From 6ed34b3eff68b79ce9fb00d84c95c950d8bc7bdd Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 30 Apr 2020 16:08:57 +0100 Subject: [PATCH] Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11691) --- test/README | 4 ++++ test/recipes/03-test_fipsinstall.t | 1 - test/recipes/30-test_afalg.t | 4 +--- test/recipes/30-test_evp.t | 2 -- test/recipes/30-test_evp_fetch_prov.t | 3 --- test/recipes/70-test_comp.t | 1 - test/recipes/70-test_sslmessages.t | 1 - test/recipes/70-test_tls13kexmodes.t | 1 - test/recipes/70-test_tls13messages.t | 2 -- test/recipes/70-test_tls13psk.t | 1 - test/recipes/80-test_ct.t | 2 +- test/recipes/80-test_ssl_new.t | 3 --- test/recipes/80-test_ssl_old.t | 4 ---- test/recipes/90-test_includes.t | 2 ++ test/recipes/90-test_sslapi.t | 3 --- test/recipes/90-test_sslprovider.t | 3 --- test/run_tests.pl | 6 +++++- 17 files changed, 13 insertions(+), 30 deletions(-) diff --git a/test/README b/test/README index 17dffa0e7fc..9094d9a38da 100644 --- a/test/README +++ b/test/README @@ -151,3 +151,7 @@ works fine and can be used in place of: The former produces a more meaningful message on failure than the latter. +Note that the test infrastructure automatically sets up all required environment +variables (such as OPENSSL_MODULES, OPENSSL_CONF etc) for the tests. Individual +tests may choose to override the default settings as required. + diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index b35ddfc7b04..16ae9556634 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -27,7 +27,6 @@ plan skip_all => "Test only supported in a fips build" if disabled("fips"); plan tests => 12; my $infile = bldtop_file('providers', platform->dso('fips')); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t index 363f4d4c0bd..98ffc9908cb 100644 --- a/test/recipes/30-test_afalg.t +++ b/test/recipes/30-test_afalg.t @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test qw/:DEFAULT/; use OpenSSL::Test::Utils; my $test_name = "test_afalg"; @@ -18,6 +18,4 @@ plan skip_all => "$test_name not supported for this build" plan tests => 1; -$ENV{OPENSSL_ENGINES} = bldtop_dir("engines"); - ok(run(test(["afalgtest"])), "running afalgtest"); diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 88eb41e1c17..5f7585cc790 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -80,8 +80,6 @@ plan tests => unless ($no_fips) { my $infile = bldtop_file('providers', platform->dso('fips')); - $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); - $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index be06716b446..a49a66fee68 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -24,9 +24,6 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my @types = ( "digest", "cipher" ); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - my @setups = (); my @testdata = ( { config => srctop_file("test", "default.cnf"), diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index 4a00652c934..2ac168c2521 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); use constant { MULTIPLE_COMPRESSIONS => 0, diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index b90eae57d46..3f57af62d55 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -30,7 +30,6 @@ plan skip_all => "$test_name needs TLS enabled" || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 2751a3f174a..6648376c0cb 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -32,7 +32,6 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 21fd6f2894d..3113294f063 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -32,8 +32,6 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index f20150f6238..66582b7d8e5 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t index 8350467f7e6..33cb71583b2 100644 --- a/test/recipes/80-test_ct.t +++ b/test/recipes/80-test_ct.t @@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/; use OpenSSL::Test::Simple; setup("test_ct"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); + $ENV{CT_DIR} = srctop_dir("test", "ct"); $ENV{CERTS_DIR} = srctop_dir("test", "certs"); simple_test("test_ct", "ct_test", "ct", "ec"); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 8a26119f869..f105a39ce04 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -26,10 +26,7 @@ use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); map { s/;.*// } @conf_srcs if $^O eq "VMS"; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 42963c364a2..e01137d5939 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -24,10 +24,6 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t index 301f6c1560f..add3813a646 100644 --- a/test/recipes/90-test_includes.t +++ b/test/recipes/90-test_includes.t @@ -10,6 +10,8 @@ setup("test_includes"); plan skip_all => "test_includes doesn't work without posix-io" if disabled("posix-io"); +delete $ENV{OPENSSL_CONF_INCLUDE}; + plan tests => # The number of tests being performed 5 + ($^O eq "VMS" ? 2 : 0); diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index b89b7838050..e25ca0ba3eb 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -30,9 +30,6 @@ plan tests => (undef, my $tmpfilename) = tempfile(); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "default", diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t index 793756bc6d7..1a2a28557ee 100644 --- a/test/recipes/90-test_sslprovider.t +++ b/test/recipes/90-test_sslprovider.t @@ -23,9 +23,6 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" plan tests => 3; -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - SKIP: { skip "Skipping FIPS installation", 1 if disabled("fips"); diff --git a/test/run_tests.pl b/test/run_tests.pl index bb917615633..0ed768ed416 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -27,7 +27,11 @@ my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); -$ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf"); +$ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); +$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); +$ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf")); my %tapargs = ( verbosity => $ENV{HARNESS_VERBOSE} ? 1 : 0, -- 2.47.3