wolfSSL · ColtonWilley · Aug 6, 2025 · Aug 5, 2025
diff --git a/.github/workflows/simple.yml b/.github/workflows/simple.yml
@@ -13,25 +13,39 @@ concurrency:
 # END OF COMMON SECTION
 
 jobs:
+  build_wolfprovider:
+    uses: ./.github/workflows/build-wolfprovider.yml
+    with:
+      wolfssl_ref: ${{ matrix.wolfssl_ref }}
+      openssl_ref: ${{ matrix.openssl_ref }}
+    strategy:
+      matrix:
+        wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+        openssl_ref: [ 'master', 'openssl-3.5.0' ]
+        debug: ['WOLFPROV_DEBUG=1', '']
+
   simple_test:
     name: Simple Test
     runs-on: ubuntu-22.04
+    needs: build_wolfprovider
     timeout-minutes: 20
     strategy:
       matrix:
-        openssl_ref: [ 'master', 'openssl-3.5.0' ]
         wolfssl_ref: [ 'master', 'v5.8.0-stable' ]
+        openssl_ref: [ 'master', 'openssl-3.5.0' ]
         force_fail: ['WOLFPROV_FORCE_FAIL=1', '']
-        debug: ['WOLFPROV_DEBUG=1', '']
     steps:
       - name: Checkout wolfProvider
         uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
 
-      # Check if this version of wolfssl/wolfprovider has already been built,
-      # mark to cache these items on post if we do end up building
-      - name: Checking wolfSSL/wolfProvider in cache
-        uses: actions/cache@v4
-        id: wolfprov-cache
+      - name: Retrieving wolfProvider from cache
+        # Debug builds are not currently supported by build-wolfprovider.yml
+        # so those are manually built as a separate step.
+        if: ${{ matrix.debug == '' }}
+        uses: actions/cache/restore@v4
+        id: wolfprov-cache-restore
         with:
           path: |
             wolfssl-install
@@ -41,21 +55,16 @@ jobs:
             openssl-install/bin
 
           key: wolfprov-${{ matrix.wolfssl_ref }}-${{ matrix.openssl_ref }}-${{ github.sha }}
-          lookup-only: true
+          fail-on-cache-miss: true
 
-      # If not yet built this version, build it now
       - name: Build wolfProvider
-        if: steps.wolfprov-${{ matrix.wolfssl_ref }}-cache.hit != 'true'
+        if: ${{ matrix.debug != '' }}
         run: |
-          ${{ matrix.debug }} OPENSSL_TAG=${{ matrix.openssl_ref }} WOLFSSL_TAG=${{ matrix.wolfssl_ref }} ./scripts/build-wolfprovider.sh
+          ${{ matrix.debug }} \
+            OPENSSL_TAG=${{ matrix.openssl_ref }} \
+            WOLFSSL_TAG=${{ matrix.wolfssl_ref }} \
+            ./scripts/build-wolfprovider.sh
 
       - name: Run simple tests
         run: |
-          ${{ matrix.force_fail }} ${{ matrix.debug }} ./scripts/cmd_test/do-cmd-tests.sh
-
-      - name: Print test logs
-        if: always()
-        run: |
-          if [ -f test-suite.log ] ; then
-            cat test-suite.log
-          fi
+          ${{ matrix.force_fail }} ./scripts/cmd_test/do-cmd-tests.sh
diff --git a/scripts/cmd_test/aes-cmd-test.sh b/scripts/cmd_test/aes-cmd-test.sh
@@ -19,63 +19,14 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
-# Set up environment
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-REPO_ROOT="$( cd "${SCRIPT_DIR}/../.." &> /dev/null && pwd )"
-UTILS_DIR="${REPO_ROOT}/scripts"
-export LOG_FILE="${SCRIPT_DIR}/aes-test.log"
-touch "$LOG_FILE"
-
-# Source wolfProvider utilities
-source "${UTILS_DIR}/utils-general.sh"
-source "${UTILS_DIR}/utils-openssl.sh"
-source "${UTILS_DIR}/utils-wolfssl.sh"
-source "${UTILS_DIR}/utils-wolfprovider.sh"
-
-# Initialize wolfProvider
-init_wolfprov
-
-# Fail flags
-FAIL=0
-FORCE_FAIL_PASSED=0
-
-# Check environment variables directly
-if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
-    echo "Force fail mode enabled for AES tests"
-fi
-if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
-    echo "FIPS mode enabled for AES tests"
-fi
-
-# Verify wolfProvider is properly loaded
-echo -e "\nVerifying wolfProvider configuration:"
-if ! $OPENSSL_BIN list -providers | grep -q "wolf"; then
-    echo "[FAIL] wolfProvider not found in OpenSSL providers!"
-    echo "Current provider list:"
-    $OPENSSL_BIN list -providers
-    FAIL=1
-else
-    echo "wolfProvider is properly configured"
-fi
-
-# Print environment for verification
-echo "Environment variables:"
-echo "OPENSSL_MODULES: ${OPENSSL_MODULES}"
-echo "LD_LIBRARY_PATH: ${LD_LIBRARY_PATH}"
-echo "OPENSSL_BIN: ${OPENSSL_BIN}"
+source "${SCRIPT_DIR}/cmd-test-common.sh"
+cmd_test_env_setup "aes-test.log"
 
 # Create test data and output directories
 mkdir -p aes_outputs
 echo "This is test data for AES encryption testing." > test.txt
 
-# Helper function to handle force fail checks
-check_force_fail() {
-    if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
-        echo "[PASS] Test passed when force fail was enabled"
-        FORCE_FAIL_PASSED=1
-    fi
-}
-
 # Arrays for test configurations
 KEY_SIZES=("128" "192" "256")
 # Only include modes supported by wolfProvider

diff --git a/scripts/cmd_test/clean-cmd-test.sh b/scripts/cmd_test/clean-cmd-test.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
+
+# Clean up command test artifacts
+rm -rf ./scripts/cmd_test/*.log
+rm -rf ./aes_outputs
+rm -rf ./ecc_outputs
+rm -rf ./hash_outputs
+rm -rf ./rsa_outputs
+rm -rf ./test.txt
diff --git a/scripts/cmd_test/cmd-test-common.sh b/scripts/cmd_test/cmd-test-common.sh
@@ -0,0 +1,83 @@
+#!/bin/bash
+#
+# Copyright (C) 2006-2025 wolfSSL Inc.
+#
+# This file is part of wolfProvider.
+#
+# wolfProvider is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# wolfProvider is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
+
+cmd_test_env_setup() {
+    local log_file_name=$1
+    SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+    # Set up environment
+    export LOG_FILE="${SCRIPT_DIR}/${log_file_name}"
+    touch "$LOG_FILE"
+
+    # OPENSSL_BIN must be set by the caller
+    if [ -z "${OPENSSL_BIN:-}" ]; then
+        echo "Error: OPENSSL_BIN environment variable is not set" | tee -a "$LOG_FILE"
+        exit 1
+    fi
+
+    # Fail flags
+    FAIL=0
+    FORCE_FAIL_PASSED=0
+
+    # Get the force fail parameter
+    if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+        echo "Force fail mode enabled"
+    fi
+    if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
+        echo "FIPS mode enabled"
+    fi
+
+    # Print environment for verification
+    echo "Environment variables:"
+    echo "OPENSSL_MODULES: ${OPENSSL_MODULES}"
+    echo "OPENSSL_BIN: ${OPENSSL_BIN}"
+}
+
+# Function to use default provider only
+use_default_provider() {
+    unset OPENSSL_MODULES
+    unset OPENSSL_CONF
+
+    # Verify that we are using the default provider
+    if ${OPENSSL_BIN} list -providers | grep -q "wolfprov"; then
+        echo "FAIL: unable to switch to default provider, wolfProvider is still active"
+        exit 1
+    fi
+    echo "Switched to default provider"
+}
+
+# Function to use wolf provider only
+use_wolf_provider() {
+    export OPENSSL_MODULES=$WOLFPROV_PATH
+    export OPENSSL_CONF=${WOLFPROV_CONFIG}
+
+    # Verify that we are using wolfProvider
+    if ! ${OPENSSL_BIN} list -providers | grep -q "wolfprov"; then
+        echo "FAIL: unable to switch to wolfProvider, default provider is still active"
+        exit 1
+    fi
+    echo "Switched to wolfProvider"
+}
+
+# Helper function to handle force fail checks
+check_force_fail() {
+    if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+        echo "[PASS] Test passed when force fail was enabled"
+        FORCE_FAIL_PASSED=1
+    fi
+}
diff --git a/scripts/cmd_test/do-cmd-tests.sh b/scripts/cmd_test/do-cmd-tests.sh
@@ -19,42 +19,50 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
-# Get the force fail parameter
-if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
-    echo "Force fail mode enabled for all tests"
-fi
-if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
-    echo "FIPS mode enabled for all tests"
-fi
-
 # Get the directory where this script is located
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 REPO_ROOT="$( cd "${SCRIPT_DIR}/../.." &> /dev/null && pwd )"
 UTILS_DIR="${REPO_ROOT}/scripts"
 
