From: Andy Polyakov Date: Tue, 1 Feb 2005 23:45:42 +0000 (+0000) Subject: Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms X-Git-Tag: OpenSSL_0_9_7f~28 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=dbaa6f91aa018f895e05eb64e07ea5f7711321c6;p=oweals%2Fopenssl.git Address run-time linker problems: LD_PRELOAD issue on multi-ABI platforms and SafeDllSearchMode in Windows. --- diff --git a/Makefile.org b/Makefile.org index dd7cfc6368..3b72486d04 100644 --- a/Makefile.org +++ b/Makefile.org @@ -681,20 +681,9 @@ dclean: rehash: rehash.time rehash.time: certs - @(OPENSSL="`pwd`/apps/openssl$(EXE_EXT)"; OPENSSL_DEBUG_MEMORY=on; \ + @(OPENSSL="`pwd`/util/opensslwrap.sh"; \ + OPENSSL_DEBUG_MEMORY=on; \ export OPENSSL OPENSSL_DEBUG_MEMORY; \ - if [ -n "$(SHARED_LIBS)" ]; then \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then \ - PATH="`pwd`:$$PATH"; \ - fi; \ - LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - export LD_PRELOAD; \ - fi; \ $(PERL) tools/c_rehash certs) touch rehash.time @@ -703,17 +692,7 @@ test: tests tests: rehash @(cd test && echo "testing..." && \ $(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' PROCESSOR='${PROCESSOR}' PERL='${PERL}' RANLIB='${RANLIB}' TESTS='${TESTS}' KRB5_INCLUDES='${KRB5_INCLUDES}' LIBKRB5='${LIBKRB5}' EXE_EXT='${EXE_EXT}' SHARED_LIBS='${SHARED_LIBS}' SHLIB_EXT='${SHLIB_EXT}' SHLIB_TARGET='${SHLIB_TARGET}' TESTS='${TESTS}' OPENSSL_DEBUG_MEMORY=on tests ); - @if [ -n "$(SHARED_LIBS)" ]; then \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then PATH="`pwd`:$$PATH"; fi; \ - LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - export LD_PRELOAD; \ - fi; \ - apps/openssl version -a + util/shlib_wrap.sh apps/openssl version -a report: @$(PERL) util/selftest.pl diff --git a/apps/CA.pl.in b/apps/CA.pl.in index ae7d9c045f..39f267d313 100644 --- a/apps/CA.pl.in +++ b/apps/CA.pl.in @@ -36,13 +36,21 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +my $openssl; +if(defined $ENV{OPENSSL}) { + $openssl = $ENV{OPENSSL}; +} else { + $openssl = "openssl"; + $ENV{OPENSSL} = $openssl; +} + $SSLEAY_CONFIG=$ENV{"SSLEAY_CONFIG"}; $DAYS="-days 365"; -$REQ="openssl req $SSLEAY_CONFIG"; -$CA="openssl ca $SSLEAY_CONFIG"; -$VERIFY="openssl verify"; -$X509="openssl x509"; -$PKCS12="openssl pkcs12"; +$REQ="$openssl req $SSLEAY_CONFIG"; +$CA="$openssl ca $SSLEAY_CONFIG"; +$VERIFY="$openssl verify"; +$X509="$openssl x509"; +$PKCS12="$openssl pkcs12"; $CATOP="./demoCA"; $CAKEY="cakey.pem"; diff --git a/apps/CA.sh b/apps/CA.sh index d9f3069fb2..030a11fc25 100644 --- a/apps/CA.sh +++ b/apps/CA.sh @@ -30,11 +30,13 @@ # default openssl.cnf file has setup as per the following # demoCA ... where everything is stored +if [ -z "$OPENSSL" ]; then OPENSSL=openssl; fi + DAYS="-days 365" -REQ="openssl req $SSLEAY_CONFIG" -CA="openssl ca $SSLEAY_CONFIG" -VERIFY="openssl verify" -X509="openssl x509" +REQ="$OPENSSL req $SSLEAY_CONFIG" +CA="$OPENSSL ca $SSLEAY_CONFIG" +VERIFY="$OPENSSL verify" +X509="$OPENSSL x509" CATOP=./demoCA CAKEY=./cakey.pem diff --git a/apps/Makefile b/apps/Makefile index f734415bf0..f771384c99 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -152,20 +152,9 @@ $(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \ fi + @for i in `ls ../*.dll 2>/dev/null`; do cp -p $$i .; done; exit 0; -(cd ..; \ - OPENSSL="`pwd`/apps/$(EXE)"; export OPENSSL; \ - if [ -n "$(SHARED_LIBS)" ]; then \ - LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="`pwd`:$$SHLIB_PATH"; \ - LIBPATH="`pwd`:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then \ - PATH="`pwd`:$$PATH"; \ - fi; \ - LD_PRELOAD="`pwd`/libssl.so `pwd`/libcrypto.so"; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - export LD_PRELOAD; \ - fi; \ + OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \ $(PERL) tools/c_rehash certs) progs.h: progs.pl diff --git a/ms/testss.bat b/ms/testss.bat index f7e58e2756..b4aaf3c601 100755 --- a/ms/testss.bat +++ b/ms/testss.bat @@ -4,7 +4,7 @@ rem set ssleay=..\out\ssleay set ssleay=%1 set reqcmd=%ssleay% req -set x509cmd=%ssleay% x509 +set x509cmd=%ssleay% x509 -sha1 set verifycmd=%ssleay% verify set CAkey=keyCA.ss diff --git a/test/Makefile b/test/Makefile index 2000413273..c6ea0028b2 100644 --- a/test/Makefile +++ b/test/Makefile @@ -124,21 +124,6 @@ tests: exe apps $(TESTS) apps: @(cd ..; $(MAKE) DIRS=apps all) -SET_SO_PATHS=\ - if [ -n "$(SHARED_LIBS)" ]; then \ - OSSL_LIBPATH="`cd ..; pwd`"; \ - LD_LIBRARY_PATH="$$OSSL_LIBPATH:$$LD_LIBRARY_PATH"; \ - DYLD_LIBRARY_PATH="$$OSSL_LIBPATH:$$DYLD_LIBRARY_PATH"; \ - SHLIB_PATH="$$OSSL_LIBPATH:$$SHLIB_PATH"; \ - LIBPATH="$$OSSL_LIBPATH:$$LIBPATH"; \ - if [ "$(PLATFORM)" = "Cygwin" ]; then \ - PATH="$${LIBPATH}:$$PATH"; \ - fi; \ - LD_PRELOAD="$$OSSL_LIBPATH/libssl.so $$OSSL_LIBPATH/libcrypto.so"; \ - export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH PATH; \ - export LD_PRELOAD; \ - fi - alltests: \ test_des test_idea test_sha test_md4 test_md5 test_hmac \ test_md2 test_mdc2 \ @@ -152,145 +137,145 @@ alltests: \ fips_test_aes: if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ mkdir -p fips_aes_data/rsp; \ - $(SET_SO_PATHS); ./$(FIPS_AESTEST) -d fips_aes_data/list; \ + ../util/shlib_wrap.sh ./$(FIPS_AESTEST) -d fips_aes_data/list; \ fi test_evp: - $(SET_SO_PATHS); ./$(EVPTEST) evptests.txt + ../util/shlib_wrap.sh ./$(EVPTEST) evptests.txt test_des: - $(SET_SO_PATHS); ./$(DESTEST) + ../util/shlib_wrap.sh ./$(DESTEST) test_idea: - $(SET_SO_PATHS); ./$(IDEATEST) + ../util/shlib_wrap.sh ./$(IDEATEST) test_sha: - $(SET_SO_PATHS); ./$(SHATEST) - $(SET_SO_PATHS); ./$(SHA1TEST) + ../util/shlib_wrap.sh ./$(SHATEST) + ../util/shlib_wrap.sh ./$(SHA1TEST) if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - $(SET_SO_PATHS); ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \ + ../util/shlib_wrap.sh ./$(FIPS_SHA1TEST) sha1vectors.txt | sed s/Strings/Hashes/ | cmp sha1hashes.txt - ; \ fi test_mdc2: - $(SET_SO_PATHS); ./$(MDC2TEST) + ../util/shlib_wrap.sh ./$(MDC2TEST) test_md5: - $(SET_SO_PATHS); ./$(MD5TEST) + ../util/shlib_wrap.sh ./$(MD5TEST) test_md4: - $(SET_SO_PATHS); ./$(MD4TEST) + ../util/shlib_wrap.sh ./$(MD4TEST) test_hmac: - $(SET_SO_PATHS); ./$(HMACTEST) + ../util/shlib_wrap.sh ./$(HMACTEST) test_md2: - $(SET_SO_PATHS); ./$(MD2TEST) + ../util/shlib_wrap.sh ./$(MD2TEST) test_rmd: - $(SET_SO_PATHS); ./$(RMDTEST) + ../util/shlib_wrap.sh ./$(RMDTEST) test_bf: - $(SET_SO_PATHS); ./$(BFTEST) + ../util/shlib_wrap.sh ./$(BFTEST) test_cast: - $(SET_SO_PATHS); ./$(CASTTEST) + ../util/shlib_wrap.sh ./$(CASTTEST) test_rc2: - $(SET_SO_PATHS); ./$(RC2TEST) + ../util/shlib_wrap.sh ./$(RC2TEST) test_rc4: - $(SET_SO_PATHS); ./$(RC4TEST) + ../util/shlib_wrap.sh ./$(RC4TEST) test_rc5: - $(SET_SO_PATHS); ./$(RC5TEST) + ../util/shlib_wrap.sh ./$(RC5TEST) test_rand: - $(SET_SO_PATHS); ./$(RANDTEST) + ../util/shlib_wrap.sh ./$(RANDTEST) if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - $(SET_SO_PATHS); ./$(FIPS_RANDTEST); \ + ../util/shlib_wrap.sh ./$(FIPS_RANDTEST); \ fi test_enc: - @$(SET_SO_PATHS); sh ./testenc + @sh ./testenc test_x509: echo