to log file
+ exec > >(tee -a "$LOG_FILE") 2>&1
-# Check if default provider is in use
-# Note that this may be wolfProvider if built as replace-default
-is_default_provider() {
- return $($OPENSSL_BIN list -providers | grep -qi "default")
+ # Fail flags
+ FAIL=0
+ FORCE_FAIL_PASSED=0
}
+
# Function to use default provider only
use_default_provider() {
- unset OPENSSL_MODULES
- unset OPENSSL_CONF
+ return 0
- # Verify that we are using the default provider
- if ! is_default_provider; then
- echo "FAIL: unable to switch to default provider"
- $OPENSSL_BIN list -providers
- exit 1
+ if [ -z "${OPENSSL_CONF_ORIG:-}" ]; then
+ export OPENSSL_CONF="/dev/null"
+ export OPENSSL_MODULES="/dev/null"
+ else
+ unset OPENSSL_CONF
+ unset OPENSSL_MODULES
fi
- echo "Switched to default provider"
-}
+ detect_wolfprovider_mode
+
+ # Check if wolfProvider is in replace-default mode
+ if [ "$is_openssl_replace_default" = "1" ]; then
+ echo "INFO: wolfProvider is installed in replace-default mode"
+ echo "INFO: wolfProvider IS the default provider and cannot be switched off"
+
+ # Verify that wolfProvider (as default) is active
+ if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
+ echo "Using default provider (wolfProvider in replace-default mode)"
+ else
+ echo "FAIL: Expected wolfProvider as default, but is_wp_active: $is_wp_active and is_wp_default: $is_wp_default"
+ exit 1
+ fi
+ else
+ # In non-replace-default mode, unsetting OPENSSL_MODULES should disable wolfProvider
+ echo "INFO: wolfProvider is installed in non-replace-default mode"
-is_wolf_provider() {
- return $($OPENSSL_BIN list -providers | grep -qi "wolfSSL Provider")
+ # Verify that we are using the OpenSSL default provider (not wolfProvider)
+ if [ "$is_openssl_default_provider" != "1" ]; then
+ echo "FAIL: unable to switch to default provider, wolfProvider is still active"
+ echo "is_openssl_default_provider: $is_openssl_default_provider"
+ exit 1
+ fi
+ echo "INFO: Switched to default provider (OpenSSL)"
+ fi
}
+
# Function to use wolf provider only
use_wolf_provider() {
- export OPENSSL_MODULES=$WOLFPROV_PATH
- export OPENSSL_CONF=${WOLFPROV_CONFIG}
-
- # Verify that we are using wolfProvider
- if ! is_wolf_provider; then
- echo "FAIL: unable to switch to wolfProvider"
+ return 0
+
+ if [ -z "${OPENSSL_CONF_ORIG:-}" ]; then
+ unset OPENSSL_CONF
+ unset OPENSSL_MODULES
+ else
+ export OPENSSL_CONF="${OPENSSL_CONF_ORIG:-}"
+ export OPENSSL_MODULES="${OPENSSL_MODULES_ORIG:-}"
+ fi
+ detect_wolfprovider_mode
+
+ # Check if wolfProvider is in replace-default mode
+ if [ "$is_openssl_replace_default" = "1" ]; then
+ # In replace-default mode, wolfProvider is already the default
+ # No need to set OPENSSL_MODULES or OPENSSL_CONF
+ echo "INFO: wolfProvider is installed in replace-default mode"
+ echo "INFO: wolfProvider is already active as the default provider"
+
+ # Verify that wolfProvider is active
+ if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
+ echo "Using wolfProvider (replace-default mode)"
+ else
+ echo "FAIL: wolfProvider is not active"
+ echo "is_wp_active: $is_wp_active"
+ echo "is_wp_default: $is_wp_default"
+ exit 1
+ fi
+ else
+ # In non-replace-default mode, we need to set OPENSSL_MODULES and OPENSSL_CONF
+ echo "INFO: wolfProvider is installed in non-replace-default mode"
+
+ # Verify that we are using wolfProvider
+ if [ "$is_wp_active" != "1" ]; then
+ echo "FAIL: unable to switch to wolfProvider, default provider is still active"
+ $OPENSSL_BIN list -providers
+ echo "is_wp_active: $is_wp_active"
+ echo "is_wp_default: $is_wp_default"
+ exit 1
+ fi
+ echo "INFO: Switched to wolfProvider"
$OPENSSL_BIN list -providers
- exit 1
fi
- echo "Switched to wolfProvider"
}
-is_replace_default() {
- return $($OPENSSL_BIN list -providers | grep -qi "wolfSSL Provider")
-}
# Helper function to handle force fail checks
check_force_fail() {
- if is_default_provider && ! is_replace_default; then
+ detect_wolfprovider_mode
+ if [ "$is_openssl_default_provider" = "1" ]; then
+ # With the OpenSSL provider, don't expect failures
echo "OPENSSL Default provider active, no forced failures expected."
