Unify script code

padelsbach · padelsbach · commit b11184c743a6 · 2025-11-20T12:49:08.000-08:00
diff --git a/.github/workflows/cmdline.yml b/.github/workflows/cmdline.yml
@@ -35,4 +35,5 @@ jobs:
 
       - name: Run tests
         run: |
+          source $GITHUB_WORKSPACE/scripts/env-setup
           ${{ matrix.force_fail }} ${{ matrix.debug }} ./scripts/cmd_test/do-cmd-tests.sh
diff --git a/.github/workflows/debian-package.yml b/.github/workflows/debian-package.yml
@@ -82,31 +82,11 @@ jobs:
             ${{ matrix.fips_ref == 'FIPS' && '--fips' || '' }}
 
       - name: Test OpenSSL provider functionality
+        shell: bash
         run: |
-          WOLFPROV_CONF_BACKUP="/tmp/wolfprovider.conf.backup"
-
-          # Temporarily move wolfprovider config so we can toggle between providers
-          echo "Temporarily disabling wolfprovider for default provider tests:"
-          mkdir -p /tmp/openssl-test
-          if [ -f $WOLFPROV_CONF_FILE ]; then
-            mv $WOLFPROV_CONF_FILE $WOLFPROV_CONF_BACKUP
-            echo "   - Moved $WOLFPROV_CONF_FILE to $WOLFPROV_CONF_BACKUP"
-          else
-            echo "$WOLFPROV_CONF_FILE not found!"
-            exit 1
-          fi
-
           # Run the do-cmd-test.sh script to execute interoperability tests
           echo "Running OpenSSL provider interoperability tests..."
-          OPENSSL_BIN=$(eval which openssl) ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
-
-          # Restore wolfprovider configuration
-          echo "Restoring wolfprovider configuration:"
-          if [ -f $WOLFPROV_CONF_BACKUP ]; then
-            mv $WOLFPROV_CONF_BACKUP $WOLFPROV_CONF_FILE
-            echo "   - Restored $WOLFPROV_CONF_FILE from $WOLFPROV_CONF_BACKUP"
-          fi
-
+          ${{ matrix.force_fail }} ${{ matrix.fips_ref == 'FIPS' && 'WOLFSSL_ISFIPS=1' || '' }} ./scripts/cmd_test/do-cmd-tests.sh
           echo "PASS: All provider interoperability tests successful"
 
       - name: Uninstall package and verify cleanup
diff --git a/scripts/cmd_test/cmd-test-common.sh b/scripts/cmd_test/cmd-test-common.sh
@@ -19,63 +19,15 @@
 
 # Global variables to store wolfProvider installation mode
 # Only initialize if not already set (allows parent script to export values)
-WOLFPROV_REPLACE_DEFAULT=${WOLFPROV_REPLACE_DEFAULT:-0}
-WOLFPROV_FIPS=${WOLFPROV_FIPS:-0}
-WOLFPROV_INSTALLED=${WOLFPROV_INSTALLED:-0}
 
 if [ -z "${DO_CMD_TESTS:-}" ]; then
     echo "This script is designed to be called from do-cmd-tests.sh"
     echo "Do not run this script directly - use do-cmd-tests.sh instead"
     exit 1
 fi
 
-# Function to detect wolfProvider installation mode
-detect_wolfprovider_mode() {
-    if [ -z "${REPO_ROOT:-}" ]; then
-        REPO_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../.. &> /dev/null && pwd )"
-    fi
-
-    # Get OpenSSL version and initial provider info
-    local openssl_version=$(${OPENSSL_BIN} version 2>/dev/null)
-    local openssl_providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-
-    # Detect if wolfProvider is currently active
-    if echo "$openssl_providers" | grep -qi "wolfSSL Provider"; then
-        WOLFPROV_INSTALLED=1
-        echo "Detected: wolfProvider is currently active"
-    else
-        WOLFPROV_INSTALLED=0
-        echo "Detected: wolfProvider is not currently active"
-    fi
-
-    # Detect if FIPS mode is active
-    if echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS"; then
-        WOLFPROV_FIPS=1
-        echo "Detected: wolfProvider FIPS mode"
-    else
-        WOLFPROV_FIPS=0
-        echo "Detected: wolfProvider non-FIPS mode"
-    fi
-
-    # Detect replace-default mode
-    if echo "$openssl_providers" | grep -q "default" && echo "$openssl_providers" | grep -qi "wolfSSL Provider"; then
-        WOLFPROV_REPLACE_DEFAULT=1
-        echo "Detected: wolfProvider installed in replace-default mode (provider: default)"
-    elif echo "$openssl_providers" | grep -qi "libwolfprov"; then
-        WOLFPROV_REPLACE_DEFAULT=0
-        echo "Detected: wolfProvider installed in non-replace-default mode (provider: libwolfprov)"
-    else
-        WOLFPROV_REPLACE_DEFAULT=0
-        echo "Detected: wolfProvider not in replace-default mode"
-    fi
-
-    # Print detection summary
-    echo "wolfProvider mode detection:"
-    echo "  REPLACE_DEFAULT: $WOLFPROV_REPLACE_DEFAULT"
-    echo "  FIPS: $WOLFPROV_FIPS"
-    echo "  INSTALLED: $WOLFPROV_INSTALLED"
-}
-
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}/../utils-general.sh"
 
