wolfSSL
diff --git a/‎scripts/cmd_test/aes-cmd-test.sh‎
Lines changed: 4 additions & 6 deletions b/‎scripts/cmd_test/aes-cmd-test.sh‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎scripts/cmd_test/cmd-test-common.sh‎
Lines changed: 148 additions & 31 deletions b/‎scripts/cmd_test/cmd-test-common.sh‎
Lines changed: 148 additions & 31 deletions
@@ -2,6 +2,9 @@
 # aes-cmd-test.sh
 # AES encryption test for wolfProvider
 #
+# NOTE: This script is designed to be called from do-cmd-tests.sh
+# Do not run this script directly - use do-cmd-tests.sh instead
+#
 # Copyright (C) 2006-2025 wolfSSL Inc.
 #
 # This file is part of wolfProvider.
@@ -22,12 +25,9 @@
 SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
 source "${SCRIPT_DIR}/cmd-test-common.sh"
 source "${SCRIPT_DIR}/clean-cmd-test.sh"
-cmd_test_env_setup "aes-test.log"
+cmd_test_init "aes-test.log"
 clean_cmd_test "aes"
 
-# Redirect all output to log file
-exec > >(tee -a "$LOG_FILE") 2>&1
-
 # Create test data and output directories
 mkdir -p aes_outputs
 echo "This is test data for AES encryption testing." > aes_outputs/test_data.txt
@@ -42,8 +42,6 @@ else
     MODES=("ecb" "cbc" "ctr" "cfb")
 fi
 
-echo "=== Running AES Algorithm Comparisons ==="
-
 # Run tests for each key size and mode
 for key_size in "${KEY_SIZES[@]}"; do
     for mode in "${MODES[@]}"; do
 
@@ -17,63 +17,179 @@
 # You should have received a copy of the GNU General Public License
 # along with wolfProvider. If not, see <http://www.gnu.org/licenses/>.
 
+# Global variables to store wolfProvider installation mode
+# Only initialize if not already set (allows parent script to export values)
+WOLFPROV_REPLACE_DEFAULT=${WOLFPROV_REPLACE_DEFAULT:-0}
+WOLFPROV_FIPS=${WOLFPROV_FIPS:-0}
+WOLFPROV_INSTALLED=${WOLFPROV_INSTALLED:-0}
+
+# Function to detect wolfProvider installation mode
+detect_wolfprovider_mode() {
+    if [ -z "${REPO_ROOT:-}" ]; then
+        REPO_ROOT="$( cd "$( dirname "${BASH_SOURCE[0]}" )"/../.. &> /dev/null && pwd )"
+    fi
+
+    # Get OpenSSL version and initial provider info
+    local openssl_version=$(${OPENSSL_BIN} version 2>/dev/null)
+    local openssl_providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+
+    # Detect if wolfProvider is currently active
+    if echo "$openssl_providers" | grep -qi "wolfSSL Provider"; then
+        WOLFPROV_INSTALLED=1
+        echo "Detected: wolfProvider is currently active"
+    else
+        WOLFPROV_INSTALLED=0
+        echo "Detected: wolfProvider is not currently active"
+    fi
+
+    # Detect if FIPS mode is active
+    if echo "$openssl_providers" | grep -qi "wolfSSL Provider FIPS"; then
+        WOLFPROV_FIPS=1
+        echo "Detected: wolfProvider FIPS mode"
+    else
+        WOLFPROV_FIPS=0
+        echo "Detected: wolfProvider non-FIPS mode"
+    fi
+
+    # Detect replace-default mode
+    if echo "$openssl_providers" | grep -q "default" && echo "$openssl_providers" | grep -qi "wolfSSL Provider"; then
+        WOLFPROV_REPLACE_DEFAULT=1
+        echo "Detected: wolfProvider installed in replace-default mode (provider: default)"
+    elif echo "$openssl_providers" | grep -qi "libwolfprov"; then
+        WOLFPROV_REPLACE_DEFAULT=0
+        echo "Detected: wolfProvider installed in non-replace-default mode (provider: libwolfprov)"
+    else
+        WOLFPROV_REPLACE_DEFAULT=0
+        echo "Detected: wolfProvider not in replace-default mode"
+    fi
+
+    # Print detection summary
+    echo "wolfProvider mode detection:"
+    echo "  REPLACE_DEFAULT: $WOLFPROV_REPLACE_DEFAULT"
+    echo "  FIPS: $WOLFPROV_FIPS"
+    echo "  INSTALLED: $WOLFPROV_INSTALLED"
+}
+
+
+# Function to setup the environment for the command-line tests
 cmd_test_env_setup() {
+    # OPENSSL_BIN must be set by the caller
+    if [ -z "${OPENSSL_BIN:-}" ]; then
+        echo "Error: OPENSSL_BIN environment variable is not set"
+        exit 1
+    fi
+
+    # Detect wolfProvider installation mode (only if not already detected)
+    if [ -z "${WOLFPROV_MODE_DETECTED:-}" ]; then
+        detect_wolfprovider_mode
+        export WOLFPROV_MODE_DETECTED=1
+    fi
+}
+
+
+# Individual test setup (called by each test script)
+cmd_test_init() {
     local log_file_name=$1
     SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )"
-    # Set up environment
+
+    # Set up log file
     export LOG_FILE="${SCRIPT_DIR}/${log_file_name}"
     touch "$LOG_FILE"
 
