Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms
and SafeDllSearchMode in Windows.
This commit is contained in:
Andy Polyakov
parent
01b62dca25
commit
dbaa6f91aa
27
Makefile.org
27
Makefile.org
@ -681,20 +681,9 @@ dclean:
|
||||
|
||||
rehash: rehash.time
|
||||
rehash.time: certs
|
||||
@(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \
|
||||
@(OPENSSL="`pwd`/util/opensslwrap.sh"; \
|
||||
OPENSSL_DEBUG_MEMORY=on; \
|
||||
export OPENSSL OPENSSL_DEBUG_MEMORY; \
|
||||
if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
|
||||
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
|
||||
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
|
||||
LIBPATH="`pwd`:$$LIBPATH"; \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
PATH="`pwd`:$$PATH"; \
|
||||
fi; \
|
||||
LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
export LD_PRELOAD; \
|
||||
fi; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
touch rehash.time
|
||||
|
||||
@ -703,17 +692,7 @@ test: tests
|
||||
tests: rehash
|
||||
@(cd test && echo "testing..." && \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests );
|
||||
@if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
|
||||
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
|
||||
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
|
||||
LIBPATH="`pwd`:$$LIBPATH"; \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \
|
||||
LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
export LD_PRELOAD; \
|
||||
fi; \
|
||||
apps/openssl version -a
|
||||
util/shlib_wrap.sh apps/openssl version -a
|
||||
|
||||
report:
|
||||
@$(PERL) util/selftest.pl
|
||||
|
||||
@ -36,13 +36,21 @@
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
my $openssl;
|
||||
if(defined $ENV{OPENSSL}) {
|
||||
$openssl = $ENV{OPENSSL};
|
||||
} else {
|
||||
$openssl = "openssl";
|
||||
$ENV{OPENSSL} = $openssl;
|
||||
}
|
||||
|
||||
$SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"};
|
||||
$DAYS="-days 365";
|
||||
$REQ="openssl req $SSLEAY_CONFIG";
|
||||
$CA="openssl ca $SSLEAY_CONFIG";
|
||||
$VERIFY="openssl verify";
|
||||
$X509="openssl x509";
|
||||
$PKCS12="openssl pkcs12";
|
||||
$REQ="$openssl req $SSLEAY_CONFIG";
|
||||
$CA="$openssl ca $SSLEAY_CONFIG";
|
||||
$VERIFY="$openssl verify";
|
||||
$X509="$openssl x509";
|
||||
$PKCS12="$openssl pkcs12";
|
||||
|
||||
$CATOP="./demoCA";
|
||||
$CAKEY="cakey.pem";
|
||||
|
||||
10
apps/CA.sh
10
apps/CA.sh
@ -30,11 +30,13 @@
|
||||
# default openssl.cnf file has setup as per the following
|
||||
# demoCA ... where everything is stored
|
||||
|
||||
if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi
|
||||
|
||||
DAYS="-days 365"
|
||||
REQ="openssl req $SSLEAY_CONFIG"
|
||||
CA="openssl ca $SSLEAY_CONFIG"
|
||||
VERIFY="openssl verify"
|
||||
X509="openssl x509"
|
||||
REQ="$OPENSSL req $SSLEAY_CONFIG"
|
||||
CA="$OPENSSL ca $SSLEAY_CONFIG"
|
||||
VERIFY="$OPENSSL verify"
|
||||
