As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit
34f39b062c76fbd3082521b26edee7f53afc061d)
#ifdef _TMS320C6X
const
#endif
-unsigned char FIPS_signature [20] = { 0 };
+unsigned char FIPS_signature [20] = { 0, 0xff };
__fips_constseg
static const char FIPS_hmac_key[]="etaonrishdlcupfm";
}
$FINGERPRINT_ascii_value
- = $exe->Lookup("FINGERPRINT_ascii_value") or die;
+ = $exe->Lookup("FINGERPRINT_ascii_value");
}
if ($FIPS_text_startX && $FIPS_text_endX) {
if ($legacy_mode) {
print unpack("H*",$fingerprint);
-} else {
+} elsif (defined($FINGERPRINT_ascii_value)) {
seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!";
print FD unpack("H*",$fingerprint) or die "$!";
+} else {
+ seek(FD,$FIPS_signature->{st_offset},0) or die "$!";
+ print FD $fingerprint or die "$!";
}
close (FD);
projects / oweals / openssl.git / commitdiff