Add minherit to testing logic

aws · Jan 2, 2025 · 0b92726 · 0b92726
1 parent 3f8bae8
commit 0b92726
Show file tree

Hide file tree

Showing 7 changed files with 36 additions and 32 deletions.
diff --git a/crypto/fipsmodule/rand/urandom_test.cc b/crypto/fipsmodule/rand/urandom_test.cc
@@ -36,6 +36,8 @@
 #include "../../ube/fork_detect.h"
 #include "getrandom_fillin.h"
 
+#include "../../test/test_util.h"
+
 #include <cstdlib>
 #include <unistd.h>
 #include <fcntl.h>
@@ -609,9 +611,7 @@ TEST(URandomTest, Test) {
 int main(int argc, char **argv) {
   ::testing::InitGoogleTest(&argc, argv);
 
-  if (getenv("BORINGSSL_IGNORE_WIPEONFORK")) {
-    CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING();
-  }
+  maybeDisableSomeForkDetectMechanisms();
 
   return RUN_ALL_TESTS();
 }

diff --git a/crypto/rand_extra/rand_test.cc b/crypto/rand_extra/rand_test.cc
@@ -38,22 +38,14 @@
 #include <unistd.h>
 #endif
 
-static void maybe_disable_some_fork_detect_mechanisms(void) {
-#if defined(OPENSSL_LINUX)
-  if (getenv("BORINGSSL_IGNORE_WIPEONFORK")) {
-    CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING();
-  }
-#endif
-}
-
 
 // These tests are, strictly speaking, flaky, but we use large enough buffers
 // that the probability of failing when we should pass is negligible.
 
 TEST(RandTest, NotObviouslyBroken) {
   static const uint8_t kZeros[256] = {0};
 
-  maybe_disable_some_fork_detect_mechanisms();
+  maybeDisableSomeForkDetectMechanisms();
 
   uint8_t buf1[256], buf2[256];
   RAND_bytes(buf1, sizeof(buf1));
@@ -141,7 +133,7 @@ static bool ForkAndRand(bssl::Span<uint8_t> out, bool fork_unsafe_buffering) {
 TEST(RandTest, Fork) {
   static const uint8_t kZeros[16] = {0};
 
-  maybe_disable_some_fork_detect_mechanisms();
+  maybeDisableSomeForkDetectMechanisms();
 
   // Draw a little entropy to initialize any internal PRNG buffering.
   uint8_t byte;
@@ -204,7 +196,7 @@ TEST(RandTest, Threads) {
   constexpr size_t kFewerThreads = 10;
   constexpr size_t kMoreThreads = 20;
 
-  maybe_disable_some_fork_detect_mechanisms();
+  maybeDisableSomeForkDetectMechanisms();
 
   // Draw entropy in parallel.
   RunConcurrentRands(kFewerThreads);

diff --git a/crypto/test/test_util.cc b/crypto/test/test_util.cc
@@ -225,3 +225,10 @@ bool threadTest(const size_t numberOfThreads, std::function<void(bool*)> testFun
 
   return res;
 }
+
+void maybeDisableSomeForkDetectMechanisms(void) {
+  if (getenv("BORINGSSL_IGNORE_FORK_DETECTION")) {
+    CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING();
+    CRYPTO_fork_detect_ignore_inheritzero_FOR_TESTING();
+  }
+}
diff --git a/crypto/test/test_util.h b/crypto/test/test_util.h
@@ -29,6 +29,7 @@
 #include <openssl/span.h>
 
 #include "../internal.h"
+#include "../ube/fork_detect.h"
 
 
 // hexdump writes |msg| to |fp| followed by the hex encoding of |len| bytes
@@ -115,6 +116,8 @@ bool osIsAmazonLinux(void);
 bool threadTest(const size_t numberOfThreads,
   std::function<void(bool*)> testFunc);
 
+void maybeDisableSomeForkDetectMechanisms(void);
+
 // CustomData is for testing new structs that we add support for |ex_data|.
 typedef struct {
   int custom_data;

diff --git a/crypto/ube/fork_detect.c b/crypto/ube/fork_detect.c
@@ -40,12 +40,16 @@
   #define AWSLC_PLATFORM_DOES_NOT_FORK
 #endif
 
+#include "fork_detect.h"
+
+static int ignore_wipeonfork = 0;
+static int ignore_inheritzero = 0;
+
 #if defined(AWSLC_FORK_DETECTION_SUPPORTED)
 
