From: Andy Polyakov Date: Sun, 17 Apr 2005 23:26:40 +0000 (+0000) Subject: Resolve minor binary compatibility issues in fips. X-Git-Tag: BEN_FIPS_TEST_8~79 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=863a155451cae8d41702994cdbd600baae30dc1e;p=oweals%2Fopenssl.git Resolve minor binary compatibility issues in fips. --- diff --git a/crypto/cryptlib.c b/crypto/cryptlib.c index c158d43ec4..f73eefc519 100644 --- a/crypto/cryptlib.c +++ b/crypto/cryptlib.c @@ -668,9 +668,13 @@ void OpenSSLDie(const char *file,int line,const char *assertion) void *OPENSSL_stderr(void) { return stderr; } #ifdef OPENSSL_FIPS + +void fips_w_lock(void) { CRYPTO_w_lock(CRYPTO_LOCK_FIPS); } +void fips_w_unlock(void) { CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); } +void fips_r_lock(void) { CRYPTO_r_lock(CRYPTO_LOCK_FIPS); } +void fips_r_unlock(void) { CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); } + static int fips_started = 0; -static int fips_mode = 0; -static void *fips_rand_check = 0; static unsigned long fips_thread = 0; void fips_set_started(void) @@ -730,58 +734,5 @@ int fips_clear_owning_thread(void) } return ret; } - -void fips_set_mode(int onoff) - { - int owning_thread = fips_is_owning_thread(); - - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); - fips_mode = onoff; - if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); - } - } - -void fips_set_rand_check(void *rand_check) - { - int owning_thread = fips_is_owning_thread(); - - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); - fips_rand_check = rand_check; - if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); - } - } - -int FIPS_mode(void) - { - int ret = 0; - int owning_thread = fips_is_owning_thread(); - - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); - ret = fips_mode; - if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); - } - return ret; - } - -void *FIPS_rand_check(void) - { - void *ret = 0; - int owning_thread = fips_is_owning_thread(); - - if (fips_is_started()) - { - if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); - ret = fips_rand_check; - if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); - } - return ret; - } - #endif /* OPENSSL_FIPS */ diff --git a/crypto/crypto.h b/crypto/crypto.h index 4d1dfac7f1..c77566aa0e 100644 --- a/crypto/crypto.h +++ b/crypto/crypto.h @@ -437,9 +437,6 @@ void OpenSSLDie(const char *file,int line,const char *assertion); #define OPENSSL_assert(e) ((e) ? (void)0 : OpenSSLDie(__FILE__, __LINE__, #e)) #ifdef OPENSSL_FIPS -int FIPS_mode(void); -void *FIPS_rand_check(void); - #define FIPS_ERROR_IGNORED(alg) OpenSSLDie(__FILE__, __LINE__, \ alg " previous FIPS forbidden algorithm error ignored"); diff --git a/fips/fips.c b/fips/fips.c index 7ecba57f70..e879e0c3db 100644 --- a/fips/fips.c +++ b/fips/fips.c @@ -65,6 +65,60 @@ static int fips_md5_allowed = 0; static int fips_selftest_fail = 0; +static int fips_mode = 0; +static const void *fips_rand_check = 0; + +static void fips_set_mode(int onoff) + { + int owning_thread = fips_is_owning_thread(); + + if (fips_is_started()) + { + if (!owning_thread) fips_w_lock(); + fips_mode = onoff; + if (!owning_thread) fips_w_unlock(); + } + } + +static void fips_set_rand_check(const void *rand_check) + { + int owning_thread = fips_is_owning_thread(); + + if (fips_is_started()) + { + if (!owning_thread) fips_w_lock(); + fips_rand_check = rand_check; + if (!owning_thread) fips_w_unlock(); + } + } + +int FIPS_mode(void) + { + int ret = 0; + int owning_thread = fips_is_owning_thread(); + + if (fips_is_started()) + { + if (!owning_thread) fips_r_lock(); + ret = fips_mode; + if (!owning_thread) fips_r_unlock(); + } + return ret; + } + +const void *FIPS_rand_check(void) + { + const void *ret = 0; + int owning_thread = fips_is_owning_thread(); + + if (fips_is_started()) + { + if (!owning_thread) fips_r_lock(); + ret = fips_rand_check; + if (!owning_thread) fips_r_unlock(); + } + return ret; + } void FIPS_allow_md5(int onoff) { @@ -72,9 +126,9 @@ void FIPS_allow_md5(int onoff) { int owning_thread = fips_is_owning_thread(); - if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS); + if (!owning_thread) fips_w_lock(); fips_md5_allowed = onoff; - if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); + if (!owning_thread) fips_w_unlock(); } } @@ -85,9 +139,9 @@ int FIPS_md5_allowed(void) { int owning_thread = fips_is_owning_thread(); - if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); + if (!owning_thread) fips_r_lock(); ret = fips_md5_allowed; - if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); + if (!owning_thread) fips_r_unlock(); } return ret; } @@ -99,9 +153,9 @@ int FIPS_selftest_failed(void) { int owning_thread = fips_is_owning_thread(); - if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS); + if (!owning_thread) fips_r_lock(); ret = fips_selftest_fail; - if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS); + if (!owning_thread) fips_r_unlock(); } return ret; } @@ -185,7 +239,7 @@ int FIPS_mode_set(int onoff,const char *path) int fips_clear_owning_thread(); int ret = 0; - CRYPTO_w_lock(CRYPTO_LOCK_FIPS); + fips_w_lock(); fips_set_started(); fips_set_owning_thread(); @@ -244,7 +298,7 @@ int FIPS_mode_set(int onoff,const char *path) ret = 1; end: fips_clear_owning_thread(); - CRYPTO_w_unlock(CRYPTO_LOCK_FIPS); + fips_w_unlock(); return ret; } diff --git a/fips/fips.h b/fips/fips.h index cbac7cfc94..15fa2d2c1b 100644 --- a/fips/fips.h +++ b/fips/fips.h @@ -55,12 +55,11 @@ extern "C" { #endif -/* Note that these are defined in crypto/cryptlib.c so they're - * available even without -lfips. - */ struct dsa_st; int FIPS_mode_set(int onoff,const char *path); +int FIPS_mode(void); +const void *FIPS_rand_check(void); void FIPS_allow_md5(int onoff); int FIPS_md5_allowed(void); int FIPS_selftest_failed(void); diff --git a/fips/fips_locl.h b/fips/fips_locl.h index 215e382549..5d4a3dd3a5 100644 --- a/fips/fips_locl.h +++ b/fips/fips_locl.h @@ -53,13 +53,16 @@ extern "C" { #endif -/* These are really defined in crypto/cryptlib.c */ -void fips_set_started(void); +/* These are trampolines implemented in crypto/cryptlib.c */ +void fips_w_lock(void); +void fips_w_unlock(void); +void fips_r_lock(void); +void fips_r_unlock(void); int fips_is_started(void); +void fips_set_started(void); int fips_is_owning_thread(void); int fips_set_owning_thread(void); int fips_clear_owning_thread(void); -void fips_set_rand_check(void *rand_check); #ifdef __cplusplus } diff --git a/fips/fipshashes.sha1 b/fips/fipshashes.sha1 index fd82309de0..a87ab9b3b0 100644 --- a/fips/fipshashes.sha1 +++ b/fips/fipshashes.sha1 @@ -1,6 +1,6 @@ -HMAC-SHA1(fips.c)= 4eef19c535c1f3deacdf93eb806479ea3b374115 +HMAC-SHA1(fips.c)= f14ae9175119f045f1c645a2458602ccd2b2a34e HMAC-SHA1(fips_err_wrapper.c)= d3e2be316062510312269e98f964cb87e7577898 -HMAC-SHA1(fips.h)= 9a7c66b93923f83dc0a9c4acd03506059ddafe5f +HMAC-SHA1(fips.h)= 70f0181f269e6b09a9e3e6d9ff82f3461bd41222 HMAC-SHA1(fips_err.h)= 03468e3b593f7528fd934e49bf052c23cc98d301 HMAC-SHA1(aes/fips_aes_core.c)= b70bbbd675efe0613da0d57055310926a0104d55 HMAC-SHA1(aes/asm/fips-ax86-elf.s)= 0d1c89f93cbf7bf4854bb238627c99ecda462f17 @@ -17,10 +17,10 @@ HMAC-SHA1(dh/fips_dh_key.c)= 7bf23b329a776953bbe7c30ebd7f9faf5249ddbe HMAC-SHA1(dsa/fips_dsa_ossl.c)= d5f718695397fe56d6bb46f7c410794cb895e206 HMAC-SHA1(dsa/fips_dsa_gen.c)= c252db14699f3ff641db052311da7d7521569c53 HMAC-SHA1(dsa/fips_dsa_selftest.c)= 4bfc5d3a6b977527b053f3a03d0760a822a26135 -HMAC-SHA1(rand/fips_rand.c)= 5dc4aa11c0377a049bee01d427e5b0bc3dd9f10f +HMAC-SHA1(rand/fips_rand.c)= b86543ef1b33b66846b4ab91937e22781f341324 HMAC-SHA1(rand/fips_rand.h)= 0567b1fe9b0efe034a537f335659b0b681809791 HMAC-SHA1(rsa/fips_rsa_eay.c)= eabab59a2f11f3da4c21e1144efe1684f5e8f1ec -HMAC-SHA1(rsa/fips_rsa_gen.c)= 4bbc0afcade1ac53f469aaa89f84c413678254bf +HMAC-SHA1(rsa/fips_rsa_gen.c)= 2e96773cfa8334590dcc238d32024408a2b13b18 HMAC-SHA1(rsa/fips_rsa_selftest.c)= 70553a5212e86f65b068564946d39b738a201e22 HMAC-SHA1(sha1/fips_sha1dgst.c)= 10575600a9540eb15188a7d3b0b031e60aedbc18 HMAC-SHA1(sha1/fips_standalone_sha1.c)= 93203c569097189b47a0085bc9fc55193867d4ce diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c index cc2f12deb9..745222b306 100644 --- a/fips/rand/fips_rand.c +++ b/fips/rand/fips_rand.c @@ -77,6 +77,8 @@ #endif #include +void *OPENSSL_stderr(void); + #ifdef OPENSSL_FIPS #define SEED_SIZE 8 @@ -151,7 +153,7 @@ static void fips_gettime(unsigned char buf[8]) if(test_mode) { - fprintf(stderr,"WARNING!!! PRNG IN TEST MODE!!!\n"); + fprintf(OPENSSL_stderr(),"WARNING!!! PRNG IN TEST MODE!!!\n"); memcpy(buf,test_faketime,sizeof test_faketime); return; } diff --git a/fips/rsa/fips_rsa_gen.c b/fips/rsa/fips_rsa_gen.c index 2c92112477..71049fd60a 100644 --- a/fips/rsa/fips_rsa_gen.c +++ b/fips/rsa/fips_rsa_gen.c @@ -64,6 +64,8 @@ #include #include +void *OPENSSL_stderr(void); + #ifdef OPENSSL_FIPS static int fips_check_rsa(RSA *rsa) @@ -81,7 +83,7 @@ static int fips_check_rsa(RSA *rsa) RSA_PKCS1_OAEP_PADDING); if(n < 0) { - ERR_print_errors_fp(stderr); + ERR_print_errors_fp(OPENSSL_stderr()); exit(1); } if(!memcmp(ctext,original_ptext,n)) @@ -92,7 +94,7 @@ static int fips_check_rsa(RSA *rsa) n=RSA_private_decrypt(n,ctext,ptext,rsa,RSA_PKCS1_OAEP_PADDING); if(n < 0) { - ERR_print_errors_fp(stderr); + ERR_print_errors_fp(OPENSSL_stderr()); exit(1); } if(n != sizeof(original_ptext)-1 || memcmp(ptext,original_ptext,n))