test normal x509v1 certificate - $(SET_SO_PATHS); sh ./tx509 2>/dev/null + sh ./tx509 2>/dev/null echo test first x509v3 certificate - $(SET_SO_PATHS); sh ./tx509 v3-cert1.pem 2>/dev/null + sh ./tx509 v3-cert1.pem 2>/dev/null echo test second x509v3 certificate - $(SET_SO_PATHS); sh ./tx509 v3-cert2.pem 2>/dev/null + sh ./tx509 v3-cert2.pem 2>/dev/null test_rsa: - @$(SET_SO_PATHS); sh ./trsa 2>/dev/null - $(SET_SO_PATHS); ./$(RSATEST) + @sh ./trsa 2>/dev/null + ../util/shlib_wrap.sh ./$(RSATEST) test_crl: - @$(SET_SO_PATHS); sh ./tcrl 2>/dev/null + @sh ./tcrl 2>/dev/null test_sid: - @$(SET_SO_PATHS); sh ./tsid 2>/dev/null + @sh ./tsid 2>/dev/null test_req: - @$(SET_SO_PATHS); sh ./treq 2>/dev/null - @$(SET_SO_PATHS); sh ./treq testreq2.pem 2>/dev/null + @sh ./treq 2>/dev/null + @sh ./treq testreq2.pem 2>/dev/null test_pkcs7: - @$(SET_SO_PATHS); sh ./tpkcs7 2>/dev/null - @$(SET_SO_PATHS); sh ./tpkcs7d 2>/dev/null + @sh ./tpkcs7 2>/dev/null + @sh ./tpkcs7d 2>/dev/null test_bn: @echo starting big number library test, could take a while... - @$(SET_SO_PATHS); ./$(BNTEST) >tmp.bntest + @../util/shlib_wrap.sh ./$(BNTEST) >tmp.bntest @echo quit >>tmp.bntest @echo "running bc" @) {if (/^test (.*)/) {print STDERR "\nverify $$1";} elsif (!/^0$$/) {die "\nFailed! bc: $$_";} else {print STDERR "."; $$i++;}} print STDERR "\n$$i tests passed\n"' @echo 'test a^b%c implementations' - $(SET_SO_PATHS); ./$(EXPTEST) + ../util/shlib_wrap.sh ./$(EXPTEST) test_ec: @echo 'test elliptic curves' - $(SET_SO_PATHS); ./$(ECTEST) + ../util/shlib_wrap.sh ./$(ECTEST) test_verify: @echo "The following command should have some OK's and some failures" @echo "There are definitly a few expired certificates" - -$(SET_SO_PATHS); ../apps/openssl verify -CApath ../certs ../certs/*.pem + -../util/shlib_wrap.sh ../apps/openssl verify -CApath ../certs ../certs/*.pem test_dh: @echo "Generate a set of DH parameters" - $(SET_SO_PATHS); ./$(DHTEST) + ../util/shlib_wrap.sh ./$(DHTEST) test_dsa: @echo "Generate a set of DSA parameters" - $(SET_SO_PATHS); ./$(DSATEST) - $(SET_SO_PATHS); ./$(DSATEST) -app2_1 + ../util/shlib_wrap.sh ./$(DSATEST) + ../util/shlib_wrap.sh ./$(DSATEST) -app2_1 if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - $(SET_SO_PATHS); ./$(FIPS_DSATEST); \ - $(SET_SO_PATHS); ./$(FIPS_DSATEST) -app2_1; \ + ../util/shlib_wrap.sh ./$(FIPS_DSATEST); \ + ../util/shlib_wrap.sh ./$(FIPS_DSATEST) -app2_1; \ fi test_gen: @echo "Generate and verify a certificate request" - @$(SET_SO_PATHS); sh ./testgen + @sh ./testgen test_ss keyU.ss certU.ss certCA.ss: testss @echo "Generate and certify a test certificate" - @$(SET_SO_PATHS); sh ./testss + @sh ./testss test_engine: @echo "Manipulate the ENGINE structures" - $(SET_SO_PATHS); ./$(ENGINETEST) + ../util/shlib_wrap.sh ./$(ENGINETEST) test_ssl: keyU.ss certU.ss certCA.ss @echo "test SSL protocol" @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \ - $(SET_SO_PATHS); sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ + sh ./testfipsssl keyU.ss certU.ss certCA.ss; \ fi - @$(SET_SO_PATHS); sh ./testssl keyU.ss certU.ss certCA.ss + @sh ./testssl keyU.ss certU.ss certCA.ss test_ca: - @$(SET_SO_PATHS); if ../apps/openssl no-rsa; then \ + @if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then \ echo "skipping CA.sh test -- requires RSA"; \ else \ echo "Generate and certify a test certificate via the 'ca' program"; \ @@ -299,7 +284,7 @@ test_ca: test_aes: #$(AESTEST) # @echo "test Rijndael" -# $(SET_SO_PATHS); ./$(AESTEST) +# ../util/shlib_wrap.sh ./$(AESTEST) lint: lint -DLINT $(INCLUDES) $(SRC)>fluff @@ -600,6 +585,7 @@ dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO) LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ $(CC) -o dummytest$(EXE_EXT) $(CFLAGS) dummytest.o $(PEX_LIBS) $(LIBCRYPTO) $(EX_LIBS) ; \ fi + @for i in `ls ../*.dll 2>/dev/null`; do cp -p $$i .; done; exit 0 # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/test/tcrl b/test/tcrl index f71ef7a863..3ffed12a03 100644 --- a/test/tcrl +++ b/test/tcrl @@ -7,7 +7,7 @@ else fi export PATH -cmd='../apps/openssl crl' +cmd='../util/shlib_wrap.sh ../apps/openssl crl' if [ "$1"x != "x" ]; then t=$1 diff --git a/test/testca b/test/testca index 8215ebb5d1..5b2faa78f1 100644 --- a/test/testca +++ b/test/testca @@ -11,6 +11,9 @@ export SH PATH SSLEAY_CONFIG="-config CAss.cnf" export SSLEAY_CONFIG +OPENSSL="`pwd`/../util/shlib_wrap.sh openssl" +export OPENSSL + /bin/rm -fr demoCA $SH ../apps/CA.sh -newca <$test; diff --git a/test/testfipsssl b/test/testfipsssl index da5e5987ab..c4836edc25 100644 --- a/test/testfipsssl +++ b/test/testfipsssl @@ -13,9 +13,9 @@ fi ciphers="DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:AES256-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:AES128-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA" -ssltest="./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers" +ssltest="../util/shlib_wrap.sh ./ssltest -F -key $key -cert $cert -c_key $key -c_cert $cert -cipher $ciphers" -if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then +if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then dsa_cert=YES else dsa_cert=NO @@ -89,24 +89,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 ############################################################################# -if ../apps/openssl no-dh; then +if ../util/shlib_wrap.sh ../apps/openssl no-dh; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 fi -if ../apps/openssl no-rsa; then +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 - if ../apps/openssl no-dh; then + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then echo skipping RSA+DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi fi diff --git a/test/testgen b/test/testgen index 3798543e04..524c0d134c 100644 --- a/test/testgen +++ b/test/testgen @@ -17,7 +17,7 @@ echo "generating certificate request" echo "string to make the random number generator think it has entropy" >> ./.rnd -if ../apps/openssl no-rsa; then +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then req_new='-newkey dsa:../apps/dsa512.pem' else req_new='-new' @@ -29,13 +29,13 @@ echo "This could take some time." rm -f testkey.pem testreq.pem -../apps/openssl req -config test.cnf $req_new -out testreq.pem +../util/shlib_wrap.sh ../apps/openssl req -config test.cnf $req_new -out testreq.pem if [ $? != 0 ]; then echo problems creating request exit 1 fi -../apps/openssl req -config test.cnf -verify -in testreq.pem -noout +../util/shlib_wrap.sh ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout if [ $? != 0 ]; then echo signature on req is wrong exit 1 diff --git a/test/testss b/test/testss index 102c1a95f1..f6a629c8e1 100644 --- a/test/testss +++ b/test/testss @@ -1,9 +1,9 @@ #!