1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
|
/*
* Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <openssl/opensslv.h>
#include <openssl/ssl.h>
#include <openssl/types.h>
#include "simpledynamic.h"
typedef void DSO;
typedef const SSL_METHOD * (*TLS_method_t)(void);
typedef SSL_CTX * (*SSL_CTX_new_t)(const SSL_METHOD *meth);
typedef void (*SSL_CTX_free_t)(SSL_CTX *);
typedef int (*OPENSSL_init_crypto_t)(uint64_t, void *);
typedef int (*OPENSSL_atexit_t)(void (*handler)(void));
typedef unsigned long (*ERR_get_error_t)(void);
typedef unsigned long (*OPENSSL_version_major_t)(void);
typedef unsigned long (*OPENSSL_version_minor_t)(void);
typedef unsigned long (*OPENSSL_version_patch_t)(void);
typedef DSO * (*DSO_dsobyaddr_t)(void (*addr)(void), int flags);
typedef int (*DSO_free_t)(DSO *dso);
typedef enum test_types_en {
CRYPTO_FIRST,
SSL_FIRST,
JUST_CRYPTO,
DSO_REFTEST,
NO_ATEXIT
} TEST_TYPE;
static TEST_TYPE test_type;
static const char *path_crypto;
static const char *path_ssl;
static const char *path_atexit;
#ifdef SD_INIT
static int atexit_handler_done = 0;
static void atexit_handler(void)
{
FILE *atexit_file = fopen(path_atexit, "w");
if (atexit_file == NULL)
return;
fprintf(atexit_file, "atexit() run\n");
fclose(atexit_file);
atexit_handler_done++;
}
static int test_lib(void)
{
SD ssllib = SD_INIT;
SD cryptolib = SD_INIT;
SSL_CTX *ctx;
union {
void (*func)(void);
SD_SYM sym;
} symbols[5];
TLS_method_t myTLS_method;
SSL_CTX_new_t mySSL_CTX_new;
SSL_CTX_free_t mySSL_CTX_free;
ERR_get_error_t myERR_get_error;
OPENSSL_version_major_t myOPENSSL_version_major;
OPENSSL_version_minor_t myOPENSSL_version_minor;
OPENSSL_version_patch_t myOPENSSL_version_patch;
OPENSSL_atexit_t myOPENSSL_atexit;
int result = 0;
switch (test_type) {
case JUST_CRYPTO:
case DSO_REFTEST:
case NO_ATEXIT:
case CRYPTO_FIRST:
if (!sd_load(path_crypto, &cryptolib, SD_SHLIB)) {
fprintf(stderr, "Failed to load libcrypto\n");
goto end;
}
if (test_type != CRYPTO_FIRST)
break;
/* Fall through */
case SSL_FIRST:
if (!sd_load(path_ssl, &ssllib, SD_SHLIB)) {
fprintf(stderr, "Failed to load libssl\n");
goto end;
}
if (test_type != SSL_FIRST)
break;
if (!sd_load(path_crypto, &cryptolib, SD_SHLIB)) {
fprintf(stderr, "Failed to load libcrypto\n");
goto end;
}
break;
}
if (test_type == NO_ATEXIT) {
OPENSSL_init_crypto_t myOPENSSL_init_crypto;
if (!sd_sym(cryptolib, "OPENSSL_init_crypto", &symbols[0].sym)) {
fprintf(stderr, "Failed to load OPENSSL_init_crypto symbol\n");
goto end;
}
myOPENSSL_init_crypto = (OPENSSL_init_crypto_t)symbols[0].func;
if (!myOPENSSL_init_crypto(OPENSSL_INIT_NO_ATEXIT, NULL)) {
fprintf(stderr, "Failed to initialise libcrypto\n");
goto end;
}
}
if (test_type != JUST_CRYPTO
&& test_type != DSO_REFTEST
&& test_type != NO_ATEXIT) {
if (!sd_sym(ssllib, "TLS_method", &symbols[0].sym)
|| !sd_sym(ssllib, "SSL_CTX_new", &symbols[1].sym)
|| !sd_sym(ssllib, "SSL_CTX_free", &symbols[2].sym)) {
fprintf(stderr, "Failed to load libssl symbols\n");
goto end;
}
myTLS_method = (TLS_method_t)symbols[0].func;
mySSL_CTX_new = (SSL_CTX_new_t)symbols[1].func;
mySSL_CTX_free = (SSL_CTX_free_t)symbols[2].func;
ctx = mySSL_CTX_new(myTLS_method());
if (ctx == NULL) {
fprintf(stderr, "Failed to create SSL_CTX\n");
goto end;
}
mySSL_CTX_free(ctx);
}
if (!sd_sym(cryptolib, "ERR_get_error", &symbols[0].sym)
|| !sd_sym(cryptolib, "OPENSSL_version_major", &symbols[1].sym)
|| !sd_sym(cryptolib, "OPENSSL_version_minor", &symbols[2].sym)
|| !sd_sym(cryptolib, "OPENSSL_version_patch", &symbols[3].sym)
|| !sd_sym(cryptolib, "OPENSSL_atexit", &symbols[4].sym)) {
fprintf(stderr, "Failed to load libcrypto symbols\n");
goto end;
}
myERR_get_error = (ERR_get_error_t)symbols[0].func;
if (myERR_get_error() != 0) {
fprintf(stderr, "Unexpected ERR_get_error() response\n");
goto end;
}
/* Library and header version should be identical in this test */
myOPENSSL_version_major = (OPENSSL_version_major_t)symbols[1].func;
myOPENSSL_version_minor = (OPENSSL_version_minor_t)symbols[2].func;
myOPENSSL_version_patch = (OPENSSL_version_patch_t)symbols[3].func;
if (myOPENSSL_version_major() != OPENSSL_VERSION_MAJOR
|| myOPENSSL_version_minor() != OPENSSL_VERSION_MINOR
|| myOPENSSL_version_patch() != OPENSSL_VERSION_PATCH) {
fprintf(stderr, "Invalid library version number\n");
goto end;
}
myOPENSSL_atexit = (OPENSSL_atexit_t)symbols[4].func;
if (!myOPENSSL_atexit(atexit_handler)) {
fprintf(stderr, "Failed to register atexit handler\n");
goto end;
}
if (test_type == DSO_REFTEST) {
# ifdef DSO_DLFCN
DSO_dsobyaddr_t myDSO_dsobyaddr;
DSO_free_t myDSO_free;
/*
* This is resembling the code used in ossl_init_base() and
* OPENSSL_atexit() to block unloading the library after dlclose().
* We are not testing this on Windows, because it is done there in a
* completely different way. Especially as a call to DSO_dsobyaddr()
* will always return an error, because DSO_pathbyaddr() is not
* implemented there.
*/
if (!sd_sym(cryptolib, "DSO_dsobyaddr", &symbols[0].sym)
|| !sd_sym(cryptolib, "DSO_free", &symbols[1].sym)) {
fprintf(stderr, "Unable to load DSO symbols\n");
goto end;
}
myDSO_dsobyaddr = (DSO_dsobyaddr_t)symbols[0].func;
myDSO_free = (DSO_free_t)symbols[1].func;
{
DSO *hndl;
/* use known symbol from crypto module */
hndl = myDSO_dsobyaddr((void (*)(void))myERR_get_error, 0);
if (hndl == NULL) {
fprintf(stderr, "DSO_dsobyaddr() failed\n");
goto end;
}
myDSO_free(hndl);
}
# endif /* DSO_DLFCN */
}
if (!sd_close(cryptolib)) {
fprintf(stderr, "Failed to close libcrypto\n");
goto end;
}
cryptolib = SD_INIT;
if (test_type == CRYPTO_FIRST || test_type == SSL_FIRST) {
if (!sd_close(ssllib)) {
fprintf(stderr, "Failed to close libssl\n");
goto end;
}
ssllib = SD_INIT;
}
# if defined(OPENSSL_NO_PINSHARED) \
&& defined(__GLIBC__) \
&& defined(__GLIBC_PREREQ) \
&& defined(OPENSSL_SYS_LINUX)
# if __GLIBC_PREREQ(2, 3)
/*
* If we didn't pin the so then we are hopefully on a platform that supports
* running atexit() on so unload. If not we might crash. We know this is
* true on linux since glibc 2.2.3
*/
if (test_type != NO_ATEXIT && atexit_handler_done != 1) {
fprintf(stderr, "atexit() handler did not run\n");
goto end;
}
# endif
# endif
result = 1;
end:
if (cryptolib != SD_INIT)
sd_close(cryptolib);
if (ssllib != SD_INIT)
sd_close(ssllib);
return result;
}
#endif
/*
* shlibloadtest should not use the normal test framework because we don't want
* it to link against libcrypto (which the framework uses). The point of the
* test is to check dynamic loading and unloading of libcrypto/libssl.
*/
int main(int argc, char *argv[])
{
const char *p;
if (argc != 5) {
fprintf(stderr, "Incorrect number of arguments\n");
return 1;
}
p = argv[1];
if (strcmp(p, "-crypto_first") == 0) {
test_type = CRYPTO_FIRST;
} else if (strcmp(p, "-ssl_first") == 0) {
test_type = SSL_FIRST;
} else if (strcmp(p, "-just_crypto") == 0) {
test_type = JUST_CRYPTO;
} else if (strcmp(p, "-dso_ref") == 0) {
test_type = DSO_REFTEST;
} else if (strcmp(p, "-no_atexit") == 0) {
test_type = NO_ATEXIT;
} else {
fprintf(stderr, "Unrecognised argument\n");
return 1;
}
path_crypto = argv[2];
path_ssl = argv[3];
path_atexit = argv[4];
if (path_crypto == NULL || path_ssl == NULL) {
fprintf(stderr, "Invalid libcrypto/libssl path\n");
return 1;
}
#ifdef SD_INIT
if (!test_lib())
return 1;
#endif
return 0;
}
|
