crypto: centralize external test module fetches

This has the important advantage of using the system GOMODCACHE when it
exists, avoiding the download on every "go test".

While at it, also consistently use testenv.Command.

Change-Id: Ic999ffa281f6da73fe601b0feba29e60982cce3d
Reviewed-on: https://go-review.googlesource.com/c/go/+/628755
Reviewed-by: Russ Cox <rsc@golang.org>
Auto-Submit: Filippo Valsorda <filippo@golang.org>
TryBot-Bypass: Filippo Valsorda <filippo@golang.org>
Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>

2 files changed, 64 insertions, 41 deletions

diff --git a/src/crypto/internal/cryptotest/fetchmodule.go b/src/crypto/internal/cryptotest/fetchmodule.go
new file mode 100644
index 0000000000..740b17b001
--- /dev/null
+++ b/src/crypto/internal/cryptotest/fetchmodule.go
@@ -0,0 +1,54 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package cryptotest
+
+import (
+	"bytes"
+	"encoding/json"
+	"internal/testenv"
+	"os"
+	"testing"
+)
+
+// FetchModule fetches the module at the given version and returns the directory
+// containing its source tree. It skips the test if fetching modules is not
+// possible in this environment.
+func FetchModule(t *testing.T, module, version string) string {
+	testenv.MustHaveExternalNetwork(t)
+	goTool := testenv.GoToolPath(t)
+
+	// If the default GOMODCACHE doesn't exist, use a temporary directory
+	// instead. (For example, run.bash sets GOPATH=/nonexist-gopath.)
+	out, err := testenv.Command(t, goTool, "env", "GOMODCACHE").Output()
+	if err != nil {
+		t.Fatalf("%s env GOMODCACHE: %v\n%s", goTool, err, out)
+	}
+	modcacheOk := false
+	if gomodcache := string(bytes.TrimSpace(out)); gomodcache != "" {
+		if _, err := os.Stat(gomodcache); err == nil {
+			modcacheOk = true
+		}
+	}
+	if !modcacheOk {
+		t.Setenv("GOMODCACHE", t.TempDir())
+		// Allow t.TempDir() to clean up subdirectories.
+		t.Setenv("GOFLAGS", os.Getenv("GOFLAGS")+" -modcacherw")
+	}
+
+	t.Logf("fetching %s@%s\n", module, version)
+
+	output, err := testenv.Command(t, goTool, "mod", "download", "-json", module+"@"+version).CombinedOutput()
+	if err != nil {
+		t.Fatalf("failed to download %s@%s: %s\n%s\n", module, version, err, output)
+	}
+	var j struct {
+		Dir string
+	}
+	if err := json.Unmarshal(output, &j); err != nil {
+		t.Fatalf("failed to parse 'go mod download': %s\n%s\n", err, output)
+	}
+
+	return j.Dir
+}
diff --git a/src/crypto/internal/fipstest/acvp_test.go b/src/crypto/internal/fipstest/acvp_test.go
index e0748100c9..48559f6013 100644
--- a/src/crypto/internal/fipstest/acvp_test.go
+++ b/src/crypto/internal/fipstest/acvp_test.go
@@ -16,11 +16,12 @@ package fipstest
 // for a more detailed description of the protocol used between the acvptool
 // and module wrappers.
 //
-// [0]:https://boringssl.googlesource.com/boringssl/+/refs/heads/master/util/fipstools/acvp/ACVP.md#testing-other-fips-modules
+// [0]: https://boringssl.googlesource.com/boringssl/+/refs/heads/master/util/fipstools/acvp/ACVP.md#testing-other-fips-modules
 
 import (
 	"bufio"
 	"bytes"
+	"crypto/internal/cryptotest"
 	"crypto/internal/fips"
 	"crypto/internal/fips/hmac"
 	"crypto/internal/fips/sha256"
@@ -28,13 +29,11 @@ import (
 	"crypto/internal/fips/sha512"
 	_ "embed"
 	"encoding/binary"
-	"encoding/json"
 	"errors"
 	"fmt"
 	"internal/testenv"
 	"io"
 	"os"
-	"os/exec"
 	"path/filepath"
 	"strings"
 	"testing"
@@ -346,9 +345,6 @@ func cmdHmacAft(h func() fips.Hash) command {
 
 func TestACVP(t *testing.T) {
 	testenv.SkipIfShortAndSlow(t)
-	testenv.MustHaveExternalNetwork(t)
-	testenv.MustHaveGoRun(t)
-	testenv.MustHaveExec(t)
 
 	const (
 		bsslModule    = "boringssl.googlesource.com/boringssl.git"
@@ -366,23 +362,14 @@ func TestACVP(t *testing.T) {
 		t.Fatalf("failed to stat config file: %s", err)
 	}
 