/bin/sh digest='-sha1' -reqcmd="../apps/openssl req" -x509cmd="../apps/openssl x509 $digest" -verifycmd="../apps/openssl verify" +reqcmd="../util/shlib_wrap.sh ../apps/openssl req" +x509cmd="../util/shlib_wrap.sh ../apps/openssl x509 $digest" +verifycmd="../util/shlib_wrap.sh ../apps/openssl verify" dummycnf="../apps/openssl.cnf" CAkey="keyCA.ss" @@ -22,7 +22,7 @@ echo "make a certificate request using 'req'" echo "string to make the random number generator think it has entropy" >> ./.rnd -if ../apps/openssl no-rsa; then +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then req_new='-newkey dsa:../apps/dsa512.pem' else req_new='-new' diff --git a/test/testssl b/test/testssl index ca8e718022..8ac90ae5ee 100644 --- a/test/testssl +++ b/test/testssl @@ -10,9 +10,9 @@ if [ "$2" = "" ]; then else cert="$2" fi -ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" +ssltest="../util/shlib_wrap.sh ./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" -if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then +if ../util/shlib_wrap.sh ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then dsa_cert=YES else dsa_cert=NO @@ -121,24 +121,24 @@ $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 ############################################################################# -if ../apps/openssl no-dh; then +if ../util/shlib_wrap.sh ../apps/openssl no-dh; then echo skipping anonymous DH tests else echo test tls1 with 1024bit anonymous DH, multiple handshakes $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 fi -if ../apps/openssl no-rsa; then +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then echo skipping RSA tests else echo test tls1 with 1024bit RSA, no DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 - if ../apps/openssl no-dh; then + if ../util/shlib_wrap.sh ../apps/openssl no-dh; then echo skipping RSA+DHE tests else echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes - ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 + ../util/shlib_wrap.sh ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 fi fi diff --git a/test/tpkcs7 b/test/tpkcs7 index cf3bd9fadb..79bb6e0edf 100644 --- a/test/tpkcs7 +++ b/test/tpkcs7 @@ -7,7 +7,7 @@ else fi export PATH -cmd='../apps/openssl pkcs7' +cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' if [ "$1"x != "x" ]; then t=$1 diff --git a/test/tpkcs7d b/test/tpkcs7d index 18f9311b06..20394b34c4 100644 --- a/test/tpkcs7d +++ b/test/tpkcs7d @@ -7,7 +7,7 @@ else fi export PATH -cmd='../apps/openssl pkcs7' +cmd='../util/shlib_wrap.sh ../apps/openssl pkcs7' if [ "$1"x != "x" ]; then t=$1 diff --git a/test/treq b/test/treq index 47a8273cde..7e020210a5 100644 --- a/test/treq +++ b/test/treq @@ -7,7 +7,7 @@ else fi export PATH -cmd='../apps/openssl req -config ../apps/openssl.cnf' +cmd='../util/shlib_wrap.sh ../apps/openssl req -config ../apps/openssl.cnf' if [ "$1"x != "x" ]; then t=$1 diff --git a/test/trsa b/test/trsa index 413e2ec0a0..67b4a98841 100644 --- a/test/trsa +++ b/test/trsa @@ -7,12 +7,12 @@ else fi export PATH -if ../apps/openssl no-rsa; then +if ../util/shlib_wrap.sh ../apps/openssl no-rsa; then echo skipping rsa conversion test exit 0 fi -cmd='../apps/openssl rsa' +cmd='../util/shlib_wrap.sh ../apps/openssl rsa' if [ "$1"x != "x" ]; then t=$1 diff --git a/test/tsid b/test/tsid index 40a1dfa97c..fb4a7213b9 100644 --- a/test/tsid +++ b/test/tsid @@ -7,7 +7,7 @@ else fi export PATH -cmd='../apps/openssl sess_id' +cmd='../util/shlib_wrap.sh ../apps/openssl sess_id' if [ "$1"x != "x" ]; then t=$1 diff --git a/test/tx509 b/test/tx509 index d380963abc..1b9c8661f3 100644 --- a/test/tx509 +++ b/test/tx509 @@ -7,7 +7,7 @@ else fi export PATH -cmd='../apps/openssl x509' +cmd='../util/shlib_wrap.sh ../apps/openssl x509' if [ "$1"x != "x" ]; then t=$1 diff --git a/util/opensslwrap.sh b/util/opensslwrap.sh new file mode 100755 index 0000000000..91d29e2b87 --- /dev/null +++ b/util/opensslwrap.sh @@ -0,0 +1,22 @@ +#!