Merge branch 'master' into wp-debian-standalone-no-install

Author: aidangarske

.github/workflows/cmdline.yml

@@ -35,4 +35,5 @@ jobs:
 
       - name: Run tests
         run: |
+          source scripts/env-setup
           ${{ matrix.force_fail }} ${{ matrix.debug }} ./scripts/cmd_test/do-cmd-tests.sh

.github/workflows/debian-package.yml

@@ -99,31 +99,11 @@ jobs:
             ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
 
       - name: Test OpenSSL provider functionality
+        shell: bash
         run: |
-          WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
-
-          # Temporarily move wolfprovider config so we can toggle between providers
-          echo "Temporarily disabling wolfprovider for default provider tests:"
-          mkdir -p /tmp/openssl-test
-          if [ -f $WOLFPROV_CONF_FILE ]; then
-            mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP
-            echo "   - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP"
-          else
-            echo "$WOLFPROV_CONF_FILE not found!"
-            exit 1
-          fi
-
           # Run the do-cmd-test.sh script to execute interoperability tests
           echo "Running OpenSSL provider interoperability tests..."
-          OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
-
-          # Restore wolfprovider configuration
-          echo "Restoring wolfprovider configuration:"
-          if [ -f $WOLFPROV_CONF_BACKUP ]; then
-            mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE
-            echo "   - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP"
-          fi
-
+          OPENSSL_BIN=$(eval which openssl) ${{ matrix.replace_default && 'WOLFPROV_REPLACE_DEFAULT=1' || '' }} ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
           echo "PASS: All provider interoperability tests successful"
 
       - name: Uninstall package and verify cleanup

.github/workflows/fips-ready.yml

@@ -57,5 +57,6 @@ jobs:
           # Run cmd tests to verify functionality
           export WOLFSSL_ISFIPS=1
           export ${{matrix.force_fail}}
+          source scripts/env-setup
 
           ${{ matrix.force_fail }} ./scripts/cmd_test/do-cmd-tests.sh

.gitignore

@@ -84,8 +84,12 @@ test/**/*.trs
 test/**/*.o
 test/**/.deps/
 test/**/.dirstamp
+aes_outputs
+ecc_outputs
+hash_outputs
 req_outputs
-scripts/cmd_test/req-test.log
+rsa_outputs
+scripts/cmd_test/*.log
 
 IDE/Android/android-ndk-r26b/
 IDE/Android/openssl-source/

configure.ac

@@ -124,12 +124,24 @@ AS_IF([ test "x$ENABLED_SINGLETHREADED" = "xno" ],[
       ])
 
 # Replace default provider
+# Check if -DWOLFPROV_REPLACE_DEFAULT is in CFLAGS/CPPFLAGS first (for Yocto/CFLAGS usage)
+ENABLED_REPLACE_DEFAULT=no
+case " $CFLAGS $CPPFLAGS " in
+    *" -DWOLFPROV_REPLACE_DEFAULT "*|*" -DWOLFPROV_REPLACE_DEFAULT="*)
+        ENABLED_REPLACE_DEFAULT=yes
+        ;;
+esac
+
 AC_ARG_ENABLE([replace-default],
-    [AS_HELP_STRING([--enable-replace-default],[Build real libdefault.so from wp_default_replace.c (default: disabled).])],
+    [AS_HELP_STRING([--enable-replace-default],[Build real libdefault.so from wp_default_replace.c (default: disabled). Can also be enabled via -DWOLFPROV_REPLACE_DEFAULT in CFLAGS.])],
     [ ENABLED_REPLACE_DEFAULT=$enableval ],
-    [ ENABLED_REPLACE_DEFAULT=no ]
+    [ ]
     )
 
+if test "x$ENABLED_REPLACE_DEFAULT" = "xyes"; then
+    AM_CFLAGS="$AM_CFLAGS -DWOLFPROV_REPLACE_DEFAULT"
+fi
+
 AM_CONDITIONAL([BUILD_REPLACE_DEFAULT], [test "x$ENABLED_REPLACE_DEFAULT" = "xyes"])
 
 # Set OpenSSL lib directory for installing libdefault.so

scripts/cmd_test/aes-cmd-test.sh

@@ -19,14 +19,18 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
-SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-source "${SCRIPT_DIR}/cmd-test-common.sh"
-source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "aes-test.log"
-clean_cmd_test "aes"
+CMD_TEST_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${CMD_TEST_DIR}/cmd-test-common.sh"
+source "${CMD_TEST_DIR}/clean-cmd-test.sh"
 
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+    echo "This script is designed to be called from do-cmd-tests.sh"
+    echo "Do not run this script directly - use do-cmd-tests.sh instead"
+    exit 1
+fi
+
+cmd_test_init "aes-test.log"
+clean_cmd_test "aes"
 
 # Create test data and output directories
 mkdir -p aes_outputs
@@ -42,8 +46,6 @@ else
     MODES=("ecb" "cbc" "ctr" "cfb")
 fi
 
-echo "=== Running AES Algorithm Comparisons ==="
-
 # Run tests for each key size and mode
 for key_size in "${KEY_SIZES[@]}"; do
     for mode in "${MODES[@]}"; do
@@ -67,14 +69,16 @@ for key_size in "${KEY_SIZES[@]}"; do
         echo "Interop testing (encrypt with default, decrypt with wolfProvider):"
 
         # Encryption with OpenSSL default provider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+        use_default_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in aes_outputs/test_data.txt -out "$enc_file" -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL encrypt failed"
             FAIL=1
         fi
 
         # Decryption with wolfProvider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+        use_wolf_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in "$enc_file" -out "$dec_file" -d -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider decrypt failed"
             FAIL=1
@@ -96,14 +100,16 @@ for key_size in "${KEY_SIZES[@]}"; do
         echo "Interop testing (encrypt with wolfProvider, decrypt with default):"
 
         # Encryption with wolfProvider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider-path "$WOLFPROV_PATH" -provider libwolfprov \
+        use_wolf_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in aes_outputs/test_data.txt -out "$enc_file" -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: wolfProvider encrypt failed"
             FAIL=1
         fi
 
         # Decryption with OpenSSL default provider
-        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv -provider default \
+        use_default_provider
+        if ! $OPENSSL_BIN enc -aes-${key_size}-${mode} -K "$key" $iv \
             -in "$enc_file" -out "$dec_file" -d -p; then
             echo "[FAIL] Interop AES-${key_size}-${mode}: OpenSSL decrypt failed"
             FAIL=1

scripts/cmd_test/clean-cmd-test.sh

@@ -17,6 +17,12 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
+if [ -z "${DO_CMD_TESTS:-}" ]; then
+    echo "This script is designed to be called from do-cmd-tests.sh"
+    echo "Do not run this script directly - use do-cmd-tests.sh instead"
+    exit 1
+fi
+
 # Function to clean up specific command test artifacts
 clean_cmd_test() {
     local test_type=$1