if ($shared_cflag ne "")
{
$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+ $shared_ldflag = "$shared_ldflag $shared_cflag" if($fips);
}
}
# we might set SHLIB_MARK to '$(SHARED_LIBS)'.
SHLIB_MARK=
-DIRS= crypto fips ssl $(SHLIB_MARK) sigs apps test tools
+DIRS= crypto fips ssl $(SHLIB_MARK) apps test tools
SHLIBDIRS= crypto ssl
# dirs in crypto to build
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep VMS
WDIRS= windows
LIBS= libcrypto.a libssl.a
-SIGS= libcrypto.a.sha1
SHARED_CRYPTO=libcrypto$(SHLIB_EXT)
SHARED_SSL=libssl$(SHLIB_EXT)
SHARED_LIBS=
all: Makefile sub_all openssl.pc
-sigs: $(SIGS)
-libcrypto.a.sha1: libcrypto.a
- @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- $(RANLIB) libcrypto.a; \
- fips/sha/fips_standalone_sha1 libcrypto.a > libcrypto.a.sha1; \
- fi
-
sub_all:
@for i in $(DIRS); \
do \
libcrypto$(SHLIB_EXT): libcrypto.a
@if [ "$(SHLIB_TARGET)" != "" ]; then \
$(MAKE) SHLIBDIRS=crypto build-shared; \
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- fips/sha/fips_standalone_sha1 -binary $@ > $@.$${HMAC_EXT:-sha1}; \
- fi; \
else \
echo "There's no support for shared libraries on this platform" >&2; \
fi
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname=lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
--verbose -dynamiclib -o lib$$i${SHLIB_EXT} \
lib$$i.a $$libs -all_load -current_version ${SHLIB_MAJOR}.${SHLIB_MINOR} \
-compatibility_version ${SHLIB_MAJOR}.`echo ${SHLIB_MINOR} | cut -d. -f1` \
[ -f apps/$$shlib ] && rm apps/$$shlib; \
[ -f test/$$shlib ] && rm test/$$shlib; \
base=; [ $$i = "crypto" ] && base=-Wl,--image-base,0x63000000; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared $$base -o $$shlib \
-Wl,-Bsymbolic \
-Wl,--whole-archive lib$$i.a \
-Wl,--out-implib,lib$$i.dll.a \
-Wl,--no-whole-archive $$libs ${EX_LIBS} ) || exit 1; \
cp -p $$shlib apps/; cp -p $$shlib test/; \
+ touch -c lib$$i.dll.a; \
libs="-l$$i $$libs"; \
done
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
-all lib$$i.a -none $$libs ${EX_LIBS} ) || exit 1; \
if [ "${SHLIBDIRS}" = "ssl" -a -n "$(LIBKRB5)" ]; then \
libs="$(LIBKRB5) $$libs"; \
fi; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -msym -o lib$$i.so \
-rpath ${INSTALLTOP}/lib \
-set_version "${SHLIB_VERSION_HISTORY}${SHLIB_VERSION_NUMBER}" \
( PATH=/usr/ccs/bin:$$PATH ; export PATH; \
MINUSZ='-z '; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && MINUSZ='-Wl,-z,'; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-Bsymbolic \
for obj in `ar t lib$$i.a` ; do \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
OBJS="$${OBJS} `grep /$$obj allobjs`" ; \
done ; \
set -x; LD_LIBRARY_PATH=.:$$LD_LIBRARY_PATH \
- ${CC} ${SHARED_LDFLAGS} \
+ $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
$${SHARE_FLAG} -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-h lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${OBJS} $$libs ${EX_LIBS} ) || exit 1; \
fi; \
( WHOLELIB="-all lib$$i.a -none"; \
(${CC} -v 2>&1 | grep gcc) > /dev/null && WHOLELIB="-Wl,-all,lib$$i.a,-none"; \
- set -x; ${CC} ${SHARED_LDFLAGS} \
+ set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-shared -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
-Wl,-soname,lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} \
$${WHOLELIB} $$libs ${EX_LIBS}) || exit 1; \
[ -f $$shlib ] && rm -f $$shlib; \
ALLSYMSFLAGS='-Wl,-Fl'; \
expr $(PLATFORM) : 'hpux64' > /dev/null && ALLSYMSFLAGS='-Wl,+forceload'; \
- ( set -x; ${CC} ${SHARED_LDFLAGS} \
+ ( set -x; $${FIPSLD:-${CC}} ${SHARED_LDFLAGS} \
-Wl,-B,symbolic,+vnocompatwarnings,-z,+h,$$shlib \
-o $$shlib $$ALLSYMSFLAGS,lib$$i.a -ldld ) || exit 1; \
chmod a=rx $$shlib; \
OBJECT_MODE=$${OBJECT_MODE:-32}; export OBJECT_MODE; \
ld -r -o lib$$i.o $(ALLSYMSFLAG) lib$$i.a && \
( nm -Pg lib$$i.o | grep ' [BD] ' | cut -f1 -d' ' > lib$$i.exp; \
- $(SHAREDCMD) $(SHAREDFLAGS) \
+ $${FIPSLD:-${CC}} $(SHAREDFLAGS) \
-o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} lib$$i.o \
$$libs ${EX_LIBS} ) ) \
|| exit 1; \
( set -x; \
( Opwd=`pwd` ; mkdir $$tmpdir || exit 1; \
cd $$tmpdir || exit 1 ; ar x $$Opwd/lib$$i.a ; \
- ${CC} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
+ $${FIPSLD:-${CC}} -G -o lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} *.o \
) || exit 1; \
cp $$tmpdir/lib$$i.so.${SHLIB_MAJOR}.${SHLIB_MINOR} . ; \
) || exit 1; \
if [ "$(PLATFORM)" != "Cygwin" ]; then \
cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
chmod 555 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
- sig="$$i.$${HMAC_EXT:-sha1}"; \
- if [ -f $$sig ]; then \
- echo installing $$sig; \
- cp $$sig $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig.new; \
- chmod 444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig.new \