/bin/sh + +HERE="`echo $0 | sed -e 's|[^/]*$||'`" +OPENSSL="${HERE}../apps/openssl" + +if [ -x "${OPENSSL}.exe" ]; then + # The original reason for this script existence is to work around + # certain caveats in run-time linker behaviour. On Windows platforms + # adjusting $PATH used to be sufficient, but with introduction of + # SafeDllSearchMode in XP/2003 the only way to get it right in + # *all* possible situations is to copy newly built .DLLs to apps/ + # and test/, which is now done elsewhere... The $PATH is adjusted + # for backward compatibility (and nostagical reasons:-). + if [ "$OSTYPE" != msdosdjgpp ]; then + PATH="${HERE}..:$PATH"; export PATH + fi + exec "${OPENSSL}.exe" "$@" +elif [ -x "${OPENSSL}" -a -x "${HERE}shlib_wrap.sh" ]; then + exec "${HERE}shlib_wrap.sh" "${OPENSSL}" "$@" +else + exec "${OPENSSL}" "$@" # hope for the best... +fi diff --git a/util/shlib_wrap.sh b/util/shlib_wrap.sh new file mode 100755 index 0000000000..b3d2a21443 --- /dev/null +++ b/util/shlib_wrap.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +[ $# -ne 0 ] || set -x # debug mode without arguments:-) + +THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.." +[ -d "${THERE}" ] || exec "$@" # should never happen... + +# Alternative to this is to parse ${THERE}/Makefile... +LIBCRYPTOSO="${THERE}/libcrypto.so" +if [ -f "$LIBCRYPTOSO" ]; then + while [ -h "$LIBCRYPTOSO" ]; do + LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`" + done + SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null` + LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}" +fi + +case "`(uname -s) 2>/dev/null`" in +SunOS|IRIX*) + # SunOS and IRIX run-time linkers evaluate alternative + # variables depending on target ABI... + rld_var=LD_LIBRARY_PATH + case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in + *ELF\ 64*SPARC*) + [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64 + ;; + *ELF\ N32*MIPS*) + [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH + _RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + ;; + *ELF\ 64*MIPS*) + [ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH + _RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + ;; + esac + eval $rld_var=\"${THERE}:'$'$rld_var\"; export $rld_var + unset rld_var + ;; +*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX + DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X + SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX + LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2 + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH + # Even though $PATH is adjusted [for Windows sake], it doesn't + # necessarily does the trick. Trouble is that with introduction + # of SafeDllSearchMode in XP/2003 it's more appropriate to copy + # .DLLs in vicinity of executable, which is done elsewhere... + if [ "$OSTYPE" != msdosdjgpp ]; then + PATH="${THERE}:$PATH"; export PATH + fi + ;; +esac + +if [ -f "$LIBCRYPTOSO" ]; then + # Following three lines are major excuse for isolating them into + # this wrapper script. Original reason for setting LD_PRELOAD + # was to make it possible to pass 'make test' when user linked + # with -rpath pointing to previous version installation. Wrapping + # it into a script makes it possible to do so on multi-ABI + # platforms. + LD_PRELOAD="$LIBCRYPTOSO $LIBSSLSO" # SunOS, Linux, ELF HP-UX + _RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT" # Tru64, o32 IRIX + export LD_PRELOAD _RLD_LIST +fi + +exec "$@"