X509="$OPENSSL x509"
|
||||
|
||||
CATOP=./demoCA
|
||||
CAKEY=./cakey.pem
|
||||
|
||||
@ -152,20 +152,9 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
|
||||
fi
|
||||
@for i in `ls ../*.dll 2>/dev/null`; do cp -p $$i .; done; exit 0;
|
||||
-(cd ..; \
|
||||
OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \
|
||||
if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
|
||||
DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
|
||||
SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \
|
||||
LIBPATH="`pwd`:$$LIBPATH"; \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
PATH="`pwd`:$$PATH"; \
|
||||
fi; \
|
||||
LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
export LD_PRELOAD; \
|
||||
fi; \
|
||||
OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
|
||||
$(PERL) tools/c_rehash certs)
|
||||
|
||||
progs.h: progs.pl
|
||||
|
||||
@ -4,7 +4,7 @@ rem set ssleay=..\out\ssleay
|
||||
set ssleay=%1
|
||||
|
||||
set reqcmd=%ssleay% req
|
||||
set x509cmd=%ssleay% x509
|
||||
set x509cmd=%ssleay% x509 -sha1
|
||||
set verifycmd=%ssleay% verify
|
||||
|
||||
set CAkey=keyCA.ss
|
||||
|
||||
112
test/Makefile
112
test/Makefile
@ -124,21 +124,6 @@ tests: exe apps $(TESTS)
|
||||
apps:
|
||||
@(cd ..; $(MAKE) DIRS=apps all)
|
||||
|
||||
SET_SO_PATHS=\
|
||||
if [ -n "$(SHARED_LIBS)" ]; then \
|
||||
OSSL_LIBPATH="`cd ..; pwd`"; \
|
||||
LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \
|
||||
DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \
|
||||
SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \
|
||||
LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \
|
||||
if [ "$(PLATFORM)" = "Cygwin" ]; then \
|
||||
PATH="$${LIBPATH}:$$PATH"; \
|
||||
fi; \
|
||||
LD_PRELOAD="$$OSSL_LIBPATH/libssl.so $$OSSL_LIBPATH/libcrypto.so"; \
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \
|
||||
export LD_PRELOAD; \
|
||||
fi
|
||||
|
||||
alltests: \
|
||||
test_des test_idea test_sha test_md4 test_md5 test_hmac \
|
||||
test_md2 test_mdc2 \
|
||||
@ -152,145 +137,145 @@ alltests: \
|
||||
fips_test_aes:
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
mkdir -p fips_aes_data/rsp; \
|
||||
$(SET_SO_PATHS); ./$(FIPS_AESTEST) -d fips_aes_data/list; \
|
||||
../util/shlib_wrap.sh ./$(FIPS_AESTEST) -d fips_aes_data/list; \
|
||||
fi
|
||||
|
||||
test_evp:
|
||||
$(SET_SO_PATHS); ./$(EVPTEST) evptests.txt
|
||||
../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt
|
||||
|
||||
test_des:
|
||||
$(SET_SO_PATHS); ./$(DESTEST)
|
||||
../util/shlib_wrap.sh ./$(DESTEST)
|
||||
|
||||
test_idea:
|
||||
$(SET_SO_PATHS); ./$(IDEATEST)
|
||||
../util/shlib_wrap.sh ./$(IDEATEST)
|
||||
|
||||
test_sha:
|
||||
$(SET_SO_PATHS); ./$(SHATEST)
|
||||
$(SET_SO_PATHS); ./$(SHA1TEST)
|
||||
../util/shlib_wrap.sh ./$(SHATEST)
|
||||
../util/shlib_wrap.sh ./$(SHA1TEST)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
$(SET_SO_PATHS); ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
