source-git / openssl

Clone
Source Code
GIT

Blame crypto/o_init.c

c8 c8s master
  1.   c8
  2.   crypto
  3.   o_init.c
Blob History Raw
Packit Service 084de1 
/*
Packit Service 084de1 
 * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
Packit Service 084de1 
 *
Packit Service 084de1 
 * Licensed under the OpenSSL license (the "License").  You may not use
Packit Service 084de1 
 * this file except in compliance with the License.  You can obtain a copy
Packit Service 084de1 
 * in the file LICENSE in the source distribution or at
Packit Service 084de1 
 * https://www.openssl.org/source/license.html
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
/* for secure_getenv */
Packit Service 084de1 
#define _GNU_SOURCE
Packit Service 084de1 
#include "e_os.h"
Packit Service 084de1 
#include <openssl/err.h>
Packit Service 084de1 
#ifdef OPENSSL_FIPS
Packit Service 084de1 
# include <sys/types.h>
Packit Service 084de1 
# include <sys/stat.h>
Packit Service 084de1 
# include <fcntl.h>
Packit Service 084de1 
# include <unistd.h>
Packit Service 084de1 
# include <errno.h>
Packit Service 084de1 
# include <stdlib.h>
Packit Service 084de1 
# include <openssl/rand.h>
Packit Service 084de1 
# include <openssl/fips.h>
Packit Service 084de1 
# include "crypto/fips.h"
Packit Service 084de1
Packit Service 084de1 
# define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
Packit Service 084de1
Packit Service 084de1 
static void init_fips_mode(void)
Packit Service 084de1 
{
Packit Service 084de1 
    char buf[2] = "0";
Packit Service 084de1 
    int fd;
Packit Service 084de1
Packit Service 084de1 
    if (secure_getenv("OPENSSL_FORCE_FIPS_MODE") != NULL) {
Packit Service 084de1 
        buf[0] = '1';
Packit Service 084de1 
    } else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0) {
Packit Service 084de1 
        while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR) ;
Packit Service 084de1 
        close(fd);
Packit Service 084de1 
    }
Packit Service 084de1
Packit Service 084de1 
    if (buf[0] != '1' && !FIPS_module_installed())
Packit Service 084de1 
        return;
Packit Service 084de1
Packit Service 084de1 
    /* Ensure the selftests always run */
Packit Service 084de1 
    /* XXX: TO SOLVE - premature initialization due to selftests */
Packit Service 084de1 
    FIPS_mode_set(1);
Packit Service 084de1
Packit Service 084de1 
    /* Failure reading the fips mode switch file means just not
Packit Service 084de1 
     * switching into FIPS mode. We would break too many things
Packit Service 084de1 
     * otherwise..
Packit Service 084de1 
     */
Packit Service 084de1
Packit Service 084de1 
    if (buf[0] != '1') {
Packit Service 084de1 
        /* drop down to non-FIPS mode if it is not requested */
Packit Service 084de1 
        FIPS_mode_set(0);
Packit Service 084de1 
    } else {
Packit Service 084de1 
        /* abort if selftest failed */
Packit Service 084de1 
        FIPS_selftest_check();
Packit Service 084de1 
    }
Packit Service 084de1 
}
Packit Service 084de1
Packit Service 084de1 
/*
Packit Service 084de1 
 * Perform FIPS module power on selftest and automatic FIPS mode switch.
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
void __attribute__ ((constructor)) OPENSSL_init_library(void)
Packit Service 084de1 
{
Packit Service 084de1 
    static int done = 0;
Packit Service 084de1 
    if (done)
Packit Service 084de1 
        return;
Packit Service 084de1 
    done = 1;
Packit Service 084de1 
    init_fips_mode();
Packit Service 084de1 
}
Packit Service 084de1 
#endif
Packit Service 084de1
Packit Service 084de1 
/*
Packit Service 084de1 
 * Perform any essential OpenSSL initialization operations. Currently does
Packit Service 084de1 
 * nothing.
Packit Service 084de1 
 */
Packit Service 084de1
Packit Service 084de1 
void OPENSSL_init(void)
Packit Service 084de1 
{
Packit Service 084de1 
    return;
Packit Service 084de1 
}

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation