Resolve minor binary compatibility issues in fips.

diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c
index c158d43ec45eda270a3ed33ad651eb81c2a5fbf6..f73eefc5197b805655ac522d8bf1c641fca4da80 100644 (file)
--- a/crypto/cryptlib.c
+++ b/crypto/cryptlib.c
@@ -668,9 +668,13 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
 void *OPENSSL_stderr(void)     { return stderr; }
 
 #ifdef OPENSSL_FIPS
+
+void fips_w_lock(void)         { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); }
+void fips_w_unlock(void)       { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); }
+void fips_r_lock(void)         { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); }
+void fips_r_unlock(void)       { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); }
+
 static int fips_started = 0;
-static int fips_mode = 0;
-static void *fips_rand_check = 0;
 static unsigned long fips_thread = 0;
 
 void fips_set_started(void)
@@ -730,58 +734,5 @@ int fips_clear_owning_thread(void)
                }
        return ret;
        }
-
-void fips_set_mode(int onoff)
-       {
-       int owning_thread = fips_is_owning_thread();
-
-       if (fips_is_started())
-               {
-               if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
-               fips_mode = onoff;
-               if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
-               }
-       }
-
-void fips_set_rand_check(void *rand_check)
-       {
-       int owning_thread = fips_is_owning_thread();
-
-       if (fips_is_started())
-               {
-               if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
-               fips_rand_check = rand_check;
-               if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
-               }
-       }
-
-int FIPS_mode(void)
-       {
-       int ret = 0;
-       int owning_thread = fips_is_owning_thread();
-
-       if (fips_is_started())
-               {
-               if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
-               ret = fips_mode;
-               if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
-               }
-       return ret;
-       }
-
-void *FIPS_rand_check(void)
-       {
-       void *ret = 0;
-       int owning_thread = fips_is_owning_thread();
-
-       if (fips_is_started())
-               {
-               if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
-               ret = fips_rand_check;
-               if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
-               }
-       return ret;
-       }
-
 #endif /* OPENSSL_FIPS */
 

diff --git a/crypto/crypto.h b/crypto/crypto.h
index 4d1dfac7f1eed7dfd84e7932b3d1d69272313b41..c77566aa0ea11e581ad926b68bd19de874f52783 100644 (file)
--- a/crypto/crypto.h
+++ b/crypto/crypto.h
@@ -437,9 +437,6 @@ void OpenSSLDie(const char *file,int line,const char *assertion);
 #define OPENSSL_assert(e)      ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e))
 
 #ifdef OPENSSL_FIPS
-int FIPS_mode(void);
-void *FIPS_rand_check(void);
-
 #define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \
                alg " previous FIPS forbidden algorithm error ignored");
 

diff --git a/fips/fips.c b/fips/fips.c
index 7ecba57f70158078ef73aa1234659f680c6a8a79..e879e0c3db993e28d81d0face8c11549242432af 100644 (file)
--- a/fips/fips.c
+++ b/fips/fips.c
@@ -65,6 +65,60 @@
 
 static int fips_md5_allowed = 0;
 static int fips_selftest_fail = 0;
+static int fips_mode = 0;
+static const void *fips_rand_check = 0;
+
+static void fips_set_mode(int onoff)
+       {
+       int owning_thread = fips_is_owning_thread();
+
+       if (fips_is_started())
+               {
+               if (!owning_thread) fips_w_lock();
+               fips_mode = onoff;
+               if (!owning_thread) fips_w_unlock();
+               }
+       }
+
+static void fips_set_rand_check(const void *rand_check)
+       {
+       int owning_thread = fips_is_owning_thread();
+
+       if (fips_is_started())
+               {
+               if (!owning_thread) fips_w_lock();
+               fips_rand_check = rand_check;
+               if (!owning_thread) fips_w_unlock();
+               }
+       }
+
+int FIPS_mode(void)
+       {
+       int ret = 0;
+       int owning_thread = fips_is_owning_thread();
+
+       if (fips_is_started())
+               {
+               if (!owning_thread) fips_r_lock();
+               ret = fips_mode;
+               if (!owning_thread) fips_r_unlock();
+               }
+       return ret;
+       }
+
+const void *FIPS_rand_check(void)
+       {
+       const void *ret = 0;
+       int owning_thread = fips_is_owning_thread();
+
+       if (fips_is_started())
+               {
+               if (!owning_thread) fips_r_lock();
+               ret = fips_rand_check;
+               if (!owning_thread) fips_r_unlock();
+               }
+       return ret;
+       }
 
 void FIPS_allow_md5(int onoff)
     {
@@ -72,9 +126,9 @@ void FIPS_allow_md5(int onoff)
        {
        int owning_thread = fips_is_owning_thread();
 