-    # OPENSSL_BIN must be set by the caller
-    if [ -z "${OPENSSL_BIN:-}" ]; then
-        echo "Error: OPENSSL_BIN environment variable is not set" | tee -a "$LOG_FILE"
-        exit 1
-    fi
+    # Redirect all output to log file
+    exec > >(tee -a "$LOG_FILE") 2>&1
 
     # Fail flags
     FAIL=0
     FORCE_FAIL_PASSED=0
-
-    # Get the force fail parameter
-    if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
-        echo "Force fail mode enabled"
-    fi
-    if [ "${WOLFSSL_ISFIPS}" = "1" ]; then
-        echo "FIPS mode enabled"
-    fi
-
-    # Print environment for verification
-    echo "Environment variables:"
-    echo "OPENSSL_MODULES: ${OPENSSL_MODULES}"
-    echo "OPENSSL_BIN: ${OPENSSL_BIN}"
 }
 
 # Function to use default provider only
 use_default_provider() {
     unset OPENSSL_MODULES
     unset OPENSSL_CONF
 
-    # Verify that we are using the default provider
-    if ${OPENSSL_BIN} list -providers | grep -q "wolfprov"; then
-        echo "FAIL: unable to switch to default provider, wolfProvider is still active"
-        exit 1
+    # Check if wolfProvider is in replace-default mode
+    if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then
+        echo "INFO: wolfProvider is installed in replace-default mode"
+        echo "INFO: wolfProvider IS the default provider and cannot be switched off"
+
+        # Verify that wolfProvider (as default) is active
+        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+        if echo "$providers" | grep -q "default" && echo "$providers" | grep -qi "wolfSSL Provider"; then
+            echo "Using default provider (wolfProvider in replace-default mode)"
+        else
+            echo "FAIL: Expected wolfProvider as default, but provider list doesn't match"
+            echo "Provider list:"
+            echo "$providers"
+            exit 1
+        fi
+    else
+        # In non-replace-default mode, unsetting OPENSSL_MODULES should disable wolfProvider
+        echo "INFO: wolfProvider is installed in non-replace-default mode"
+
+        # Verify that we are using the OpenSSL default provider (not wolfProvider)
+        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+        if echo "$providers" | grep -qi "libwolfprov"; then
+            echo "FAIL: unable to switch to default provider, wolfProvider is still active"
+            echo "Provider list:"
+            echo "$providers"
+            exit 1
+        fi
+
+        # Check if OpenSSL default provider is active
+        if echo "$providers" | grep -q "default" && echo "$providers" | grep -qi "OpenSSL Default Provider"; then
+            echo "Switched to default provider (OpenSSL)"
+        else
+            echo "FAIL: Expected OpenSSL Default Provider, but provider list doesn't match"
+            echo "Provider list:"
+            echo "$providers"
+            exit 1
+        fi
     fi
-    echo "Switched to default provider"
 }
 
+
 # Function to use wolf provider only
 use_wolf_provider() {
-    export OPENSSL_MODULES=$WOLFPROV_PATH
-    export OPENSSL_CONF=${WOLFPROV_CONFIG}
+    # Check if wolfProvider is in replace-default mode
+    if [ "$WOLFPROV_REPLACE_DEFAULT" = "1" ]; then
+        # In replace-default mode, wolfProvider is already the default
+        # No need to set OPENSSL_MODULES or OPENSSL_CONF
+        echo "INFO: wolfProvider is installed in replace-default mode"
+        echo "INFO: wolfProvider is already active as the default provider"
 
-    # Verify that we are using wolfProvider
-    if ! ${OPENSSL_BIN} list -providers | grep -q "wolfprov"; then
-        echo "FAIL: unable to switch to wolfProvider, default provider is still active"
-        exit 1
+        # Verify that wolfProvider is active
+        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+        if echo "$providers" | grep -qi "wolfSSL Provider"; then
+            echo "Using wolfProvider (replace-default mode)"
+        else
+            echo "FAIL: wolfProvider is not active"
+            echo "Provider list:"
+            echo "$providers"
+            exit 1
+        fi
+    else
+        # In non-replace-default mode, we need to set OPENSSL_MODULES and OPENSSL_CONF
+        echo "INFO: wolfProvider is installed in non-replace-default mode"
+        export OPENSSL_MODULES=$WOLFPROV_PATH
+        export OPENSSL_CONF=${WOLFPROV_CONFIG}
+
+        # Verify that we are using wolfProvider
+        local providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
+        if ! echo "$providers" | grep -qi "wolfprov"; then
+            echo "FAIL: unable to switch to wolfProvider, default provider is still active"
+            echo "Provider list:"
+            echo "$providers"
+            echo "OPENSSL_MODULES: $OPENSSL_MODULES"
+            echo "OPENSSL_CONF: $OPENSSL_CONF"
+            exit 1
+        fi
+        echo "Switched to wolfProvider"
     fi
-    echo "Switched to wolfProvider"
 }
 
+
 # Helper function to handle force fail checks
 check_force_fail() {
     if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
@@ -82,6 +198,7 @@ check_force_fail() {
     fi
 }
 
+
 # Helper function to get provider name from provider arguments
 get_provider_name() {
     local provider_args=$1