| OLD | NEW |
|---|
| (Empty) |
| 1 | |
| 2 /* This Source Code Form is subject to the terms of the Mozilla Public | |
| 3 * License, v. 2.0. If a copy of the MPL was not distributed with this | |
| 4 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |
| 5 | |
| 6 #ifdef FREEBL_NO_DEPEND | |
| 7 #include "stubs.h" | |
| 8 #endif | |
| 9 | |
| 10 #include "shsign.h" | |
| 11 #include "prlink.h" | |
| 12 #include "prio.h" | |
| 13 #include "blapi.h" | |
| 14 #include "seccomon.h" | |
| 15 #include "stdio.h" | |
| 16 #include "prmem.h" | |
| 17 #include "hasht.h" | |
| 18 #include "pqg.h" | |
| 19 | |
| 20 /* | |
| 21 * Most modern version of Linux support a speed optimization scheme where an | |
| 22 * application called prelink modifies programs and shared libraries to quickly | |
| 23 * load if they fit into an already designed address space. In short, prelink | |
| 24 * scans the list of programs and libraries on your system, assigns them a | |
| 25 * predefined space in the the address space, then provides the fixups to the | |
| 26 * library. | |
| 27 | |
| 28 * The modification of the shared library is correctly detected by the freebl | |
| 29 * FIPS checksum scheme where we check a signed hash of the library against the | |
| 30 * library itself. | |
| 31 * | |
| 32 * The prelink command itself can reverse the process of modification and | |
| 33 * output the prestine shared library as it was before prelink made it's | |
| 34 * changes. If FREEBL_USE_PRELINK is set Freebl uses prelink to output the | |
| 35 * original copy of the shared library before prelink modified it. | |
| 36 */ | |
| 37 #ifdef FREEBL_USE_PRELINK | |
| 38 #ifndef FREELB_PRELINK_COMMAND | |
| 39 #define FREEBL_PRELINK_COMMAND "/usr/sbin/prelink -u -o -" | |
| 40 #endif | |
| 41 #include "private/pprio.h" | |
| 42 | |
| 43 #include <stdlib.h> | |
| 44 #include <unistd.h> | |
| 45 #include <fcntl.h> | |
| 46 #include <sys/wait.h> | |
| 47 #include <sys/stat.h> | |
| 48 | |
| 49 /* | |
| 50 * This function returns an NSPR PRFileDesc * which the caller can read to | |
| 51 * obtain the prestine value of the shared library, before any OS related | |
| 52 * changes to it (usually address fixups). | |
| 53 * | |
| 54 * If prelink is installed, this | |
| 55 * file descriptor is a pipe connecting the output of | |
| 56 * /usr/sbin/prelink -u -o - {Library} | |
| 57 * and *pid returns the process id of the prelink child. | |
| 58 * | |
| 59 * If prelink is not installed, it returns a normal readonly handle to the | |
| 60 * library itself and *pid is set to '0'. | |
| 61 */ | |
| 62 PRFileDesc * | |
| 63 bl_OpenUnPrelink(const char *shName, int *pid) | |
| 64 { | |
| 65 char *command= strdup(FREEBL_PRELINK_COMMAND); | |
| 66 char *argString = NULL; | |
| 67 char **argv = NULL; | |
| 68 char *shNameArg = NULL; | |
| 69 char *cp; | |
| 70 pid_t child; | |
| 71 int argc = 0, argNext = 0; | |
| 72 struct stat statBuf; | |
| 73 int pipefd[2] = {-1,-1}; | |
| 74 int ret; | |
| 75 | |
| 76 *pid = 0; | |
| 77 | |
| 78 /* make sure the prelink command exists first. If not, fall back to | |
| 79 * just reading the file */ | |
| 80 for (cp = command; *cp ; cp++) { | |
| 81 if (*cp == ' ') { | |
| 82 *cp++ = 0; | |
| 83 argString = cp; | |
| 84 break; | |
| 85 } | |
| 86 } | |
| 87 memset (&statBuf, 0, sizeof(statBuf)); | |
| 88 /* stat the file, follow the link */ | |
| 89 ret = stat(command, &statBuf); | |
| 90 if (ret < 0) { | |
| 91 free(command); | |
| 92 return PR_Open(shName, PR_RDONLY, 0); | |
| 93 } | |
| 94 /* file exits, make sure it's an executable */ | |
| 95 if (!S_ISREG(statBuf.st_mode) || | |
| 96 ((statBuf.st_mode & (S_IXUSR|S_IXGRP|S_IXOTH)) == 0)) { | |
| 97 free(command); | |
| 98 return PR_Open(shName, PR_RDONLY, 0); | |
| 99 } | |
| 100 | |
| 101 /* OK, the prelink command exists and looks correct, use it */ | |
| 102 /* build the arglist while we can still malloc */ | |
| 103 /* count the args if any */ | |
| 104 if (argString && *argString) { | |
| 105 /* argString may have leading spaces, strip them off*/ | |
| 106 for (cp = argString; *cp && *cp == ' '; cp++); | |
| 107 argString = cp; | |
| 108 if (*cp) { | |
| 109 /* there is at least one arg.. */ | |
| 110 argc = 1; | |
| 111 } | |
| 112 | |
| 113 /* count the rest: Note there is no provision for escaped | |
