Add cmd-test arguments

.github/workflows/debian-package.yml

@@ -82,31 +82,11 @@ jobs:
             ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
 
       - name: Test OpenSSL provider functionality
+        shell: bash
         run: |
-          WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
-
-          # Temporarily move wolfprovider config so we can toggle between providers
-          echo "Temporarily disabling wolfprovider for default provider tests:"
-          mkdir -p /tmp/openssl-test
-          if [ -f $WOLFPROV_CONF_FILE ]; then
-            mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP
-            echo "   - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP"
-          else
-            echo "$WOLFPROV_CONF_FILE not found!"
-            exit 1
-          fi
-
           # Run the do-cmd-test.sh script to execute interoperability tests
           echo "Running OpenSSL provider interoperability tests..."
           OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
-
-          # Restore wolfprovider configuration
-          echo "Restoring wolfprovider configuration:"
-          if [ -f $WOLFPROV_CONF_BACKUP ]; then
-            mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE
-            echo "   - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP"
-          fi
-
           echo "PASS: All provider interoperability tests successful"
 
       - name: Uninstall package and verify cleanup

.gitignore

@@ -84,8 +84,12 @@ test/**/*.trs
 test/**/*.o
 test/**/.deps/
 test/**/.dirstamp
+aes_outputs
+ecc_outputs
+hash_outputs
 req_outputs
-scripts/cmd_test/req-test.log
+rsa_outputs
+scripts/cmd_test/*.log
 
 IDE/Android/android-ndk-r26b/
 IDE/Android/openssl-source/

debian/install-wolfprov.sh

@@ -188,7 +188,7 @@ main() {
         exit 1
     fi
 
-    if [ -n "output_dir" ]; then
+    if [ -n "$output_dir" ]; then
         output_dir=$(realpath $output_dir)
     fi
 

scripts/cmd_test/aes-cmd-test.sh

@@ -19,14 +19,18 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "aes-test.log"
-clean_cmd_test "aes"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
 
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+    echo "This script is designed to be called from do-cmd-tests.sh"
+    echo "Do not run this script directly - use do-cmd-tests.sh instead"
+    exit 1
+fi
+
+cmd_test_init "aes-test.log"
+clean_cmd_test "aes"
 
 # Create test data and output directories
 mkdir -p aes_outputs
@@ -42,8 +46,6 @@ else
     MODES=("ecb" "cbc" "ctr" "cfb")
 fi
 
-echo "=== Running AES Algorithm Comparisons ==="
-
 # Run tests for each key size and mode
 for key_size in "${KEY_SIZES[@]}"; do
     for mode in "${MODES[@]}"; do
@@ -67,14 +69,16 @@ for key_size in "${KEY_SIZES[@]}"; do
         echo "Interop testing (encrypt with default, decrypt with wolfProvider):"
 
         # Encryption with OpenSSL default provider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+        use_default_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in aes_outputs/test_data.txt -out "$enc_file" -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL encrypt failed"
             FAIL=1
         fi
 
         # Decryption with wolfProvider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+        use_wolf_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in "$enc_file" -out "$dec_file" -d -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider decrypt failed"
             FAIL=1
@@ -96,14 +100,16 @@ for key_size in "${KEY_SIZES[@]}"; do
         echo "Interop testing (encrypt with wolfProvider, decrypt with default):"
 
         # Encryption with wolfProvider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+        use_wolf_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in aes_outputs/test_data.txt -out "$enc_file" -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider encrypt failed"
             FAIL=1
         fi
 
         # Decryption with OpenSSL default provider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+        use_default_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in "$enc_file" -out "$dec_file" -d -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL decrypt failed"
             FAIL=1

scripts/cmd_test/clean-cmd-test.sh

@@ -17,6 +17,12 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+    echo "This script is designed to be called from do-cmd-tests.sh"
+    echo "Do not run this script directly - use do-cmd-tests.sh instead"
+    exit 1
+fi
+
 # Function to clean up specific command test artifacts
 clean_cmd_test() {
     local test_type=$1

scripts/cmd_test/cmd-test-common.sh

@@ -17,132 +17,151 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
-COMMON_SETUP_DONE=0
+# Global variables to store wolfProvider installation mode
+# Only initialize if not already set (allows parent script to export values)
 
-cmd_test_env_setup() {
-    # Fail flags
-    FAIL=0
-    FORCE_FAIL_PASSED=0
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+    echo "This script is designed to be called from do-cmd-tests.sh"
+    echo "Do not run this script directly - use do-cmd-tests.sh instead"
+    exit 1
+fi
 