-# Get the built versions
-if [ -d "${REPO_ROOT}/openssl-source" ] && [ -d "${REPO_ROOT}/wolfssl-source" ]; then
-    # Get the actual versions that were built
-    export OPENSSL_TAG=$(cd ${REPO_ROOT}/openssl-source &&
-        (git describe --tags 2>/dev/null || git branch --show-current))
-    export WOLFSSL_TAG=$(cd ${REPO_ROOT}/wolfssl-source &&
-        (git describe --tags 2>/dev/null || git branch --show-current))
-else
-    echo "[FAIL] OpenSSL or wolfSSL source directories not found"
-    echo "Please run build-wolfprovider.sh first"
-    exit 1
-fi
+source "${SCRIPT_DIR}/cmd-test-common.sh"
 
-# Use the current version tags for testing
-export USE_CUR_TAG=1
+# If OPENSSL_BIN is not set, assume we are using a local build
+if [ -z "${OPENSSL_BIN:-}" ]; then
+    # Check if the install directories exist
+    if [ ! -d "${REPO_ROOT}/openssl-install" ] || 
+       [ ! -d "${REPO_ROOT}/wolfssl-install" ]; then
+        echo "[FAIL] OpenSSL or wolfSSL install directories not found"
+        echo "Please set OPENSSL_BIN or run build-wolfprovider.sh first"
+        exit 1
+    fi
 
-# Source OpenSSL utilities and initialize OpenSSL
-source "${UTILS_DIR}/utils-openssl.sh"
-init_openssl
+    # Setup the environment for a local build
+    source "${REPO_ROOT}/scripts/env-setup"
+else
+    # We are using a user-provided OpenSSL binary, manually set the test
+    # environment variables rather than using env-setup.
+    # Find the location of the wolfProvider modules
+    if [ -z "${WOLFPROV_PATH:-}" ]; then
+        export WOLFPROV_PATH=$(find /usr/lib /usr/local/lib -type d -name ossl-modules 2>/dev/null | head -n 1)
+    fi
+    # Set the path to the wolfProvider config file
+    if [ -z "${WOLFPROV_CONFIG:-}" ]; then
+        if [ "${WOLFSSL_ISFIPS:-0}" = "1" ]; then
+            export WOLFPROV_CONFIG="${REPO_ROOT}/provider-fips.conf"
+        else
+            export WOLFPROV_CONFIG="${REPO_ROOT}/provider.conf"
+        fi  
+    fi
+fi
 
 echo "=== Running wolfProvider Command-Line Tests ==="
-echo "Using OpenSSL version: ${OPENSSL_TAG}"
-echo "Using wolfSSL version: ${WOLFSSL_TAG}"
+echo "Using OPENSSL_BIN: ${OPENSSL_BIN}" 
+echo "Using WOLFPROV_PATH: ${WOLFPROV_PATH}"
+echo "Using WOLFPROV_CONFIG: ${WOLFPROV_CONFIG}"
+
+# Ensure we can switch providers before proceeding
+use_default_provider
+use_wolf_provider
 
 # Run the hash comparison test
 echo -e "\n=== Running Hash Comparison Test ==="