Dont test unit test with replace default

Test User · Test User · commit 61d4e1654fb5 · 2025-10-29T14:54:24.000-07:00
diff --git a/configure.ac b/configure.ac
@@ -40,27 +40,6 @@ if test "x$have_openssl" = "xyes"; then
     LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
 fi
 
-# Check if OpenSSL is built with replace-default mode
-AC_MSG_CHECKING([if OpenSSL is built with replace-default mode])
-AC_RUN_IFELSE(
-    [AC_LANG_PROGRAM(
-        [[#include <openssl/opensslv.h>
-          #include <string.h>
-          #include <stdio.h>]],
-        [[const char *version = OPENSSL_VERSION_TEXT;
-          if (strstr(version, "replace-default") != NULL) {
-              return 0;
-          }
-          return 1;]])],
-    [replace_default=yes],
-    [replace_default=no],
-    [replace_default=no])
-AC_MSG_RESULT([$replace_default])
-
-if test "$replace_default" = "yes"; then
-    AM_CFLAGS="$AM_CFLAGS -DREPLACE_DEFAULT"
-fi
-
 # wolfSSL
 AX_CHECK_WOLFSSL(
     [have_wolfssl=yes],
diff --git a/debian/rules b/debian/rules
@@ -98,17 +98,28 @@ override_dh_auto_clean:
 	rm -rf test/standalone/tests/.libs
 
 override_dh_auto_test:
-	@if [ -n "$(DEB_LDFLAGS_APPEND)" ]; then \
-		# If DEB_LDFLAGS_APPEND is set, it usually means the \
-		# build system is using a custom library path, rather \
-		# than the system path. So let's set up LD_LIBRARY_PATH \
-		# to use it when running `make test`. \
-		echo "Setting up LD_LIBRARY_PATH from DEB_LDFLAGS_APPEND"; \
-		LD_LIBRARY_PATH="$$(echo $(DEB_LDFLAGS_APPEND) | \
-		  grep -oE -- '-L[^ ]+' | sed 's/^-L//' | awk '!seen[$$0]++' | paste -sd: -)" \
-		$(MAKE) test; \
+	@REPLACE_DEFAULT=0; \
+	if command -v openssl >/dev/null 2>&1; then \
+		OPENSSL_VERSION=$$(openssl version 2>/dev/null || echo ""); \
+		if echo "$$OPENSSL_VERSION" | grep -qi "wolfProvider"; then \
+			REPLACE_DEFAULT=1; \
+		fi; \
+	fi; \
+	if [ $$REPLACE_DEFAULT -eq 1 ]; then \
+		echo "Skipping unit tests (OpenSSL built with replace-default mode)"; \
 	else \
-		$(MAKE) test; \
+		if [ -n "$(DEB_LDFLAGS_APPEND)" ]; then \
+			# If DEB_LDFLAGS_APPEND is set, it usually means the \
+			# build system is using a custom library path, rather \
+			# than the system path. So let's set up LD_LIBRARY_PATH \
+			# to use it when running `make test`. \
+			echo "Setting up LD_LIBRARY_PATH from DEB_LDFLAGS_APPEND"; \
+			LD_LIBRARY_PATH="$$(echo $(DEB_LDFLAGS_APPEND) | \
+			  grep -oE -- '-L[^ ]+' | sed 's/^-L//' | awk '!seen[$$0]++' | paste -sd: -)" \
+			$(MAKE) test; \
+		else \
+			$(MAKE) test; \
+		fi; \
 	fi
 