- elif [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ elif [ "$WOLFPROV_FORCE_FAIL" = "1" ]; then
echo "[PASS] Test passed when force fail was enabled"
FORCE_FAIL_PASSED=1
+ exit 1
fi
}
-# Helper function to get provider name from provider arguments
-get_provider_name() {
- local provider_args=$1
- if [ "$provider_args" = "-provider default" ]; then
- echo "default"
+use_provider_by_name() {
+ local provider_name=$1
+ if [ "$provider_name" = "libwolfprov" ]; then
+ use_wolf_provider
else
- echo "libwolfprov"
+ use_default_provider
fi
}
diff --git a/scripts/cmd_test/do-cmd-tests.sh b/scripts/cmd_test/do-cmd-tests.sh
index 63eec558..88a0a5f6 100755
--- a/scripts/cmd_test/do-cmd-tests.sh
+++ b/scripts/cmd_test/do-cmd-tests.sh
@@ -20,74 +20,215 @@
# along with wolfProvider. If not, see .
# Get the directory where this script is located
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-REPO_ROOT="$( cd "${SCRIPT_DIR}/../.." &> /dev/null && pwd )"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+REPO_ROOT="$( cd "${CMD_TEST_DIR}/../.." &> /dev/null && pwd )"
UTILS_DIR="${REPO_ROOT}/scripts"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
+# Flag to indicate that this script is being called from do-cmd-tests.sh
+export DO_CMD_TESTS=1
+
+# Parse command-line arguments
+RUN_HASH=0
+RUN_AES=0
+RUN_RSA=0
+RUN_ECC=0
+RUN_REQ=0
+RUN_ALL=1
+
+show_help() {
+ cat << EOF
+Usage: $0 [OPTIONS] [TESTS]
+
+Run wolfProvider command-line tests with optional configuration flags.
+
+OPTIONS:
+ --help Show this help message
+
+TESTS (if none specified, all tests run):
+ hash Run hash comparison test
+ aes Run AES comparison test
+ rsa Run RSA key generation test
+ ecc Run ECC key generation test
+ req Run certificate request test
+
+ENVIRONMENT VARIABLES (env vars get detected from verify-install.sh):
+ OPENSSL_BIN Path to OpenSSL binary (auto-detected with which(openssl) if not set)
+ WOLFSSL_ISFIPS Set to 1 for FIPS mode (or use --fips flag)
+ WOLFPROV_FORCE_FAIL Set to 1 for force-fail mode (or use --force-fail flag)
+
+EOF
+ exit 0
+}
+
+# Parse arguments
+while [[ $# -gt 0 ]]; do
+ case $1 in
+ --help|-h)
+ show_help
+ ;;
+ hash)
+ RUN_HASH=1
+ RUN_ALL=0
+ shift
+ ;;
+ aes)
+ RUN_AES=1
+ RUN_ALL=0
+ shift
+ ;;
+ rsa)
+ RUN_RSA=1
+ RUN_ALL=0
+ shift
+ ;;
+ ecc)
+ RUN_ECC=1
+ RUN_ALL=0
+ shift
+ ;;
+ req)
+ RUN_REQ=1
+ RUN_ALL=0
+ shift
+ ;;
+ *)
+ echo "Unknown option: $1"
+ echo "Use --help for usage information"
+ exit 1
+ ;;
+ esac
+done
+
+# If no specific tests were requested, run all tests
+if [ $RUN_ALL -eq 1 ]; then
+ RUN_HASH=1
+ RUN_AES=1
+ RUN_RSA=1
+ RUN_ECC=1
+ RUN_REQ=1
+fi
+
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
cmd_test_env_setup
+echo "==========================================
+wolfProvider Command-Line Tests
+=========================================="
+echo ""
+echo "Running command-line test suite..."
+echo ""
+
+echo ""
echo "=== Running wolfProvider Command-Line Tests ==="
-echo "Using OPENSSL_BIN: ${OPENSSL_BIN}"
-echo "Using WOLFPROV_PATH: ${WOLFPROV_PATH}"
-echo "Using WOLFPROV_CONFIG: ${WOLFPROV_CONFIG}"
+echo "Using OPENSSL_BIN: ${OPENSSL_BIN}"
+if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
+ echo "FIPS mode: ENABLED"
+fi
+if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ echo "Force-fail mode: ENABLED"
+fi
+
+# Export detection variables for child scripts
+export WOLFPROV_REPLACE_DEFAULT
+export WOLFPROV_FIPS
# Ensure we can switch providers before proceeding
use_default_provider
use_wolf_provider
+# Initialize result variables
+HASH_RESULT=0
+AES_RESULT=0
+RSA_RESULT=0
+ECC_RESULT=0
+REQ_RESULT=0
+
# Run the hash comparison test
-echo -e "\n=== Running Hash Comparison Test ==="
-"${REPO_ROOT}/scripts/cmd_test/hash-cmd-test.sh"
-HASH_RESULT=$?
+if [ $RUN_HASH -eq 1 ]; then
+ echo -e "\n=== Running Hash Comparison Test ==="
+ "${REPO_ROOT}/scripts/cmd_test/hash-cmd-test.sh"
+ HASH_RESULT=$?
+fi
# Run the AES comparison test
-echo -e "\n=== Running AES Comparison Test ==="
-"${REPO_ROOT}/scripts/cmd_test/aes-cmd-test.sh"
-AES_RESULT=$?
+if [ $RUN_AES -eq 1 ]; then
+ echo -e "\n=== Running AES Comparison Test ==="
+ "${REPO_ROOT}/scripts/cmd_test/aes-cmd-test.sh"
+ AES_RESULT=$?
+fi
# Run the RSA key generation test
-echo -e "\n=== Running RSA Key Generation Test ==="
-"${REPO_ROOT}/scripts/cmd_test/rsa-cmd-test.sh"
-RSA_RESULT=$?
+if [ $RUN_RSA -eq 1 ]; then
+ echo -e "\n=== Running RSA Key Generation Test ==="
+ "${REPO_ROOT}/scripts/cmd_test/rsa-cmd-test.sh"
+ RSA_RESULT=$?
+fi
# Run the ECC key generation test
-echo -e "\n=== Running ECC Key Generation Test ==="
-"${REPO_ROOT}/scripts/cmd_test/ecc-cmd-test.sh"
-ECC_RESULT=$?
+if [ $RUN_ECC -eq 1 ]; then
+ echo -e "\n=== Running ECC Key Generation Test ==="
+ "${REPO_ROOT}/scripts/cmd_test/ecc-cmd-test.sh"
+ ECC_RESULT=$?
+fi
# Run the Certificate Request test
-echo -e "\n=== Running Certificate Request Test ==="
-"${REPO_ROOT}/scripts/cmd_test/req-cmd-test.sh"
-REQ_RESULT=$?
+if [ $RUN_REQ -eq 1 ]; then
+ echo -e "\n=== Running Certificate Request Test ==="
+ "${REPO_ROOT}/scripts/cmd_test/req-cmd-test.sh"
+ REQ_RESULT=$?
+fi
# Check results
-if [ $HASH_RESULT -eq 0 ] && [ $AES_RESULT -eq 0 ] && [ $RSA_RESULT -eq 0 ] && [ $ECC_RESULT -eq 0 ] && [ $REQ_RESULT -eq 0 ]; then
+ALL_PASSED=1
+if [ $RUN_HASH -eq 1 ] && [ $HASH_RESULT -ne 0 ]; then
+ ALL_PASSED=0
+fi
+if [ $RUN_AES -eq 1 ] && [ $AES_RESULT -ne 0 ]; then
+ ALL_PASSED=0
+fi
+if [ $RUN_RSA -eq 1 ] && [ $RSA_RESULT -ne 0 ]; then
+ ALL_PASSED=0
+fi
+if [ $RUN_ECC -eq 1 ] && [ $ECC_RESULT -ne 0 ]; then
+ ALL_PASSED=0
+fi
+if [ $RUN_REQ -eq 1 ] && [ $REQ_RESULT -ne 0 ]; then
+ ALL_PASSED=0
+fi
+
+if [ $ALL_PASSED -eq 1 ]; then
echo -e "\n=== All Command-Line Tests Passed ==="
- if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
- echo "Force fail mode was enabled"
- fi
- if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
- echo "FIPS mode was enabled"
- fi
- echo "Hash Test Result: $HASH_RESULT (0=success)"
- echo "AES Test Result: $AES_RESULT (0=success)"
- echo "RSA Test Result: $RSA_RESULT (0=success)"
- echo "ECC Test Result: $ECC_RESULT (0=success)"
- echo "REQ Test Result: $REQ_RESULT (0=success)"
- exit 0
else
echo -e "\n=== Command-Line Tests Failed ==="
- if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
- echo "Force fail mode was enabled"
- fi
- if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
- echo "FIPS mode was enabled"
- fi
+fi
+
+# Print configuration
+if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+ echo "Force fail mode was enabled"
+fi
+if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
+ echo "FIPS mode was enabled"
+fi
+if [ "${WOLFPROV_REPLACE_DEFAULT}" = "1" ]; then
+ echo "Replace-default mode was enabled"
+fi
+
+# Print test results (only for tests that were run)
+echo ""
+if [ $RUN_HASH -eq 1 ]; then
echo "Hash Test Result: $HASH_RESULT (0=success)"
+fi
+if [ $RUN_AES -eq 1 ]; then
echo "AES Test Result: $AES_RESULT (0=success)"
+fi
+if [ $RUN_RSA -eq 1 ]; then
echo "RSA Test Result: $RSA_RESULT (0=success)"
+fi
+if [ $RUN_ECC -eq 1 ]; then
echo "ECC Test Result: $ECC_RESULT (0=success)"
+fi
+if [ $RUN_REQ -eq 1 ]; then
echo "REQ Test Result: $REQ_RESULT (0=success)"
- exit 1
fi
+
+exit $((1 - ALL_PASSED))
diff --git a/scripts/cmd_test/ecc-cmd-test.sh b/scripts/cmd_test/ecc-cmd-test.sh
index 31182f46..cac88e53 100755
--- a/scripts/cmd_test/ecc-cmd-test.sh
+++ b/scripts/cmd_test/ecc-cmd-test.sh
@@ -19,14 +19,18 @@
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see .
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "ecc-test.log"
-clean_cmd_test "ecc"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
+
+cmd_test_init "ecc-test.log"
+clean_cmd_test "ecc"
# Create test data and output directories
mkdir -p ecc_outputs
@@ -34,15 +38,12 @@ echo "This is test data for ECC signing and verification." > ecc_outputs/test_da
# Array of ECC curves and providers to test
CURVES=("prime256v1" "secp384r1" "secp521r1")
-PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default")
-
-echo "=== Running ECC Key Generation Tests ==="
+PROVIDER_NAMES=("libwolfprov" "default")
# Function to validate key
validate_key() {
local curve=$1
local key_file=${2:-"ecc_outputs/ecc_${curve}.pem"}
- local provider_args=$3
echo -e "\n=== Validating ECC Key (${curve}) ==="
# First check if file exists
@@ -65,7 +66,7 @@ validate_key() {
# Only try to extract public key if file exists and has content
local pub_key_file="ecc_outputs/ecc_${curve}_pub.pem"
if $OPENSSL_BIN pkey -in "$key_file" -pubout -out "$pub_key_file" \
- ${provider_args} -passin pass: >/dev/null; then
+ -passin pass: >/dev/null; then
echo "[PASS] ECC Public key extraction successful"
check_force_fail
else
@@ -79,11 +80,12 @@ sign_ecc() {
local key_file=$1
local data_file=$2
local sig_file=$3
- local provider_args=$4
+ local provider_name=$4
echo "Signing data with ECC..."
+ use_provider_by_name "$provider_name"
$OPENSSL_BIN pkeyutl -sign -inkey "$key_file" \
- ${provider_args} -passin pass: \
+ -passin pass: \
-in "$data_file" \
-out "$sig_file"
return $?
@@ -94,11 +96,12 @@ verify_ecc() {
local pub_key_file=$1
local data_file=$2
local sig_file=$3
- local provider_args=$4
+ local provider_name=$4
echo "Verifying ECC signature..."
+ use_provider_by_name "$provider_name"
$OPENSSL_BIN pkeyutl -verify -pubin -inkey "$pub_key_file" \
- ${provider_args} -passin pass: \
+ -passin pass: \
-in "$data_file" \
-sigfile "$sig_file"
return $?
@@ -107,10 +110,7 @@ verify_ecc() {
# Generic function to test sign/verify interoperability using pkeyutl
test_sign_verify_pkeyutl() {
local curve=$1
- local provider_args=$2
-
- # Get the provider name
- provider_name=$(get_provider_name "$provider_args")
+ local provider_name=$2
local key_file="ecc_outputs/ecc_${curve}.pem"
local pub_key_file="ecc_outputs/ecc_${curve}_pub.pem"
@@ -134,10 +134,10 @@ test_sign_verify_pkeyutl() {
use_default_provider
echo "Test 1: Sign and verify with OpenSSL default"
local default_sig_file="ecc_outputs/ecc_${curve}_default_sig.bin"
- if sign_ecc "$key_file" "$data_file" "$default_sig_file" "$provider_args"; then
+ if sign_ecc "$key_file" "$data_file" "$default_sig_file"; then
echo "[PASS] Signing with OpenSSL default successful"
check_force_fail
- if verify_ecc "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then
+ if verify_ecc "$pub_key_file" "$data_file" "$default_sig_file"; then
echo "[PASS] Default provider verify successful"
check_force_fail
else
@@ -153,10 +153,10 @@ test_sign_verify_pkeyutl() {
use_wolf_provider
echo "Test 2: Sign and verify with wolfProvider"
local wolf_sig_file="ecc_outputs/ecc_${curve}_wolf_sig.bin"
- if sign_ecc "$key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then
+ if sign_ecc "$key_file" "$data_file" "$wolf_sig_file"; then
echo "[PASS] Signing with wolfProvider successful"
check_force_fail
- if verify_ecc "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then
+ if verify_ecc "$pub_key_file" "$data_file" "$wolf_sig_file"; then
echo "[PASS] wolfProvider sign/verify successful"
check_force_fail
else
@@ -172,7 +172,7 @@ test_sign_verify_pkeyutl() {
if [ $FAIL -eq 0 ]; then # only verify if previous tests passed
use_wolf_provider
echo "Test 3: Cross-provider verification (default sign, wolf verify)"
- if verify_ecc "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then
+ if verify_ecc "$pub_key_file" "$data_file" "$default_sig_file"; then
echo "[PASS] wolfProvider can verify OpenSSL default signature"
check_force_fail
else
@@ -183,7 +183,7 @@ test_sign_verify_pkeyutl() {
# Test 4: Cross-provider verification (wolf sign, default verify)
use_default_provider
echo "Test 4: Cross-provider verification (wolf sign, default verify)"
- if verify_ecc "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then
+ if verify_ecc "$pub_key_file" "$data_file" "$wolf_sig_file"; then
echo "[PASS] OpenSSL default can verify wolfProvider signature"
check_force_fail
else
@@ -198,11 +198,8 @@ test_sign_verify_pkeyutl() {
# Function to generate and test ECC keys
generate_and_test_key() {
local curve=$1
- local provider_args=$2
+ local provider_name=$2
local output_file="ecc_outputs/ecc_${curve}.pem"
-
- # Get the provider name
- provider_name=$(get_provider_name "$provider_args")
echo -e "\n=== Testing ECC Key Generation (${curve}) with ${provider_name} ==="
@@ -211,10 +208,9 @@ generate_and_test_key() {
rm -f "$output_file"
fi
- echo "Generating ECC key (${curve})..."
-
+ echo "Generating ECC key with default provider (${curve})..."
+ use_provider_by_name "$provider_name"
if $OPENSSL_BIN genpkey -algorithm EC \
- ${provider_args} \
-pkeyopt ec_paramgen_curve:${curve} \
-out "$output_file" 2>/dev/null; then
echo "[PASS] ECC key generation successful"
@@ -234,15 +230,16 @@ generate_and_test_key() {
fi
# Validate key
- validate_key "$curve" "$output_file" "$provider_args"
+ validate_key "$curve" "$output_file"
# Try to use the key with different providers
echo -e "\n=== Testing ECC Key (${curve}) with ${provider_name} ==="
echo "Checking if ${provider_name} can use the key..."
