util/incore update that allows FINGERPRINT_premain-free build. OpenSSL-fips-2_0_10
authorAndy Polyakov <appro@openssl.org>
Mon, 11 May 2015 10:16:01 +0000 (12:16 +0200)
committerAndy Polyakov <appro@openssl.org>
Wed, 13 May 2015 14:48:08 +0000 (16:48 +0200)
As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
fips/fips.c
util/incore

index 8c9e187d7bb1af83d55897ab971ef09b56c4f1d8..0269609a7e3f72781e679b3a6f8468de1476391d 100644 (file)
@@ -151,7 +151,7 @@ extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
 #ifdef _TMS320C6X
 const
 #endif
-unsigned char              FIPS_signature [20] = { 0 };
+unsigned char              FIPS_signature [20] = { 0, 0xff };
 __fips_constseg
 static const char          FIPS_hmac_key[]="etaonrishdlcupfm";
 
index e6e6ecfd8928158a3a7ffda3daae51c5f104795a..bb765b1966bd0bba1f14e4cabca072a41dcaf36f 100755 (executable)
@@ -382,7 +382,7 @@ if (!$legacy_mode) {
     }
 
     $FINGERPRINT_ascii_value
-                       = $exe->Lookup("FINGERPRINT_ascii_value")       or die;
+                       = $exe->Lookup("FINGERPRINT_ascii_value");
 
 }
 if ($FIPS_text_startX && $FIPS_text_endX) {
@@ -439,9 +439,12 @@ $fingerprint = FIPS_incore_fingerprint();
 
 if ($legacy_mode) {
     print unpack("H*",$fingerprint);
-} else {
+} elsif (defined($FINGERPRINT_ascii_value)) {
     seek(FD,$FINGERPRINT_ascii_value->{st_offset},0)   or die "$!";
     print FD unpack("H*",$fingerprint)                 or die "$!";
+} else {
+    seek(FD,$FIPS_signature->{st_offset},0)            or die "$!";
+    print FD $fingerprint                              or die "$!";
 }
 
 close (FD);