RepoMirrors
/
haproxy
mirror of http://git.haproxy.org/git/haproxy.git/
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

BUG/MINOR: tools: check libssl and libcrypto separately 

The lib compatibility checks introduced in 2.8-dev6 with commit c3b297d5a
("MEDIUM: tools: further relax dlopen() checks too consider grouped
symbols") were partially incorrect in that they check at the same time
libcrypto and libssl. But if loading a library that only depends on
libcrypto, the ssl-only symbols will be missing and this might present
an inconsistency. This is what is observed on FreeBSD 13.1 when
libcrypto is being loaded, where it sees two symbols having disappeared.

The fix consists in splitting the checks for libcrypto and libssl.

No backport is needed, unless the patch above finally gets backported.
This commit is contained in:
Willy Tarreau 2023-04-22 19:47:19 +02:00
parent 9f53b7b41a
commit 997ad155fe
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
src/tools.c
View File

@ -6093,17 +6093,20 @@ void *dlopen(const char *filename, int flags)
uint64_t bit, grp;
void *curr, *next;
} check_syms[] = {
/* openssl checks: group bits 0x7ff */
{ .name="OPENSSL_init", .bit = 0x0000000000000001, .grp = 0x00000000000003ff, }, // openssl 1.0 / 1.1 / 3.0
{ .name="OPENSSL_init_crypto", .bit = 0x0000000000000002, .grp = 0x00000000000003ff, }, // openssl 1.1 / 3.0 (libcrypto)
{ .name="OPENSSL_init_ssl", .bit = 0x0000000000000004, .grp = 0x00000000000003ff, }, // openssl 1.1 / 3.0 (libssl)
{ .name="SSL_library_init", .bit = 0x0000000000000008, .grp = 0x00000000000003ff, }, // openssl 1.x
{ .name="ENGINE_init", .bit = 0x0000000000000010, .grp = 0x00000000000003ff, }, // openssl 1.x / 3.x with engine
{ .name="EVP_CIPHER_CTX_init", .bit = 0x0000000000000020, .grp = 0x00000000000003ff, }, // openssl 1.0
{ .name="HMAC_Init", .bit = 0x0000000000000040, .grp = 0x00000000000003ff, }, // openssl 1.x
{ .name="SSL_is_quic", .bit = 0x0000000000000080, .grp = 0x00000000000003ff, }, // quictls
{ .name="SSL_CTX_new_ex", .bit = 0x0000000000000100, .grp = 0x00000000000003ff, }, // openssl 3.x
{ .name="SSL_CTX_get0_security_ex_data", .bit = 0x0000000000000200, .grp = 0x00000000000003ff, }, // openssl 1.x / 3.x
/* openssl's libcrypto checks: group bits 0x1f */
{ .name="OPENSSL_init", .bit = 0x0000000000000001, .grp = 0x000000000000001f, }, // openssl 1.0 / 1.1 / 3.0
{ .name="OPENSSL_init_crypto", .bit = 0x0000000000000002, .grp = 0x000000000000001f, }, // openssl 1.1 / 3.0
{ .name="ENGINE_init", .bit = 0x0000000000000004, .grp = 0x000000000000001f, }, // openssl 1.x / 3.x with engine
{ .name="EVP_CIPHER_CTX_init", .bit = 0x0000000000000008, .grp = 0x000000000000001f, }, // openssl 1.0
{ .name="HMAC_Init", .bit = 0x0000000000000010, .grp = 0x000000000000001f, }, // openssl 1.x
/* openssl's libssl checks: group bits 0x3e0 */
{ .name="OPENSSL_init_ssl", .bit = 0x0000000000000020, .grp = 0x00000000000003e0, }, // openssl 1.1 / 3.0
{ .name="SSL_library_init", .bit = 0x0000000000000040, .grp = 0x00000000000003e0, }, // openssl 1.x
{ .name="SSL_is_quic", .bit = 0x0000000000000080, .grp = 0x00000000000003e0, }, // quictls
{ .name="SSL_CTX_new_ex", .bit = 0x0000000000000100, .grp = 0x00000000000003e0, }, // openssl 3.x
{ .name="SSL_CTX_get0_security_ex_data", .bit = 0x0000000000000200, .grp = 0x00000000000003e0, }, // openssl 1.x / 3.x
/* insert only above, 0 must be the last one */
{ 0 },
};