util/incore update that allows FINGERPRINT_premain-free build.
As for complementary fips.c modification. Goal is to ensure that FIPS_signature does not end up in .bss segment, one guaranteed to be zeroed upon program start-up. One would expect explicitly initialized values to end up in .data segment, but it turned out that values explicitly initialized with zeros can end up in .bss. The modification does not affect program flow, because first byte was the only one of significance [to FINGERPRINT_premain]. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
This commit is contained in:
Andy Polyakov
parent
6db8e3bdc9
commit
34f39b062c
2 changed files with 6 additions and 3 deletions
|
|
@ -151,7 +151,7 @@ extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
|
|||
#ifdef _TMS320C6X
|
||||
const
|
||||
#endif
|
||||
unsigned char FIPS_signature [20] = { 0 };
|
||||
unsigned char FIPS_signature [20] = { 0, 0xff };
|
||||
__fips_constseg
|
||||
static const char FIPS_hmac_key[]="etaonrishdlcupfm";
|
||||
|
||||
|
|
|
|||
|
|
@ -382,7 +382,7 @@ if (!$legacy_mode) {
|
|||
}
|
||||
|
||||
$FINGERPRINT_ascii_value
|
||||
= $exe->Lookup("FINGERPRINT_ascii_value") or die;
|
||||
= $exe->Lookup("FINGERPRINT_ascii_value");
|
||||
|
||||
}
|
||||
if ($FIPS_text_startX && $FIPS_text_endX) {
|
||||
|
|
@ -439,9 +439,12 @@ $fingerprint = FIPS_incore_fingerprint();
|
|||
|
||||
if ($legacy_mode) {
|
||||
print unpack("H*",$fingerprint);
|
||||
} else {
|
||||
} elsif (defined($FINGERPRINT_ascii_value)) {
|
||||
seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!";
|
||||
print FD unpack("H*",$fingerprint) or die "$!";
|
||||
} else {
|
||||
seek(FD,$FIPS_signature->{st_offset},0) or die "$!";
|
||||
print FD $fingerprint or die "$!";
|
||||
}
|
||||
|
||||
close (FD);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue