1 /* ====================================================================
2 * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
3 * and usage in source and binary forms are granted according to the
10 #if defined(__unix) || defined(__unix__) || defined(__vxworks) || defined(__ANDROID__) || defined(__APPLE__)
14 #ifndef FINGERPRINT_PREMAIN_DSO_LOAD
16 #if defined(__GNUC__) && __GNUC__>=2
17 void FINGERPRINT_premain(void) __attribute__((constructor));
18 /* Most commonly this results in pointer to premain to be dropped
19 * to .ctors segment, which is traversed by GCC crtbegin.o upon
20 * program startup. Except on a.out OpenBSD where it results in
21 * _GLOBAL_$I$premain() {premain();} being auto-generated by
22 * compiler... But one way or another this is believed to cover
23 * *all* GCC targets. */
24 #elif defined(_MSC_VER)
26 __declspec(dllexport) /* this is essentially cosmetics... */
28 void FINGERPRINT_premain(void);
29 static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
31 # pragma section(".CRT$XCU",read)
32 __declspec(allocate(".CRT$XCU"))
34 # pragma data_seg(".CRT$XCU")
36 static int (*p)(void) = premain_wrapper;
37 /* This results in pointer to premain to appear in .CRT segment,
38 * which is traversed by Visual C run-time initialization code.
39 * This applies to both Win32 and [all flavors of] Win64. */
41 #elif defined(__SUNPRO_C)
42 void FINGERPRINT_premain(void);
43 # pragma init(FINGERPRINT_premain)
44 /* This results in a call to premain to appear in .init segment. */
45 #elif defined(__DECC) && (defined(__VMS) || defined(VMS))
46 void FINGERPRINT_premain(void);
48 globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
50 globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
51 void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
52 /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
54 globaldef int (*lib_init_ref)() = lib$initialize;
57 The rest has to be taken care of through command line:
59 -Wl,-init,FINGERPRINT_premain on OSF1 and IRIX
60 -Wl,+init,FINGERPRINT_premain on HP-UX
61 -Wl,-binitfini:FINGERPRINT_premain on AIX
63 On ELF platforms this results in a call to premain to appear in
68 #define HMAC_SHA1_SIG "?have to make sure this string is unique"
72 # pragma const_seg("fipsro")
74 __declspec(allocate("fipsro"))
76 static const unsigned char FINGERPRINT_ascii_value[41] = HMAC_SHA1_SIG;
78 #define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
80 extern const void *FIPS_text_start(), *FIPS_text_end();
81 extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
82 extern unsigned char FIPS_signature[20];
83 extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
86 * As name suggests this code is executed prior main(). We use this
87 * opportunity to fingerprint sequestered code in virtual address
88 * space of target application.
90 void FINGERPRINT_premain(void)
91 { unsigned char sig[sizeof(FIPS_signature)];
92 const unsigned char * volatile p=FINGERPRINT_ascii_value;
93 unsigned int len=sizeof(sig),i;
95 /* "volatilization" is done to disengage unwanted optimization... */
96 if (*((volatile unsigned char *)p)=='?')
97 { if (FIPS_text_start()==NULL)
98 { fprintf(stderr,"FIPS_text_start() returns NULL\n");
101 #if defined(DEBUG_FINGERPRINT_PREMAIN)
102 fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
103 (int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
105 fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
106 (int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
110 len=FIPS_incore_fingerprint(sig,sizeof(sig));
112 if (len!=sizeof(sig))
113 { fprintf(stderr,"fingerprint length mismatch: %u\n",len);
117 for (i=0;i<len;i++) printf("%02x",sig[i]);
122 else if (FIPS_signature[0]=='\0') do
123 { for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
124 FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
126 #if defined(DEBUG_FINGERPRINT_PREMAIN)
127 if (getenv("OPENSSL_FIPS")==NULL) break;
129 len=FIPS_incore_fingerprint(sig,sizeof(sig));
131 if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
132 { fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
141 #include <openssl/bio.h>
142 #include <openssl/dso.h>
143 #include <openssl/err.h>
145 int main(int argc,char *argv[])
151 { fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
155 if ((bio_err=BIO_new(BIO_s_file())) == NULL)
156 { fprintf (stderr,"unable to allocate BIO\n");
159 BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
160 ERR_load_crypto_strings();
162 dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
164 { ERR_print_errors(bio_err);
168 /* This is not normally reached, because FINGERPRINT_premain should
169 * have executed and terminated application already upon DSO_load... */
170 func = DSO_bind_func(dso,"FINGERPRINT_premain");
172 { ERR_print_errors(bio_err);