 override_dh_shlibdeps:
diff --git a/test/test_ecc.c b/test/test_ecc.c
@@ -944,9 +944,7 @@ static int test_pkey_verify_ecc(EVP_PKEY *pkey, OSSL_LIB_CTX* libCtx,
 int test_ecdsa_p192_pkey(void *data)
 {
     int err;
-#ifndef REPLACE_DEFAULT
     int res;
-#endif
     EVP_PKEY *pkey = NULL;
     unsigned char ecdsaSig[64];
     size_t ecdsaSigLen;
@@ -960,9 +958,6 @@ int test_ecdsa_p192_pkey(void *data)
         pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, sizeof(ecc_key_der_192));
         err = pkey == NULL;
     }
-#ifndef REPLACE_DEFAULT
-    /* With replace default, OpenSSL inherits wolfProvider, so we can't test
-     * cross-provider behavior with P-192. */
     if (err == 0) {
         PRINT_MSG("Sign with OpenSSL");
         ecdsaSigLen = sizeof(ecdsaSig);
@@ -982,7 +977,6 @@ int test_ecdsa_p192_pkey(void *data)
         if (res != 1)
             err = 1;
     }
-#endif
     if (err == 0) {
         PRINT_MSG("Sign with wolfprovider");
         ecdsaSigLen = sizeof(ecdsaSig);
@@ -1237,9 +1231,7 @@ int test_ecdsa_p521_pkey(void *data)
 int test_ecdsa_p192(void *data)
 {
     int err;
-#ifndef REPLACE_DEFAULT
     int res;
-#endif
     EVP_PKEY *pkey = NULL;
     unsigned char ecdsaSig[64];
     size_t ecdsaSigLen;
@@ -1258,9 +1250,6 @@ int test_ecdsa_p192(void *data)
         pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, sizeof(ecc_key_der_192));
         err = pkey == NULL;
     }
-#ifndef REPLACE_DEFAULT
-    /* With replace default, OpenSSL inherits wolfProvider, so we can't test
-     * cross-provider behavior with P-192. */
     if (err == 0) {
         PRINT_MSG("Sign with OpenSSL");
         ecdsaSigLen = sizeof(ecdsaSig);
@@ -1280,7 +1269,6 @@ int test_ecdsa_p192(void *data)
         if (res != 1)
             err = 1;
     }
-#endif
 
     if (err == 0) {
         PRINT_MSG("Sign with wolfprovider");
diff --git a/test/test_rsa.c b/test/test_rsa.c
@@ -19,7 +19,6 @@
  */
 
 #include "unit.h"
-#include <wolfprovider/wp_fips.h>
 #include <wolfssl/wolfcrypt/asn.h>
 
 #include <openssl/store.h>
@@ -597,9 +596,6 @@ int test_rsa_sign_sha1(void *data)
         err = RAND_bytes(buf, sizeof(buf)) == 0;
     }
 
-#ifndef REPLACE_DEFAULT
-    /* With replace default, OpenSSL inherits wolfProvider, so we can't test
-     * cross-provider behavior with SHA-1. */
     if (err == 0) {
         PRINT_MSG("Sign with OpenSSL");
         err = test_digest_sign(pkey, osslLibCtx, buf, sizeof(buf), "SHA-1",
@@ -616,7 +612,6 @@ int test_rsa_sign_sha1(void *data)
         err = test_digest_sign(pkey, wpLibCtx, buf, sizeof(buf), "SHA-1",
                               NULL, rsaSig, &rsaSigLen, 0, 0) != 1;
     }
-#endif /* REPLACE_DEFAULT */
     EVP_PKEY_free(pkey);
 
     if (rsaSig)
@@ -1262,7 +1257,6 @@ int test_rsa_pkey_invalid_key_size(void *data) {
     }
 
 #if defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)
-#ifndef REPLACE_DEFAULT
     if (err == 0) {
         PRINT_MSG("Check that signing with OpenSSL and verifying with "
             "wolfProvider using a 1024-bit key works.");
@@ -1273,7 +1267,6 @@ int test_rsa_pkey_invalid_key_size(void *data) {
         err = test_pkey_verify(pkey, wpLibCtx, buf, sizeof(buf), rsaSig,
             rsaSigLen, 0, NULL, NULL);
     }
-#endif
 #endif /* HAVE_FIPS || HAVE_FIPS_VERSION */
 
     EVP_PKEY_free(pkey);