-	// Create a temporary mod cache dir for the test module/tooling.
-	d := t.TempDir()
-	modcache := filepath.Join(d, "modcache")
-	if err := os.Mkdir(modcache, 0777); err != nil {
-		t.Fatal(err)
-	}
-	fmt.Printf("caching dependent modules in %q\n", modcache)
-	t.Setenv("GOMODCACHE", modcache)
-
 	// Fetch the BSSL module and use the JSON output to find the absolute path to the dir.
-	bsslDir := fetchModule(t, bsslModule, bsslVersion)
+	bsslDir := cryptotest.FetchModule(t, bsslModule, bsslVersion)
 
-	fmt.Println("building acvptool")
+	t.Log("building acvptool")
 
 	// Build the acvptool binary.
 	goTool := testenv.GoToolPath(t)
-	cmd := exec.Command(goTool,
+	cmd := testenv.Command(t, goTool,
 		"build",
 		"./util/fipstools/acvp/acvptool")
 	cmd.Dir = bsslDir
@@ -393,7 +380,7 @@ func TestACVP(t *testing.T) {
 	}
 
 	// Similarly, fetch the ACVP data module that has vectors/expected answers.
-	dataDir := fetchModule(t, goAcvpModule, goAcvpVersion)
+	dataDir := cryptotest.FetchModule(t, goAcvpModule, goAcvpVersion)
 
 	cwd, err := os.Getwd()
 	if err != nil {
@@ -401,7 +388,7 @@ func TestACVP(t *testing.T) {
 	}
 	configPath := filepath.Join(cwd, "acvp_test.config.json")
 	toolPath := filepath.Join(bsslDir, "acvptool")
-	fmt.Printf("running check_expected.go\ncwd: %q\ndata_dir: %q\nconfig: %q\ntool: %q\nmodule-wrapper: %q\n",
+	t.Logf("running check_expected.go\ncwd: %q\ndata_dir: %q\nconfig: %q\ntool: %q\nmodule-wrapper: %q\n",
 		cwd, dataDir, configPath, toolPath, os.Args[0])
 
 	// Run the check_expected test driver using the acvptool we built, and this test binary as the
@@ -416,32 +403,14 @@ func TestACVP(t *testing.T) {
 		"-module-wrappers", "go:" + os.Args[0],
 		"-tests", configPath,
 	}
-	cmd = exec.Command(goTool, args...)
+	cmd = testenv.Command(t, goTool, args...)
 	cmd.Dir = dataDir
-	cmd.Env = []string{"ACVP_WRAPPER=1", "GOCACHE=" + modcache}
+	cmd.Env = append(os.Environ(), "ACVP_WRAPPER=1")
 	output, err := cmd.CombinedOutput()
 	if err != nil {
 		t.Fatalf("failed to run acvp tests: %s\n%s", err, string(output))
 	}
-	fmt.Println(string(output))
-}
-
-func fetchModule(t *testing.T, module, version string) string {
-	goTool := testenv.GoToolPath(t)
-	fmt.Printf("fetching %s@%s\n", module, version)
-
-	output, err := exec.Command(goTool, "mod", "download", "-json", "-modcacherw", module+"@"+version).CombinedOutput()
-	if err != nil {
-		t.Fatalf("failed to download %s@%s: %s\n%s\n", module, version, err, output)
-	}
-	var j struct {
-		Dir string
-	}
-	if err := json.Unmarshal(output, &j); err != nil {
-		t.Fatalf("failed to parse 'go mod download': %s\n%s\n", err, output)
-	}
-
-	return j.Dir
+	t.Log(string(output))
 }
 
 func TestTooFewArgs(t *testing.T) {