 # Function to setup the environment for the command-line tests
 cmd_test_env_setup() {
@@ -110,99 +62,98 @@ cmd_test_init() {
     FORCE_FAIL_PASSED=0
 }
 
+
 # Function to use default provider only
 use_default_provider() {
     unset OPENSSL_MODULES
     unset OPENSSL_CONF
+    if ! declare -F detect_wolfprovider_mode >/dev/null; then
+        echo "ERROR: detect_wolfprovider_mode function not found"
+        exit 1
+    fi
+
+    detect_wolfprovider_mode
 
     # Check if wolfProvider is in replace-default mode
-    if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then
+    if [ "$is_openssl_replace_default" = "1" ]; then
         echo "INFO: wolfProvider is installed in replace-default mode"
         echo "INFO: wolfProvider IS the default provider and cannot be switched off"
 
         # Verify that wolfProvider (as default) is active
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if echo "$providers" | grep -q "default" && echo "$providers" | grep -qi "wolfSSL Provider"; then
+		if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
             echo "Using default provider (wolfProvider in replace-default mode)"
         else
-            echo "FAIL: Expected wolfProvider as default, but provider list doesn't match"
-            echo "Provider list:"
-            echo "$providers"
+            echo "FAIL: Expected wolfProvider as default, but is_wp_active: $is_wp_active and is_wp_default: $is_wp_default"
             exit 1
         fi
     else
         # In non-replace-default mode, unsetting OPENSSL_MODULES should disable wolfProvider
         echo "INFO: wolfProvider is installed in non-replace-default mode"
 
         # Verify that we are using the OpenSSL default provider (not wolfProvider)
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if echo "$providers" | grep -qi "libwolfprov"; then
+        if [ "$is_openssl_default_provider" != "1" ]; then
             echo "FAIL: unable to switch to default provider, wolfProvider is still active"
-            echo "Provider list:"
-            echo "$providers"
-            exit 1
-        fi
-
-        # Check if OpenSSL default provider is active
-        if echo "$providers" | grep -q "default" && echo "$providers" | grep -qi "OpenSSL Default Provider"; then
-            echo "Switched to default provider (OpenSSL)"
-        else
-            echo "FAIL: Expected OpenSSL Default Provider, but provider list doesn't match"
-            echo "Provider list:"
-            echo "$providers"
+            echo "is_openssl_default_provider: $is_openssl_default_provider"
             exit 1
         fi
+        echo "INFO: Switched to default provider (OpenSSL)"
     fi
 }
 
 
 # Function to use wolf provider only
 use_wolf_provider() {
+    export OPENSSL_MODULES=$WOLFPROV_PATH
+    export OPENSSL_CONF=${WOLFPROV_CONFIG}
+    if ! declare -F detect_wolfprovider_mode >/dev/null; then
+        echo "ERROR: detect_wolfprovider_mode function not found"
+        exit 1
+    fi
+    detect_wolfprovider_mode
+
     # Check if wolfProvider is in replace-default mode
-    if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then
+    if [ "$is_openssl_replace_default" = "1" ]; then
         # In replace-default mode, wolfProvider is already the default
         # No need to set OPENSSL_MODULES or OPENSSL_CONF
         echo "INFO: wolfProvider is installed in replace-default mode"
         echo "INFO: wolfProvider is already active as the default provider"
 
         # Verify that wolfProvider is active
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if echo "$providers" | grep -qi "wolfSSL Provider"; then
+		if [ "$is_wp_active" = "1" ] && [ "$is_wp_default" = "1" ]; then
             echo "Using wolfProvider (replace-default mode)"
         else
             echo "FAIL: wolfProvider is not active"
-            echo "Provider list:"
-            echo "$providers"
+            echo "is_wp_active: $is_wp_active"
+            echo "is_wp_default: $is_wp_default"
             exit 1
         fi
     else
         # In non-replace-default mode, we need to set OPENSSL_MODULES and OPENSSL_CONF
         echo "INFO: wolfProvider is installed in non-replace-default mode"
-        export OPENSSL_MODULES=$WOLFPROV_PATH
-        export OPENSSL_CONF=${WOLFPROV_CONFIG}
 
         # Verify that we are using wolfProvider
-        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
-        if ! echo "$providers" | grep -qi "wolfprov"; then
+        if [ "$is_wp_active" != "1" ]; then
             echo "FAIL: unable to switch to wolfProvider, default provider is still active"
-            echo "Provider list:"
-            echo "$providers"
-            echo "OPENSSL_MODULES: $OPENSSL_MODULES"
-            echo "OPENSSL_CONF: $OPENSSL_CONF"
+            $OPENSSL_BIN list -providers
+            echo "is_wp_active: $is_wp_active"
+            echo "is_wp_default: $is_wp_default"
             exit 1
         fi
-        echo "Switched to wolfProvider"
+        echo "INFO: Switched to wolfProvider"
     fi
 }
 
 
 # Helper function to handle force fail checks
 check_force_fail() {
-    if is_default_provider && ! is_replace_default; then
+    detect_wolfprovider_mode
+    if [ "$is_openssl_default_provider" = "1" ]; then
+        # With the OpenSSL provider, don't expect failures
         echo "OPENSSL Default provider active, no forced failures expected."
-    elif [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
+    elif [ "$WOLFPROV_FORCE_FAIL" = "1" ]; then
         echo "[PASS] Test passed when force fail was enabled"
         FORCE_FAIL_PASSED=1
+        exit 1
     fi
 }
 
diff --git a/scripts/cmd_test/do-cmd-tests.sh b/scripts/cmd_test/do-cmd-tests.sh
@@ -120,9 +120,6 @@ echo ""
 echo "Running command-line test suite..."
 echo ""
 
-# Detect installation mode and setup environment
-cmd_test_env_setup
-
 echo ""
 echo "=== Running wolfProvider Command-Line Tests ==="
 echo "Using OPENSSL_BIN: ${OPENSSL_BIN}" 
diff --git a/scripts/cmd_test/rsa-cmd-test.sh b/scripts/cmd_test/rsa-cmd-test.sh
@@ -42,19 +42,6 @@ PROVIDER_ARGS=("-provider-path $WOLFPROV_PATH -provider libwolfprov" "-provider
 
 OPENSSL_BIN=${OPENSSL_BIN:-openssl}
 
-rsa_check_force_fail() {
-    local openssl_providers=$($OPENSSL_BIN list -providers)
-    is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0)
-    if [ $is_openssl_default_provider -eq 1 ]; then
-        # With the OpenSSL provider, don't expect failures
-        echo "OPENSSL Default provider active, no forced failures expected."
-    elif [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
-        echo "[PASS] Test passed when force fail was enabled"
-        FORCE_FAIL_PASSED=1
-        exit 1
-    fi
-}
-
 # Function to validate key
 validate_key() {
     local key_type=$1
diff --git a/scripts/utils-general.sh b/scripts/utils-general.sh
@@ -24,43 +24,61 @@ if [ "$UTILS_GENERAL_LOADED" != "yes" ]; then # only set once
     }
     trap do_trap INT TERM
 
-    export UTILS_GENERAL_LOADED=yes
-fi
+    UTILS_GENERAL_LOADED=yes
 
-# Usage: check_git_match <target_ref> [<repo_dir>]
-check_git_match() {
-    local target_ref="$1"
-    local repo_dir="${2:-.}"
+    # Usage: check_git_match <target_ref> [<repo_dir>]
+    check_git_match() {
+        local target_ref="$1"
+        local repo_dir="${2:-.}"
 
-    pushd "$repo_dir" > /dev/null || return 2
+        pushd "$repo_dir" > /dev/null || return 2
 
-    local current_tag current_branch current_commit_long current_commit_short
-    current_tag=$(git describe --tags --exact-match 2>/dev/null || true)
-    current_branch=$(git symbolic-ref --short HEAD 2>/dev/null || true)
-    current_commit_long=$(git rev-parse HEAD 2>/dev/null || true)
-    current_commit_short=$(git rev-parse --short HEAD 2>/dev/null || true)
+        local current_tag current_branch current_commit_long current_commit_short
+        current_tag=$(git describe --tags --exact-match 2>/dev/null || true)
+        current_branch=$(git symbolic-ref --short HEAD 2>/dev/null || true)
+        current_commit_long=$(git rev-parse HEAD 2>/dev/null || true)
+        current_commit_short=$(git rev-parse --short HEAD 2>/dev/null || true)
 
-    if [[ -n "$current_tag" && "$target_ref" == "$current_tag" ]]; then
-        echo "match: tag ($current_tag)"
-        popd > /dev/null
-        return 0
-    elif [[ -n "$current_branch" && "$target_ref" == "$current_branch" ]]; then
-        echo "match: branch ($current_branch)"
-        popd > /dev/null
-        return 0
-    elif [[ -n "$current_commit_long" && "$target_ref" == "$current_commit_long" ]]; then
-        echo "match: commit (long $current_commit_long)"
-        popd > /dev/null
-        return 0
-    elif [[ -n "$current_commit_short" && "$target_ref" == "$current_commit_short" ]]; then
-        echo "match: commit (short $current_commit_short)"
-        popd > /dev/null
-        return 0
-    else
-        echo "no match found for $target_ref"
-        printf "Version inconsistency. Please fix ${repo_dir}\n"
-        printf "(expected: ${target_ref}, got: ${current_tag} ${current_branch} ${current_commit_long} ${current_commit_short})\n"
-        popd > /dev/null
-        exit 1
-    fi
-}
+        if [[ -n "$current_tag" && "$target_ref" == "$current_tag" ]]; then
+            echo "match: tag ($current_tag)"
+            popd > /dev/null
+            return 0
+        elif [[ -n "$current_branch" && "$target_ref" == "$current_branch" ]]; then
+            echo "match: branch ($current_branch)"
+            popd > /dev/null
+            return 0
+        elif [[ -n "$current_commit_long" && "$target_ref" == "$current_commit_long" ]]; then
+            echo "match: commit (long $current_commit_long)"
+            popd > /dev/null
+            return 0
+        elif [[ -n "$current_commit_short" && "$target_ref" == "$current_commit_short" ]]; then
+            echo "match: commit (short $current_commit_short)"
+            popd > /dev/null
+            return 0
+        else
+            echo "no match found for $target_ref"
+            printf "Version inconsistency. Please fix ${repo_dir}\n"
+            printf "(expected: ${target_ref}, got: ${current_tag} ${current_branch} ${current_commit_long} ${current_commit_short})\n"
+            popd > /dev/null
+            exit 1
+        fi
+    }
+
+    export is_openssl_replace_default=${is_openssl_replace_default:-0}
+    export is_openssl_default_provider=${is_openssl_default_provider:-0}
+    export is_wp_active=${is_wp_active:-0}
+    export is_wp_default=${is_wp_default:-0}
+    export is_wp_fips=${is_wp_fips:-0}
+
+    # Function to detect wolfProvider installation mode
+    detect_wolfprovider_mode() {
+        local openssl_version=$(${OPENSSL_BIN} version 2>/dev/null)
+        local openssl_providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+
+        is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "wolfProvider-replace-default" && echo 1 || echo 0)
+        is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0)
+        is_wp_active=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider" && echo 1 || echo 0)
+        is_wp_default=$(echo "$openssl_providers" | grep -q -Pzo 'Providers:\s*\n\s*default\s*\n\s*name:\s*wolfSSL Provider' && echo 1 || echo 0)
+        is_wp_fips=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS" && echo 1 || echo 0)
+    }
+fi
diff --git a/scripts/verify-install.sh b/scripts/verify-install.sh
@@ -73,9 +73,8 @@ if ! command -v $OPENSSL_BIN >/dev/null 2>&1; then
     handle_error "$OPENSSL_BIN not found"
 fi
 
-openssl_version=$($OPENSSL_BIN version 2> /dev/null)
-openssl_providers=$($OPENSSL_BIN list -providers 2> /dev/null)
-dpkg_output=$(dpkg -l 2> /dev/null | grep wolf)
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
+source "${SCRIPT_DIR}/utils-general.sh"
 
 handle_error() {
     local message="$1"
@@ -200,13 +199,8 @@ verify_wolfprovider() {
     local replace_default="$2"
     local no_wp="$3"
 
-    is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "wolfProvider-replace-default" && echo 1 || echo 0)
-    is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0)
-
-    is_wp_active=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider" && echo 1 || echo 0)
-    is_wp_default=$(echo "$openssl_providers" | grep -q -Pzo 'Providers:\s*\n\s*default\s*\n\s*name:\s*wolfSSL Provider' && echo 1 || echo 0)
-    is_wp_fips=$(echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS" && echo 1 || echo 0)
-
+    detect_wolfprovider_mode
+    dpkg_output=$(dpkg -l 2> /dev/null | grep wolf)
     is_wolfssl_installed=$(echo "$dpkg_output" | grep -Eq '^ii\s+libwolfssl\s' && echo 1 || echo 0)
     is_wolfssl_fips=$(echo "$dpkg_output" | grep -E '^ii\s+libwolfssl\s' | grep -qi "fips" && echo 1 || echo 0)
 
