[openssl] master update

Matt Caswell matt at openssl.org
Wed May 6 10:48:23 UTC 2020


The branch master has been updated
       via  15dd075f708c58bbbbd18f98608fecfcb97f693a (commit)
       via  6ed34b3eff68b79ce9fb00d84c95c950d8bc7bdd (commit)
      from  500a7615173c8ae2362a05e1affd376ab2b41a94 (commit)


- Log -----------------------------------------------------------------
commit 15dd075f708c58bbbbd18f98608fecfcb97f693a
Author: Matt Caswell <matt at openssl.org>
Date:   Fri May 1 15:15:13 2020 +0100

    Fix a memory leak in CONF .include handling
    
    If OPENSSL_CONF_INCLUDE has been set then we may leak the "include"
    buffer.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11691)

commit 6ed34b3eff68b79ce9fb00d84c95c950d8bc7bdd
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Apr 30 16:08:57 2020 +0100

    Centralise Environment Variables for the tests
    
    The test_includes test was failing if OPENSSL_CONF_INCLUDE happened to
    be set in the user's environment. To ensure that no tests accidentally
    use this or other enviroment variables from the user's environment we
    automatically set them centrally for all tests.
    
    Reviewed-by: Tomas Mraz <tmraz at fedoraproject.org>
    (Merged from https://github.com/openssl/openssl/pull/11691)

-----------------------------------------------------------------------

Summary of changes:
 crypto/conf/conf_def.c                | 9 +++------
 test/README                           | 4 ++++
 test/recipes/03-test_fipsinstall.t    | 1 -
 test/recipes/30-test_afalg.t          | 4 +---
 test/recipes/30-test_evp.t            | 2 --
 test/recipes/30-test_evp_fetch_prov.t | 3 ---
 test/recipes/70-test_comp.t           | 1 -
 test/recipes/70-test_sslmessages.t    | 1 -
 test/recipes/70-test_tls13kexmodes.t  | 1 -
 test/recipes/70-test_tls13messages.t  | 2 --
 test/recipes/70-test_tls13psk.t       | 1 -
 test/recipes/80-test_ct.t             | 2 +-
 test/recipes/80-test_ssl_new.t        | 3 ---
 test/recipes/80-test_ssl_old.t        | 4 ----
 test/recipes/90-test_includes.t       | 2 ++
 test/recipes/90-test_sslapi.t         | 3 ---
 test/recipes/90-test_sslprovider.t    | 3 ---
 test/run_tests.pl                     | 6 +++++-
 18 files changed, 16 insertions(+), 36 deletions(-)

diff --git a/crypto/conf/conf_def.c b/crypto/conf/conf_def.c
index 9dbda10edf..6efe291ac8 100644
--- a/crypto/conf/conf_def.c
+++ b/crypto/conf/conf_def.c
@@ -420,6 +420,7 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                     OPENSSL_strlcpy(include_path, include_dir, newlen);
                     OPENSSL_strlcat(include_path, "/", newlen);
                     OPENSSL_strlcat(include_path, include, newlen);
+                    OPENSSL_free(include);
                 } else {
                     include_path = include;
                 }
@@ -429,15 +430,11 @@ static int def_load_bio(CONF *conf, BIO *in, long *line)
                 next = process_include(include_path, &dirctx, &dirpath);
                 if (include_path != dirpath) {
                     /* dirpath will contain include in case of a directory */
-                    OPENSSL_free(include);
-                    if (include_path != include)
-                        OPENSSL_free(include_path);
+                    OPENSSL_free(include_path);
                 }
 #else
                 next = BIO_new_file(include_path, "r");
-                OPENSSL_free(include);
-                if (include_path != include)
-                    OPENSSL_free(include_path);
+                OPENSSL_free(include_path);
 #endif
 
                 if (next != NULL) {
diff --git a/test/README b/test/README
index 17dffa0e7f..9094d9a38d 100644
--- a/test/README
+++ b/test/README
@@ -151,3 +151,7 @@ works fine and can be used in place of:
 
 The former produces a more meaningful message on failure than the latter.
 
