From 6ed34b3eff68b79ce9fb00d84c95c950d8bc7bdd Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 30 Apr 2020 16:08:57 +0100 Subject: [PATCH] Centralise Environment Variables for the tests The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to be set in the user's environment. To ensure that no tests accidentally use this or other enviroment variables from the user's environment we automatically set them centrally for all tests. Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/11691) --- test/README | 4 ++++ test/recipes/03-test_fipsinstall.t | 1 - test/recipes/30-test_afalg.t | 4 +--- test/recipes/30-test_evp.t | 2 -- test/recipes/30-test_evp_fetch_prov.t | 3 --- test/recipes/70-test_comp.t | 1 - test/recipes/70-test_sslmessages.t | 1 - test/recipes/70-test_tls13kexmodes.t | 1 - test/recipes/70-test_tls13messages.t | 2 -- test/recipes/70-test_tls13psk.t | 1 - test/recipes/80-test_ct.t | 2 +- test/recipes/80-test_ssl_new.t | 3 --- test/recipes/80-test_ssl_old.t | 4 ---- test/recipes/90-test_includes.t | 2 ++ test/recipes/90-test_sslapi.t | 3 --- test/recipes/90-test_sslprovider.t | 3 --- test/run_tests.pl | 6 +++++- 17 files changed, 13 insertions(+), 30 deletions(-) diff --git a/test/README b/test/README index 17dffa0e7f..9094d9a38d 100644 --- a/test/README +++ b/test/README @@ -151,3 +151,7 @@ works fine and can be used in place of: The former produces a more meaningful message on failure than the latter. +Note that the test infrastructure automatically sets up all required environment +variables (such as OPENSSL_MODULES, OPENSSL_CONF etc) for the tests. Individual +tests may choose to override the default settings as required. + diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t index b35ddfc7b0..16ae955663 100644 --- a/test/recipes/03-test_fipsinstall.t +++ b/test/recipes/03-test_fipsinstall.t @@ -27,7 +27,6 @@ plan skip_all => "Test only supported in a fips build" if disabled("fips"); plan tests => 12; my $infile = bldtop_file('providers', platform->dso('fips')); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); # fail if no module name ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module', diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t index 363f4d4c0b..98ffc9908c 100644 --- a/test/recipes/30-test_afalg.t +++ b/test/recipes/30-test_afalg.t @@ -7,7 +7,7 @@ # https://www.openssl.org/source/license.html use strict; -use OpenSSL::Test qw/:DEFAULT bldtop_dir/; +use OpenSSL::Test qw/:DEFAULT/; use OpenSSL::Test::Utils; my $test_name = "test_afalg"; @@ -18,6 +18,4 @@ plan skip_all => "$test_name not supported for this build" plan tests => 1; -$ENV{OPENSSL_ENGINES} = bldtop_dir("engines"); - ok(run(test(["afalgtest"])), "running afalgtest"); diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t index 88eb41e1c1..5f7585cc79 100644 --- a/test/recipes/30-test_evp.t +++ b/test/recipes/30-test_evp.t @@ -80,8 +80,6 @@ plan tests => unless ($no_fips) { my $infile = bldtop_file('providers', platform->dso('fips')); - $ENV{OPENSSL_MODULES} = bldtop_dir("providers"); - $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); ok(run(app(['openssl', 'fipsinstall', '-out', bldtop_file('providers', 'fipsmodule.cnf'), diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t index be06716b44..a49a66fee6 100644 --- a/test/recipes/30-test_evp_fetch_prov.t +++ b/test/recipes/30-test_evp_fetch_prov.t @@ -24,9 +24,6 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my @types = ( "digest", "cipher" ); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - my @setups = (); my @testdata = ( { config => srctop_file("test", "default.cnf"), diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t index 4a00652c93..2ac168c252 100644 --- a/test/recipes/70-test_comp.t +++ b/test/recipes/70-test_comp.