From: Richard Levitte Date: Mon, 24 May 2021 12:25:28 +0000 (+0200) Subject: TEST: Add test specific fipsmodule.cnf, and use it X-Git-Tag: openssl-3.0.0-beta1~370 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c499c7da93561fd620338cc4f8691c1dbc9ee36;p=thirdparty%2Fopenssl.git TEST: Add test specific fipsmodule.cnf, and use it We add the concept of preparation recipes, which are performed unconditionally. They are all expected to match the pattern test/recipes/00-prep_*.t. We add one such preparation recipe, test/recipes/00-prep_fipsmodule_cnf.t, which helps us generate a test specific fipsmodule.cnf, to be used by all other tests. Fixes #15166 Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/15436) --- diff --git a/test/recipes/00-prep_fipsmodule_cnf.t b/test/recipes/00-prep_fipsmodule_cnf.t new file mode 100644 index 00000000000..8d53e8a40fd --- /dev/null +++ b/test/recipes/00-prep_fipsmodule_cnf.t @@ -0,0 +1,36 @@ +#! /usr/bin/env perl +# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the Apache License 2.0 (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; +use warnings; + +use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file srctop_file data_file/; +use OpenSSL::Test::Utils; + +BEGIN { + setup("prep_fipsmodule"); +} + +use lib srctop_dir('Configurations'); +use lib bldtop_dir('.'); +use platform; + +my $no_check = disabled("fips"); +plan skip_all => "FIPS module config file only supported in a fips build" + if $no_check; + +my $fipsmodule = bldtop_file('providers', platform->dso('fips')); +my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf'); + +plan tests => 1; + +# Create the $fipsmoduleconf file +ok(run(app(['openssl', 'fipsinstall', + '-module', $fipsmodule, '-provider_name', 'fips', + '-section_name', 'fips_sect', '-out', $fipsmoduleconf])), + "fips install"); diff --git a/test/recipes/01-test_fipsmodule_cnf.t b/test/recipes/01-test_fipsmodule_cnf.t index 16a89faa589..ce594817d53 100644 --- a/test/recipes/01-test_fipsmodule_cnf.t +++ b/test/recipes/01-test_fipsmodule_cnf.t @@ -29,7 +29,7 @@ plan skip_all => "Test only supported in a fips build" plan tests => 1; my $fipsmodule = bldtop_file('providers', platform->dso('fips')); -my $fipsmoduleconf = bldtop_file('providers', 'fipsmodule.cnf'); +my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf'); # verify the $fipsconf file ok(run(app(['openssl', 'fipsinstall', diff --git a/test/recipes/90-test_threads.t b/test/recipes/90-test_threads.t index 651fa805d5c..d373fcbd166 100644 --- a/test/recipes/90-test_threads.t +++ b/test/recipes/90-test_threads.t @@ -38,7 +38,7 @@ if ($no_fips) { # status is required. open CFGBASE, '<', $config_path; -open CFGINC, '<', bldtop_file('/providers/fipsmodule.cnf'); +open CFGINC, '<', bldtop_file('/test/fipsmodule.cnf'); open CFGOUT, '>', 'thread.cnf'; while () { diff --git a/test/run_tests.pl b/test/run_tests.pl index 3d72a218bf7..9f34ab9e7e2 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -34,7 +34,7 @@ my $libdir = rel2abs(catdir($srctop, "util", "perl")); my $jobs = $ENV{HARNESS_JOBS} // 1; $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); -$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test")); $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); $ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf")); @@ -134,10 +134,15 @@ foreach my $arg (@ARGV ? @ARGV : ('alltests')) { sub find_matching_tests { my ($glob) = @_; + # prep recipes are mandatory + my @recipes = glob(catfile($recipesdir,"00-prep_*.t")); + if ($glob =~ m|^[\d\[\]\?\-]+$|) { - return glob(catfile($recipesdir,"$glob-*.t")); + push @recipes, glob(catfile($recipesdir,"$glob-*.t")); + } else { + push @recipes, glob(catfile($recipesdir,"*-$glob.t")); } - return glob(catfile($recipesdir,"*-$glob.t")); + return @recipes; } # The following is quite a bit of hackery to adapt to both TAP::Harness