# Try to use the key with wolfProvider (just check if it loads)
+ use_wolf_provider
if $OPENSSL_BIN pkey -in "$output_file" -check \
- ${provider_args} -passin pass: >/dev/null; then
+ -passin pass: >/dev/null; then
echo "[PASS] ${provider_name} can use ECC key (${curve})"
check_force_fail
else
@@ -253,7 +250,7 @@ generate_and_test_key() {
# Test key generation for each curve and provider
for curve in "${CURVES[@]}"; do
- for test_provider in "${PROVIDER_ARGS[@]}"; do
+ for test_provider in "${PROVIDER_NAMES[@]}"; do
# Generate key with current provider
generate_and_test_key "$curve" "$test_provider"
diff --git a/scripts/cmd_test/hash-cmd-test.sh b/scripts/cmd_test/hash-cmd-test.sh
index 512220e8..0d4818a7 100755
--- a/scripts/cmd_test/hash-cmd-test.sh
+++ b/scripts/cmd_test/hash-cmd-test.sh
@@ -19,14 +19,18 @@
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see .
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "hash-test.log"
-clean_cmd_test "hash"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
+
+cmd_test_init "hash-test.log"
+clean_cmd_test "hash"
# Create test data and output directories
mkdir -p hash_outputs
@@ -35,13 +39,10 @@ echo "This is test data for hash cmd test." > hash_outputs/test_data.txt
# Array of hash algorithms to test
HASH_ALGOS=("sha1" "sha224" "sha256" "sha384" "sha512")
-echo "=== Running Hash Algorithm Comparisons ==="
-
# Function to run hash test with specified provider options
run_hash_test() {
local algo="$1"
- local provider_opts="$2"
- local output_file="$3"
+ local output_file="$2"
# Run the hash algorithm with specified provider options
if ! $OPENSSL_BIN dgst -$algo $provider_opts -out "$output_file" hash_outputs/test_data.txt; then
@@ -91,10 +92,12 @@ for algo in "${HASH_ALGOS[@]}"; do
echo -e "\n=== Testing ${algo^^} ==="
# Test with OpenSSL default provider
- run_hash_test $algo "-provider default" "hash_outputs/openssl_${algo}.txt"
+ use_default_provider
+ run_hash_test $algo "hash_outputs/openssl_${algo}.txt"
# Test with wolfProvider
- run_hash_test $algo "-provider-path $WOLFPROV_PATH -provider libwolfprov" "hash_outputs/wolf_${algo}.txt"
+ use_wolf_provider
+ run_hash_test $algo "hash_outputs/wolf_${algo}.txt"
# Compare results
compare_hashes $algo
diff --git a/scripts/cmd_test/req-cmd-test.sh b/scripts/cmd_test/req-cmd-test.sh
index 39935884..278ecea7 100755
--- a/scripts/cmd_test/req-cmd-test.sh
+++ b/scripts/cmd_test/req-cmd-test.sh
@@ -1,20 +1,42 @@
#!/bin/bash
-# req-cmd-test.sh - Certificate request test for wolfProvider
+# req-cmd-test.sh
+# Certificate request test for wolfProvider
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see .
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "req-test.log"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
+
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
+
+cmd_test_init "req-test.log"
clean_cmd_test "req"
-exec > >(tee -a "$LOG_FILE") 2>&1
mkdir -p req_outputs
CURVES=("prime256v1" "secp384r1" "secp521r1")
HASH_ALGORITHMS=("sha256" "sha384" "sha512")
-PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default")
-
-echo "=== Running Certificate Request (X.509) Tests ==="
+PROVIDER_NAMES=("libwolfprov" "default")
# Skip tests for FIPS mode (unless force-failing)
if [ "${WOLFSSL_ISFIPS}" = "1" ] && [ "${WOLFPROV_FORCE_FAIL}" != "1" ]; then
@@ -28,9 +50,8 @@ fi
test_cert_creation() {
local curve=$1
local hash_alg=$2
- local req_provider_args=$3
+ local req_provider_name=$3
- req_provider_name=$(get_provider_name "$req_provider_args")
local key_file="req_outputs/key_${curve}_${hash_alg}.pem"
local cert_file="req_outputs/cert_${curve}_${hash_alg}_${req_provider_name//lib/}.pem"
@@ -49,14 +70,9 @@ test_cert_creation() {
# Generate EC key with default provider
echo "Generating EC key with curve ${curve} using default provider..."
use_default_provider
- if $OPENSSL_BIN ecparam -genkey -name ${curve} -out "$key_file" \
- -provider default 2>/dev/null; then
+ if $OPENSSL_BIN ecparam -genkey -name ${curve} -out "$key_file" 2>/dev/null; then
echo "[PASS] EC key generation successful"
- # Don't call check_force_fail for default provider operations in force fail mode
- # as default provider operations are expected to succeed
- if [ "${WOLFPROV_FORCE_FAIL}" != "1" ]; then
- check_force_fail
- fi
+ check_force_fail
else
echo "[FAIL] EC key generation failed"
FAIL=1
@@ -64,21 +80,14 @@ test_cert_creation() {
fi
# Set provider for req command
- if [[ "$req_provider_args" == *"libwolfprov"* ]]; then
- use_wolf_provider
- else
- use_default_provider
- fi
+ use_provider_by_name "$req_provider_name"
# Create certificate with specified provider
echo "Creating self-signed certificate with ${hash_alg} using ${req_provider_name}..."