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled" if disabled("tls1_3") && disabled("tls1_2"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); use constant { MULTIPLE_COMPRESSIONS => 0, diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index b90eae57d4..3f57af62d5 100644 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -30,7 +30,6 @@ plan skip_all => "$test_name needs TLS enabled" || (!disabled("tls1_3") && disabled("tls1_2")); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t index 2751a3f174..6648376c0c 100644 --- a/test/recipes/70-test_tls13kexmodes.t +++ b/test/recipes/70-test_tls13kexmodes.t @@ -32,7 +32,6 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); @handmessages = ( diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t index 21fd6f2894..3113294f06 100644 --- a/test/recipes/70-test_tls13messages.t +++ b/test/recipes/70-test_tls13messages.t @@ -32,8 +32,6 @@ plan skip_all => "$test_name needs EC enabled" if disabled("ec"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); - @handmessages = ( [TLSProxy::Message::MT_CLIENT_HELLO, diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t index f20150f623..66582b7d8e 100644 --- a/test/recipes/70-test_tls13psk.t +++ b/test/recipes/70-test_tls13psk.t @@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled" if disabled("tls1_3"); $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my $proxy = TLSProxy::Proxy->new( undef, diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t index 8350467f7e..33cb71583b 100644 --- a/test/recipes/80-test_ct.t +++ b/test/recipes/80-test_ct.t @@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/; use OpenSSL::Test::Simple; setup("test_ct"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); + $ENV{CT_DIR} = srctop_dir("test", "ct"); $ENV{CERTS_DIR} = srctop_dir("test", "certs"); simple_test("test_ct", "ct_test", "ct", "ec"); diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t index 8a26119f86..f105a39ce0 100644 --- a/test/recipes/80-test_ssl_new.t +++ b/test/recipes/80-test_ssl_new.t @@ -26,10 +26,7 @@ use platform; my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs"); -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); my @conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in")); map { s/;.*// } @conf_srcs if $^O eq "VMS"; diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 42963c364a..e01137d593 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -24,10 +24,6 @@ use lib srctop_dir('Configurations'); use lib bldtop_dir('.'); use platform; -$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf"); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0); my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk, $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3, diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t index 301f6c1560..add3813a64 100644 --- a/test/recipes/90-test_includes.t +++ b/test/recipes/90-test_includes.t @@ -10,6 +10,8 @@ setup("test_includes"); plan skip_all => "test_includes doesn't work without posix-io" if disabled("posix-io"); +delete $ENV{OPENSSL_CONF_INCLUDE}; + plan tests => # The number of tests being performed 5 + ($^O eq "VMS" ? 2 : 0); diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t index b89b783805..e25ca0ba3e 100644 --- a/test/recipes/90-test_sslapi.t +++ b/test/recipes/90-test_sslapi.t @@ -30,9 +30,6 @@ plan tests => (undef, my $tmpfilename) = tempfile(); -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - ok(run(test(["sslapitest", srctop_dir("test", "certs"), srctop_file("test", "recipes", "90-test_sslapi_data", "passwd.txt"), $tmpfilename, "default", diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t index 793756bc6d..1a2a28557e 100644 --- a/test/recipes/90-test_sslprovider.t +++ b/test/recipes/90-test_sslprovider.t @@ -23,9 +23,6 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build" plan tests => 3; -$ENV{OPENSSL_MODULES} = bldtop_dir("providers"); -$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers"); - SKIP: { skip "Skipping FIPS installation", 1 if disabled("fips"); diff --git a/test/run_tests.pl b/test/run_tests.pl index bb91761563..0ed768ed41 100644 --- a/test/run_tests.pl +++ b/test/run_tests.pl @@ -27,7 +27,11 @@ my $bldtop = $ENV{BLDTOP} || $ENV{TOP}; my $recipesdir = catdir($srctop, "test", "recipes"); my $libdir = rel2abs(catdir($srctop, "util", "perl")); -$ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf"); +$ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf")); +$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers")); +$ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines")); +$ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf")); my %tapargs = ( verbosity => $ENV{HARNESS_VERBOSE} ? 1 : 0, -- 2.25.1