wolfSSL
diff --git a/‎.github/workflows/debian-package.yml‎
Lines changed: 1 addition & 21 deletions b/‎.github/workflows/debian-package.yml‎
Lines changed: 1 addition & 21 deletions
diff --git a/‎.gitignore‎
Lines changed: 5 additions & 1 deletion b/‎.gitignore‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎debian/install-wolfprov.sh‎
Lines changed: 1 addition & 1 deletion b/‎debian/install-wolfprov.sh‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎scripts/cmd_test/aes-cmd-test.sh‎
Lines changed: 11 additions & 7 deletions b/‎scripts/cmd_test/aes-cmd-test.sh‎
Lines changed: 11 additions & 7 deletions
diff --git a/‎scripts/cmd_test/cmd-test-common.sh‎
Lines changed: 56 additions & 107 deletions b/‎scripts/cmd_test/cmd-test-common.sh‎
Lines changed: 56 additions & 107 deletions
@@ -82,31 +82,11 @@ jobs:
             ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
 
       - name: Test OpenSSL provider functionality
+        shell: bash
         run: |
-          WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
-
-          # Temporarily move wolfprovider config so we can toggle between providers
-          echo "Temporarily disabling wolfprovider for default provider tests:"
-          mkdir -p /tmp/openssl-test
-          if [ -f $WOLFPROV_CONF_FILE ]; then
-            mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP
-            echo "   - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP"
-          else
-            echo "$WOLFPROV_CONF_FILE not found!"
-            exit 1
-          fi
-
           # Run the do-cmd-test.sh script to execute interoperability tests
           echo "Running OpenSSL provider interoperability tests..."
           OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
-
-          # Restore wolfprovider configuration
-          echo "Restoring wolfprovider configuration:"
-          if [ -f $WOLFPROV_CONF_BACKUP ]; then
-            mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE
-            echo "   - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP"
-          fi
-
           echo "PASS: All provider interoperability tests successful"
 
       - name: Uninstall package and verify cleanup
 
@@ -84,8 +84,12 @@ test/**/*.trs
 test/**/*.o
 test/**/.deps/
 test/**/.dirstamp
+aes_outputs
+ecc_outputs
+hash_outputs
 req_outputs
-scripts/cmd_test/req-test.log
+rsa_outputs
+scripts/cmd_test/*.log
 
 IDE/Android/android-ndk-r26b/
 IDE/Android/openssl-source/
 
@@ -188,7 +188,7 @@ main() {
         exit 1
     fi
 
-    if [ -n "output_dir" ]; then
+    if [ -n "$output_dir" ]; then
         output_dir=$(realpath $output_dir)
     fi
 
 
@@ -19,9 +19,9 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
 
 if [ -z "${DO_CMD_TESTS:-}" ]; then
     echo "This script is designed to be called from do-cmd-tests.sh"
@@ -69,14 +69,16 @@ for key_size in "${KEY_SIZES[@]}"; do
         echo "Interop testing (encrypt with default, decrypt with wolfProvider):"
 
         # Encryption with OpenSSL default provider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+        use_default_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in aes_outputs/test_data.txt -out "$enc_file" -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL encrypt failed"
             FAIL=1
         fi
 
         # Decryption with wolfProvider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+        use_wolf_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in "$enc_file" -out "$dec_file" -d -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider decrypt failed"
             FAIL=1
@@ -98,14 +100,16 @@ for key_size in "${KEY_SIZES[@]}"; do
         echo "Interop testing (encrypt with wolfProvider, decrypt with default):"
 
         # Encryption with wolfProvider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+        use_wolf_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in aes_outputs/test_data.txt -out "$enc_file" -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider encrypt failed"
             FAIL=1
         fi
 
         # Decryption with OpenSSL default provider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+        use_default_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in "$enc_file" -out "$dec_file" -d -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL decrypt failed"
             FAIL=1
 
@@ -19,87 +19,33 @@
 
 # Global variables to store wolfProvider installation mode
 # Only initialize if not already set (allows parent script to export values)
-WOLFPROV_REPLACE_DEFAULT=${WOLFPROV_REPLACE_DEFAULT:-0}
-WOLFPROV_FIPS=${WOLFPROV_FIPS:-0}
-WOLFPROV_INSTALLED=${WOLFPROV_INSTALLED:-0}
 
 if [ -z "${DO_CMD_TESTS:-}" ]; then
     echo "This script is designed to be called from do-cmd-tests.sh"
     echo "Do not run this script directly - use do-cmd-tests.sh instead"
     exit 1
 fi
 