-    if [ $COMMON_SETUP_DONE -ne 0 ]; then
-        echo "Setup already completed, skipping."
-        return
-    fi
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/../utils-general.sh"
 
-    local log_file_name=$1
-    SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-    # Set up environment
-    export LOG_FILE="${SCRIPT_DIR}/${log_file_name}"
-    touch "$LOG_FILE"
+# Function to setup the environment for the command-line tests
+cmd_test_env_setup() {
+    export OPENSSL_BIN=${OPENSSL_BIN:-$(which openssl)}
+    printf "Using OPENSSL_BIN: %s\n" "$OPENSSL_BIN"
 
-    # If OPENSSL_BIN is not set, assume we are using a local build
-    if [ -z "${OPENSSL_BIN:-}" ]; then
-        echo "OPENSSL_BIN not set, assuming local build"
-        # Check if the install directories exist
-        if [ ! -d "${REPO_ROOT}/openssl-install" ] || 
-        [ ! -d "${REPO_ROOT}/wolfssl-install" ]; then
-            echo "[FAIL] OpenSSL or wolfSSL install directories not found"
-            echo "Please set OPENSSL_BIN or run build-wolfprovider.sh first"
-            exit 1
-        fi
+    OPENSSL_CONF_ORIG="${OPENSSL_CONF:-}"
+    OPENSSL_MODULES_ORIG="${OPENSSL_MODULES:-}"
+}
 
-        # Setup the environment for a local build
-        source "${REPO_ROOT}/scripts/env-setup"
-    else
-        echo "Using user-provided OPENSSL_BIN: ${OPENSSL_BIN}"
-        # We are using a user-provided OpenSSL binary, manually set the test
-        # environment variables rather than using env-setup.
-        # Find the location of the wolfProvider modules
-        if [ -z "${WOLFPROV_PATH:-}" ]; then
-            export WOLFPROV_PATH=$(find /usr/lib /usr/local/lib -type d -name ossl-modules 2>/dev/null | head -n 1)
-        fi
-        # Set the path to the wolfProvider config file
-        if [ -z "${WOLFPROV_CONFIG:-}" ]; then
-            if [ "${WOLFSSL_ISFIPS:-0}" = "1" ]; then
-                export WOLFPROV_CONFIG="${REPO_ROOT}/provider-fips.conf"
-            else
-                export WOLFPROV_CONFIG="${REPO_ROOT}/provider.conf"
-            fi  
-        fi
-    fi
 
-    # Get the force fail parameter
-    if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
-        echo "Force fail mode enabled"
-    fi
-    if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
-        echo "FIPS mode enabled"
-    fi
+# Individual test setup (called by each test script)
+cmd_test_init() {
+    local log_file_name=$1
+    CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 
-    # Print environment for verification
-    echo "Environment variables:"
-    echo "OPENSSL_MODULES: ${OPENSSL_MODULES}"
-    echo "OPENSSL_BIN: ${OPENSSL_BIN}"
-    echo "WOLFPROV_PATH: ${WOLFPROV_PATH}"
-    echo "WOLFPROV_CONFIG: ${WOLFPROV_CONFIG}"
-    echo "LOG_FILE: ${LOG_FILE}"
+    # Set up log file
+    export LOG_FILE="${CMD_TEST_DIR}/${log_file_name}"
+    touch "$LOG_FILE"
 
-    COMMON_SETUP_DONE=1
-}
+    # Redirect all output to log file
+    exec > >(tee -a "$LOG_FILE") 2>&1
 
-# Check if default provider is in use
-# Note that this may be wolfProvider if built as replace-default
-is_default_provider() {
-    return $($OPENSSL_BIN list -providers | grep -qi "default")
+    # Fail flags
+    FAIL=0
+    FORCE_FAIL_PASSED=0
 }
 
+
 # Function to use default provider only
 use_default_provider() {
-    unset OPENSSL_MODULES
-    unset OPENSSL_CONF
+    return 0
 
