-
Notifications
You must be signed in to change notification settings - Fork 722
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
build: add libcrypto interning tests (#3035)
- v1.5.12
- v1.5.11
- v1.5.10
- v1.5.9
- v1.5.8
- v1.5.7
- v1.5.6
- v1.5.5
- v1.5.4
- v1.5.3
- v1.5.2
- v1.5.1
- v1.5.0
- v1.4.18
- v1.4.17
- v1.4.16
- v1.4.15
- v1.4.14
- v1.4.13
- v1.4.12
- v1.4.11
- v1.4.10
- v1.4.9
- v1.4.8
- v1.4.7
- v1.4.6
- v1.4.5
- v1.4.4
- v1.4.3
- v1.4.2
- v1.4.1
- v1.4.0
- v1.3.56
- v1.3.55
- v1.3.54
- v1.3.53
- v1.3.52
- v1.3.51
- v1.3.50
- v1.3.49
- v1.3.48
- v1.3.47
- v1.3.46
- v1.3.45
- v1.3.44
- v1.3.43
- v1.3.42
- v1.3.41
- v1.3.40
- v1.3.39
- v1.3.38
- v1.3.37
- v1.3.36
- v1.3.35
- v1.3.34
- v1.3.33
- v1.3.32
- v1.3.31
- v1.3.30
- v1.3.29
- v1.3.28
- v1.3.27
- v1.3.26
- v1.3.25
- v1.3.24
- v1.3.23
- v1.3.22
- v1.3.21
- v1.3.20
- v1.3.19
- v1.3.18
- v1.3.17
- v1.3.16
- v1.3.15
- v1.3.14
- v1.3.13
- v1.3.12
- v1.3.11
- v1.3.10
- v1.3.9
- v1.3.8
- v1.3.7
- v1.3.6
- v1.3.5
- v1.3.4
- v1.3.3
- v1.3.2
- v1.3.1
- v1.3.0
- v1.2.1
- v1.2.0
- v1.1.2
- v1.1.1
- v1.1.0
- v1.0.19
- v1.0.18
- 1.3.19
Showing
6 changed files
with
114 additions
and
8 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,98 @@ | ||
#!/usr/bin/env bash | ||
# Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. | ||
# | ||
# Licensed under the Apache License, Version 2.0 (the "License"). | ||
# You may not use this file except in compliance with the License. | ||
# A copy of the License is located at | ||
# | ||
# http://aws.amazon.com/apache2.0 | ||
# | ||
# or in the "license" file accompanying this file. This file is distributed | ||
# on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either | ||
# express or implied. See the License for the specific language governing | ||
# permissions and limitations under the License. | ||
# | ||
|
||
set -e | ||
|
||
|
||
source codebuild/bin/jobs.sh | ||
|
||
# build 2 different version of libcrypto to make it easy to break the application if | ||
# interning doesn't work as expected | ||
OPENSSL_1_1="$(pwd)/build/openssl_1_1" | ||
OPENSSL_1_0="$(pwd)/build/openssl_1_0" | ||
if [ ! -f $OPENSSL_1_0/lib/libcrypto.a ]; then | ||
./codebuild/bin/install_openssl_1_0_2.sh $OPENSSL_1_0/src $OPENSSL_1_0 linux | ||
fi | ||
if [ ! -f $OPENSSL_1_1/lib/libcrypto.a ]; then | ||
./codebuild/bin/install_openssl_1_1_1.sh $OPENSSL_1_1/src $OPENSSL_1_1 linux | ||
fi | ||
|
||
function fail() { | ||
echo "test failure: $1" | ||
exit 1 | ||
} | ||
|
||
# build a default version to test what happens without interning | ||
cmake . -Bbuild/shared-default -DCMAKE_PREFIX_PATH="$OPENSSL_1_1" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=on | ||
cmake --build ./build/shared-default -- -j $JOBS | ||
ldd ./build/shared-default/lib/libs2n.so | grep -q libcrypto || fail "libcrypto was not linked" | ||
|
||
# ensure libcrypto interning works with shared libs and testing | ||
cmake . -Bbuild/shared-testing -DCMAKE_PREFIX_PATH="$OPENSSL_1_1" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=on -DS2N_INTERN_LIBCRYPTO=on | ||