+Note that the test infrastructure automatically sets up all required environment
+variables (such as OPENSSL_MODULES, OPENSSL_CONF etc) for the tests. Individual
+tests may choose to override the default settings as required.
+
diff --git a/test/recipes/03-test_fipsinstall.t b/test/recipes/03-test_fipsinstall.t
index b35ddfc7b0..16ae955663 100644
--- a/test/recipes/03-test_fipsinstall.t
+++ b/test/recipes/03-test_fipsinstall.t
@@ -27,7 +27,6 @@ plan skip_all => "Test only supported in a fips build" if disabled("fips");
 plan tests => 12;
 
 my $infile = bldtop_file('providers', platform->dso('fips'));
-$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
 
 # fail if no module name
 ok(!run(app(['openssl', 'fipsinstall', '-out', 'fips.cnf', '-module',
diff --git a/test/recipes/30-test_afalg.t b/test/recipes/30-test_afalg.t
index 363f4d4c0b..98ffc9908c 100644
--- a/test/recipes/30-test_afalg.t
+++ b/test/recipes/30-test_afalg.t
@@ -7,7 +7,7 @@
 # https://www.openssl.org/source/license.html
 
 use strict;
-use OpenSSL::Test qw/:DEFAULT bldtop_dir/;
+use OpenSSL::Test qw/:DEFAULT/;
 use OpenSSL::Test::Utils;
 
 my $test_name = "test_afalg";
@@ -18,6 +18,4 @@ plan skip_all => "$test_name not supported for this build"
 
 plan tests => 1;
 
-$ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
-
 ok(run(test(["afalgtest"])), "running afalgtest");
diff --git a/test/recipes/30-test_evp.t b/test/recipes/30-test_evp.t
index 88eb41e1c1..5f7585cc79 100644
--- a/test/recipes/30-test_evp.t
+++ b/test/recipes/30-test_evp.t
@@ -80,8 +80,6 @@ plan tests =>
 
 unless ($no_fips) {
     my $infile = bldtop_file('providers', platform->dso('fips'));
-    $ENV{OPENSSL_MODULES} = bldtop_dir("providers");
-    $ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
 
     ok(run(app(['openssl', 'fipsinstall',
                 '-out', bldtop_file('providers', 'fipsmodule.cnf'),
diff --git a/test/recipes/30-test_evp_fetch_prov.t b/test/recipes/30-test_evp_fetch_prov.t
index be06716b44..a49a66fee6 100644
--- a/test/recipes/30-test_evp_fetch_prov.t
+++ b/test/recipes/30-test_evp_fetch_prov.t
@@ -24,9 +24,6 @@ my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
 my @types = ( "digest", "cipher" );
 
-$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
-$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
-
 my @setups = ();
 my @testdata = (
     { config    => srctop_file("test", "default.cnf"),
diff --git a/test/recipes/70-test_comp.t b/test/recipes/70-test_comp.t
index 4a00652c93..2ac168c252 100644
--- a/test/recipes/70-test_comp.t
+++ b/test/recipes/70-test_comp.t
@@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 or TLSv1.2 enabled"
     if disabled("tls1_3") && disabled("tls1_2");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 use constant {
     MULTIPLE_COMPRESSIONS => 0,
diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t
index b90eae57d4..3f57af62d5 100644
--- a/test/recipes/70-test_sslmessages.t
+++ b/test/recipes/70-test_sslmessages.t
@@ -30,7 +30,6 @@ plan skip_all => "$test_name needs TLS enabled"
        || (!disabled("tls1_3") && disabled("tls1_2"));
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,
diff --git a/test/recipes/70-test_tls13kexmodes.t b/test/recipes/70-test_tls13kexmodes.t
index 2751a3f174..6648376c0c 100644
--- a/test/recipes/70-test_tls13kexmodes.t
+++ b/test/recipes/70-test_tls13kexmodes.t
@@ -32,7 +32,6 @@ plan skip_all => "$test_name needs EC enabled"
     if disabled("ec");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 
 @handmessages = (
diff --git a/test/recipes/70-test_tls13messages.t b/test/recipes/70-test_tls13messages.t
index 21fd6f2894..3113294f06 100644
--- a/test/recipes/70-test_tls13messages.t
+++ b/test/recipes/70-test_tls13messages.t
@@ -32,8 +32,6 @@ plan skip_all => "$test_name needs EC enabled"
     if disabled("ec");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
-
 
 @handmessages = (
     [TLSProxy::Message::MT_CLIENT_HELLO,
diff --git a/test/recipes/70-test_tls13psk.t b/test/recipes/70-test_tls13psk.t
index f20150f623..66582b7d8e 100644
--- a/test/recipes/70-test_tls13psk.t
+++ b/test/recipes/70-test_tls13psk.t
@@ -28,7 +28,6 @@ plan skip_all => "$test_name needs TLSv1.3 enabled"
     if disabled("tls1_3");
 