-    # Verify that we are using the default provider
-    if ! is_default_provider; then
-        echo "FAIL: unable to switch to default provider"
-        $OPENSSL_BIN list -providers
-        exit 1
+    if [ -z "${OPENSSL_CONF_ORIG:-}" ]; then
+        export OPENSSL_CONF="/dev/null"
+        export OPENSSL_MODULES="/dev/null"
+    else
+        unset OPENSSL_CONF
+        unset OPENSSL_MODULES
     fi
-    echo "Switched to default provider"
-}
+    detect_wolfprovider_mode
+
+    # Check if wolfProvider is in replace-default mode
+    if [ "$is_openssl_replace_default" = "1" ]; then
+        echo "INFO: wolfProvider is installed in replace-default mode"
+        echo "INFO: wolfProvider IS the default provider and cannot be switched off"
+
+        # Verify that wolfProvider (as default) is active
+		if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
+            echo "Using default provider (wolfProvider in replace-default mode)"
+        else
+            echo "FAIL: Expected wolfProvider as default, but is_wp_active: $is_wp_active and is_wp_default: $is_wp_default"
+            exit 1
+        fi
+    else
+        # In non-replace-default mode, unsetting OPENSSL_MODULES should disable wolfProvider
+        echo "INFO: wolfProvider is installed in non-replace-default mode"
 
-is_wolf_provider() {
-    return $($OPENSSL_BIN list -providers | grep -qi "wolfSSL Provider")
+        # Verify that we are using the OpenSSL default provider (not wolfProvider)
+        if [ "$is_openssl_default_provider" != "1" ]; then
+            echo "FAIL: unable to switch to default provider, wolfProvider is still active"
+            echo "is_openssl_default_provider: $is_openssl_default_provider"
+            exit 1
+        fi
+        echo "INFO: Switched to default provider (OpenSSL)"
+    fi
 }
 
+
 # Function to use wolf provider only
 use_wolf_provider() {
-    export OPENSSL_MODULES=$WOLFPROV_PATH
-    export OPENSSL_CONF=${WOLFPROV_CONFIG}
-
-    # Verify that we are using wolfProvider
-    if ! is_wolf_provider; then
-        echo "FAIL: unable to switch to wolfProvider"
+    return 0
+
+    if [ -z "${OPENSSL_CONF_ORIG:-}" ]; then
+        unset OPENSSL_CONF
+        unset OPENSSL_MODULES
+    else 
+        export OPENSSL_CONF="${OPENSSL_CONF_ORIG:-}"
+        export OPENSSL_MODULES="${OPENSSL_MODULES_ORIG:-}"
+    fi
+    detect_wolfprovider_mode
+
+    # Check if wolfProvider is in replace-default mode
+    if [ "$is_openssl_replace_default" = "1" ]; then
+        # In replace-default mode, wolfProvider is already the default
+        # No need to set OPENSSL_MODULES or OPENSSL_CONF
+        echo "INFO: wolfProvider is installed in replace-default mode"
+        echo "INFO: wolfProvider is already active as the default provider"
+
+        # Verify that wolfProvider is active
+		if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
+            echo "Using wolfProvider (replace-default mode)"
+        else
+            echo "FAIL: wolfProvider is not active"
+            echo "is_wp_active: $is_wp_active"
+            echo "is_wp_default: $is_wp_default"
+            exit 1
+        fi
+    else
+        # In non-replace-default mode, we need to set OPENSSL_MODULES and OPENSSL_CONF
+        echo "INFO: wolfProvider is installed in non-replace-default mode"
+
+        # Verify that we are using wolfProvider
+        if [ "$is_wp_active" != "1" ]; then
+            echo "FAIL: unable to switch to wolfProvider, default provider is still active"
+            $OPENSSL_BIN list -providers
+            echo "is_wp_active: $is_wp_active"
+            echo "is_wp_default: $is_wp_default"
+            exit 1
+        fi
+        echo "INFO: Switched to wolfProvider"
         $OPENSSL_BIN list -providers
-        exit 1
     fi
-    echo "Switched to wolfProvider"
 }
 
-is_replace_default() {
-    return $($OPENSSL_BIN list -providers | grep -qi "wolfSSL Provider")
-}
 
 # Helper function to handle force fail checks
 check_force_fail() {
-    if is_default_provider && ! is_replace_default; then
+    detect_wolfprovider_mode
+    if [ "$is_openssl_default_provider" = "1" ]; then
+        # With the OpenSSL provider, don't expect failures
         echo "OPENSSL Default provider active, no forced failures expected."
-    elif [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+    elif [ "$WOLFPROV_FORCE_FAIL" = "1" ]; then
         echo "[PASS] Test passed when force fail was enabled"
         FORCE_FAIL_PASSED=1
+        exit 1
     fi
 }
 
-# Helper function to get provider name from provider arguments
-get_provider_name() {
-    local provider_args=$1
-    if [ "$provider_args" = "-provider default" ]; then
-        echo "default"
+use_provider_by_name() {
+    local provider_name=$1
+    if [ "$provider_name" = "libwolfprov" ]; then
+        use_wolf_provider
     else
-        echo "libwolfprov"
+        use_default_provider
     fi
 }