pool/openssl-ibmca
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2894c35cb4
openssl-ibmca/openssl-ibmca-02-test-provider-Do-not-link-against-libica-use-dlopen-instead.patch

244 lines
8.1 KiB
Diff
Raw Normal View History

- Adapted the openssl-ibmca package for the openssl-1_1 removal(bsc#1232570) OBS-URL: https://build.opensuse.org/package/show/security:tls/openssl-ibmca?expand=0&rev=77
2024-10-30 09:42:35 +01:00
From 2f420ff28cedfea2ca730d7e54dba39fa4e06cbc Mon Sep 17 00:00:00 2001
From: Ingo Franzki <ifranzki@linux.ibm.com>
Date: Wed, 10 Jan 2024 15:08:47 +0100
Subject: [PATCH] test/provider: Do not link against libica use dlopen instead
When an application links against libica (via -lica), then the libica library
constructor runs before the program's main function. Libica's library
constructor does initialize OpenSSL and thus parses the config file.
However, the test programs set up some OpenSSL configuration related
environment variables within function check_libica() called from the
main function. If libica has already initialized OpenSSL prior to that,
OpenSSL won't initialize again, and thus these environment variables have
no effect.
Dynamically load libica (via dlopen) only after setting the environment
variables.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
---
configure.ac | 2 ++
test/provider/Makefile.am | 15 +++++++++------
test/provider/dhkey.c | 24 ++++++++++++++++++++++--
test/provider/eckey.c | 24 ++++++++++++++++++++++--
test/provider/rsakey.c | 24 ++++++++++++++++++++++--
5 files changed, 77 insertions(+), 12 deletions(-)
diff --git a/configure.ac b/configure.ac
index b43a659..09df230 100644
--- a/configure.ac
+++ b/configure.ac
@@ -116,6 +116,8 @@ AC_ARG_WITH([provider-libica-full],
[])
AM_CONDITIONAL([PROVIDER_FULL_LIBICA], [test "x$useproviderfulllibica" = xyes])
+AC_SUBST(libicaversion, "$libicaversion")
+
# If compiled against OpenSSL 3.0 or later, build the provider unless
# explicitely disabled.
# If build against OpenSSL 1.1.1, we can not build the provider.
diff --git a/test/provider/Makefile.am b/test/provider/Makefile.am
index 15a5466..fce06b3 100644
--- a/test/provider/Makefile.am
+++ b/test/provider/Makefile.am
@@ -24,24 +24,27 @@ TESTS = \
check_PROGRAMS = rsakey eckey dhkey threadtest
dhkey_SOURCES = dhkey.c
+dhkey_LDADD = -lcrypto -ldl
if PROVIDER_FULL_LIBICA
-dhkey_LDADD = -lcrypto -lica
+dhkey_CFLAGS = -DLIBICA_NAME=\"libica.so.@libicaversion@\"
else
-dhkey_LDADD = -lcrypto -lica-cex
+dhkey_CFLAGS = -DLIBICA_NAME=\"libica-cex.so.@libicaversion@\"
endif
eckey_SOURCES = eckey.c
+eckey_LDADD = -lcrypto -ldl
if PROVIDER_FULL_LIBICA
-eckey_LDADD = -lcrypto -lica
+eckey_CFLAGS = -DLIBICA_NAME=\"libica.so.@libicaversion@\"
else
-eckey_LDADD = -lcrypto -lica-cex
+eckey_CFLAGS = -DLIBICA_NAME=\"libica-cex.so.@libicaversion@\"
endif
rsakey_SOURCES = rsakey.c
+rsakey_LDADD = -lcrypto -ldl
if PROVIDER_FULL_LIBICA
-rsakey_LDADD = -lcrypto -lica
+rsakey_CFLAGS = -DLIBICA_NAME=\"libica.so.@libicaversion@\"
else
-rsakey_LDADD = -lcrypto -lica-cex
+rsakey_CFLAGS = -DLIBICA_NAME=\"libica-cex.so.@libicaversion@\"
endif
threadtest_SOURCES = threadtest.c
diff --git a/test/provider/dhkey.c b/test/provider/dhkey.c
index 8829ecc..0ec2c03 100644
--- a/test/provider/dhkey.c
+++ b/test/provider/dhkey.c
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <dlfcn.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
@@ -355,13 +356,32 @@ static const unsigned int required_ica_mechs[] = { RSA_ME };
static const unsigned int required_ica_mechs_len =
sizeof(required_ica_mechs) / sizeof(unsigned int);
+typedef unsigned int (*ica_get_functionlist_t)(libica_func_list_element *,
+ unsigned int *);
+
int check_libica()
{
unsigned int mech_len, i, k, found = 0;
libica_func_list_element *mech_list = NULL;
+ void *ibmca_dso;
+ ica_get_functionlist_t p_ica_get_functionlist;
int rc;
- rc = ica_get_functionlist(NULL, &mech_len);
+ ibmca_dso = dlopen(LIBICA_NAME, RTLD_NOW);
+ if (ibmca_dso == NULL) {
+ fprintf(stderr, "Failed to load libica '%s'!\n", LIBICA_NAME);
+ return 77;
+ }
+
+ p_ica_get_functionlist =
+ (ica_get_functionlist_t)dlsym(ibmca_dso, "ica_get_functionlist");
+ if (p_ica_get_functionlist == NULL) {
+ fprintf(stderr, "Failed to get ica_get_functionlist from '%s'!\n",
+ LIBICA_NAME);
+ return 77;
+ }
+
+ rc = p_ica_get_functionlist(NULL, &mech_len);
if (rc != 0) {
fprintf(stderr, "Failed to get function list from libica!\n");
return 77;
@@ -373,7 +393,7 @@ int check_libica()
return 77;
}
- rc = ica_get_functionlist(mech_list, &mech_len);
+ rc = p_ica_get_functionlist(mech_list, &mech_len);
if (rc != 0) {
fprintf(stderr, "Failed to get function list from libica!\n");
free(mech_list);
diff --git a/test/provider/eckey.c b/test/provider/eckey.c
index b2334d7..b8f47b7 100644
--- a/test/provider/eckey.c
+++ b/test/provider/eckey.c
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <dlfcn.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
@@ -788,13 +789,32 @@ static const unsigned int required_ica_mechs[] = { EC_DH, EC_DSA_SIGN,
static const unsigned int required_ica_mechs_len =
sizeof(required_ica_mechs) / sizeof(unsigned int);
+typedef unsigned int (*ica_get_functionlist_t)(libica_func_list_element *,
+ unsigned int *);
+
int check_libica()
{
unsigned int mech_len, i, k, found = 0;
libica_func_list_element *mech_list = NULL;
+ void *ibmca_dso;
+ ica_get_functionlist_t p_ica_get_functionlist;
int rc;
- rc = ica_get_functionlist(NULL, &mech_len);
+ ibmca_dso = dlopen(LIBICA_NAME, RTLD_NOW);
+ if (ibmca_dso == NULL) {
+ fprintf(stderr, "Failed to load libica '%s'!\n", LIBICA_NAME);
+ return 77;
+ }
+
+ p_ica_get_functionlist =
+ (ica_get_functionlist_t)dlsym(ibmca_dso, "ica_get_functionlist");
+ if (p_ica_get_functionlist == NULL) {
+ fprintf(stderr, "Failed to get ica_get_functionlist from '%s'!\n",
+ LIBICA_NAME);
+ return 77;
+ }
+
+ rc = p_ica_get_functionlist(NULL, &mech_len);
if (rc != 0) {
fprintf(stderr, "Failed to get function list from libica!\n");
return 77;
@@ -806,7 +826,7 @@ int check_libica()
return 77;
}
- rc = ica_get_functionlist(mech_list, &mech_len);
+ rc = p_ica_get_functionlist(mech_list, &mech_len);
if (rc != 0) {
fprintf(stderr, "Failed to get function list from libica!\n");
free(mech_list);
diff --git a/test/provider/rsakey.c b/test/provider/rsakey.c
index 366b503..9d6a618 100644
--- a/test/provider/rsakey.c
+++ b/test/provider/rsakey.c
@@ -18,6 +18,7 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <dlfcn.h>
#include <openssl/conf.h>
#include <openssl/evp.h>
@@ -735,13 +736,32 @@ static const unsigned int required_ica_mechs[] = { RSA_ME, RSA_CRT };
static const unsigned int required_ica_mechs_len =
sizeof(required_ica_mechs) / sizeof(unsigned int);
+typedef unsigned int (*ica_get_functionlist_t)(libica_func_list_element *,
+ unsigned int *);
+
int check_libica()
{
unsigned int mech_len, i, k, found = 0;
libica_func_list_element *mech_list = NULL;
+ void *ibmca_dso;
+ ica_get_functionlist_t p_ica_get_functionlist;
int rc;
- rc = ica_get_functionlist(NULL, &mech_len);
+ ibmca_dso = dlopen(LIBICA_NAME, RTLD_NOW);
+ if (ibmca_dso == NULL) {
+ fprintf(stderr, "Failed to load libica '%s'!\n", LIBICA_NAME);
+ return 77;
+ }
+
+ p_ica_get_functionlist =
+ (ica_get_functionlist_t)dlsym(ibmca_dso, "ica_get_functionlist");
+ if (p_ica_get_functionlist == NULL) {
+ fprintf(stderr, "Failed to get ica_get_functionlist from '%s'!\n",
+ LIBICA_NAME);
+ return 77;
+ }
+
+ rc = p_ica_get_functionlist(NULL, &mech_len);
if (rc != 0) {
fprintf(stderr, "Failed to get function list from libica!\n");
return 77;
@@ -753,7 +773,7 @@ int check_libica()
return 77;
}
- rc = ica_get_functionlist(mech_list, &mech_len);
+ rc = p_ica_get_functionlist(mech_list, &mech_len);
if (rc != 0) {
fprintf(stderr, "Failed to get function list from libica!\n");
free(mech_list);
Reference in New Issue Copy Permalink