From: Bernd Edlinger Date: Sun, 24 May 2020 09:11:27 +0000 (+0200) Subject: Remove OPENSSL_ia32cap overrides in various test scripts X-Git-Tag: openssl-3.2.0-alpha1~3493 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=39ed07454d8df794a36e2b6788043842a22b0909;p=thirdparty%2Fopenssl.git Remove OPENSSL_ia32cap overrides in various test scripts The removed override was: OPENSSL_ia32cap=~0x200000200000000 which disables AESNI codepaths and PCLMULQDQ (useful for ghash). It is unclear why this was done, but it probably just hides bugs. [extended tests] Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/16693) --- diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index eeee29ac5c0..11c70705f7f 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - use constant { MULTIPLE_COMPRESSIONS => 0, NON_NULL_COMPRESSION => 1 diff --git a/test/recipes/70-test_key_share.t b/test/recipes/70-test_key_share.t index ec722c7fcd7..7fb8cba73ac 100644 --- a/test/recipes/70-test_key_share.t +++ b/test/recipes/70-test_key_share.t @@ -63,8 +63,6 @@ plan skip_all => "$test_name needs TLS1.3 enabled" plan skip_all => "$test_name needs EC or DH enabled" if disabled("ec") && disabled("dh"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_renegotiation.t b/test/recipes/70-test_renegotiation.t index b7bc9c025ae..37fbfd58544 100644 --- a/test/recipes/70-test_renegotiation.t +++ b/test/recipes/70-test_renegotiation.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLS <= 1.2 enabled" plan tests => 5; -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslcbcpadding.t b/test/recipes/70-test_sslcbcpadding.t index 7a1b3ba995a..c24f315c600 100644 --- a/test/recipes/70-test_sslcbcpadding.t +++ b/test/recipes/70-test_sslcbcpadding.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.2 enabled" if disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&add_maximal_padding_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t index 41c112ae6d5..44b3839b956 100644 --- a/test/recipes/70-test_sslcertstatus.t +++ b/test/recipes/70-test_sslcertstatus.t @@ -30,7 +30,6 @@ plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")) || (!disabled("tls1_3") && disabled("tls1_2")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&certstatus_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t index c1893b8f06e..37fba871e9d 100644 --- a/test/recipes/70-test_sslextension.t +++ b/test/recipes/70-test_sslextension.t @@ -41,7 +41,6 @@ use constant { my $testtype; my $fatal_alert = 0; # set by filter on fatal alert -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&inject_duplicate_extension_clienthello, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index abb0f5aff90..0afb7006791 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -29,8 +29,6 @@ plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")) || (!disabled("tls1_3") && disabled("tls1_2")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index 318c9235b0c..30d9136bbcf 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.2 enabled" if disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&add_empty_recs_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index ad145774704..10ebe8cf339 100644 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs SSLv3, TLSv1, TLSv1.1 or TLSv1.2 enabled" if alldisabled(("ssl3", "tls1", "tls1_1", "tls1_2")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - sub checkmessages($$$$$$); sub clearclient(); sub clearall(); diff --git a/test/recipes/70-test_sslsigalgs.t b/test/recipes/70-test_sslsigalgs.t index 48b9e43c3b3..998dcc37940 100644 --- a/test/recipes/70-test_sslsigalgs.t +++ b/test/recipes/70-test_sslsigalgs.t @@ -26,7 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.2 or TLS1.3 enabled" if disabled("tls1_2") && disabled("tls1_3"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslsignature.t b/test/recipes/70-test_sslsignature.t index a9a77d5b8f1..d27685bbec6 100644 --- a/test/recipes/70-test_sslsignature.t +++ b/test/recipes/70-test_sslsignature.t @@ -26,7 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t index 9d2442fa123..c53925dcdd7 100644 --- a/test/recipes/70-test_sslskewith0p.t +++ b/test/recipes/70-test_sslskewith0p.t @@ -29,7 +29,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&ske_0_p_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslversions.t b/test/recipes/70-test_sslversions.t index 2123860d9cb..66b5606db5a 100644 --- a/test/recipes/70-test_sslversions.t +++ b/test/recipes/70-test_sslversions.t @@ -42,8 +42,6 @@ plan skip_all => "$test_name needs TLS1.3, TLS1.2 and TLS1.1 enabled" || disabled("tls1_2") || disabled("tls1_1"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t index d41085c9ece..073df9ad84b 100644 --- a/test/recipes/70-test_sslvertol.t +++ b/test/recipes/70-test_sslvertol.t @@ -26,7 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS enabled" if alldisabled(available_protocols("tls")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&vers_tolerance_filter, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tls13alerts.t b/test/recipes/70-test_tls13alerts.t index 44d026c2022..e71fd23edbf 100644 --- a/test/recipes/70-test_tls13alerts.t +++ b/test/recipes/70-test_tls13alerts.t @@ -26,8 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tls13cookie.t b/test/recipes/70-test_tls13cookie.t index a4b2a6222b1..cc0cfd3affc 100644 --- a/test/recipes/70-test_tls13cookie.t +++ b/test/recipes/70-test_tls13cookie.t @@ -26,8 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - use constant { COOKIE_ONLY => 0, COOKIE_AND_KEY_SHARE => 1 diff --git a/test/recipes/70-test_tls13downgrade.t b/test/recipes/70-test_tls13downgrade.t index 9e10a9c9c4c..999a79e62a8 100644 --- a/test/recipes/70-test_tls13downgrade.t +++ b/test/recipes/70-test_tls13downgrade.t @@ -28,8 +28,6 @@ plan skip_all => "$test_name needs TLS1.3 and TLS1.2 enabled" || (disabled("ec") && disabled("dh")) || disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tls13hrr.t b/test/recipes/70-test_tls13hrr.t index 845d40aed9a..da38ae5bd44 100644 --- a/test/recipes/70-test_tls13hrr.t +++ b/test/recipes/70-test_tls13hrr.t @@ -26,8 +26,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLS1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 6385885057d..0d0681a838e 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -31,9 +31,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" plan skip_all => "$test_name needs EC enabled" if disabled("ec"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, checkhandshake::ALL_HANDSHAKES], diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 3113294f063..58b88a3ca8d 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -31,8 +31,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" plan skip_all => "$test_name needs EC enabled" if disabled("ec"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, checkhandshake::ALL_HANDSHAKES], diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index d24d52e35c9..f36468de97a 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3") || (disabled("ec") && disabled("dh")); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - my $proxy = TLSProxy::Proxy->new( undef, cmdstr(app(["openssl"]), display => 1), diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t index 20f980648d1..a8b18c5f200 100644 --- a/test/recipes/70-test_tlsextms.t +++ b/test/recipes/70-test_tlsextms.t @@ -27,8 +27,6 @@ plan skip_all => "$test_name needs the sock feature enabled" plan skip_all => "$test_name needs TLSv1.0, TLSv1.1 or TLSv1.2 enabled" if disabled("tls1") && disabled("tls1_1") && disabled("tls1_2"); -$ENV{OPENSSL_ia32cap} = '~0x200000200000000'; - sub checkmessages($$$$$); sub setrmextms($$); sub clearall();