if $OPENSSL_BIN req -x509 -new -key "$key_file" -${hash_alg} -days 365 \
- -out "$cert_file" -subj "/CN=test-${curve}-${hash_alg}" ${req_provider_args} 2>/dev/null; then
+ -out "$cert_file" -subj "/CN=test-${curve}-${hash_alg}"2>/dev/null; then
echo "[PASS] Certificate creation successful"
- # Only call check_force_fail for wolfProvider operations, or when not in force fail mode
- if [[ "$req_provider_args" == *"libwolfprov"* ]] || [ "${WOLFPROV_FORCE_FAIL}" != "1" ]; then
- check_force_fail
- fi
+ check_force_fail
else
echo "[FAIL] Certificate creation failed"
FAIL=1
@@ -88,10 +97,7 @@ test_cert_creation() {
# Check if certificate file exists and is non-empty
if [ -s "$cert_file" ]; then
echo "[PASS] Certificate file exists and is non-empty"
- # Only call check_force_fail for wolfProvider operations, or when not in force fail mode
- if [[ "$req_provider_args" == *"libwolfprov"* ]] || [ "${WOLFPROV_FORCE_FAIL}" != "1" ]; then
- check_force_fail
- fi
+ check_force_fail
else
echo "[FAIL] Certificate file does not exist or is empty"
FAIL=1
@@ -103,8 +109,8 @@ echo "Starting certificate request tests..."
for curve in "${CURVES[@]}"; do
for hash_alg in "${HASH_ALGORITHMS[@]}"; do
- for provider_arg in "${PROVIDER_ARGS[@]}"; do
- test_cert_creation "$curve" "$hash_alg" "$provider_arg"
+ for provider_name in "${PROVIDER_NAMES[@]}"; do
+ test_cert_creation "$curve" "$hash_alg" "$provider_name"
done
done
done
diff --git a/scripts/cmd_test/rsa-cmd-test.sh b/scripts/cmd_test/rsa-cmd-test.sh
index f56a0f83..1e811c1b 100755
--- a/scripts/cmd_test/rsa-cmd-test.sh
+++ b/scripts/cmd_test/rsa-cmd-test.sh
@@ -19,14 +19,17 @@
# You should have received a copy of the GNU General Public License
# along with wolfProvider. If not, see .
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "rsa-test.log"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
+cmd_test_init "rsa-test.log"
clean_cmd_test "rsa"
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+ echo "This script is designed to be called from do-cmd-tests.sh"
+ echo "Do not run this script directly - use do-cmd-tests.sh instead"
+ exit 1
+fi
# Create test data and output directories
mkdir -p rsa_outputs
@@ -35,11 +38,12 @@ echo "This is test data for RSA signing and verification." > rsa_outputs/test_da
# Array of RSA key types, sizes, and providers to test
KEY_TYPES=("RSA" "RSA-PSS")
KEY_SIZES=("2048" "3072" "4096")
-PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider default")
+PROVIDER_NAMES=("libwolfprov" "default")
WOLFPROV_FORCE_FAIL=${WOLFPROV_FORCE_FAIL:-0}
echo "=== Running RSA Key Generation Tests ==="
+OPENSSL_BIN=${OPENSSL_BIN:-openssl}
# Function to validate key
validate_key() {
@@ -87,7 +91,7 @@ sign_rsa_pss() {
echo "Signing data with RSA-PSS..."
$OPENSSL_BIN pkeyutl -sign -inkey "$key_file" \
- ${provider_args} -provider default -passin pass: \
+ ${provider_args} -passin pass: \
-rawin -digest sha256 \
-pkeyopt rsa_padding_mode:pss \
-pkeyopt rsa_pss_saltlen:-1 \
@@ -106,7 +110,7 @@ verify_rsa_pss() {
echo "Verifying RSA-PSS signature..."
$OPENSSL_BIN pkeyutl -verify -pubin -inkey "$pub_key_file" \
- ${provider_args} -provider default -passin pass: \
+ ${provider_args} -passin pass: \
-rawin -digest sha256 \
-pkeyopt rsa_padding_mode:pss \
-pkeyopt rsa_pss_saltlen:-1 \
@@ -150,14 +154,11 @@ verify_rsa() {
test_sign_verify_pkeyutl() {
local key_type=$1
local key_size=$2
- local provider_args=$3
+ local provider_name=$3
local sign_func=$4
local verify_func=$5
- # Get the provider name
- provider_name=$(get_provider_name "$provider_args")
-
- echo -e "\n=== Testing ${key_type} (${key_size}) Sign/Verify with pkeyutl Using ${provider_name} ==="
+ echo -e "\n=== Testing ${key_type} (${key_size}) Sign/Verify with pkeyutl ==="
# Handle different key naming conventions
local key_prefix="${key_type}"
@@ -185,10 +186,10 @@ test_sign_verify_pkeyutl() {
use_default_provider
echo "Test 1: Sign and verify with OpenSSL default (${key_type})"
local default_sig_file="rsa_outputs/${key_prefix}_${key_size}_default_sig.bin"
- if $sign_func "$key_file" "$data_file" "$default_sig_file" "$provider_args"; then
+ if $sign_func "$key_file" "$data_file" "$default_sig_file"; then
echo "[PASS] Signing with OpenSSL default successful"
check_force_fail
- if $verify_func "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then
+ if $verify_func "$pub_key_file" "$data_file" "$default_sig_file"; then
echo "[PASS] Default provider verify successful"
check_force_fail
else
@@ -204,10 +205,10 @@ test_sign_verify_pkeyutl() {
use_wolf_provider
echo "Test 2: Sign and verify with wolfProvider (${key_type})"
local wolf_sig_file="rsa_outputs/${key_prefix}_${key_size}_wolf_sig.bin"
- if $sign_func "$key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then
+ if $sign_func "$key_file" "$data_file" "$wolf_sig_file"; then
echo "[PASS] Signing with wolfProvider successful"
check_force_fail
- if $verify_func "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then
+ if $verify_func "$pub_key_file" "$data_file" "$wolf_sig_file"; then
echo "[PASS] wolfProvider sign/verify successful"
check_force_fail
else
@@ -223,7 +224,7 @@ test_sign_verify_pkeyutl() {
if [ $FAIL -eq 0 ]; then # only verify if previous tests passed
echo "Test 3: Cross-provider verification (default sign, wolf verify)"
use_wolf_provider
- if $verify_func "$pub_key_file" "$data_file" "$default_sig_file" "$provider_args"; then
+ if $verify_func "$pub_key_file" "$data_file" "$default_sig_file"; then
echo "[PASS] wolfProvider can verify OpenSSL default signature"
check_force_fail
else
@@ -233,7 +234,7 @@ test_sign_verify_pkeyutl() {
use_default_provider
echo "Test 4: Cross-provider verification (wolf sign, default verify)"
- if $verify_func "$pub_key_file" "$data_file" "$wolf_sig_file" "$provider_args"; then
+ if $verify_func "$pub_key_file" "$data_file" "$wolf_sig_file"; then
echo "[PASS] OpenSSL default can verify wolfProvider signature"
check_force_fail
else
@@ -247,12 +248,9 @@ test_sign_verify_pkeyutl() {
generate_and_test_key() {
local key_type=$1
local key_size=$2
- local provider_args=$3
+ local provider_name=$3
local output_file="rsa_outputs/${key_type}_${key_size}.pem"
- # Get the provider name
- provider_name=$(get_provider_name "$provider_args")
-
echo -e "\n=== Testing ${key_type} Key Generation (${key_size}) with ${provider_name} ==="
if [ -f "$output_file" ]; then
@@ -261,10 +259,10 @@ generate_and_test_key() {
fi
echo "Generating ${key_type} key (${key_size})..."
+ use_provider_by_name "$provider_name"
if [ "$key_type" = "RSA-PSS" ]; then
# For RSA-PSS, specify all parameters
if $OPENSSL_BIN genpkey -algorithm RSA-PSS \
- ${provider_args} \
-pkeyopt rsa_keygen_bits:${key_size} \
-pkeyopt rsa_pss_keygen_md:sha256 \
-pkeyopt rsa_pss_keygen_mgf1_md:sha256 \
@@ -279,7 +277,6 @@ generate_and_test_key() {
else
# Regular RSA key generation
if $OPENSSL_BIN genpkey -algorithm RSA \
- ${provider_args} \
-pkeyopt rsa_keygen_bits:${key_size} \
-out "$output_file" 2>/dev/null; then
echo "[PASS] RSA key generation successful"
@@ -300,16 +297,16 @@ generate_and_test_key() {
fi
# Validate key
- validate_key "$key_type" "$key_size" "$output_file" "$provider_args"
+ validate_key "$key_type" "$key_size" "$output_file"
# Try to use the key with different providers
echo -e "\n=== Testing ${key_type} Key (${key_size}) with ${provider_name} ==="
echo "Checking if ${provider_name} can use the key..."
# Try to use the key with wolfProvider (just check if it loads)
- # Use -noout to avoid encoder lookup which we don't support with selection mask 133 (0x85)
+ use_wolf_provider
if $OPENSSL_BIN pkey -in "$output_file" -check -noout \
- ${provider_args} -passin pass: ; then
+ -passin pass: >/dev/null; then
echo "[PASS] ${provider_name} can use ${key_type} key (${key_size})"
check_force_fail
else
@@ -321,13 +318,13 @@ generate_and_test_key() {
# Test key generation and sign/verify for each type, size, and provider
for key_type in "${KEY_TYPES[@]}"; do
for key_size in "${KEY_SIZES[@]}"; do
- for test_provider in "${PROVIDER_ARGS[@]}"; do
+ for test_provider in "${PROVIDER_NAMES[@]}"; do
# Generate key with current provider
generate_and_test_key "$key_type" "$key_size" "$test_provider"
# If WPFF is set, we need to run again to actually create the
# key files
- if [ $WOLFPROV_FORCE_FAIL -ne 0 ]; then
+ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
WOLFPROV_FORCE_FAIL=0
generate_and_test_key "$key_type" "$key_size" "$test_provider"
WOLFPROV_FORCE_FAIL=1
diff --git a/scripts/utils-general.sh b/scripts/utils-general.sh
index 86c14c17..92fdea5e 100644
--- a/scripts/utils-general.sh
+++ b/scripts/utils-general.sh
@@ -24,43 +24,61 @@ if [ "$UTILS_GENERAL_LOADED" != "yes" ]; then # only set once
}
trap do_trap INT TERM
- export UTILS_GENERAL_LOADED=yes
-fi
+ UTILS_GENERAL_LOADED=yes
-# Usage: check_git_match []
-check_git_match() {
- local target_ref="$1"
- local repo_dir="${2:-.}"
+ # Usage: check_git_match []
+ check_git_match() {
+ local target_ref="$1"
+ local repo_dir="${2:-.}"
- pushd "$repo_dir" > /dev/null || return 2
+ pushd "$repo_dir" > /dev/null || return 2
- local current_tag current_branch current_commit_long current_commit_short
- current_tag=$(git describe --tags --exact-match 2>/dev/null || true)
- current_branch=$(git symbolic-ref --short HEAD 2>/dev/null || true)