|
||||
../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \
|
||||
fi
|
||||
|
||||
test_mdc2:
|
||||
$(SET_SO_PATHS); ./$(MDC2TEST)
|
||||
../util/shlib_wrap.sh ./$(MDC2TEST)
|
||||
|
||||
test_md5:
|
||||
$(SET_SO_PATHS); ./$(MD5TEST)
|
||||
../util/shlib_wrap.sh ./$(MD5TEST)
|
||||
|
||||
test_md4:
|
||||
$(SET_SO_PATHS); ./$(MD4TEST)
|
||||
../util/shlib_wrap.sh ./$(MD4TEST)
|
||||
|
||||
test_hmac:
|
||||
$(SET_SO_PATHS); ./$(HMACTEST)
|
||||
../util/shlib_wrap.sh ./$(HMACTEST)
|
||||
|
||||
test_md2:
|
||||
$(SET_SO_PATHS); ./$(MD2TEST)
|
||||
../util/shlib_wrap.sh ./$(MD2TEST)
|
||||
|
||||
test_rmd:
|
||||
$(SET_SO_PATHS); ./$(RMDTEST)
|
||||
../util/shlib_wrap.sh ./$(RMDTEST)
|
||||
|
||||
test_bf:
|
||||
$(SET_SO_PATHS); ./$(BFTEST)
|
||||
../util/shlib_wrap.sh ./$(BFTEST)
|
||||
|
||||
test_cast:
|
||||
$(SET_SO_PATHS); ./$(CASTTEST)
|
||||
../util/shlib_wrap.sh ./$(CASTTEST)
|
||||
|
||||
test_rc2:
|
||||
$(SET_SO_PATHS); ./$(RC2TEST)
|
||||
../util/shlib_wrap.sh ./$(RC2TEST)
|
||||
|
||||
test_rc4:
|
||||
$(SET_SO_PATHS); ./$(RC4TEST)
|
||||
../util/shlib_wrap.sh ./$(RC4TEST)
|
||||
|
||||
test_rc5:
|
||||
$(SET_SO_PATHS); ./$(RC5TEST)
|
||||
../util/shlib_wrap.sh ./$(RC5TEST)
|
||||
|
||||
test_rand:
|
||||
$(SET_SO_PATHS); ./$(RANDTEST)
|
||||
../util/shlib_wrap.sh ./$(RANDTEST)
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
$(SET_SO_PATHS); ./$(FIPS_RANDTEST); \
|
||||
../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \
|
||||
fi
|
||||
|
||||
test_enc:
|
||||
@$(SET_SO_PATHS); sh ./testenc
|
||||
@sh ./testenc
|
||||
|
||||
test_x509:
|
||||
echo test normal x509v1 certificate
|
||||
$(SET_SO_PATHS); sh ./tx509 2>/dev/null
|
||||
sh ./tx509 2>/dev/null
|
||||
echo test first x509v3 certificate
|
||||
$(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null
|
||||
sh ./tx509 v3-cert1.pem 2>/dev/null
|
||||
echo test second x509v3 certificate
|
||||
$(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null
|
||||
sh ./tx509 v3-cert2.pem 2>/dev/null
|
||||
|
||||
test_rsa:
|
||||
@$(SET_SO_PATHS); sh ./trsa 2>/dev/null
|
||||
$(SET_SO_PATHS); ./$(RSATEST)
|
||||
@sh ./trsa 2>/dev/null
|
||||
../util/shlib_wrap.sh ./$(RSATEST)
|
||||
|
||||
test_crl:
|
||||
@$(SET_SO_PATHS); sh ./tcrl 2>/dev/null
|
||||
@sh ./tcrl 2>/dev/null
|
||||
|
||||
test_sid:
|
||||
@$(SET_SO_PATHS); sh ./tsid 2>/dev/null
|
||||
@sh ./tsid 2>/dev/null
|
||||
|
||||
test_req:
|
||||
@$(SET_SO_PATHS); sh ./treq 2>/dev/null
|
||||
@$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null
|
||||
@sh ./treq 2>/dev/null
|
||||
@sh ./treq testreq2.pem 2>/dev/null
|
||||
|
||||
test_pkcs7:
|
||||
@$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null
|
||||
@$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null
|
||||
@sh ./tpkcs7 2>/dev/null
|
||||
@sh ./tpkcs7d 2>/dev/null
|
||||
|
||||
test_bn:
|
||||
@echo starting big number library test, could take a while...
