TEST: Add test specific fipsmodule.cnf, and use it

We add the concept of preparation recipes, which are performed
unconditionally.  They are all expected to match the pattern
test/recipes/00-prep_*.t.

We add one such preparation recipe, test/recipes/00-prep_fipsmodule_cnf.t,
which helps us generate a test specific fipsmodule.cnf, to be used by
all other tests.

Fixes #15166

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15436)

test/recipes/00-prep_fipsmodule_cnf.t

@@ -0,0 +1,36 @@
+#! /usr/bin/env perl
+# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+use strict;
+use warnings;
+
+use OpenSSL::Test qw/:DEFAULT srctop_dir bldtop_dir bldtop_file srctop_file data_file/;
+use OpenSSL::Test::Utils;
+
+BEGIN {
+    setup("prep_fipsmodule");
+}
+
+use lib srctop_dir('Configurations');
+use lib bldtop_dir('.');
+use platform;
+
+my $no_check = disabled("fips");
+plan skip_all => "FIPS module config file only supported in a fips build"
+    if $no_check;
+
+my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
+my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
+
+plan tests => 1;
+
+# Create the $fipsmoduleconf file
+ok(run(app(['openssl', 'fipsinstall',
+            '-module', $fipsmodule, '-provider_name', 'fips',
+            '-section_name', 'fips_sect', '-out', $fipsmoduleconf])),
+   "fips install");

test/recipes/01-test_fipsmodule_cnf.t

@@ -29,7 +29,7 @@ plan skip_all => "Test only supported in a fips build"
 plan tests => 1;
 
 my $fipsmodule = bldtop_file('providers', platform->dso('fips'));
-my $fipsmoduleconf = bldtop_file('providers', 'fipsmodule.cnf');
+my $fipsmoduleconf = bldtop_file('test', 'fipsmodule.cnf');
 
 # verify the $fipsconf file
 ok(run(app(['openssl', 'fipsinstall',

test/recipes/90-test_threads.t

@@ -38,7 +38,7 @@ if ($no_fips) {
 # status is required.
 
 open CFGBASE, '<', $config_path;
-open CFGINC, '<', bldtop_file('/providers/fipsmodule.cnf');
+open CFGINC, '<', bldtop_file('/test/fipsmodule.cnf');
 open CFGOUT, '>', 'thread.cnf';
 
 while (<CFGBASE>) {

test/run_tests.pl

@@ -34,7 +34,7 @@ my $libdir = rel2abs(catdir($srctop, "util", "perl"));
 my $jobs = $ENV{HARNESS_JOBS} // 1;
 
 $ENV{OPENSSL_CONF} = rel2abs(catdir($srctop, "apps", "openssl.cnf"));
-$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "providers"));
+$ENV{OPENSSL_CONF_INCLUDE} = rel2abs(catdir($bldtop, "test"));
 $ENV{OPENSSL_MODULES} = rel2abs(catdir($bldtop, "providers"));
 $ENV{OPENSSL_ENGINES} = rel2abs(catdir($bldtop, "engines"));
 $ENV{CTLOG_FILE} = rel2abs(catdir($srctop, "test", "ct", "log_list.cnf"));
@@ -134,10 +134,15 @@ foreach my $arg (@ARGV ? @ARGV : ('alltests')) {
 sub find_matching_tests {
     my ($glob) = @_;
 
+    # prep recipes are mandatory
+    my @recipes = glob(catfile($recipesdir,"00-prep_*.t"));
+
     if ($glob =~ m|^[\d\[\]\?\-]+$|) {
-        return glob(catfile($recipesdir,"$glob-*.t"));
+        push @recipes, glob(catfile($recipesdir,"$glob-*.t"));
+    } else {
+        push @recipes, glob(catfile($recipesdir,"*-$glob.t"));
     }
-    return glob(catfile($recipesdir,"*-$glob.t"));
+    return @recipes;
 }
 
 # The following is quite a bit of hackery to adapt to both TAP::Harness