- current_commit_long=$(git rev-parse HEAD 2>/dev/null || true)
- current_commit_short=$(git rev-parse --short HEAD 2>/dev/null || true)
+ local current_tag current_branch current_commit_long current_commit_short
+ current_tag=$(git describe --tags --exact-match 2>/dev/null || true)
+ current_branch=$(git symbolic-ref --short HEAD 2>/dev/null || true)
+ current_commit_long=$(git rev-parse HEAD 2>/dev/null || true)
+ current_commit_short=$(git rev-parse --short HEAD 2>/dev/null || true)
- if [[ -n "$current_tag" && "$target_ref" == "$current_tag" ]]; then
- echo "match: tag ($current_tag)"
- popd > /dev/null
- return 0
- elif [[ -n "$current_branch" && "$target_ref" == "$current_branch" ]]; then
- echo "match: branch ($current_branch)"
- popd > /dev/null
- return 0
- elif [[ -n "$current_commit_long" && "$target_ref" == "$current_commit_long" ]]; then
- echo "match: commit (long $current_commit_long)"
- popd > /dev/null
- return 0
- elif [[ -n "$current_commit_short" && "$target_ref" == "$current_commit_short" ]]; then
- echo "match: commit (short $current_commit_short)"
- popd > /dev/null
- return 0
- else
- echo "no match found for $target_ref"
- printf "Version inconsistency. Please fix ${repo_dir}\n"
- printf "(expected: ${target_ref}, got: ${current_tag} ${current_branch} ${current_commit_long} ${current_commit_short})\n"
- popd > /dev/null
- exit 1
- fi
-}
+ if [[ -n "$current_tag" && "$target_ref" == "$current_tag" ]]; then
+ echo "match: tag ($current_tag)"
+ popd > /dev/null
+ return 0
+ elif [[ -n "$current_branch" && "$target_ref" == "$current_branch" ]]; then
+ echo "match: branch ($current_branch)"
+ popd > /dev/null
+ return 0
+ elif [[ -n "$current_commit_long" && "$target_ref" == "$current_commit_long" ]]; then
+ echo "match: commit (long $current_commit_long)"
+ popd > /dev/null
+ return 0
+ elif [[ -n "$current_commit_short" && "$target_ref" == "$current_commit_short" ]]; then
+ echo "match: commit (short $current_commit_short)"
+ popd > /dev/null
+ return 0
+ else
+ echo "no match found for $target_ref"
+ printf "Version inconsistency. Please fix ${repo_dir}\n"
+ printf "(expected: ${target_ref}, got: ${current_tag} ${current_branch} ${current_commit_long} ${current_commit_short})\n"
+ popd > /dev/null
+ exit 1
+ fi
+ }
+
+ export is_openssl_replace_default=${is_openssl_replace_default:-0}
+ export is_openssl_default_provider=${is_openssl_default_provider:-0}
+ export is_wp_active=${is_wp_active:-0}
+ export is_wp_default=${is_wp_default:-0}
+ export is_wp_fips=${is_wp_fips:-0}
+
+ # Function to detect wolfProvider installation mode
+ detect_wolfprovider_mode() {
+ local openssl_version=$(${OPENSSL_BIN} version 2>/dev/null)
+ local openssl_providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+
+ is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "wolfProvider-replace-default" && echo 1 || echo 0)
+ is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0)
+ is_wp_active=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider" && echo 1 || echo 0)
+ is_wp_default=$(echo "$openssl_providers" | grep -q -Pzo 'Providers:\s*\n\s*default\s*\n\s*name:\s*wolfSSL Provider' && echo 1 || echo 0)
+ is_wp_fips=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS" && echo 1 || echo 0)
+ }
+fi
\ No newline at end of file
diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh
index aee5b664..23d37fb9 100755
--- a/scripts/verify-install.sh
+++ b/scripts/verify-install.sh
@@ -73,9 +73,8 @@ if ! command -v $OPENSSL_BIN >/dev/null 2>&1; then
handle_error "$OPENSSL_BIN not found"
fi
-openssl_version=$($OPENSSL_BIN version 2> /dev/null)
-openssl_providers=$($OPENSSL_BIN list -providers 2> /dev/null)
-dpkg_output=$(dpkg -l 2> /dev/null | grep wolf)
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}/utils-general.sh"
handle_error() {
local message="$1"
@@ -200,13 +199,8 @@ verify_wolfprovider() {
local replace_default="$2"
local no_wp="$3"
- is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "wolfProvider-replace-default" && echo 1 || echo 0)
- is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0)
-
- is_wp_active=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider" && echo 1 || echo 0)
- is_wp_default=$(echo "$openssl_providers" | grep -q -Pzo 'Providers:\s*\n\s*default\s*\n\s*name:\s*wolfSSL Provider' && echo 1 || echo 0)
- is_wp_fips=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS" && echo 1 || echo 0)
-
+ detect_wolfprovider_mode
+ dpkg_output=$(dpkg -l 2> /dev/null | grep wolf)
is_wolfssl_installed=$(echo "$dpkg_output" | grep -Eq '^ii\s+libwolfssl\s' && echo 1 || echo 0)
is_wolfssl_fips=$(echo "$dpkg_output" | grep -E '^ii\s+libwolfssl\s' | grep -qi "fips" && echo 1 || echo 0)