-       if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+       if (!owning_thread) fips_w_lock();
        fips_md5_allowed = onoff;
-       if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+       if (!owning_thread) fips_w_unlock();
        }
     }
 
@@ -85,9 +139,9 @@ int FIPS_md5_allowed(void)
        {
        int owning_thread = fips_is_owning_thread();
 
-       if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+       if (!owning_thread) fips_r_lock();
        ret = fips_md5_allowed;
-       if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+       if (!owning_thread) fips_r_unlock();
        }
     return ret;
     }
@@ -99,9 +153,9 @@ int FIPS_selftest_failed(void)
        {
        int owning_thread = fips_is_owning_thread();
 
-       if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+       if (!owning_thread) fips_r_lock();
        ret = fips_selftest_fail;
-       if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+       if (!owning_thread) fips_r_unlock();
        }
     return ret;
     }
@@ -185,7 +239,7 @@ int FIPS_mode_set(int onoff,const char *path)
     int fips_clear_owning_thread();
     int ret = 0;
 
-    CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+    fips_w_lock();
     fips_set_started();
     fips_set_owning_thread();
 
@@ -244,7 +298,7 @@ int FIPS_mode_set(int onoff,const char *path)
     ret = 1;
 end:
     fips_clear_owning_thread();
-    CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+    fips_w_unlock();
     return ret;
     }
 

diff --git a/fips/fips.h b/fips/fips.h
index cbac7cfc94017fa0c5a5bc4f46f514f07a6aa117..15fa2d2c1bdec7468703116693c96a4270d2c1c6 100644 (file)
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -55,12 +55,11 @@
 extern "C" {
 #endif
 
-/* Note that these are defined in crypto/cryptlib.c so they're
- * available even without -lfips.
- */
 struct dsa_st;
 
 int FIPS_mode_set(int onoff,const char *path);
+int FIPS_mode(void);
+const void *FIPS_rand_check(void);
 void FIPS_allow_md5(int onoff);
 int FIPS_md5_allowed(void);
 int FIPS_selftest_failed(void);

diff --git a/fips/fips_locl.h b/fips/fips_locl.h
index 215e3825494d615b7dd45409ebdf461ad6de2d01..5d4a3dd3a5b8af03ac905e2cb22f86f8b7a7433b 100644 (file)
--- a/fips/fips_locl.h
+++ b/fips/fips_locl.h
@@ -53,13 +53,16 @@
 extern "C" {
 #endif
 
-/* These are really defined in crypto/cryptlib.c */
-void fips_set_started(void);
+/* These are trampolines implemented in crypto/cryptlib.c */
+void fips_w_lock(void);
+void fips_w_unlock(void);
+void fips_r_lock(void);
+void fips_r_unlock(void);
 int fips_is_started(void);
+void fips_set_started(void);
 int fips_is_owning_thread(void);
 int fips_set_owning_thread(void);
 int fips_clear_owning_thread(void);
-void fips_set_rand_check(void *rand_check);
 