|
||||
@$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest
|
||||
@../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest
|
||||
@echo quit >>tmp.bntest
|
||||
@echo "running bc"
|
||||
@<tmp.bntest sh -c "`sh ./bctest ignore`" | $(PERL) -e '$$i=0; while (<STDIN>) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"'
|
||||
@echo 'test a^b%c implementations'
|
||||
$(SET_SO_PATHS); ./$(EXPTEST)
|
||||
../util/shlib_wrap.sh ./$(EXPTEST)
|
||||
|
||||
test_ec:
|
||||
@echo 'test elliptic curves'
|
||||
$(SET_SO_PATHS); ./$(ECTEST)
|
||||
../util/shlib_wrap.sh ./$(ECTEST)
|
||||
|
||||
test_verify:
|
||||
@echo "The following command should have some OK's and some failures"
|
||||
@echo "There are definitly a few expired certificates"
|
||||
-$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem
|
||||
-../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem
|
||||
|
||||
test_dh:
|
||||
@echo "Generate a set of DH parameters"
|
||||
$(SET_SO_PATHS); ./$(DHTEST)
|
||||
../util/shlib_wrap.sh ./$(DHTEST)
|
||||
|
||||
test_dsa:
|
||||
@echo "Generate a set of DSA parameters"
|
||||
$(SET_SO_PATHS); ./$(DSATEST)
|
||||
$(SET_SO_PATHS); ./$(DSATEST) -app2_1
|
||||
../util/shlib_wrap.sh ./$(DSATEST)
|
||||
../util/shlib_wrap.sh ./$(DSATEST) -app2_1
|
||||
if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
$(SET_SO_PATHS); ./$(FIPS_DSATEST); \
|
||||
$(SET_SO_PATHS); ./$(FIPS_DSATEST) -app2_1; \
|
||||
../util/shlib_wrap.sh ./$(FIPS_DSATEST); \
|
||||
../util/shlib_wrap.sh ./$(FIPS_DSATEST) -app2_1; \
|
||||
fi
|
||||
|
||||
test_gen:
|
||||
@echo "Generate and verify a certificate request"
|
||||
@$(SET_SO_PATHS); sh ./testgen
|
||||
@sh ./testgen
|
||||
|
||||
test_ss keyU.ss certU.ss certCA.ss: testss
|
||||
@echo "Generate and certify a test certificate"
|
||||
@$(SET_SO_PATHS); sh ./testss
|
||||
@sh ./testss
|
||||
|
||||
test_engine:
|
||||
@echo "Manipulate the ENGINE structures"
|
||||
$(SET_SO_PATHS); ./$(ENGINETEST)
|
||||
../util/shlib_wrap.sh ./$(ENGINETEST)
|
||||
|
||||
test_ssl: keyU.ss certU.ss certCA.ss
|
||||
@echo "test SSL protocol"
|
||||
@if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
|
||||
$(SET_SO_PATHS); sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
|
||||
sh ./testfipsssl keyU.ss certU.ss certCA.ss; \
|
||||
fi
|
||||
@$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss
|
||||
@sh ./testssl keyU.ss certU.ss certCA.ss
|
||||
|
||||
test_ca:
|
||||
@$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \
|
||||
@if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \
|
||||
echo "skipping CA.sh test -- requires RSA"; \
|
||||
else \
|
||||
echo "Generate and certify a test certificate via the 'ca' program"; \
|
||||
@ -299,7 +284,7 @@ test_ca:
|
||||
|
||||
test_aes: #$(AESTEST)
|
||||
# @echo "test Rijndael"
|
||||
# $(SET_SO_PATHS); ./$(AESTEST)
|
||||
# ../util/shlib_wrap.sh ./$(AESTEST)
|
||||
|
||||
lint:
|
||||
lint -DLINT $(INCLUDES) $(SRC)>fluff
|
||||
@ -600,6 +585,7 @@ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
|
||||
LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
|
||||
$(CC) -o dummytest$(EXE_EXT) $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \
|
||||
fi
|
||||
@for i in `ls ../*.dll 2>/dev/null`; do cp -p $$i .; done; exit 0
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
cmd='../apps/openssl crl'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl crl'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
@ -11,6 +11,9 @@ export SH PATH
|
||||
SSLEAY_CONFIG="-config CAss.cnf"
|
||||
export SSLEAY_CONFIG
|
||||
|
||||
OPENSSL="`pwd`/../util/shlib_wrap.sh openssl"
|
||||
export OPENSSL
|
||||
|
||||
/bin/rm -fr demoCA
|
||||
$SH ../apps/CA.sh -newca <<EOF
|
||||
EOF
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
testsrc=Makefile
|
||||
test=./p
|
||||
cmd=../apps/openssl
|
||||
cmd="../util/shlib_wrap.sh ../apps/openssl"
|
||||
|
||||
cat $testsrc >$test;
|
||||
|
||||
|
||||
@ -13,9 +13,9 @@ fi
|
||||
|
||||
ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA"
|
||||
|
||||
ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
|
||||
ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers"
|
||||
|
||||
if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
|
||||
dsa_cert=YES
|
||||
else
|
||||
dsa_cert=NO
|
||||
@ -89,24 +89,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
|
||||
|
||||
#############################################################################
|
||||
|
||||
if ../apps/openssl no-dh; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
|
||||
echo skipping anonymous DH tests
|
||||
else
|
||||
echo test tls1 with 1024bit anonymous DH, multiple handshakes
|
||||
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
fi
|
||||
|
||||
if ../apps/openssl no-rsa; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
|
||||
echo skipping RSA tests
|
||||
else
|
||||
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
|
||||
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
|
||||
|
||||
if ../apps/openssl no-dh; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
|
||||
echo skipping RSA+DHE tests
|
||||
else
|
||||
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -17,7 +17,7 @@ echo "generating certificate request"
|
||||
|
||||
echo "string to make the random number generator think it has entropy" >> ./.rnd
|
||||
|
||||
if ../apps/openssl no-rsa; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
|
||||
req_new='-newkey dsa:../apps/dsa512.pem'
|
||||
else
|
||||
req_new='-new'
|
||||
@ -29,13 +29,13 @@ echo "This could take some time."
|
||||
|
||||
rm -f testkey.pem testreq.pem
|
||||
|
||||
../apps/openssl req -config test.cnf $req_new -out testreq.pem
|
||||
../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem
|
||||
if [ $? != 0 ]; then
|
||||
echo problems creating request
|
||||
exit 1
|
||||
fi
|
||||
|
||||
../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
|
||||
../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout
|
||||
if [ $? != 0 ]; then
|
||||
echo signature on req is wrong
|
||||
exit 1
|
||||
|
||||
@ -1,9 +1,9 @@
|
||||
#!/bin/sh
|
||||
|
||||
digest='-sha1'
|
||||
reqcmd="../apps/openssl req"
|
||||
x509cmd="../apps/openssl x509 $digest"
|
||||
verifycmd="../apps/openssl verify"
|
||||
reqcmd="../util/shlib_wrap.sh ../apps/openssl req"
|
||||
x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest"
|
||||
verifycmd="../util/shlib_wrap.sh ../apps/openssl verify"
|
||||
dummycnf="../apps/openssl.cnf"
|
||||
|
||||
CAkey="keyCA.ss"
|
||||
@ -22,7 +22,7 @@ echo "make a certificate request using 'req'"
|
||||
|
||||
echo "string to make the random number generator think it has entropy" >> ./.rnd
|
||||
|
||||
if ../apps/openssl no-rsa; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
|
||||
req_new='-newkey dsa:../apps/dsa512.pem'
|
||||
else
|
||||
req_new='-new'
|
||||
|
||||
14
test/testssl
14
test/testssl
@ -10,9 +10,9 @@ if [ "$2" = "" ]; then
|
||||
else
|
||||
cert="$2"
|
||||
fi
|
||||
ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
|
||||
ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert"
|
||||
|
||||
if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then
|
||||
dsa_cert=YES
|
||||
else
|
||||
dsa_cert=NO
|
||||
@ -121,24 +121,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1
|
||||
|
||||
#############################################################################
|
||||
|
||||
if ../apps/openssl no-dh; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
|
||||
echo skipping anonymous DH tests
|
||||
else
|
||||
echo test tls1 with 1024bit anonymous DH, multiple handshakes
|
||||
$ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
fi
|
||||
|
||||
if ../apps/openssl no-rsa; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
|
||||
echo skipping RSA tests
|
||||
else
|
||||
echo test tls1 with 1024bit RSA, no DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
|
||||
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1
|
||||
|
||||
if ../apps/openssl no-dh; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-dh; then
|
||||
echo skipping RSA+DHE tests
|
||||
else
|
||||
echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
|
||||
./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
@ -7,7 +7,7 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
cmd='../apps/openssl pkcs7'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
@ -7,7 +7,7 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
cmd='../apps/openssl pkcs7'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
@ -7,7 +7,7 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
cmd='../apps/openssl req -config ../apps/openssl.cnf'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
@ -7,12 +7,12 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
if ../apps/openssl no-rsa; then
|
||||
if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then
|
||||
echo skipping rsa conversion test
|
||||
exit 0
|
||||
fi
|
||||
|
||||
cmd='../apps/openssl rsa'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl rsa'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
@ -7,7 +7,7 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
cmd='../apps/openssl sess_id'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl sess_id'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
@ -7,7 +7,7 @@ else
|
||||
fi
|
||||
export PATH
|
||||
|
||||
cmd='../apps/openssl x509'
|
||||
cmd='../util/shlib_wrap.sh ../apps/openssl x509'
|
||||
|
||||
if [ "$1"x != "x" ]; then
|
||||
t=$1
|
||||
|
||||
22
util/opensslwrap.sh
Executable file
22
util/opensslwrap.sh
Executable file
@ -0,0 +1,22 @@
|
||||
#!/bin/sh
|
||||
|
||||
HERE="`echo $0 | sed -e 's|[^/]*$||'`"
|
||||
OPENSSL="${HERE}../apps/openssl"