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my $proxy = TLSProxy::Proxy->new(
     undef,
diff --git a/test/recipes/80-test_ct.t b/test/recipes/80-test_ct.t
index 8350467f7e..33cb71583b 100644
--- a/test/recipes/80-test_ct.t
+++ b/test/recipes/80-test_ct.t
@@ -11,7 +11,7 @@ use OpenSSL::Test qw/:DEFAULT srctop_file srctop_dir/;
 use OpenSSL::Test::Simple;
 
 setup("test_ct");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
+
 $ENV{CT_DIR} = srctop_dir("test", "ct");
 $ENV{CERTS_DIR} = srctop_dir("test", "certs");
 simple_test("test_ct", "ct_test", "ct", "ec");
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 8a26119f86..f105a39ce0 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -26,10 +26,7 @@ use platform;
 
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 
-$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
-$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
 $ENV{TEST_CERTS_DIR} = srctop_dir("test", "certs");
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
 
 my @conf_srcs =  glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
 map { s/;.*// } @conf_srcs if $^O eq "VMS";
diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t
index 42963c364a..e01137d593 100644
--- a/test/recipes/80-test_ssl_old.t
+++ b/test/recipes/80-test_ssl_old.t
@@ -24,10 +24,6 @@ use lib srctop_dir('Configurations');
 use lib bldtop_dir('.');
 use platform;
 
-$ENV{CTLOG_FILE} = srctop_file("test", "ct", "log_list.cnf");
-$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
-$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
-
 my $no_fips = disabled('fips') || ($ENV{NO_FIPS} // 0);
 my ($no_rsa, $no_dsa, $no_dh, $no_ec, $no_psk,
     $no_ssl3, $no_tls1, $no_tls1_1, $no_tls1_2, $no_tls1_3,
diff --git a/test/recipes/90-test_includes.t b/test/recipes/90-test_includes.t
index 301f6c1560..add3813a64 100644
--- a/test/recipes/90-test_includes.t
+++ b/test/recipes/90-test_includes.t
@@ -10,6 +10,8 @@ setup("test_includes");
 plan skip_all => "test_includes doesn't work without posix-io"
     if disabled("posix-io");
 
+delete $ENV{OPENSSL_CONF_INCLUDE};
+
 plan tests =>                   # The number of tests being performed
     5
     + ($^O eq "VMS" ? 2 : 0);
diff --git a/test/recipes/90-test_sslapi.t b/test/recipes/90-test_sslapi.t
index b89b783805..e25ca0ba3e 100644
--- a/test/recipes/90-test_sslapi.t
+++ b/test/recipes/90-test_sslapi.t
@@ -30,9 +30,6 @@ plan tests =>
 
 (undef, my $tmpfilename) = tempfile();
 
-$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
-$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
-
 ok(run(test(["sslapitest", srctop_dir("test", "certs"),
              srctop_file("test", "recipes", "90-test_sslapi_data",
                          "passwd.txt"), $tmpfilename, "default",
diff --git a/test/recipes/90-test_sslprovider.t b/test/recipes/90-test_sslprovider.t
index 793756bc6d..1a2a28557e 100644
--- a/test/recipes/90-test_sslprovider.t
+++ b/test/recipes/90-test_sslprovider.t
@@ -23,9 +23,6 @@ plan skip_all => "No TLS/SSL protocols are supported by this OpenSSL build"
 
 plan tests => 3;
 
-$ENV{OPENSSL_MODULES} = bldtop_dir("providers");
-$ENV{OPENSSL_CONF_INCLUDE} = bldtop_dir("providers");
-
 SKIP: {
     skip "Skipping FIPS installation", 1
         if disabled("fips");
diff --git a/test/run_tests.pl b/test/run_tests.pl
index bb91761563..0ed768ed41 100644
--- a/test/run_tests.pl
+++ b/test/run_tests.pl
@@ -27,7 +27,11 @@ my $bldtop = $ENV{BLDTOP} || $ENV{TOP};
 my $recipesdir = catdir($srctop, "test", "recipes");
 my $libdir = rel2abs(catdir($srctop, "util", "perl"));
 
-$ENV{OPENSSL_CONF} = catdir($srctop, "apps", "openssl.cnf");
+$ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf"));
+$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers"));
+$ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers"));
+$ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines"));
+$ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf"));
 
 my %tapargs =
     ( verbosity         => $ENV{HARNESS_VERBOSE} ? 1 : 0,


More information about the openssl-commits mailing list