-# Function to detect wolfProvider installation mode
-detect_wolfprovider_mode() {
-    if [ -z "${REPO_ROOT:-}" ]; then
-        REPO_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../.. &> /dev/null && pwd )"
-    fi
-
-    # Get OpenSSL version and initial provider info
-    local openssl_version=$(${OPENSSL_BIN} version 2>/dev/null)
-    local openssl_providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-
-    # Detect if wolfProvider is currently active
-    if echo "$openssl_providers" | grep -qi "wolfSSL Provider"; then
-        WOLFPROV_INSTALLED=1
-        echo "Detected: wolfProvider is currently active"
-    else
-        WOLFPROV_INSTALLED=0
-        echo "Detected: wolfProvider is not currently active"
-    fi
-
-    # Detect if FIPS mode is active
-    if echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS"; then
-        WOLFPROV_FIPS=1
-        echo "Detected: wolfProvider FIPS mode"
-    else
-        WOLFPROV_FIPS=0
-        echo "Detected: wolfProvider non-FIPS mode"
-    fi
-
-    # Detect replace-default mode
-    if echo "$openssl_providers" | grep -q "default" && echo "$openssl_providers" | grep -qi "wolfSSL Provider"; then
-        WOLFPROV_REPLACE_DEFAULT=1
-        echo "Detected: wolfProvider installed in replace-default mode (provider: default)"
-    elif echo "$openssl_providers" | grep -qi "libwolfprov"; then
-        WOLFPROV_REPLACE_DEFAULT=0
-        echo "Detected: wolfProvider installed in non-replace-default mode (provider: libwolfprov)"
-    else
-        WOLFPROV_REPLACE_DEFAULT=0
-        echo "Detected: wolfProvider not in replace-default mode"
-    fi
-
-    # Print detection summary
-    echo "wolfProvider mode detection:"
-    echo "  REPLACE_DEFAULT: $WOLFPROV_REPLACE_DEFAULT"
-    echo "  FIPS: $WOLFPROV_FIPS"
-    echo "  INSTALLED: $WOLFPROV_INSTALLED"
-}
-
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/../utils-general.sh"
 
 # Function to setup the environment for the command-line tests
 cmd_test_env_setup() {
-    # OPENSSL_BIN must be set by the caller
-    if [ -z "${OPENSSL_BIN:-}" ]; then
-        echo "Error: OPENSSL_BIN environment variable is not set"
-        exit 1
-    fi
+    export OPENSSL_BIN=${OPENSSL_BIN:-$(which openssl)}
+    printf "Using OPENSSL_BIN: %s\n" "$OPENSSL_BIN"
 
-    # Detect wolfProvider installation mode (only if not already detected)
-    if [ -z "${WOLFPROV_MODE_DETECTED:-}" ]; then
-        detect_wolfprovider_mode
-        export WOLFPROV_MODE_DETECTED=1
-    fi
+    OPENSSL_CONF_ORIG="${OPENSSL_CONF:-}"
+    OPENSSL_MODULES_ORIG="${OPENSSL_MODULES:-}"
 }
 
 
 # Individual test setup (called by each test script)
 cmd_test_init() {
     local log_file_name=$1
-    SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+    CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 
     # Set up log file
-    export LOG_FILE="${SCRIPT_DIR}/${log_file_name}"
+    export LOG_FILE="${CMD_TEST_DIR}/${log_file_name}"
     touch "$LOG_FILE"
 
     # Redirect all output to log file
@@ -110,109 +56,112 @@ cmd_test_init() {
     FORCE_FAIL_PASSED=0
 }
 
+
 # Function to use default provider only
 use_default_provider() {
-    unset OPENSSL_MODULES
-    unset OPENSSL_CONF
+    return 0
+
+    if [ -z "${OPENSSL_CONF_ORIG:-}" ]; then
+        export OPENSSL_CONF="/dev/null"
+        export OPENSSL_MODULES="/dev/null"
+    else
+        unset OPENSSL_CONF
+        unset OPENSSL_MODULES
+    fi
+    detect_wolfprovider_mode
 
     # Check if wolfProvider is in replace-default mode
-    if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then
+    if [ "$is_openssl_replace_default" = "1" ]; then
         echo "INFO: wolfProvider is installed in replace-default mode"
         echo "INFO: wolfProvider IS the default provider and cannot be switched off"
 
         # Verify that wolfProvider (as default) is active
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if echo "$providers" | grep -q "default" && echo "$providers" | grep -qi "wolfSSL Provider"; then
+		if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
             echo "Using default provider (wolfProvider in replace-default mode)"
         else
-            echo "FAIL: Expected wolfProvider as default, but provider list doesn't match"
-            echo "Provider list:"
-            echo "$providers"
+            echo "FAIL: Expected wolfProvider as default, but is_wp_active: $is_wp_active and is_wp_default: $is_wp_default"
             exit 1
         fi
     else
         # In non-replace-default mode, unsetting OPENSSL_MODULES should disable wolfProvider
         echo "INFO: wolfProvider is installed in non-replace-default mode"
 
         # Verify that we are using the OpenSSL default provider (not wolfProvider)
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if echo "$providers" | grep -qi "libwolfprov"; then
+        if [ "$is_openssl_default_provider" != "1" ]; then
             echo "FAIL: unable to switch to default provider, wolfProvider is still active"
-            echo "Provider list:"
-            echo "$providers"
-            exit 1
-        fi
-
-        # Check if OpenSSL default provider is active
-        if echo "$providers" | grep -q "default" && echo "$providers" | grep -qi "OpenSSL Default Provider"; then
-            echo "Switched to default provider (OpenSSL)"
-        else
-            echo "FAIL: Expected OpenSSL Default Provider, but provider list doesn't match"
-            echo "Provider list:"
-            echo "$providers"
+            echo "is_openssl_default_provider: $is_openssl_default_provider"
             exit 1
         fi
+        echo "INFO: Switched to default provider (OpenSSL)"
     fi
 }
 
 
 # Function to use wolf provider only
 use_wolf_provider() {
+    return 0
+
+    if [ -z "${OPENSSL_CONF_ORIG:-}" ]; then
+        unset OPENSSL_CONF
+        unset OPENSSL_MODULES
+    else 
+        export OPENSSL_CONF="${OPENSSL_CONF_ORIG:-}"
+        export OPENSSL_MODULES="${OPENSSL_MODULES_ORIG:-}"
+    fi
+    detect_wolfprovider_mode
+
     # Check if wolfProvider is in replace-default mode
-    if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then
+    if [ "$is_openssl_replace_default" = "1" ]; then
         # In replace-default mode, wolfProvider is already the default
         # No need to set OPENSSL_MODULES or OPENSSL_CONF
         echo "INFO: wolfProvider is installed in replace-default mode"
         echo "INFO: wolfProvider is already active as the default provider"
 
         # Verify that wolfProvider is active
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if echo "$providers" | grep -qi "wolfSSL Provider"; then
+		if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
             echo "Using wolfProvider (replace-default mode)"
         else
             echo "FAIL: wolfProvider is not active"
-            echo "Provider list:"
-            echo "$providers"
+            echo "is_wp_active: $is_wp_active"
+            echo "is_wp_default: $is_wp_default"
             exit 1
         fi
     else
         # In non-replace-default mode, we need to set OPENSSL_MODULES and OPENSSL_CONF
         echo "INFO: wolfProvider is installed in non-replace-default mode"
-        export OPENSSL_MODULES=$WOLFPROV_PATH
-        export OPENSSL_CONF=${WOLFPROV_CONFIG}
 
         # Verify that we are using wolfProvider
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if ! echo "$providers" | grep -qi "wolfprov"; then
+        if [ "$is_wp_active" != "1" ]; then
             echo "FAIL: unable to switch to wolfProvider, default provider is still active"
-            echo "Provider list:"
-            echo "$providers"
-            echo "OPENSSL_MODULES: $OPENSSL_MODULES"
-            echo "OPENSSL_CONF: $OPENSSL_CONF"
+            $OPENSSL_BIN list -providers
+            echo "is_wp_active: $is_wp_active"
+            echo "is_wp_default: $is_wp_default"
             exit 1
         fi
-        echo "Switched to wolfProvider"
+        echo "INFO: Switched to wolfProvider"
+        $OPENSSL_BIN list -providers
     fi
 }
 
 
 # Helper function to handle force fail checks
 check_force_fail() {
-    if is_default_provider && ! is_replace_default; then
+    detect_wolfprovider_mode
+    if [ "$is_openssl_default_provider" = "1" ]; then
+        # With the OpenSSL provider, don't expect failures
         echo "OPENSSL Default provider active, no forced failures expected."
-    elif [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+    elif [ "$WOLFPROV_FORCE_FAIL" = "1" ]; then
         echo "[PASS] Test passed when force fail was enabled"
         FORCE_FAIL_PASSED=1
+        exit 1
     fi
 }
 
-
-# Helper function to get provider name from provider arguments
-get_provider_name() {
-    local provider_args=$1
-    if [ "$provider_args" = "-provider default" ]; then
-        echo "default"
+use_provider_by_name() {
+    local provider_name=$1
+    if [ "$provider_name" = "libwolfprov" ]; then
+        use_wolf_provider
     else
-        echo "libwolfprov"
+        use_default_provider
     fi
 }