I've just tested the patch, and with a small modification, it seems to work without trouble.
Cheers, Richard > [[email protected] - Tue Jan 18 15:19:50 2011]: > > The logic of invoking invoking the $fips_premain_dso to determine its > hash using perl `commandline` syntax, and immediately asking the local > linker to overwrite the binary is fundamentally flawed on win32 and > probably aix and others, who cannot overwrite a currently executing > file. > There is no assurance from `commandline` that the program finished its > execution. The correct logic uses system() and redirected file > output. > > Note this bug is sporadic, due to the arbitrary amount of time > required > for the system to terminate the initial $fips_premain_dso process. > Note > there is a related bug, some systems may not resolve an explicit > libz.so/.dll > without the adjustment of PATH/LIBPATH/LD_LIBRARY_PATH/SHLIB_PATH as > appropriate, leaving $fips_premain_dso unable to be invoked, except on > os's with rpath behavior (and even this may not work correctly if the > libz path is not in its eventual target path). > > Index: util/fipslink.pl > =================================================================== > --- util/fipslink.pl (revision 6343) > +++ util/fipslink.pl (working copy) > @@ -41,13 +41,15 @@ > system "$fips_link @ARGV"; > die "First stage Link failure" if $? != 0; > > - > print "$fips_premain_dso $fips_target\n"; > -$fips_hash=`$fips_premain_dso $fips_target`; > +system("$fips_premain_dso $fips_target >$fips_target.sha1"); > +die "Get hash failure" if $? != 0; > +$fips_hash= > +open my $sha1_res, '<', $fips_target.".sha1" or die "Get hash > failure"; > +$fips_hash=<$sha1_res>; > +close $sha1_res; > chomp $fips_hash; > -die "Get hash failure" if $? != 0; > > - > print "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args > $fips_libdir/fips_premain.c\n"; > system "$fips_cc -DHMAC_SHA1_SIG=\\\"$fips_hash\\\" $fips_cc_args > $fips_libdir/fips_premain.c"; > die "Second stage Compile failure" if $? != 0; > > > -- Richard Levitte [email protected] ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
