util/incore update that allows FINGERPRINT_premain-free build.
As for complementary fips.c modification. Goal is to ensure that
FIPS_signature does not end up in .bss segment, one guaranteed to
be zeroed upon program start-up. One would expect explicitly
initialized values to end up in .data segment, but it turned out
that values explicitly initialized with zeros can end up in .bss.
The modification does not affect program flow, because first byte
was the only one of significance [to FINGERPRINT_premain].
Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
(cherry picked from commit 34f39b062c)
This commit is contained in:
Andy Polyakov
parent
0ae1672287
commit
8a09500d9c
2 changed files with 6 additions and 3 deletions
|
|
@ -151,7 +151,7 @@ extern const unsigned char FIPS_rodata_start[], FIPS_rodata_end[];
|
|||
#ifdef _TMS320C6X
|
||||
const
|
||||
#endif
|
||||
unsigned char FIPS_signature [20] = { 0 };
|
||||
unsigned char FIPS_signature [20] = { 0, 0xff };
|
||||
__fips_constseg
|
||||
static const char FIPS_hmac_key[]="etaonrishdlcupfm";
|
||||
|
||||
|
|
|
|||
|
|
@ -382,7 +382,7 @@ if (!$legacy_mode) {
|
|||
}
|
||||
|
||||
$FINGERPRINT_ascii_value
|
||||
= $exe->Lookup("FINGERPRINT_ascii_value") or die;
|
||||
= $exe->Lookup("FINGERPRINT_ascii_value");
|
||||
|
||||
}
|
||||
if ($FIPS_text_startX && $FIPS_text_endX) {
|
||||
|
|
@ -439,9 +439,12 @@ $fingerprint = FIPS_incore_fingerprint();
|
|||
|
||||
if ($legacy_mode) {
|
||||
print unpack("H*",$fingerprint);
|
||||
} else {
|
||||
} elsif (defined($FINGERPRINT_ascii_value)) {
|
||||
seek(FD,$FINGERPRINT_ascii_value->{st_offset},0) or die "$!";
|
||||
print FD unpack("H*",$fingerprint) or die "$!";
|
||||
} else {
|
||||
seek(FD,$FIPS_signature->{st_offset},0) or die "$!";
|
||||
print FD $fingerprint or die "$!";
|
||||
}
|
||||
|
||||
close (FD);
|
||||
|
|
|
|||
Loading…
Reference in a new issue