 #ifdef  __cplusplus
 }

diff --git a/fips/fipshashes.sha1 b/fips/fipshashes.sha1
index fd82309de0b67abe4513ad92f777afc1495f4e86..a87ab9b3b0b542cc64cfb47ea92a088933fd8b3c 100644 (file)
--- a/fips/fipshashes.sha1
+++ b/fips/fipshashes.sha1
@@ -1,6 +1,6 @@
-HMAC-SHA1(fips.c)= 4eef19c535c1f3deacdf93eb806479ea3b374115
+HMAC-SHA1(fips.c)= f14ae9175119f045f1c645a2458602ccd2b2a34e
 HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898
-HMAC-SHA1(fips.h)= 9a7c66b93923f83dc0a9c4acd03506059ddafe5f
+HMAC-SHA1(fips.h)= 70f0181f269e6b09a9e3e6d9ff82f3461bd41222
 HMAC-SHA1(fips_err.h)= 03468e3b593f7528fd934e49bf052c23cc98d301
 HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55
 HMAC-SHA1(aes/asm/fips-ax86-elf.s)= 0d1c89f93cbf7bf4854bb238627c99ecda462f17
@@ -17,10 +17,10 @@ HMAC-SHA1(dh/fips_dh_key.c)= 7bf23b329a776953bbe7c30ebd7f9faf5249ddbe
 HMAC-SHA1(dsa/fips_dsa_ossl.c)= d5f718695397fe56d6bb46f7c410794cb895e206
 HMAC-SHA1(dsa/fips_dsa_gen.c)= c252db14699f3ff641db052311da7d7521569c53
 HMAC-SHA1(dsa/fips_dsa_selftest.c)= 4bfc5d3a6b977527b053f3a03d0760a822a26135
-HMAC-SHA1(rand/fips_rand.c)= 5dc4aa11c0377a049bee01d427e5b0bc3dd9f10f
+HMAC-SHA1(rand/fips_rand.c)= b86543ef1b33b66846b4ab91937e22781f341324
 HMAC-SHA1(rand/fips_rand.h)= 0567b1fe9b0efe034a537f335659b0b681809791
 HMAC-SHA1(rsa/fips_rsa_eay.c)= eabab59a2f11f3da4c21e1144efe1684f5e8f1ec
-HMAC-SHA1(rsa/fips_rsa_gen.c)= 4bbc0afcade1ac53f469aaa89f84c413678254bf
+HMAC-SHA1(rsa/fips_rsa_gen.c)= 2e96773cfa8334590dcc238d32024408a2b13b18
 HMAC-SHA1(rsa/fips_rsa_selftest.c)= 70553a5212e86f65b068564946d39b738a201e22
 HMAC-SHA1(sha1/fips_sha1dgst.c)= 10575600a9540eb15188a7d3b0b031e60aedbc18
 HMAC-SHA1(sha1/fips_standalone_sha1.c)= 93203c569097189b47a0085bc9fc55193867d4ce

diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c
index cc2f12deb93ae8751c62f7e7f7aca0f99d65f5a1..745222b3066b6b3e1ef4f852e7435cf3bdbbe3e2 100644 (file)
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@@ -77,6 +77,8 @@
 #endif
 #include <string.h>
 
+void *OPENSSL_stderr(void);
+
 #ifdef OPENSSL_FIPS
 
 #define SEED_SIZE      8
@@ -151,7 +153,7 @@ static void fips_gettime(unsigned char buf[8])
 
     if(test_mode)
        {
-       fprintf(stderr,"WARNING!!! PRNG IN TEST MODE!!!\n");
+       fprintf(OPENSSL_stderr(),"WARNING!!! PRNG IN TEST MODE!!!\n");
        memcpy(buf,test_faketime,sizeof test_faketime);
        return;
        }

diff --git a/fips/rsa/fips_rsa_gen.c b/fips/rsa/fips_rsa_gen.c
index 2c92112477288c912811a3388224849fdb2fd8f2..71049fd60a807e3a26d12c8aeed9626f29396d6b 100644 (file)
--- a/fips/rsa/fips_rsa_gen.c
+++ b/fips/rsa/fips_rsa_gen.c
@@ -64,6 +64,8 @@
 #include <openssl/rsa.h>
 #include <openssl/fips.h>
 
+void *OPENSSL_stderr(void);
+
 #ifdef OPENSSL_FIPS
 
 static int fips_check_rsa(RSA *rsa)
@@ -81,7 +83,7 @@ static int fips_check_rsa(RSA *rsa)
                         RSA_PKCS1_OAEP_PADDING);
     if(n < 0)
        {
-       ERR_print_errors_fp(stderr);
+       ERR_print_errors_fp(OPENSSL_stderr());
        exit(1);
        }
     if(!memcmp(ctext,original_ptext,n))
@@ -92,7 +94,7 @@ static int fips_check_rsa(RSA *rsa)
     n=RSA_private_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_OAEP_PADDING);
     if(n < 0)
        {
-       ERR_print_errors_fp(stderr);
+       ERR_print_errors_fp(OPENSSL_stderr());
        exit(1);
        }
     if(n != sizeof(original_ptext)-1 || memcmp(ptext,original_ptext,n))