加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
克隆/下载
Backport-CVE-2024-4741-Move-the-ability-to-load-the-dasync-engine-into-sslt.patch 3.13 KB
一键复制 编辑 原始数据 按行查看 历史
From 1359c00e683840154760b7ba9204bad1b13dc074 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Fri, 26 Apr 2024 11:05:52 +0100
Subject: [PATCH] Move the ability to load the dasync engine into ssltestlib.c
The sslapitest has a helper function to load the dasync engine which is
useful for testing pipelining. We would like to have the same facility
from sslbuffertest, so we move the function to the common location
ssltestlib.c
Follow on from CVE-2024-4741
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24395)
(cherry picked from commit 0544c21a22f4d787e6f31d35e8f980402ac90a6d)
---
test/helpers/ssltestlib.c | 33 +++++++++++++++++++++++++++++++++
test/helpers/ssltestlib.h | 1 +
test/sslapitest.c | 21 ---------------------
3 files changed, 34 insertions(+), 21 deletions(-)
diff --git a/test/helpers/ssltestlib.c b/test/helpers/ssltestlib.c
index ef4a6177aa7dd..da14f6697db16 100644
--- a/test/helpers/ssltestlib.c
+++ b/test/helpers/ssltestlib.c
@@ -7,8 +7,17 @@
* https://www.openssl.org/source/license.html
*/
+/*
+ * We need access to the deprecated low level ENGINE APIs for legacy purposes
+ * when the deprecated calls are not hidden
+ */
+#ifndef OPENSSL_NO_DEPRECATED_3_0
+# define OPENSSL_SUPPRESS_DEPRECATED
+#endif
+
#include <string.h>
+#include <openssl/engine.h>
#include "internal/nelem.h"
#include "ssltestlib.h"
#include "../testutil.h"
@@ -1182,3 +1191,27 @@ void shutdown_ssl_connection(SSL *serverssl, SSL *clientssl)
SSL_free(serverssl);
SSL_free(clientssl);
}
+
+ENGINE *load_dasync(void)
+{
+#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
+ ENGINE *e;
+
+ if (!TEST_ptr(e = ENGINE_by_id("dasync")))
+ return NULL;
+
+ if (!TEST_true(ENGINE_init(e))) {
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ if (!TEST_true(ENGINE_register_ciphers(e))) {
+ ENGINE_free(e);
+ return NULL;
+ }
+
+ return e;
+#else
+ return NULL;
+#endif
+}
diff --git a/test/helpers/ssltestlib.h b/test/helpers/ssltestlib.h
index 8e9daa5601d3e..2777fb3047bef 100644
--- a/test/helpers/ssltestlib.h
+++ b/test/helpers/ssltestlib.h
@@ -59,4 +59,5 @@ typedef struct mempacket_st MEMPACKET;
DEFINE_STACK_OF(MEMPACKET)
+ENGINE *load_dasync(void);
#endif /* OSSL_TEST_SSLTESTLIB_H */
diff --git a/test/sslapitest.c b/test/sslapitest.c
index 28bc94d672fa7..c2ff727513294 100644
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -10299,27 +10299,6 @@ static int test_load_dhfile(void)
}
#if !defined(OPENSSL_NO_TLS1_2) && !defined(OPENSSL_NO_DYNAMIC_ENGINE)
-
-static ENGINE *load_dasync(void)
-{
- ENGINE *e;
-
- if (!TEST_ptr(e = ENGINE_by_id("dasync")))
- return NULL;
-
- if (!TEST_true(ENGINE_init(e))) {
- ENGINE_free(e);
- return NULL;
- }
-
- if (!TEST_true(ENGINE_register_ciphers(e))) {
- ENGINE_free(e);
- return NULL;
- }
-
- return e;
-}
-
/*
* Test TLSv1.2 with a pipeline capable cipher. TLSv1.3 and DTLS do not
* support this yet. The only pipeline capable cipher that we have is in the
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化