|
||||
|
||||
if [ -x "${OPENSSL}.exe" ]; then
|
||||
# The original reason for this script existence is to work around
|
||||
# certain caveats in run-time linker behaviour. On Windows platforms
|
||||
# adjusting $PATH used to be sufficient, but with introduction of
|
||||
# SafeDllSearchMode in XP/2003 the only way to get it right in
|
||||
# *all* possible situations is to copy newly built .DLLs to apps/
|
||||
# and test/, which is now done elsewhere... The $PATH is adjusted
|
||||
# for backward compatibility (and nostagical reasons:-).
|
||||
if [ "$OSTYPE" != msdosdjgpp ]; then
|
||||
PATH="${HERE}..:$PATH"; export PATH
|
||||
fi
|
||||
exec "${OPENSSL}.exe" "$@"
|
||||
elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then
|
||||
exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@"
|
||||
else
|
||||
exec "${OPENSSL}" "$@" # hope for the best...
|
||||
fi
|
||||
66
util/shlib_wrap.sh
Executable file
66
util/shlib_wrap.sh
Executable file
@ -0,0 +1,66 @@
|
||||
#!/bin/sh
|
||||
|
||||
[ $# -ne 0 ] || set -x # debug mode without arguments:-)
|
||||
|
||||
THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.."
|
||||
[ -d "${THERE}" ] || exec "$@" # should never happen...
|
||||
|
||||
# Alternative to this is to parse ${THERE}/Makefile...
|
||||
LIBCRYPTOSO="${THERE}/libcrypto.so"
|
||||
if [ -f "$LIBCRYPTOSO" ]; then
|
||||
while [ -h "$LIBCRYPTOSO" ]; do
|
||||
LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`"
|
||||
done
|
||||
SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null`
|
||||
LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}"
|
||||
fi
|
||||
|
||||
case "`(uname -s) 2>/dev/null`" in
|
||||
SunOS|IRIX*)
|
||||
# SunOS and IRIX run-time linkers evaluate alternative
|
||||
# variables depending on target ABI...
|
||||
rld_var=LD_LIBRARY_PATH
|
||||
case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in
|
||||
*ELF\ 64*SPARC*)
|
||||
[ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64
|
||||
;;
|
||||
*ELF\ N32*MIPS*)
|
||||
[ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH
|
||||
_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST
|
||||
;;
|
||||
*ELF\ 64*MIPS*)
|
||||
[ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH
|
||||
_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST
|
||||
;;
|
||||
esac
|
||||
eval $rld_var=\"${THERE}:'$'$rld_var\"; export $rld_var
|
||||
unset rld_var
|
||||
;;
|
||||
*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX
|
||||
DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X
|
||||
SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX
|
||||
LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2
|
||||
export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH
|
||||
# Even though $PATH is adjusted [for Windows sake], it doesn't
|
||||
# necessarily does the trick. Trouble is that with introduction
|
||||
# of SafeDllSearchMode in XP/2003 it's more appropriate to copy
|
||||
# .DLLs in vicinity of executable, which is done elsewhere...
|
||||
if [ "$OSTYPE" != msdosdjgpp ]; then
|
||||
PATH="${THERE}:$PATH"; export PATH
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
|
||||
if [ -f "$LIBCRYPTOSO" ]; then
|
||||
# Following three lines are major excuse for isolating them into
|
||||
# this wrapper script. Original reason for setting LD_PRELOAD
|
||||
# was to make it possible to pass 'make test' when user linked
|
||||
# with -rpath pointing to previous version installation. Wrapping
|
||||
# it into a script makes it possible to do so on multi-ABI
|
||||
# platforms.
|
||||
LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" # SunOS, Linux, ELF HP-UX
|
||||
_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX
|
||||
export LD_PRELOAD _RLD_LIST
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
Loading…
x
Reference in New Issue
Block a user