cmake --build ./build/shared-testing -- -j $JOBS | ||
make -C build/shared-testing test ARGS="-j $JOBS" | ||
# s2n should not publicly depend on libcrypto | ||
ldd ./build/shared-testing/lib/libs2n.so | grep -q libcrypto && fail "libcrypto was not interned" | ||
|
||
# ensure libcrypto interning works with shared libs and no testing | ||
cmake . -Bbuild/shared -DCMAKE_PREFIX_PATH="$OPENSSL_1_1" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=on -DBUILD_TESTING=off -DS2N_INTERN_LIBCRYPTO=on | ||
cmake --build ./build/shared -- -j $JOBS | ||
# s2n should not publicly depend on libcrypto | ||
ldd ./build/shared/lib/libs2n.so | grep -q libcrypto && fail "libcrypto was not interned" | ||
|
||
# ensure libcrypto interning works with static libs | ||
# NOTE: static builds don't vary based on testing being enabled | ||
cmake . -Bbuild/static -DCMAKE_PREFIX_PATH="$OPENSSL_1_1" -DCMAKE_BUILD_TYPE=RelWithDebInfo -DBUILD_SHARED_LIBS=off -DBUILD_TESTING=on -DS2N_INTERN_LIBCRYPTO=on | ||
cmake --build ./build/static -- -j $JOBS | ||
make -C build/static test ARGS="-j $JOBS" | ||
|
||
# create a small app that links against both s2n and libcrypto | ||
cat <<EOF > build/static/app.c | ||
#include <s2n.h> | ||
#include <openssl/bn.h> | ||
int main() { | ||
s2n_init(); | ||
BN_CTX_new(); | ||
return 0; | ||
} | ||
EOF | ||
|
||
# ensure the small app will compile with both versions of openssl without any linking issues | ||
for target in $OPENSSL_1_0 $OPENSSL_1_1 | ||
do | ||
echo "testing static linking with $target" | ||
mkdir -p $target/bin | ||
cc -fPIE -Iapi -I$target/include build/static/app.c build/static/lib/libs2n.a $target/lib/libcrypto.a -lpthread -ldl -o $target/bin/test-app | ||
nm $target/bin/test-app | grep -q 'T s2n$BN_CTX_new' || fail "libcrypto symbols were not prefixed" | ||
nm $target/bin/test-app | grep -q 'T BN_CTX_new' || fail "libcrypto was not linked in application" | ||
# make sure the app doesn't crash | ||
$target/bin/test-app | ||
done | ||
|
||
# without interning, the connection should fail when linking the wrong version of libcrypto | ||
LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so ./build/shared-default/bin/s2nd -c default_tls13 localhost 4433 & | ||
SERVER_PID=$! | ||
! LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so ./build/shared-default/bin/s2nc -i -c default_tls13 localhost 4433 | ||
kill $SERVER_PID || true | ||
|
||
# with interning, the connection should succeed even though we've linked the wrong version of libcrypto | ||
LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so ./build/shared-testing/bin/s2nd -c default_tls13 localhost 4433 & | ||
SERVER_PID=$! | ||
LD_PRELOAD=$OPENSSL_1_0/lib/libcrypto.so ./build/shared-testing/bin/s2nc -i -c default_tls13 localhost 4433 | tee build/client.log | ||
kill $SERVER_PID || true | ||
|
||
# ensure a TLS 1.3 session was negotiated | ||
grep -q "Actual protocol version: 34" build/client.log || fail "TLS 1.3 was not negotiated" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters