Parse openssl-related vars in pytest

The openssl config needs to be parsed for some tests that use SoftHSM2.
Rewrite the parsing to python and ensure the required variables are
properly set test-wide.

bin/tests/system/conf.sh

@@ -572,28 +572,4 @@ copy_setports() {
     $1 >$2
 }
 
-# parse_openssl_config - Parse OpenSSL configuration for HSM settings
-#
-# Will set SOFTHSM2_MODULE, OPENSSL_ENGINE and ENGINE_ARG based on openssl configuration.
-parse_openssl_config() {
-  ENGINE_ARG=""
-  [ -f "$OPENSSL_CONF" ] || return 0
-  while IFS="=" read key val; do
-    # trim variables
-    key="${key## }"
-    key="${key%% }"
-    val="${val## }"
-    val="${val%% }"
-    case "$key" in
-      "engine_id")
-        OPENSSL_ENGINE="$val"
-        ENGINE_ARG="-E $OPENSSL_ENGINE"
-        ;;
-      "MODULE_PATH" | "pkcs11-module-path")
-        SOFTHSM2_MODULE="$val"
-        ;;
-    esac
-  done <"$OPENSSL_CONF"
-}
-
 grep_v() { grep -v "$@" || test $? = 1; }

bin/tests/system/enginepkcs11/prereq.sh

@@ -23,7 +23,6 @@
   exit 255
 }
 
-parse_openssl_config
 [ -f "$SOFTHSM2_MODULE" ] || {
   echo_i "skip: softhsm2 module not available"
   exit 1

bin/tests/system/enginepkcs11/setup.sh

@@ -20,7 +20,6 @@ $SHELL clean.sh
 
 OPENSSL_CONF= softhsm2-util --init-token --free --pin 1234 --so-pin 1234 --label "softhsm2-enginepkcs11" | awk '/^The token has been initialized and is reassigned to slot/ { print $NF }'
 
-parse_openssl_config
 printf '%s' "${HSMPIN:-1234}" >ns1/pin
 PWD=$(pwd)
 

bin/tests/system/enginepkcs11/tests.sh

@@ -16,7 +16,6 @@ set -e
 # shellcheck source=conf.sh
 . ../conf.sh
 
-parse_openssl_config
 PWD=$(pwd)
 
 status=0

bin/tests/system/isctest/vars/all.py

@@ -16,6 +16,7 @@ from .autoconf import AC_VARS  # type: ignore
 
 # pylint: enable=import-error
 from .basic import BASIC_VARS
+from .openssl import OPENSSL_VARS
 
 
 class VarLookup(ChainMap):
@@ -48,4 +49,4 @@ class VarLookup(ChainMap):
         return iter(self.keys())
 
 
-ALL = VarLookup(AC_VARS, BASIC_VARS)
+ALL = VarLookup(AC_VARS, BASIC_VARS, OPENSSL_VARS)

bin/tests/system/isctest/vars/openssl.py

@@ -0,0 +1,49 @@
+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+#
+# SPDX-License-Identifier: MPL-2.0
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0.  If a copy of the MPL was not distributed with this
+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# See the COPYRIGHT file distributed with this work for additional
+# information regarding copyright ownership.
+
+import os
+import re
+
+from .. import log
+
+
+OPENSSL_VARS = {
+    "OPENSSL_CONF": os.getenv("OPENSSL_CONF", ""),
+    "SOFTHSM2_CONF": os.getenv("SOFTHSM2_CONF", ""),
+    "SOFTHSM2_MODULE": "",
+    "ENGINE_ARG": "",
+}
+
+
+def parse_openssl_config(path: str):
+    if not os.path.isfile(path):
+        return
+    regex = re.compile(r"([^=]+)=(.*)")
+    log.debug(f"parsing openssl config: {path}")
+    with open(path, "r", encoding="utf-8") as conf:
+        for line in conf:
+            res = regex.match(line)
+            if res:
+                key = res.group(1).strip()
+                val = res.group(2).strip()
+                if key == "engine_id":
+                    OPENSSL_VARS["ENGINE_ARG"] = f"-E {val}"
+                    os.environ["ENGINE_ARG"] = f"-E {val}"
+                    log.debug("ENGINE_ARG set to {OPENSSL_VARS['ENGINE_ARG']}")
+                elif key in ["MODULE_PATH", "pkcs11-module-path"]:
+                    OPENSSL_VARS["SOFTHSM2_MODULE"] = val
+                    os.environ["SOFTHSM2_MODULE"] = val
+                    log.debug(
+                        "SOFTHSM2_MODULE set to {OPENSSL_VARS['SOFTHSM2_MODULE']}"
+                    )
+
+
+parse_openssl_config(OPENSSL_VARS["OPENSSL_CONF"])

bin/tests/system/keyfromlabel/prereq.sh

@@ -18,7 +18,6 @@
   exit 255
 }
 
-parse_openssl_config
 [ -f "$SOFTHSM2_MODULE" ] || {
   echo_i "skip: softhsm2 module not available"
   exit 1

bin/tests/system/keyfromlabel/tests.sh

@@ -16,7 +16,6 @@ set -e
 # shellcheck source=conf.sh
 . ../conf.sh
 
-parse_openssl_config
 PWD=$(pwd)
 
 keygen() {