From c581e13380f32e513d24f228e3cfdd07d58741ff Mon Sep 17 00:00:00 2001
From: Daniel Pouzzner <douzzer@wolfssl.com>
Date: Thu, 10 Feb 2022 15:54:39 -0600
Subject: [PATCH] bwrap tweaks:

in scripts/ocsp.test, don't call ping.test when $AM_BWRAPPED = yes (ping is setuid, so fails under bwrap);

in scripts/unit.test.in, don't bwrap if $AM_BWRAPPED = yes (double-bwrapping always fails);

in testsuite/testsuite.c testsuite_test(), build tempName using tempDir, and try to assign tempDir from XGETENV("TMPDIR"), fallback to hardcoded "/tmp".
---
 scripts/ocsp.test         | 25 +++++++++++++++++--------
 scripts/unit.test.in      | 12 ++++++++----
 testsuite/testsuite.c     | 29 ++++++++++++++++++++++-------
 wolfssl/wolfcrypt/types.h |  5 ++---
 4 files changed, 49 insertions(+), 22 deletions(-)

diff --git a/scripts/ocsp.test b/scripts/ocsp.test
index acedc254e..325ef9e44 100755
--- a/scripts/ocsp.test
+++ b/scripts/ocsp.test
@@ -26,11 +26,15 @@ OUTPUT=$(eval "./examples/client/client -S check")
 if [ "$OUTPUT" = "SNI is: ON" ]; then
     printf '\n\n%s\n\n' "SNI is on, proceed with globalsign test"
 
-    # is our desired server there?
-    "${SCRIPT_DIR}/ping.test" $server 2
-    RESULT=$?
-    if [ $RESULT -ne 0 ]; then
-        GL_UNREACHABLE=1
+    if [ "$AM_BWRAPPED" != "yes" ]; then
+	# is our desired server there?
+	"${SCRIPT_DIR}/ping.test" $server 2
+	RESULT=$?
+	if [ $RESULT -ne 0 ]; then
+            GL_UNREACHABLE=1
+	fi
+    else
+	RESULT=0
     fi
 
     if [ $RESULT -eq 0 ]; then
@@ -50,9 +54,14 @@ fi
 server=www.google.com
 ca=${SCRIPT_DIR}/../certs/external/ca-google-root.pem
 
-# is our desired server there?
-${SCRIPT_DIR}/ping.test $server 2
-RESULT=$?
+if [ "$AM_BWRAPPED" != "yes" ]; then
+    # is our desired server there?
+    ${SCRIPT_DIR}/ping.test $server 2
+    RESULT=$?
+else
+    RESULT=0
+fi
+
 if [ $RESULT -eq 0 ]; then
     # client test against the server
     echo "./examples/client/client -X -C -h $server -p 443 -A "$ca" -g -o -N"
diff --git a/scripts/unit.test.in b/scripts/unit.test.in
index 2bb3012ad..e954e75a6 100644
--- a/scripts/unit.test.in
+++ b/scripts/unit.test.in
@@ -1,8 +1,12 @@
 #!/bin/sh
 
-bwrap_path="$(command -v bwrap)"
-if [ -n "$bwrap_path" ]; then
-    exec "$bwrap_path" --unshare-net --dev-bind / / "@builddir@/tests/unit.test" "$@"
+if [ "${AM_BWRAPPED-}" != "yes" ]; then
+    bwrap_path="$(command -v bwrap)"
+    if [ -n "$bwrap_path" ]; then
+	exec "$bwrap_path" --unshare-net --dev-bind / / "@builddir@/tests/unit.test" "$@"
+    else
+	exec "@builddir@/tests/unit.test" "$@"
+    fi
 else
-    exec "@builddir@/tests/unit.test" "$@"
+	exec "@builddir@/tests/unit.test" "$@"
 fi
diff --git a/testsuite/testsuite.c b/testsuite/testsuite.c
index f66727aad..811151ba2 100644
--- a/testsuite/testsuite.c
+++ b/testsuite/testsuite.c
@@ -104,19 +104,34 @@ int testsuite_test(int argc, char** argv)
     THREAD_TYPE serverThread;
 
 #ifndef USE_WINDOWS_API
-    char tempName[] = "/tmp/output-XXXXXX";
-    int len = 18;
-    int num = 6;
+    const char *tempDir = NULL;
+    char tempName[128];
+    int tempName_len;
+    int tempName_Xnum;
 #else
     char tempName[] = "fnXXXXXX";
-    int len = 8;
-    int num = 6;
+    const int tempName_len = 8;
+    const int tempName_Xnum = 6;
 #endif
 #ifdef HAVE_STACK_SIZE
     void *serverThreadStackContext = NULL;
 #endif
     int ret;
 
+#ifndef USE_WINDOWS_API
+#ifdef XGETENV
+    tempDir = XGETENV("TMPDIR");
+    if (tempDir == NULL)
+#endif
+    {
+        tempDir = "/tmp";
+    }
+    XSTRLCPY(tempName, tempDir, sizeof(tempName));
+    XSTRLCAT(tempName, "/testsuite-output-XXXXXX", sizeof(tempName));
+    tempName_len = (int)XSTRLEN(tempName);
+    tempName_Xnum = 6;
+#endif /* !USE_WINDOWS_API */
+
 #ifdef HAVE_WNR
     if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) {
         err_sys("Whitewood netRandom global config failed");
@@ -172,7 +187,7 @@ int testsuite_test(int argc, char** argv)
     #endif
 
     /* Create unique file name */
-    outputName = mymktemp(tempName, len, num);
+    outputName = mymktemp(tempName, tempName_len, tempName_Xnum);
     if (outputName == NULL) {
         printf("Could not create unique file name");
         return EXIT_FAILURE;
@@ -241,7 +256,7 @@ static int test_tls(func_args* server_args)
 {
     func_args echo_args;
     char* myArgv[NUMARGS];
-    char arg[3][32];
+    char arg[3][128];
 
     /* Set up command line arguments for echoclient to send input file
      * and write echoed data to temporary output file. */
diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h
index b6b6b60a1..8d723ff77 100644
--- a/wolfssl/wolfcrypt/types.h
+++ b/wolfssl/wolfcrypt/types.h
@@ -761,13 +761,12 @@ decouple library dependencies with standard string, memory and so on.
         #define XSTRLCAT(s1,s2,n) wc_strlcat((s1),(s2),(n))
     #endif
 
-    #if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \
-        !defined(NO_STDIO_FILESYSTEM)
+    #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
         #ifndef XGETENV
             #include <stdlib.h>
             #define XGETENV getenv
         #endif
-    #endif /* OPENSSL_EXTRA */
+    #endif /* !NO_FILESYSTEM && !NO_STDIO_FILESYSTEM */
 
         #ifndef CTYPE_USER
             #ifndef WOLFSSL_LINUXKM