From b9d27fc4e0438a5967354a71fc5dd66441b4d2c2 Mon Sep 17 00:00:00 2001 From: Zhi Guan Date: Wed, 15 Feb 2017 10:05:55 +0800 Subject: [PATCH] update test recipes cd test/recipes sed -i "" 's/\"openssl\"/\"gmssl\"/g' *.t --- test/recipes/20-test_enc.t | 2 +- test/recipes/40-test_rehash.t | 10 +-- test/recipes/70-test_sslmessages.t | 2 +- test/recipes/70-test_sslrecords.t | 2 +- test/recipes/70-test_sslsessiontick.t | 2 +- test/recipes/70-test_sslskewith0p.t | 2 +- test/recipes/70-test_sslvertol.t | 2 +- test/recipes/70-test_tlsextms.t | 2 +- test/recipes/80-test_ca.t | 2 +- test/recipes/80-test_cms.t | 24 +++---- test/recipes/80-test_ocsp.t | 4 +- test/recipes/80-test_pkcs12.t | 2 +- test/recipes/80-test_ssl_old.t | 14 ++-- test/recipes/80-test_tsa.t | 10 +-- util/shlib_wrap.sh | 92 +++++++++++++++++++++++++++ 15 files changed, 132 insertions(+), 40 deletions(-) create mode 100755 util/shlib_wrap.sh diff --git a/test/recipes/20-test_enc.t b/test/recipes/20-test_enc.t index 88a58904..9c73fff5 100644 --- a/test/recipes/20-test_enc.t +++ b/test/recipes/20-test_enc.t @@ -25,7 +25,7 @@ my $testsrc = srctop_file("test","recipes",basename($0)); my $test = catfile(".", "p"); -my $cmd = "openssl"; +my $cmd = "gmssl"; my @ciphers = map { s/^\s+//; s/\s+$//; split /\s+/ } diff --git a/test/recipes/40-test_rehash.t b/test/recipes/40-test_rehash.t index fa05ca09..26e3dc1a 100644 --- a/test/recipes/40-test_rehash.t +++ b/test/recipes/40-test_rehash.t @@ -21,24 +21,24 @@ setup("test_rehash"); #If "openssl rehash -help" fails it's most likely because we're on a platform #that doesn't support the rehash command (e.g. Windows) plan skip_all => "test_rehash is not available on this platform" - unless run(app(["openssl", "rehash", "-help"])); + unless run(app(["gmssl", "rehash", "-help"])); plan tests => 5; indir "rehash.$$" => sub { prepare(); - ok(run(app(["openssl", "rehash", curdir()])), + ok(run(app(["gmssl", "rehash", curdir()])), 'Testing normal rehash operations'); }, create => 1, cleanup => 1; indir "rehash.$$" => sub { prepare(sub { chmod 400, $_ foreach (@_); }); - ok(run(app(["openssl", "rehash", curdir()])), + ok(run(app(["gmssl", "rehash", curdir()])), 'Testing rehash operations on readonly files'); }, create => 1, cleanup => 1; indir "rehash.$$" => sub { - ok(run(app(["openssl", "rehash", curdir()])), + ok(run(app(["gmssl", "rehash", curdir()])), 'Testing rehash operations on empty directory'); }, create => 1, cleanup => 1; @@ -51,7 +51,7 @@ indir "rehash.$$" => sub { close FOO; skip "It's pointless to run the next test as root", 1; } - isnt(run(app(["openssl", "rehash", curdir()])), 1, + isnt(run(app(["gmssl", "rehash", curdir()])), 1, 'Testing rehash operations on readonly directory'); } chmod 0700, curdir(); # make it writable again, so cleanup works diff --git a/test/recipes/70-test_sslmessages.t b/test/recipes/70-test_sslmessages.t index c4adf58c..240edf44 100755 --- a/test/recipes/70-test_sslmessages.t +++ b/test/recipes/70-test_sslmessages.t @@ -65,7 +65,7 @@ my @handmessages = ( my $proxy = TLSProxy::Proxy->new( undef, - cmdstr(app(["openssl"]), display => 1), + cmdstr(app(["gmssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); diff --git a/test/recipes/70-test_sslrecords.t b/test/recipes/70-test_sslrecords.t index d3702f25..e82f56c6 100644 --- a/test/recipes/70-test_sslrecords.t +++ b/test/recipes/70-test_sslrecords.t @@ -29,7 +29,7 @@ plan skip_all => "$test_name needs TLSv1.2 enabled" $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&add_empty_recs_filter, - cmdstr(app(["openssl"]), display => 1), + cmdstr(app(["gmssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t index 89ef12f7..3dda030d 100755 --- a/test/recipes/70-test_sslsessiontick.t +++ b/test/recipes/70-test_sslsessiontick.t @@ -40,7 +40,7 @@ my $ticketseen = 0; my $proxy = TLSProxy::Proxy->new( undef, - cmdstr(app(["openssl"]), display => 1), + cmdstr(app(["gmssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t index bfdee8b7..97c40133 100755 --- a/test/recipes/70-test_sslskewith0p.t +++ b/test/recipes/70-test_sslskewith0p.t @@ -32,7 +32,7 @@ plan skip_all => "$test_name needs TLS enabled" $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&ske_0_p_filter, - cmdstr(app(["openssl"]), display => 1), + cmdstr(app(["gmssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t index f8c94e91..f35d8891 100755 --- a/test/recipes/70-test_sslvertol.t +++ b/test/recipes/70-test_sslvertol.t @@ -29,7 +29,7 @@ plan skip_all => "$test_name needs TLS enabled" $ENV{OPENSSL_ia32cap} = '~0x200000200000000'; my $proxy = TLSProxy::Proxy->new( \&vers_tolerance_filter, - cmdstr(app(["openssl"]), display => 1), + cmdstr(app(["gmssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t index 1248594c..a3f18100 100644 --- a/test/recipes/70-test_tlsextms.t +++ b/test/recipes/70-test_tlsextms.t @@ -41,7 +41,7 @@ my $fullhand = 0; my $proxy = TLSProxy::Proxy->new( \&extms_filter, - cmdstr(app(["openssl"]), display => 1), + cmdstr(app(["gmssl"]), display => 1), srctop_file("apps", "server.pem"), (!$ENV{HARNESS_ACTIVE} || $ENV{HARNESS_VERBOSE}) ); diff --git a/test/recipes/80-test_ca.t b/test/recipes/80-test_ca.t index 28a090ea..d4399575 100644 --- a/test/recipes/80-test_ca.t +++ b/test/recipes/80-test_ca.t @@ -16,7 +16,7 @@ use OpenSSL::Test qw/:DEFAULT cmdstr srctop_file/; setup("test_ca"); -$ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); +$ENV{OPENSSL} = cmdstr(app(["gmssl"]), display => 1); my $std_openssl_cnf = srctop_file("apps", $^O eq "VMS" ? "openssl-vms.cnf" : "openssl.cnf"); diff --git a/test/recipes/80-test_cms.t b/test/recipes/80-test_cms.t index 264c7d60..47cd50ca 100644 --- a/test/recipes/80-test_cms.t +++ b/test/recipes/80-test_cms.t @@ -391,8 +391,8 @@ subtest "CMS => PKCS#7 compatibility tests\n" => sub { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "smime", @{$$_[2]}])) + ok(run(app(["gmssl", "cms", @{$$_[1]}])) + && run(app(["gmssl", "smime", @{$$_[2]}])) && compare_text($smcont, "smtst.txt") == 0, $$_[0]); } @@ -406,8 +406,8 @@ subtest "CMS <= PKCS#7 compatibility tests\n" => sub { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; - ok(run(app(["openssl", "smime", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) + ok(run(app(["gmssl", "smime", @{$$_[1]}])) + && run(app(["gmssl", "cms", @{$$_[2]}])) && compare_text($smcont, "smtst.txt") == 0, $$_[0]); } @@ -422,8 +422,8 @@ subtest "CMS <=> CMS consistency tests\n" => sub { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) + ok(run(app(["gmssl", "cms", @{$$_[1]}])) + && run(app(["gmssl", "cms", @{$$_[2]}])) && compare_text($smcont, "smtst.txt") == 0, $$_[0]); } @@ -433,8 +433,8 @@ subtest "CMS <=> CMS consistency tests\n" => sub { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) + ok(run(app(["gmssl", "cms", @{$$_[1]}])) + && run(app(["gmssl", "cms", @{$$_[2]}])) && compare_text($smcont, "smtst.txt") == 0, $$_[0]); } @@ -450,8 +450,8 @@ subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) + ok(run(app(["gmssl", "cms", @{$$_[1]}])) + && run(app(["gmssl", "cms", @{$$_[2]}])) && compare_text($smcont, "smtst.txt") == 0, $$_[0]); } @@ -467,8 +467,8 @@ subtest "CMS <=> CMS consistency tests, modified key parameters\n" => sub { my $skip_reason = check_availability($$_[0]); skip $skip_reason, 1 if $skip_reason; - ok(run(app(["openssl", "cms", @{$$_[1]}])) - && run(app(["openssl", "cms", @{$$_[2]}])) + ok(run(app(["gmssl", "cms", @{$$_[1]}])) + && run(app(["gmssl", "cms", @{$$_[2]}])) && compare_text($smcont, "smtst.txt") == 0, $$_[0]); } diff --git a/test/recipes/80-test_ocsp.t b/test/recipes/80-test_ocsp.t index 103a7aea..ce58ca2f 100644 --- a/test/recipes/80-test_ocsp.t +++ b/test/recipes/80-test_ocsp.t @@ -31,11 +31,11 @@ sub test_ocsp { my $CAfile = shift; my $expected_exit = shift; - run(app(["openssl", "base64", "-d", + run(app(["gmssl", "base64", "-d", "-in", catfile($ocspdir,$inputfile), "-out", "ocsp-resp-fff.dat"])); with({ exit_checker => sub { return shift == $expected_exit; } }, - sub { ok(run(app(["openssl", "ocsp", "-respin", "ocsp-resp-fff.dat", + sub { ok(run(app(["gmssl", "ocsp", "-respin", "ocsp-resp-fff.dat", "-partial_chain", @check_time, "-CAfile", catfile($ocspdir, $CAfile), "-verify_other", catfile($ocspdir, $CAfile), diff --git a/test/recipes/80-test_pkcs12.t b/test/recipes/80-test_pkcs12.t index be9a72c8..9eb359d1 100644 --- a/test/recipes/80-test_pkcs12.t +++ b/test/recipes/80-test_pkcs12.t @@ -58,7 +58,7 @@ $ENV{OPENSSL_WIN32_UTF8}=1; plan tests => 1; # just see that we can read shibboleth.pfx protected with $pass -ok(run(app(["openssl", "pkcs12", "-noout", +ok(run(app(["gmssl", "pkcs12", "-noout", "-password", "pass:$pass", "-in", srctop_file("test", "shibboleth.pfx")])), "test_pkcs12"); diff --git a/test/recipes/80-test_ssl_old.t b/test/recipes/80-test_ssl_old.t index 77ba383f..cbca18f2 100644 --- a/test/recipes/80-test_ssl_old.t +++ b/test/recipes/80-test_ssl_old.t @@ -33,10 +33,10 @@ plan skip_all => "No SSL/TLS/DTLS protocol is support by this OpenSSL build" if $no_anytls && $no_anydtls; my $digest = "-sha1"; -my @reqcmd = ("openssl", "req"); -my @x509cmd = ("openssl", "x509", $digest); -my @verifycmd = ("openssl", "verify"); -my @gendsacmd = ("openssl", "gendsa"); +my @reqcmd = ("gmssl", "req"); +my @x509cmd = ("gmssl", "x509", $digest); +my @verifycmd = ("gmssl", "verify"); +my @gendsacmd = ("gmssl", "gendsa"); my $dummycnf = srctop_file("apps", "openssl.cnf"); my $CAkey = "keyCA.ss"; @@ -225,7 +225,7 @@ sub testss { SKIP: { $ENV{CN2} = "ECDSA Certificate"; skip 'failure', 4 unless - ok(run(app(["openssl", "ecparam", "-name", "P-256", + ok(run(app(["gmssl", "ecparam", "-name", "P-256", "-out", "ecp.ss"])), "make EC parameters"); skip 'failure', 3 unless @@ -321,7 +321,7 @@ sub testssl { my $serverinfo = srctop_file("test","serverinfo.pem"); my $dsa_cert = 0; - if (grep /DSA Public Key/, run(app(["openssl", "x509", "-in", $cert, + if (grep /DSA Public Key/, run(app(["gmssl", "x509", "-in", $cert, "-text", "-noout"]), capture => 1)) { $dsa_cert = 1; } @@ -452,7 +452,7 @@ sub testssl { my %ciphersuites = map { my @c = map { split(/:/, $_) } - run(app(["openssl", "ciphers", "${_}:$ciphers"]), + run(app(["gmssl", "ciphers", "${_}:$ciphers"]), capture => 1); map { s/\R//; } @c; # chomp @c; $protocolciphersuitcount += scalar @c; diff --git a/test/recipes/80-test_tsa.t b/test/recipes/80-test_tsa.t index cf3378b3..fa03ad58 100644 --- a/test/recipes/80-test_tsa.t +++ b/test/recipes/80-test_tsa.t @@ -25,7 +25,7 @@ plan skip_all => "TS is not supported by this OpenSSL build" # here, however, to be available in all subroutines. my $testtsa; my $CAtsa; -my @RUN = ("openssl", "ts"); +my @RUN = ("gmssl", "ts"); sub create_tsa_cert { my $INDEX = shift; @@ -33,11 +33,11 @@ sub create_tsa_cert { my $r = 1; $ENV{TSDNSECT} = "ts_cert_dn"; - ok(run(app(["openssl", "req", "-new", + ok(run(app(["gmssl", "req", "-new", "-out", "tsa_req${INDEX}.pem", "-keyout", "tsa_key${INDEX}.pem"]))); note "using extension $EXT"; - ok(run(app(["openssl", "x509", "-req", + ok(run(app(["gmssl", "x509", "-req", "-in", "tsa_req${INDEX}.pem", "-out", "tsa_cert${INDEX}.pem", "-CA", "tsaca.pem", "-CAkey", "tsacakey.pem", @@ -86,14 +86,14 @@ indir "tsa" => sub $ENV{OPENSSL_CONF} = srctop_file("test", "CAtsa.cnf"); # Because that's what ../apps/CA.pl really looks at $ENV{OPENSSL_CONFIG} = "-config ".$ENV{OPENSSL_CONF}; - $ENV{OPENSSL} = cmdstr(app(["openssl"]), display => 1); + $ENV{OPENSSL} = cmdstr(app(["gmssl"]), display => 1); $testtsa = srctop_file("test", "recipes", "80-test_tsa.t"); $CAtsa = srctop_file("test", "CAtsa.cnf"); SKIP: { $ENV{TSDNSECT} = "ts_ca_dn"; skip "failed", 19 - unless ok(run(app(["openssl", "req", "-new", "-x509", "-nodes", + unless ok(run(app(["gmssl", "req", "-new", "-x509", "-nodes", "-out", "tsaca.pem", "-keyout", "tsacakey.pem"])), 'creating a new CA for the TSA tests'); diff --git a/util/shlib_wrap.sh b/util/shlib_wrap.sh new file mode 100755 index 00000000..811a08d6 --- /dev/null +++ b/util/shlib_wrap.sh @@ -0,0 +1,92 @@ +#!/bin/sh + +[ $# -ne 0 ] || set -x # debug mode without arguments:-) + +THERE="`echo $0 | sed -e 's|[^/]*$||' 2>/dev/null`.." +[ -d "${THERE}" ] || exec "$@" # should never happen... + +# Alternative to this is to parse ${THERE}/Makefile... +LIBCRYPTOSO="${THERE}/libcrypto.so" +if [ -f "$LIBCRYPTOSO" ]; then + while [ -h "$LIBCRYPTOSO" ]; do + LIBCRYPTOSO="${THERE}/`ls -l "$LIBCRYPTOSO" | sed -e 's|.*\-> ||'`" + done + SOSUFFIX=`echo ${LIBCRYPTOSO} | sed -e 's|.*\.so||' 2>/dev/null` + LIBSSLSO="${THERE}/libssl.so${SOSUFFIX}" +fi + +SYSNAME=`(uname -s) 2>/dev/null`; +case "$SYSNAME" in +SunOS|IRIX*) + # SunOS and IRIX run-time linkers evaluate alternative + # variables depending on target ABI... + rld_var=LD_LIBRARY_PATH + case "`(/usr/bin/file "$LIBCRYPTOSO") 2>/dev/null`" in + *ELF\ 64*SPARC*|*ELF\ 64*AMD64*) + [ -n "$LD_LIBRARY_PATH_64" ] && rld_var=LD_LIBRARY_PATH_64 + LD_PRELOAD_64="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_64 + preload_var=LD_PRELOAD_64 + ;; + *ELF\ 32*SPARC*|*ELF\ 32*80386*) + # We only need to change LD_PRELOAD_32 and LD_LIBRARY_PATH_32 + # on a multi-arch system. Otherwise, trust the fallbacks. + if [ -f /lib/64/ld.so.1 ]; then + [ -n "$LD_LIBRARY_PATH_32" ] && rld_var=LD_LIBRARY_PATH_32 + LD_PRELOAD_32="$LIBCRYPTOSO $LIBSSLSO"; export LD_PRELOAD_32 + preload_var=LD_PRELOAD_32 + fi + ;; + # Why are newly built .so's preloaded anyway? Because run-time + # .so lookup path embedded into application takes precedence + # over LD_LIBRARY_PATH and as result application ends up linking + # to previously installed .so's. On IRIX instead of preloading + # newly built .so's we trick run-time linker to fail to find + # the installed .so by setting _RLD_ROOT variable. + *ELF\ 32*MIPS*) + #_RLD_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD_LIST + _RLD_ROOT=/no/such/dir; export _RLD_ROOT + eval $rld_var=\"/usr/lib'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD_LIST + ;; + *ELF\ N32*MIPS*) + [ -n "$LD_LIBRARYN32_PATH" ] && rld_var=LD_LIBRARYN32_PATH + #_RLDN32_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLDN32_LIST + _RLDN32_ROOT=/no/such/dir; export _RLDN32_ROOT + eval $rld_var=\"/usr/lib32'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLDN32_LIST + ;; + *ELF\ 64*MIPS*) + [ -n "$LD_LIBRARY64_PATH" ] && rld_var=LD_LIBRARY64_PATH + #_RLD64_LIST="$LIBCRYPTOSO:$LIBSSLSO:DEFAULT"; export _RLD64_LIST + _RLD64_ROOT=/no/such/dir; export _RLD64_ROOT + eval $rld_var=\"/usr/lib64'${'$rld_var':+:$'$rld_var'}'\" + preload_var=_RLD64_LIST + ;; + esac + eval $rld_var=\"${THERE}'${'$rld_var':+:$'$rld_var'}'\"; export $rld_var + unset rld_var + ;; +*) LD_LIBRARY_PATH="${THERE}:$LD_LIBRARY_PATH" # Linux, ELF HP-UX + DYLD_LIBRARY_PATH="${THERE}:$DYLD_LIBRARY_PATH" # MacOS X + SHLIB_PATH="${THERE}:$SHLIB_PATH" # legacy HP-UX + LIBPATH="${THERE}:$LIBPATH" # AIX, OS/2 + export LD_LIBRARY_PATH DYLD_LIBRARY_PATH SHLIB_PATH LIBPATH + # Even though $PATH is adjusted [for Windows sake], it doesn't + # necessarily does the trick. Trouble is that with introduction + # of SafeDllSearchMode in XP/2003 it's more appropriate to copy + # .DLLs in vicinity of executable, which is done elsewhere... + if [ "$OSTYPE" != msdosdjgpp ]; then + PATH="${THERE}:$PATH"; export PATH + fi + ;; +esac + + + +cmd="$1"; [ -x "$cmd" ] || cmd="$cmd${EXE_EXT}" +shift +if [ $# -eq 0 ]; then + exec "$cmd" # old sh, such as Tru64 4.x, fails to expand empty "$@" +else + exec "$cmd" "$@" +fi