- $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$sig; \
- fi; \
+ mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i; \
else \
c=`echo $$i | sed 's/^lib\(.*\)\.dll/cyg\1-$(SHLIB_VERSION_NUMBER).dll/'`; \
cp $$c $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$c.new; \
sed -e '1,/^$$/d' doc/openssl-shared.txt; \
fi; \
fi
- @for i in $(SIGS) ;\
- do \
- if [ -f "$$i" ]; then \
- ( echo installing $$i; \
- cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/lib/$$i ); \
- fi; \
- done;
cp openssl.pc $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/pkgconfig/openssl.pc
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new \
$(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
- sig="$$i.$${HMAC_EXT:-sha1}"; \
- if [ -f $$sig ]; then \
- echo installing $$sig; \
- cp $$sig $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig.new; \
- chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig.new; \
- mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig.new \
- $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$sig; \
- fi; \
) done;
@for i in $(SCRIPTS); \
do \
$(EXE): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
$(RM) $(EXE)
+ @if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ fi; \
SHARED_LIBS="$(SHARED_LIBS)"; \
if [ "$(SHLIB_TARGET)" = "darwin-shared" ] ; then \
SHARED_LIBS=""; \
fi; \
- if [ -z "$(SHARED_LIBS)" ]; then \
+ if [ -z "$$SHARED_LIBS" ]; then \
set -x; $${CC:-$(CC)} -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(DLIBSSL) $(LIBKRB5) $(DLIBCRYPTO) $(EX_LIBS) ; \
else \
set -x; LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
$(CC) -o $(EXE) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
- fi; \
- if [ -z "$$SHARED_LIBS" ]; then \
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(EXE); \
- fi; \
fi
-(cd ..; \
OPENSSL="`pwd`/util/opensslwrap.sh"; export OPENSSL; \
#ifdef OPENSSL_FIPS
if(getenv("OPENSSL_FIPS")) {
-#if defined(_WIN32)
- char filename[MAX_PATH] = "";
- GetModuleFileNameA( NULL, filename, MAX_PATH) ;
- p = filename;
-#else
- p = Argv[0];
-#endif
- if (!FIPS_mode_set(1,p)) {
+ if (!FIPS_mode_set(1)) {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
EXIT(1);
}
return ret;
}
+
+unsigned char *fips_signature_witness(void)
+ {
+ extern unsigned char FIPS_signature[];
+ return FIPS_signature;
+ }
#endif /* OPENSSL_FIPS */
LIB= $(TOP)/libcrypto.a
SHARED_LIB= libcrypto$(SHLIB_EXT)
-LIBSRC=fips.c fips_err_wrapper.c
-LIBOBJ=fips.o fips_err_wrapper.o
+LIBSRC=fips.c fips_err_wrapper.c fipshashes.c
+LIBOBJ=fips.o fips_err_wrapper.o fipshashes.o
+FIPS_OBJ_LISTS=sha/lib rand/lib des/lib aes/lib dsa/lib rsa/lib dh/lib
SRC= $(LIBSRC)
EXHEADER=fips.h
HEADER=$(EXHEADER) fips_err.h
-EXE=openssl_fips_fingerprint
-TEST= fips_test_suite.c
+EXE=fipsld
ALL= $(GENERAL) $(SRC) $(HEADER)
fi
check:
- $(PERL) ../util/checkhash.pl
+ $(PERL) ../util/checkhash.pl || (rm fipscanister.o* 2>/dev/null; exit 1)
+
+# Idea behind fipscanister.o is to "seize" the sequestered code between
+# known symbols for fingerprinting purposes, which would be commonly
+# done with ld -r start.o ... end.o. The latter however presents a minor
+# challenge on multi-ABI platforms. As just implied, we'd rather use ld,
+# but the trouble is that we don't generally know how ABI-selection
+# compiler flag is translated to corresponding linker flag. All compiler
+# drivers seem to recognize -r flag and pass it down to linker, but some
+# of them, including gcc, erroneously add -lc, as well as run-time
+# components, such as crt1.o and alike. Fortunately among those vendor
+# compilers which were observed to misinterpret -r flag multi-ABI ones
+# are equipped with smart linkers, which don't require any ABI-selection
+# flag and simply assume that all objects are of the same type as first
+# one in command line. So the idea is to identify gcc and deficient
+# vendor compiler drivers...
+fipscanister.o: fips_start.o $(LIBOBJ) $(FIPS_OBJ_LISTS) fips_end.o
+ @objs="fips_start.o $(LIBOBJ)"; \
+ for i in $(FIPS_OBJ_LISTS); do \
+ dir=`dirname $$i`; script="s|^|$$dir/|;s| | $$dir/|g"; \
+ objs="$$objs `sed "$$script" $$i`"; \
+ done; \
+ objs="$$objs fips_end.o" ; \
+ if [ -n "${FIPS_SITE_LD}" ]; then \
+ set -x; ${FIPS_SITE_LD} -r -o $@ $$objs; \
+ elif $(CC) -dumpversion >/dev/null 2>&1; then \
+ set -x; $(CC) $(CFLAGS) -r -nostdlib -o $@ $$objs ; \
+ else case "`(uname -s) 2>/dev/null`" in \
+ HP-UX|OSF1|SunOS) set -x; /usr/ccs/bin/ld -r -o $@ $$objs ;; \
+ *) set -x; $(CC) $(CFLAGS) -r -o $@ $$objs ;; \
+ esac fi
+ sha/fips_standalone_sha1 fipscanister.o > fipscanister.o.sha1
+# If another exception is immediately required, assign approprite
+# site-specific ld command to FIPS_SITE_LD environment variable.
+
+fips_start.o: fips_canister.c
+ $(CC) $(CFLAGS) -DFIPS_START -c -o $@ fips_canister.c
+fips_end.o: fips_canister.c
+ $(CC) $(CFLAGS) -DFIPS_END -c -o $@ fips_canister.c
+fips_premain_dso$(EXE_EXT): fips_premain.c
+ $(CC) $(CFLAGS) -DFINGERPRINT_PREMAIN_DSO_LOAD -o $@ fips_premain.c \
+ ../libcrypto.a $(EX_LIBS)
subdirs:
@for i in $(FDIRS) ;\
$(MAKE) CC='$(CC)' INCLUDES='${INCLUDES}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' FIPS_DES_ENC='${FIPS_DES_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' FIPS_SHA1_ASM_OBJ='${FIPS_SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' AR='${AR}' PERL='${PERL}' links ); \
done;
-lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
+lib: fipscanister.o
+ $(AR) $(LIB) fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
-shared:
+shared: fips_premain_dso$(EXE_EXT)
if [ -n "$(SHARED_LIBS)" ]; then \
- (cd ..; $(MAKE) $(SHARED_LIB)); \
+ (cd ..; $(MAKE) FIPSLD_CC=$(CC) FIPSLD=fips/fipsld $(SHARED_LIB)); \
fi
libs:
chmod 755 $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new; \
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i.new $(INSTALL_PREFIX)$(INSTALLTOP)/bin/$$i; \
done
+ @cp -p -f fipscanister.o fipscanister.o.sha1 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/; \
+ chmod 0444 $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fipscanister.o \
+ $(INSTALL_PREFIX)$(INSTALLTOP)/lib/fipscanister.o.sha1
lint:
@for i in $(FDIRS) ;\
done;
clean:
- rm -f buildinf.h *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+ rm -f buildinf.h *.o *.obj fips_premain_dso$(EXE_EXT) lib tags core .pure .nfs* *.old *.bak fluff
@for i in $(FDIRS) ;\
do \
(cd $$i && echo "making clean in fips/$$i..." && \
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
int f_opt = 0, d_opt = 1;
#ifdef OPENSSL_FIPS
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
EXIT(1);
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
int f_opt = 0, d_opt = 1;
#ifdef OPENSSL_FIPS
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
bio_err=BIO_new_fp(stderr,BIO_NOCLOSE);
#ifdef OPENSSL_FIPS
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(bio_err);
EXIT(1);
fprintf(stderr,"%s [prime|pqg]\n",argv[0]);
exit(1);
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
&& FIPS_selftest_dsa();
}
-#ifndef HMAC_EXT
-#define HMAC_EXT "sha1"
-#endif
+extern const void *FIPS_text_start(), *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+unsigned char FIPS_signature [20] = { 0 };
+static const char FIPS_hmac_key[]="etaonrishdlcupfm";
-static char key[]="etaonrishdlcupfm";
+unsigned int FIPS_incore_fingerprint(unsigned char *sig,unsigned int len)
+ {
+ const unsigned char *p1 = FIPS_text_start();
+ const unsigned char *p2 = FIPS_text_end();
+ const unsigned char *p3 = FIPS_rodata_start;
+ const unsigned char *p4 = FIPS_rodata_end;
+ HMAC_CTX c;
-#ifdef OPENSSL_PIC
-int DSO_pathbyaddr(void *addr,char *path,int sz);
+ HMAC_CTX_init(&c);
+ HMAC_Init(&c,FIPS_hmac_key,strlen(FIPS_hmac_key),EVP_sha1());
-static int FIPS_check_dso()
- {
- unsigned char buf[1024];
- char path [512];
- unsigned char mdbuf[EVP_MAX_MD_SIZE];
- FILE *f;
- HMAC_CTX hmac;
- int len,n;
-
- len = DSO_pathbyaddr(NULL,path,sizeof(path)-sizeof(HMAC_EXT));
- if (len<=0)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_DSO,FIPS_R_NO_DSO_PATH);
- return 0;
- }
+ /* detect overlapping regions */
+ if (p1<=p3 && p2>=p3)
+ p3=p1, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
+ else if (p3<=p1 && p4>=p1)
+ p3=p3, p4=p2>p4?p2:p4, p1=NULL, p2=NULL;
- f=fopen(path,"rb");
- if(!f)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
- return 0;
- }
+ if (p1)
+ HMAC_Update(&c,p1,(size_t)p2-(size_t)p1);
- HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
- while(!feof(f))
- {
- n=fread(buf,1,sizeof buf,f);
- if(ferror(f))
- {
- clearerr(f);
- fclose(f);
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
- return 0;
- }
- if (n) HMAC_Update(&hmac,buf,n);
- }
- fclose(f);
- HMAC_Final(&hmac,mdbuf,&n);
- HMAC_CTX_cleanup(&hmac);
-
- path[len-1]='.';
- strcpy(path+len,HMAC_EXT);
- f=fopen(path,"rb");
- if(!f || fread(buf,1,20,f) != 20)
- {
- if (f) fclose(f);
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
- return 0;
- }
- fclose(f);
- if(memcmp(buf,mdbuf,20))
+ if (FIPS_signature>=p3 && FIPS_signature<p4)
{
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
- return 0;
+ /* "punch" hole */
+ HMAC_Update(&c,p3,(size_t)FIPS_signature-(size_t)p3);
+ p3 = FIPS_signature+sizeof(FIPS_signature);
+ if (p3<p4)
+ HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
}
- return 1;
+ else
+ HMAC_Update(&c,p3,(size_t)p4-(size_t)p3);
+
+ HMAC_Final(&c,sig,&len);
+ HMAC_CTX_cleanup(&c);
+
+ return len;
}
-#else
-static int FIPS_check_exe(const char *path)
+
+int FIPS_check_incore_fingerprint(void)
{
- unsigned char buf[1024];
- char p2[PATH_MAX];
- unsigned int n;
- unsigned char mdbuf[EVP_MAX_MD_SIZE];
- FILE *f;
- HMAC_CTX hmac;
- const char *sha1_fmt="%s."HMAC_EXT;
-
- f=fopen(path,"rb");
-#ifdef __CYGWIN32__
- /* cygwin scrupulously strips .exe extentions:-( as of now it's
- actually no point to attempt above fopen, but we keep the call
- just in case the behavior changes in the future... */
- if (!f)
- {
- sha1_fmt="%s.exe."HMAC_EXT;
- BIO_snprintf(p2,sizeof p2,"%s.exe",path);
- f=fopen(p2,"rb");
- }
-#endif
- if(!f)
- {
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
- return 0;
- }
- HMAC_Init(&hmac,key,strlen(key),EVP_sha1());
- while(!feof(f))
- {
- n=fread(buf,1,sizeof buf,f);
- if(ferror(f))
- {
- clearerr(f);
- fclose(f);
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE);
- return 0;
- }
- if (n) HMAC_Update(&hmac,buf,n);
- }
- fclose(f);
- HMAC_Final(&hmac,mdbuf,&n);
- HMAC_CTX_cleanup(&hmac);
- BIO_snprintf(p2,sizeof p2,sha1_fmt,path);
- f=fopen(p2,"rb");
- if(!f || fread(buf,1,20,f) != 20)
+ unsigned char sig[EVP_MAX_MD_SIZE];
+ unsigned int len;
+ extern int OPENSSL_NONPIC_relocated;
+
+ if (FIPS_text_start()==NULL)
{
- if (f) fclose(f);
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_CANNOT_READ_EXE_DIGEST);
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_UNSUPPORTED_PLATFORM);
return 0;
}
- fclose(f);
- if(memcmp(buf,mdbuf,20))
+
+ len=FIPS_incore_fingerprint (sig,sizeof(sig));
+
+ if (len!=sizeof(FIPS_signature) ||
+ memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
{
- FIPSerr(FIPS_F_FIPS_CHECK_EXE,FIPS_R_EXE_DIGEST_DOES_NOT_MATCH);
+ if (FIPS_signature>=FIPS_rodata_start && FIPS_signature<FIPS_rodata_end)
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING);
+ else if (OPENSSL_NONPIC_relocated)
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED);
+ else
+ FIPSerr(FIPS_F_FIPS_CHECK_FINGERPRINT,FIPS_R_FINGERPRINT_DOES_NOT_MATCH);
return 0;
}
+
return 1;
}
-#endif
-int FIPS_mode_set(int onoff,const char *path)
+int FIPS_mode_set(int onoff)
{
int fips_set_owning_thread();
int fips_clear_owning_thread();
goto end;
}
-#ifdef OPENSSL_PIC
- if(!FIPS_check_dso())
-#else
- if(!FIPS_check_exe(path))
-#endif
+ if(fips_signature_witness() != FIPS_signature)
+ {
+ FIPSerr(FIPS_F_FIPS_MODE_SET,FIPS_R_CONTRADICTING_EVIDENCE);
+ fips_selftest_fail = 1;
+ ret = 0;
+ goto end;
+ }
+
+ if(!FIPS_check_incore_fingerprint())
{
fips_selftest_fail = 1;
ret = 0;
struct dsa_st;
-int FIPS_mode_set(int onoff,const char *path);
-#define FIPS_init(f) FIPS_mode_set((f),NULL)
+int FIPS_mode_set(int onoff);
int FIPS_mode(void);
const void *FIPS_rand_check(void);
int FIPS_selftest_failed(void);
int FIPS_selftest_rng(void);
int FIPS_selftest_hmac(void);
-/* The following lines are auto generated by the script mkerr.pl. Any changes
- * made after this point may be overwritten when the script is next run.
- */
-void ERR_load_FIPS_strings(void);
-
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
#define FIPS_F_DSA_DO_VERIFY 112
#define FIPS_F_DSA_GENERATE_PARAMETERS 110
#define FIPS_F_FIPS_CHECK_DSA 116
-#define FIPS_F_FIPS_CHECK_DSO 120
#define FIPS_F_FIPS_CHECK_EXE 106
+#define FIPS_F_FIPS_CHECK_FINGERPRINT 120
#define FIPS_F_FIPS_CHECK_RSA 115
#define FIPS_F_FIPS_DSA_CHECK 102
#define FIPS_F_FIPS_MODE_SET 105
#define FIPS_F_RSA_GENERATE_KEY 113
#define FIPS_F_RSA_X931_GENERATE_KEY 119
#define FIPS_F_SSLEAY_RAND_BYTES 101
+#define FIPS_F_FIPS_CHECK_DSO 120
/* Reason codes. */
#define FIPS_R_CANNOT_READ_EXE 103
#define FIPS_R_CANNOT_READ_EXE_DIGEST 104
#define FIPS_R_EXE_DIGEST_DOES_NOT_MATCH 105
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH 110
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED 111
+#define FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING 112
#define FIPS_R_FIPS_MODE_ALREADY_SET 102
#define FIPS_R_FIPS_SELFTEST_FAILED 106
#define FIPS_R_INVALID_KEY_LENGTH 109
#define FIPS_R_KEY_TOO_SHORT 108
#define FIPS_R_NON_FIPS_METHOD 100
-#define FIPS_R_NO_DSO_PATH 110
#define FIPS_R_PAIRWISE_TEST_FAILED 107
#define FIPS_R_SELFTEST_FAILED 101
+#define FIPS_R_UNSUPPORTED_PLATFORM 113
+#define FIPS_R_CONTRADICTING_EVIDENCE 114
#ifdef __cplusplus
}
--- /dev/null
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#if defined(__DECC)
+# include <c_asm.h>
+# pragma __nostandard
+#endif
+
+#include "e_os.h"
+
+#if !defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+# if (defined(__sun) && (defined(__sparc) || defined(__sparcv9))) || \
+ (defined(__sgi) && (defined(__mips) || defined(mips))) || \
+ (defined(__osf__) && defined(__alpha)) || \
+ (defined(__linux) && (defined(__arm) || defined(__arm__))) || \
+ (defined(__i386) || defined(__i386__)) || \
+ (defined(__x86_64) || defined(__x86_64__)) || \
+ (defined(vax) || defined(__vax__))
+# define POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION
+# endif
+#endif
+
+#ifdef FIPS_START
+#define FIPS_ref_point FIPS_text_start
+/* Some compilers put string literals into a separate segment. As we
+ * are mostly interested to hash AES tables in .rodata, we declare
+ * reference points accordingly. In case you wonder, the values are
+ * big-endian encoded variable names, just to prevent these arrays
+ * from being merged by linker. */
+const unsigned int FIPS_rodata_start[]=
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x73746172 };
+#else
+#define FIPS_ref_point FIPS_text_end
+const unsigned int FIPS_rodata_end[]=
+ { 0x46495053, 0x5f726f64, 0x6174615f, 0x656e645b };
+#endif
+
+/*
+ * I declare reference function as static in order to avoid certain
+ * pitfalls in -dynamic linker behaviour...
+ */
+static void *instruction_pointer(void)
+{ void *ret=NULL;
+/* These are ABI-neutral CPU-specific snippets. ABI-neutrality means
+ * that they are designed to work under any OS running on particular
+ * CPU, which is why you don't find any #ifdef THIS_OR_THAT_OS in
+ * this function. */
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ INSTRUCTION_POINTER_IMPLEMENTED(ret);
+#elif defined(__GNUC__) && __GNUC__>=2
+# if defined(__alpha) || defined(__alpha__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "br %0,1f\n1:" : "=r"(ret) );
+# elif defined(__i386) || defined(__i386__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "call 1f\n1: popl %0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# elif defined(__ia64) || defined(__ia64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "mov %0=ip" : "=r"(ret) );
+# elif defined(__hppa) || defined(__hppa__) || defined(__pa_risc)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "blr %%r0,%0\n\tnop" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* mask privilege level */
+# elif defined(__mips) || defined(__mips__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "move %1,$31\n\t" /* save ra */
+ "bal .+8; nop\n\t"
+ "move %0,$31\n\t"
+ "move $31,%1" /* restore ra */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__ppc__) || defined(__powerpc) || defined(__powerpc__) || \
+ defined(__POWERPC__) || defined(_POWER) || defined(__PPC__) || \
+ defined(__PPC64__) || defined(__powerpc64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mfspr %1,8\n\t" /* save lr */
+ "bl .+4\n\t"
+ "mfspr %0,8\n\t" /* mflr ret */
+ "mtspr 8,%1" /* restore lr */
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__sparc) || defined(__sparc__) || defined(__sparcv9)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ __asm __volatile ( "mov %%o7,%1\n\t"
+ "call .+8; nop\n\t"
+ "mov %%o7,%0\n\t"
+ "mov %1,%%o7"
+ : "=r"(ret),"=r"(scratch) );
+# elif defined(__x86_64) || defined(__x86_64__)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ __asm __volatile ( "leaq 0(%%rip),%0" : "=r"(ret) );
+ ret = (void *)((size_t)ret&~3UL); /* align for better performance */
+# endif
+#elif defined(__DECC) && defined(__alpha)
+# define INSTRUCTION_POINTER_IMPLEMENTED
+ ret = (void *)(size_t)asm("br %v0,1f\n1:");
+#elif defined(_MSC_VER) && defined(_M_IX86)
+# undef INSTRUCTION_POINTER_IMPLEMENTED
+ void *scratch;
+ _asm {
+ call self
+ self: pop eax
+ mov scratch,eax
+ }
+ ret = (void *)((size_t)scratch&~3UL);
+#endif
+ return ret;
+}
+
+/*
+ * This function returns pointer to an instruction in the vicinity of
+ * its entry point, but not outside this object module. This guarantees
+ * that sequestered code is covered...
+ */
+void *FIPS_ref_point()
+{
+#if defined(INSTRUCTION_POINTER_IMPLEMENTED)
+ return instruction_pointer();
+/* Below we essentially cover vendor compilers which do not support
+ * inline assembler... */
+#elif defined(_AIX)
+ struct { void *ip,*gp,*env; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_HPUX_SOURCE)
+# if defined(__hppa) || defined(__hppa__)
+ struct { void *i[4]; } *p = (void *)FIPS_ref_point;
+
+ if (sizeof(p) == 8) /* 64-bit */
+ return p->i[2];
+ else if ((size_t)p & 2)
+ { p = (void *)((size_t)p&~3UL);
+ return p->i[0];
+ }
+ else
+ return (void *)p;
+# elif defined(__ia64) || defined(__ia64__)
+ struct { unsigned long long ip,gp; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+# endif
+#elif (defined(__VMS) || defined(VMS)) && !(defined(vax) || defined(__vax__))
+ /* applies to both alpha and ia64 */
+ struct { unsigned __int64 opaque,ip; } *p=(void *)instruction_pointer;
+ return (void *)(size_t)p->ip;
+#elif defined(__VOS__)
+ /* applies to both pa-risc and ia32 */
+ struct { void *dp,*ip,*gp; } *p = (void *)instruction_pointer;
+ return p->ip;
+#elif defined(_WIN32)
+# if defined(_WIN64) && defined(_M_IA64)
+ struct { void *ip,*gp; } *p = (void *)FIPS_ref_point;
+ return p->ip;
+# else
+ return (void *)FIPS_ref_point;
+# endif
+/*
+ * In case you wonder why there is no #ifdef __linux. All Linux targets
+ * are GCC-based and therefore are covered by instruction_pointer above
+ * [well, some are covered by by the one below]...
+ */
+#elif defined(POINTER_TO_FUNCTION_IS_POINTER_TO_1ST_INSTRUCTION)
+ return (void *)instruction_pointer;
+#else
+ return NULL;
+#endif
+}
{ERR_FUNC(FIPS_F_DSA_DO_VERIFY), "DSA_do_verify"},
{ERR_FUNC(FIPS_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_DSA), "FIPS_CHECK_DSA"},
-{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO), "FIPS_CHECK_DSO"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_EXE), "FIPS_CHECK_EXE"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_FINGERPRINT), "FIPS_CHECK_FINGERPRINT"},
{ERR_FUNC(FIPS_F_FIPS_CHECK_RSA), "FIPS_CHECK_RSA"},
{ERR_FUNC(FIPS_F_FIPS_DSA_CHECK), "FIPS_dsa_check"},
{ERR_FUNC(FIPS_F_FIPS_MODE_SET), "FIPS_mode_set"},
{ERR_FUNC(FIPS_F_RSA_GENERATE_KEY), "RSA_generate_key"},
{ERR_FUNC(FIPS_F_RSA_X931_GENERATE_KEY), "RSA_X931_generate_key"},
{ERR_FUNC(FIPS_F_SSLEAY_RAND_BYTES), "SSLEAY_RAND_BYTES"},
+{ERR_FUNC(FIPS_F_FIPS_CHECK_DSO), "FIPS_check_dso"},
{0,NULL}
};
{ERR_REASON(FIPS_R_CANNOT_READ_EXE) ,"cannot access executable object"},
{ERR_REASON(FIPS_R_CANNOT_READ_EXE_DIGEST),"cannot access detached digest"},
{ERR_REASON(FIPS_R_EXE_DIGEST_DOES_NOT_MATCH),"detached digest verification failed"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH),"fingerprint does not match"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_NONPIC_RELOCATED),"fingerprint does not match, possibly because non-PIC was relocated"},
+{ERR_REASON(FIPS_R_FINGERPRINT_DOES_NOT_MATCH_SEGMENT_ALIASING),"fingerprint does not match, invalid segment aliasing"},
{ERR_REASON(FIPS_R_FIPS_MODE_ALREADY_SET),"fips mode already set"},
{ERR_REASON(FIPS_R_FIPS_SELFTEST_FAILED) ,"fips selftest failed"},
{ERR_REASON(FIPS_R_INVALID_KEY_LENGTH) ,"invalid key length"},
{ERR_REASON(FIPS_R_KEY_TOO_SHORT) ,"key too short"},
{ERR_REASON(FIPS_R_NON_FIPS_METHOD) ,"non fips method"},
-{ERR_REASON(FIPS_R_NO_DSO_PATH) ,"DSO path can't be determined"},
{ERR_REASON(FIPS_R_PAIRWISE_TEST_FAILED) ,"pairwise test failed"},
{ERR_REASON(FIPS_R_SELFTEST_FAILED) ,"selftest failed"},
+{ERR_REASON(FIPS_R_UNSUPPORTED_PLATFORM) ,"unsupported platform"},
+{ERR_REASON(FIPS_R_CONTRADICTING_EVIDENCE),"duplicate code detected, check your linking procedure"},
{0,NULL}
};
void ERR_load_FIPS_strings(void)
{
- static int init=1;
+ static int init;
- if (init)
+ if (!init)
{
- init=0;
+ init=1;
#ifndef OPENSSL_NO_ERR
ERR_load_strings(0,FIPS_str_functs);
ERR_load_strings(0,FIPS_str_reasons);
--- /dev/null
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. Rights for redistribution
+ * and usage in source and binary forms are granted according to the
+ * OpenSSL license.
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#if defined(__unix) || defined(__unix__)
+#include <unistd.h>
+#endif
+
+#ifndef FINGERPRINT_PREMAIN_DSO_LOAD
+
+#if defined(__GNUC__) && __GNUC__>=2
+ void FINGERPRINT_premain(void) __attribute__((constructor));
+ /* Most commonly this results in pointer to premain to be dropped
+ * to .ctors segment, which is traversed by GCC crtbegin.o upon
+ * program startup. Except on a.out OpenBSD where it results in
+ * _GLOBAL_$I$premain() {premain();} being auto-generated by
+ * compiler... But one way or another this is believed to cover
+ * *all* GCC targets. */
+#elif defined(_MSC_VER)
+# ifdef _WINDLL
+ __declspec(dllexport) /* this is essentially cosmetics... */
+# endif
+ void FINGERPRINT_premain(void);
+ static int premain_wrapper(void) { FINGERPRINT_premain(); return 0; }
+# pragma data_seg(".CRT$XCU")
+ static int (*p)(void) = premain_wrapper;
+ /* This results in pointer to premain to appear in .CRT segment,
+ * which is traversed by Visual C run-time initialization code.
+ * This applies to both Win32 and [all flavors of] Win64. */
+# pragma data_seg()
+#elif defined(__SUNPRO_C)
+ void FINGERPRINT_premain(void);
+# pragma init(FINGERPRINT_premain)
+ /* This results in a call to premain to appear in .init segment. */
+#elif defined(__DECC) && (defined(__VMS) || defined(VMS))
+ void FINGERPRINT_premain(void);
+# pragma __nostandard
+ globaldef { "LIB$INITIALIZ" } readonly _align (LONGWORD)
+ int spare[8] = {0};
+ globaldef { "LIB$INITIALIZE" } readonly _align (LONGWORD)
+ void (*x_FINGERPRINT_premain)(void) = FINGERPRINT_premain;
+ /* Refer to LIB$INITIALIZE to ensure it exists in the image. */
+ int lib$initialize();
+ globaldef int (*lib_init_ref)() = lib$initialize;
+# pragma __standard
+#elif 0
+ The rest has to be taken care of through command line:
+
+ -Wl,-init,FINGERPRINT_premain on OSF1 and IRIX
+ -Wl,+init,FINGERPRINT_premain on HP-UX
+ -Wl,-binitfini:FINGERPRINT_premain on AIX
+
+ On ELF platforms this results in a call to premain to appear in
+ .init segment...
+#endif
+
+#ifndef HMAC_SHA1_SIG
+#define HMAC_SHA1_SIG "?have to make sure this string is unique"
+#endif
+
+static const unsigned char FINGERPRINT_ascii_value[40] = HMAC_SHA1_SIG;
+
+#define atox(c) ((c)>='a'?((c)-'a'+10):((c)>='A'?(c)-'A'+10:(c)-'0'))
+
+extern const void *FIPS_text_start(), *FIPS_text_end();
+extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
+extern unsigned char FIPS_signature[20];
+extern unsigned int FIPS_incore_fingerprint(unsigned char *,unsigned int);
+
+/*
+ * As name suggests this code is executed prior main(). We use this
+ * opportunity to fingerprint sequestered code in virtual address
+ * space of target application.
+ */
+void FINGERPRINT_premain(void)
+{ unsigned char sig[sizeof(FIPS_signature)];
+ const unsigned char *p=FINGERPRINT_ascii_value;
+ unsigned int len=sizeof(sig),i;
+
+ /* "volatilization" is done to disengage unwanted optimization... */
+ if (*((volatile unsigned char *)p)=='?')
+ { if (FIPS_text_start()==NULL)
+ { fprintf(stderr,"FIPS_text_start() returns NULL\n");
+ _exit(1);
+ }
+#if defined(DEBUG_FINGERPRINT_PREMAIN)
+ fprintf(stderr,".text:%p+%d=%p\n",FIPS_text_start(),
+ (int)((size_t)FIPS_text_end()-(size_t)FIPS_text_start()),
+ FIPS_text_end());
+ fprintf(stderr,".rodata:%p+%d=%p\n",FIPS_rodata_start,
+ (int)((size_t)FIPS_rodata_end-(size_t)FIPS_rodata_start),
+ FIPS_rodata_end);
+#endif
+
+ len=FIPS_incore_fingerprint(sig,sizeof(sig));
+
+ if (len!=sizeof(sig))
+ { fprintf(stderr,"fingerprint length mismatch: %u\n",len);
+ _exit(1);
+ }
+
+ for (i=0;i<len;i++) printf("%02x",sig[i]);
+ printf("\n");
+ fflush(stdout);
+ _exit(0);
+ }
+ else if (FIPS_signature[0]=='\0') do
+ { for (i=0;i<sizeof(FIPS_signature);i++,p+=2)
+ FIPS_signature[i] = (atox(p[0])<<4)|atox(p[1]);
+
+#if defined(DEBUG_FINGERPRINT_PREMAIN)
+ if (getenv("OPENSSL_FIPS")==NULL) break;
+
+ len=FIPS_incore_fingerprint(sig,sizeof(sig));
+
+ if (memcmp(FIPS_signature,sig,sizeof(FIPS_signature)))
+ { fprintf(stderr,"FINGERPRINT_premain: FIPS_signature mismatch\n");
+ _exit(1);
+ }
+#endif
+ } while(0);
+}
+
+#else
+
+#include <openssl/bio.h>
+#include <openssl/dso.h>
+#include <openssl/err.h>
+
+int main(int argc,char *argv[])
+{ DSO *dso;
+ DSO_FUNC_TYPE func;
+ BIO *bio_err;
+
+ if (argc < 2)
+ { fprintf (stderr,"usage: %s libcrypto.dso\n",argv[0]);
+ return 1;
+ }
+
+ if ((bio_err=BIO_new(BIO_s_file())) == NULL)
+ { fprintf (stderr,"unable to allocate BIO\n");
+ return 1;
+ }
+ BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);
+ ERR_load_crypto_strings();
+
+ dso = DSO_load(NULL,argv[1],NULL,DSO_FLAG_NO_NAME_TRANSLATION);
+ if (dso == NULL)
+ { ERR_print_errors(bio_err);
+ return 1;
+ }
+
+ /* This is not normally reached, because FINGERPRINT_premain should
+ * have executed and terminated application already upon DSO_load... */
+ func = DSO_bind_func(dso,"FINGERPRINT_premain");
+ if (func == NULL)
+ { ERR_print_errors(bio_err);
+ return 1;
+ }
+
+ (*func)();
+
+ return 0;
+}
+
+#endif
printf("Bad argument \"%s\"\n", argv[1]);
exit(1);
}
- if (!FIPS_mode_set(1,argv[0]))
+ if (!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
*/
ERR_clear_error();
printf("2. Automatic power-up self test...");
- if (!FIPS_mode_set(1,argv[0]))
+ if (!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
const char * const FIPS_source_hashes[] = {
-"HMAC-SHA1(fips.c)= c5116c8f381d5981d840d240f66c8303b866f5f6",
+"HMAC-SHA1(fips.c)= 3a2deb3c319512952bf5547ed92116a7e0db472b",
"HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898",
-"HMAC-SHA1(fips.h)= c9f7bfc3cd78ef7bfcf863b92dcb6e477384e300",
-"HMAC-SHA1(fips_err.h)= f124e9f93777ca7f5bc6edd8323ffbb36625d40b",
+"HMAC-SHA1(fips.h)= 57d602d18efe0594f806fbcc64269e9440638ef4",
+"HMAC-SHA1(fips_err.h)= e0649ee1d60c8162f7eeb293f89f3b63ac85202a",
+"HMAC-SHA1(fips_canister.c)= da6d0f5daf9594881fd060773a5f3e057ba302ff",
+"HMAC-SHA1(fips_premain.c)= 6a08d15c578f1258246181bf52134ae974aa5a80",
"HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55",
"HMAC-SHA1(aes/asm/fips-ax86-elf.s)= f797b524a79196e7f59458a5b223432fcfd4a868",
"HMAC-SHA1(aes/fips_aes_selftest.c)= 98b01502221e7fe529fd981222f2cbb52eb4cbe0",
--- /dev/null
+#!/bin/sh -e
+#
+# Copyright (c) 2005 The OpenSSL Project.
+#
+# Depending on output file name, the script either embeds fingerprint
+# into libcrypto.so or static application. "Static" refers to static
+# libcrypto.a, not [necessarily] application per se.
+#
+# Even though this script is called fipsld, it expects C compiler
+# command line syntax and $FIPSLD_CC or $CC environment variable set
+# and can even be used to compile source files.
+
+CC=${FIPSLD_CC:-${CC}}
+[ -n "${CC}" ] || { echo '$CC is not defined'; exit 1; }
+
+# Initially -c wasn't intended to be interpreted here, but it might
+# make life easier for those who want to build FIPS-ified applications
+# with minimal [if any] modifications to their Makefiles...
+( while [ "x$1" != "x" -a "x$1" != "x-c" ]; do shift; done;
+ [ $# -ge 1 ]
+) && exec ${CC} "$@"
+
+# Turn on debugging output?
+( while [ "x$1" != "x" -a "x$1" != "x-DDEBUG_FINGERPRINT_PREMAIN" ]; do shift; done;
+ [ $# -ge 1 ]
+) && set -x
+
+TARGET=`(while [ "x$1" != "x" -a "x$1" != "x-o" ]; do shift; done; echo $2)`
+[ -n "${TARGET}" ] || { echo 'no -o specified'; exit 1; }
+
+THERE="`echo $0 | sed -e 's|[^/]*$||'`"..
+
+HMAC_KEY="etaonrishdlcupfm"
+
+case "`(uname -s) 2>/dev/null`" in
+OSF1|IRIX*) _WL_PREMAIN="-Wl,-init,FINGERPRINT_premain" ;;
+HP-UX) _WL_PREMAIN="-Wl,+init,FINGERPRINT_premain" ;;
+AIX) _WL_PREMAIN="-Wl,-binitfini:FINGERPRINT_premain";;
+Darwin) ( while [ "x$1" != "x" -a "x$1" != "x-dynamiclib" ]; do shift; done;
+ [ $# -ge 1 ]
+ ) && _WL_PREMAIN="-Wl,-init,_FINGERPRINT_premain" ;;
+esac
+
+case "${TARGET}" in
+[!/]*) TARGET=./${TARGET} ;;
+esac
+
+case "${TARGET}" in
+*libcrypto*|*.dll) # must be linking a shared lib...
+ # Shared lib creation can be taking place in the source
+ # directory only!!!
+ FINGERTYPE="${THERE}/fips/sha/fips_standalone_sha1"
+ CANISTER_O="${THERE}/fips/fipscanister.o"
+ PREMAIN_C="${THERE}/fips/fips_premain.c"
+
+ # verify fipscanister.o against its detached signature...
+ ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
+ diff -w "${CANISTER_O}.sha1" - || \
+ { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
+
+ # verify fips_premain.c against its signature embedded into
+ # fipscanister.o...
+ SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
+ REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
+ [ "${SIG}" = "${REF}" ] || \
+ { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
+
+ # Temporarily remove fipscanister.o from libcrypto.a!
+ # We are required to use the standalone copy...
+ trap 'ar r "${THERE}/libcrypto.a" "${CANISTER_O}";
+ (ranlib "${THERE}/libcrypto.a") 2>/dev/null;
+ sleep 1;
+ touch -c "${TARGET}"' 0
+
+ ar d "${THERE}/libcrypto.a" fipscanister.o 2>&1 > /dev/null || :
+ (ranlib "${THERE}/libcrypto.a") 2>/dev/null || :
+
+ ${CC} "${CANISTER_O}" \
+ "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+
+ # generate signature...
+ SIG=`("${THERE}/fips/fips_premain_dso" "${TARGET}" || rm "${TARGET}")`
+ if [ -z "${SIG}" ]; then
+ echo "unable to collect signature"; exit 1
+ fi
+
+ # recompile with signature...
+ ${CC} "${CANISTER_O}" \
+ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+ ;;
+
+*) # must be linking statically...
+ # Static linking can be taking place either in the source
+ # directory or off the installed binary target destination.
+ if [ -x "${THERE}/fips/sha/fips_standalone_sha1" ]; then
+ FINGERTYPE="${THERE}/fips/sha/fips_standalone_sha1"
+ CANISTER_O="${THERE}/fips/fipscanister.o"
+ PREMAIN_C="${THERE}/fips/fips_premain.c"
+ else # Installed tree is expected to contain
+ # lib/fipscanister.o, lib/fipscanister.o.sha1 and
+ # lib/fips_premain.c [not to mention bin/openssl].
+ FINGERTYPE="${THERE}/bin/openssl sha1 -hmac ${HMAC_KEY}"
+ CANISTER_O="${THERE}/lib/fipscanister.o"
+ PREMAIN_C="${THERE}/lib/fips_premain.c"
+ fi
+
+ # verify fipscanister.o against its detached signature...
+ ${FINGERTYPE} "${CANISTER_O}" | sed "s/(.*\//(/" | \
+ diff -w "${CANISTER_O}.sha1" - || \
+ { echo "${CANISTER_O} fingerprint mismatch"; exit 1; }
+
+ # verify fips_premain.c against its signature embedded into
+ # fipscanister.o...
+ SIG=`${FINGERTYPE} "${PREMAIN_C}" | sed -n "s/(.*\//(/;/^./p"`
+ REF=`strings "${CANISTER_O}" | grep "HMAC-SHA1(fips_premain\\.c)"`
+ [ "${SIG}" = "${REF}" ] || \
+ { echo "${PREMAIN_C} fingerprint mismatch"; exit 1; }
+
+ ${CC} "${CANISTER_O}" \
+ "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+
+ # generate signature...
+ SIG=`("${TARGET}" || /bin/rm "${TARGET}")`
+ if [ -z "${SIG}" ]; then
+ echo "unable to collect signature"; exit 1
+ fi
+
+ # recompile with signature...
+ ${CC} "${CANISTER_O}" \
+ -DHMAC_SHA1_SIG=\"${SIG}\" "${PREMAIN_C}" \
+ ${_WL_PREMAIN} "$@"
+ ;;
+esac
goto end;
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(err);
goto end;
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
fprintf(stderr,"%s [mct|vst]\n",argv[0]);
exit(1);
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
all: lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
goto end;
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(err);
goto end;
goto end;
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(err);
goto end;
goto end;
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(err);
goto end;
all: fips_standalone_sha1$(EXE_EXT) lib
lib: $(LIBOBJ)
- $(AR) $(LIB) $(LIBOBJ)
- $(RANLIB) $(LIB) || echo Never mind.
- @sleep 2; touch lib
+ @echo $(LIBOBJ) > lib
fips_standalone_sha1$(EXE_EXT): fips_standalone_sha1.o fips_sha1dgst.o $(FIPS_SHA1_ASM_OBJ)
$(CC) -o fips_standalone_sha1$(EXE_EXT) $(CFLAGS) \
goto end;
}
- if(!FIPS_mode_set(1,argv[0]))
+ if(!FIPS_mode_set(1))
{
ERR_print_errors(err);
goto end;
COMP_METHOD *cm = NULL;
#ifdef OPENSSL_FIPS
int fips_mode=0;
- const char *path=argv[0];
#endif
verbose = 0;
#ifdef OPENSSL_FIPS
if(fips_mode)
{
- if(!FIPS_mode_set(1,path))
+ if(!FIPS_mode_set(1))
{
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
$(CC) -o $$target$(EXE_EXT) $(CFLAGS) $$target.o $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
fi
-FIPS_BUILD_CMD=$(BUILD_CMD); \
- if [ -z "$$SHARED_LIBS" ]; then \
- if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
- TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $$target; \
- fi; \
- fi
+FIPS_BUILD_CMD=if egrep 'define OPENSSL_FIPS' $(TOP)/include/openssl/opensslconf.h > /dev/null; then \
+ FIPSLD_CC=$(CC); CC=$(TOP)/fips/fipsld; export CC FIPSLD_CC; \
+ fi; $(BUILD_CMD)
$(FIPS_AESTEST)$(EXE_EXT): $(FIPS_AESTEST).o $(DLIBCRYPTO)
@target=$(FIPS_AESTEST); $(FIPS_BUILD_CMD)
projects / oweals / openssl.git / commitdiff