Fix RD detection when running cmdline tests

scripts/cmd_test/cmd-test-common.sh

@@ -95,15 +95,30 @@ use_default_provider() {
             unset OPENSSL_CONF
             unset OPENSSL_MODULES
         fi
-        
+
         # Re-detect after disabling
         detect_wolfprovider_mode
 
         # Verify that we are using the OpenSSL default provider (not wolfProvider)
         if [ "$is_openssl_default_provider" != "1" ]; then
-            echo "FAIL: unable to switch to default provider, wolfProvider is still active"
-            echo "is_openssl_default_provider: $is_openssl_default_provider"
-            exit 1
+            # If we can't switch, this indicates replace-default mode
+            # Check if wolfProvider is still active - if so, we're in replace-default mode
+            if [ "$is_wp_active" = "1" ]; then
+                echo "INFO: Cannot switch to OpenSSL default provider - detected replace-default mode"
+                echo "INFO: Setting is_openssl_replace_default=1 for remaining tests"
+                is_openssl_replace_default=1
+                is_wp_default=1
+                export is_openssl_replace_default
+                export is_wp_default
+                # Also set the environment variable for child processes
+                export WOLFPROV_REPLACE_DEFAULT=1
+                return 0  # Return success - this is expected in replace-default mode
+            else
+                echo "FAIL: unable to switch to default provider, and wolfProvider is not active"
+                echo "is_openssl_default_provider: $is_openssl_default_provider"
+                echo "is_wp_active: $is_wp_active"
+                exit 1
+            fi
         fi
         echo "INFO: Switched to OpenSSL default provider"
         return 0
@@ -240,3 +255,12 @@ use_provider_by_name() {
         use_default_provider
     fi
 }
+
+# Check if we can perform provider comparison tests
+# Returns 0 if comparison possible (normal mode), 1 if replace-default mode (no comparison)
+can_compare_providers() {
+    if [ "$is_openssl_replace_default" = "1" ] || [ "${WOLFPROV_REPLACE_DEFAULT:-0}" = "1" ]; then
+        return 1  # Cannot compare - replace-default mode
+    fi
+    return 0  # Can compare - normal mode
+}

scripts/cmd_test/do-cmd-tests.sh

@@ -129,14 +129,39 @@ if [ "${WOLFPROV_FORCE_FAIL}" = "1" ]; then
     echo "Force-fail mode: ENABLED"
 fi
 
+# Detect mode first
+detect_wolfprovider_mode
+
+# Display mode information
+echo ""
+echo "Detected configuration:"
+echo "  is_openssl_replace_default: $is_openssl_replace_default"
+echo "  is_wp_active: $is_wp_active"
+echo "  is_wp_default: $is_wp_default"
+echo "  is_openssl_default_provider: $is_openssl_default_provider"
+echo ""
+
+if [ "$is_openssl_replace_default" = "1" ] || [ "${WOLFPROV_REPLACE_DEFAULT:-0}" = "1" ]; then
+    echo "INFO: Running in replace-default mode"
+    echo "INFO: Tests will run with wolfProvider only (no provider switching)"
+    # Just verify wolfProvider is active
+    use_wolf_provider
+else
+    echo "INFO: Running in normal mode"
+    echo "INFO: Tests will compare OpenSSL default vs wolfProvider"
+    # Ensure we can switch providers before proceeding
+    use_default_provider
+    use_wolf_provider
+fi
+
 # Export detection variables for child scripts
+export is_openssl_replace_default
+export is_wp_active
+export is_wp_default
+export is_openssl_default_provider
 export WOLFPROV_REPLACE_DEFAULT
 export WOLFPROV_FIPS
 
-# Ensure we can switch providers before proceeding
-use_default_provider
-use_wolf_provider
-
 # Initialize result variables
 HASH_RESULT=0
 AES_RESULT=0

scripts/cmd_test/hash-cmd-test.sh

@@ -90,15 +90,15 @@ compare_hashes() {
 # Run tests for each hash algorithm
 for algo in "${HASH_ALGOS[@]}"; do
     echo -e "\n=== Testing ${algo^^} ==="
-    
+
     # Test with OpenSSL default provider
     use_default_provider
     run_hash_test $algo "hash_outputs/openssl_${algo}.txt"
-    
+
     # Test with wolfProvider
     use_wolf_provider
     run_hash_test $algo "hash_outputs/wolf_${algo}.txt"
-    
+
     # Compare results
     compare_hashes $algo
 done

scripts/utils-general.sh

@@ -75,13 +75,15 @@ if [ "$UTILS_GENERAL_LOADED" != "yes" ]; then # only set once
         local openssl_version=$(${OPENSSL_BIN} version 2>/dev/null)
         local openssl_providers=$(${OPENSSL_BIN} list -providers 2>/dev/null)
 
-        # Check for "replace-default" in version string OR environment variable
+        # Method 1: Check for "replace-default" in version string
         is_openssl_replace_default=$(echo "$openssl_version" | grep -qi "replace-default" && echo 1 || echo 0)
+
+        # Method 2: Check environment variable
         if [ "$is_openssl_replace_default" = "0" ] && [ "${WOLFPROV_REPLACE_DEFAULT:-0}" = "1" ]; then
             is_openssl_replace_default=1
         fi
-        
-        # In replace-default mode, "default" provider has "wolfSSL Provider" name
+
+        # Method 3: Check if provider list shows "default" with "wolfSSL Provider" name
         if [ "$is_openssl_replace_default" = "0" ]; then
             # Check if provider list shows "default" with "wolfSSL Provider" name but NOT "OpenSSL Default Provider"
             # This indicates replace-default mode
@@ -91,6 +93,18 @@ if [ "$UTILS_GENERAL_LOADED" != "yes" ]; then # only set once
                 is_openssl_replace_default=1
             fi
         fi
+
+        # Note: We intentionally do NOT check for absence of "OpenSSL Default Provider"
+        # as an indicator of replace-default mode. In standalone mode, wolfProvider
+        # loads as "libwolfprov" and OpenSSL Default Provider may simply not be
+        # configured to load - this doesn't mean OpenSSL was patched.
+        #
+        # The key distinction:
+        # - Replace-default mode: Provider shows as "default" with name "wolfSSL Provider"
+        # - Standalone mode: Provider shows as "libwolfprov" with name "wolfSSL Provider"
+        #
+        # Method 3 above correctly detects replace-default by checking for "default"
+        # provider with "wolfSSL Provider" name.
 
         # In replace-default mode, there's no "OpenSSL Default Provider" - wolfProvider IS the default
         is_openssl_default_provider=$(echo "$openssl_providers" | grep -qi "OpenSSL Default Provider" && echo 1 || echo 0)