 #include <openssl/base.h>
 #include <openssl/type_check.h>
 
-#include "fork_detect.h"
 #include "../internal.h"
 
 #include <stdlib.h>
@@ -58,8 +62,6 @@ static struct CRYPTO_STATIC_MUTEX fork_detect_lock = CRYPTO_STATIC_MUTEX_INIT;
 // assume that it has exclusive access to it.
 static volatile char *fork_detect_addr = NULL;
 static uint64_t fork_generation = 0;
-static int ignore_wipeonfork = 0;
-static int ignore_inheritzero = 0;
 
 static int ignore_all_fork_detection(void) {
   if (ignore_wipeonfork == 1 &&
@@ -247,14 +249,6 @@ uint64_t CRYPTO_get_fork_generation(void) {
   return current_generation;
 }
 
-void CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING(void) {
-  ignore_wipeonfork = 1;
-}
-
-void CRYPTO_fork_detect_ignore_inheritzero_FOR_TESTING(void) {
-  ignore_inheritzero = 1;
-}
-
 #elif defined(AWSLC_PLATFORM_DOES_NOT_FORK)
 
 // These platforms are guaranteed not to fork, and therefore do not require
@@ -272,3 +266,11 @@ uint64_t CRYPTO_get_fork_generation(void) { return 0xc0ffee; }
 uint64_t CRYPTO_get_fork_generation(void) { return 0; }
 
 #endif // defined(AWSLC_FORK_DETECTION_SUPPORTED)
+
+void CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING(void) {
+  ignore_wipeonfork = 1;
+}
+
+void CRYPTO_fork_detect_ignore_inheritzero_FOR_TESTING(void) {
+  ignore_inheritzero = 1;
+}
diff --git a/crypto/ube/fork_detect_test.cc b/crypto/ube/fork_detect_test.cc
@@ -40,6 +40,8 @@
 
 #include "fork_detect.h"
 
+#include "../test/test_util.h"
+
 
 static pid_t WaitpidEINTR(pid_t pid, int *out_status, int options) {
   pid_t ret;
@@ -102,9 +104,7 @@ static void ForkInChild(std::function<void()> f) {
 
 TEST(ForkDetect, Test) {
 
-  if (getenv("BORINGSSL_IGNORE_WIPEONFORK")) {
-    CRYPTO_fork_detect_ignore_wipeonfork_FOR_TESTING();
-  }
+  maybeDisableSomeForkDetectMechanisms();
 
   const uint64_t start = CRYPTO_get_fork_generation();
   if (start == 0) {

diff --git a/util/all_tests.json b/util/all_tests.json
@@ -74,14 +74,14 @@
   {
     "comment": "No RDRAND and without fork detection",
     "cmd": ["crypto/urandom_test"],
-    "env": ["OPENSSL_ia32cap=~0x4000000000000000", "BORINGSSL_IGNORE_WIPEONFORK=1"],
+    "env": ["OPENSSL_ia32cap=~0x4000000000000000", "BORINGSSL_IGNORE_FORK_DETECTION=1"],
     "skip_valgrind": true,
     "target_arch": "x86"
   },
   {
     "comment": "Potentially with RDRAND, but not Intel, and without fork detection",
     "cmd": ["crypto/urandom_test"],
-    "env": ["OPENSSL_ia32cap=~0x0000000040000000", "BORINGSSL_IGNORE_WIPEONFORK=1"],
+    "env": ["OPENSSL_ia32cap=~0x0000000040000000", "BORINGSSL_IGNORE_FORK_DETECTION=1"],
     "skip_valgrind": true,
     "target_arch": "x86"
   },
@@ -93,13 +93,13 @@
   {
     "comment": "Run RAND test suite without MADV_WIPEONFORK enabled",
     "cmd": ["crypto/crypto_test", "--gtest_filter=RandTest.*"],
-    "env": ["BORINGSSL_IGNORE_WIPEONFORK=1"],
+    "env": ["BORINGSSL_IGNORE_FORK_DETECTION=1"],
     "skip_valgrind": true
   },
   {
     "comment": "Run fork detection test suite without MADV_WIPEONFORK enabled",
     "cmd": ["crypto/crypto_test", "--gtest_filter=ForkDetect.*"],
-    "env": ["BORINGSSL_IGNORE_WIPEONFORK=1"],
+    "env": ["BORINGSSL_IGNORE_FORK_DETECTION=1"],
     "skip_valgrind": true
   },
   {