| 114 * spaces here */ | |
| 115 for (cp = argString; *cp ; cp++) { | |
| 116 if (*cp == ' ') { | |
| 117 while (*cp && *cp == ' ') cp++; | |
| 118 if (*cp) argc++; | |
| 119 } | |
| 120 } | |
| 121 } | |
| 122 | |
| 123 /* add the additional args: argv[0] (command), shName, NULL*/ | |
| 124 argc += 3; | |
| 125 argv = PORT_NewArray(char *, argc); | |
| 126 if (argv == NULL) { | |
| 127 goto loser; | |
| 128 } | |
| 129 | |
| 130 /* fill in the arglist */ | |
| 131 argv[argNext++] = command; | |
| 132 if (argString && *argString) { | |
| 133 argv[argNext++] = argString; | |
| 134 for (cp = argString; *cp; cp++) { | |
| 135 if (*cp == ' ') { | |
| 136 *cp++ = 0; | |
| 137 while (*cp && *cp == ' ') cp++; | |
| 138 if (*cp) argv[argNext++] = cp; | |
| 139 } | |
| 140 } | |
| 141 } | |
| 142 /* exec doesn't advertise taking const char **argv, do the paranoid | |
| 143 * copy */ | |
| 144 shNameArg = strdup(shName); | |
| 145 if (shNameArg == NULL) { | |
| 146 goto loser; | |
| 147 } | |
| 148 argv[argNext++] = shNameArg; | |
| 149 argv[argNext++] = 0; | |
| 150 | |
| 151 ret = pipe(pipefd); | |
| 152 if (ret < 0) { | |
| 153 goto loser; | |
| 154 } | |
| 155 | |
| 156 /* use vfork() so we don't trigger the pthread_at_fork() handlers */ | |
| 157 child = vfork(); | |
| 158 if (child < 0) goto loser; | |
| 159 if (child == 0) { | |
| 160 /* set up the file descriptors */ | |
| 161 /* if we need to support BSD, this will need to be an open of | |
| 162 * /dev/null and dup2(nullFD, 0)*/ | |
| 163 close(0); | |
| 164 /* associate pipefd[1] with stdout */ | |
| 165 if (pipefd[1] != 1) dup2(pipefd[1], 1); | |
| 166 close(2); | |
| 167 close(pipefd[0]); | |
| 168 /* should probably close the other file descriptors? */ | |
| 169 | |
| 170 | |
| 171 execv(command, argv); | |
| 172 /* avoid at_exit() handlers */ | |
| 173 _exit(1); /* shouldn't reach here except on an error */ | |
| 174 } | |
| 175 close(pipefd[1]); | |
| 176 pipefd[1] = -1; | |
| 177 | |
| 178 /* this is safe because either vfork() as full fork() semantics, and thus | |
| 179 * already has it's own address space, or because vfork() has paused | |
| 180 * the parent util the exec or exit */ | |
| 181 free(command); | |
| 182 free(shNameArg); | |
| 183 PORT_Free(argv); | |
| 184 | |
| 185 *pid = child; | |
| 186 | |
| 187 return PR_ImportPipe(pipefd[0]); | |
| 188 | |
| 189 loser: | |
| 190 if (pipefd[0] != -1) { | |
| 191 close(pipefd[0]); | |
| 192 } | |
| 193 if (pipefd[1] != -1) { | |
| 194 close(pipefd[1]); | |
| 195 } | |
| 196 free(command); | |
| 197 free(shNameArg); | |
| 198 PORT_Free(argv); | |
| 199 | |
| 200 return NULL; | |
| 201 } | |
| 202 | |
| 203 /* | |
| 204 * bl_CloseUnPrelink - | |
| 205 * | |
| 206 * This closes the file descripter and reaps and children openned and crated by | |
| 207 * b;_OpenUnprelink. It's primary difference between it and just close is | |
| 208 * that it calls wait on the pid if one is supplied, preventing zombie children | |
| 209 * from hanging around. | |
| 210 */ | |
| 211 void | |
| 212 bl_CloseUnPrelink( PRFileDesc *file, int pid) | |
| 213 { | |
| 214 /* close the file descriptor */ | |
| 215 PR_Close(file); | |
| 216 /* reap the child */ | |
| 217 if (pid) { | |
| 218 waitpid(pid, NULL, 0); | |
| 219 } | |
| 220 } | |
| 221 #endif | |
| 222 | |
| 223 /* #define DEBUG_SHVERIFY 1 */ | |
| 224 | |
| 225 static char * | |
| 226 mkCheckFileName(const char *libName) | |
| 227 { | |
| 228 int ln_len = PORT_Strlen(libName); | |
| 229 char *output = PORT_Alloc(ln_len+sizeof(SGN_SUFFIX)); | |
| 230 int index = ln_len + 1 - sizeof("."SHLIB_SUFFIX); | |
| 231 | |
| 232 if ((index > 0) && | |
| 233 (PORT_Strncmp(&libName[index], | |
| 234 "."SHLIB_SUFFIX,sizeof("."SHLIB_SUFFIX)) == 0)) { | |
| 235 ln_len = index; | |
| 236 } | |
| 237 PORT_Memcpy(output,libName,ln_len); | |
| 238 PORT_Memcpy(&output[ln_len],SGN_SUFFIX,sizeof(SGN_SUFFIX)); | |
| 239 return output; | |
| 240 } | |
| 241 | |
| 242 static int | |
| 243 decodeInt(unsigned char *buf) | |
| 244 { | |
| 245 return (buf[3]) | (buf[2] << 8) | (buf[1] << 16) | (buf[0] << 24); | |
| 246 } | |
| 247 | |
| 248 static SECStatus | |
| 249 readItem(PRFileDesc *fd, SECItem *item) | |
| 250 { | |
| 251 unsigned char buf[4]; | |
| 252 int bytesRead; | |
| 253 | |
| 254 | |
| 255 bytesRead = PR_Read(fd, buf, 4); | |
| 256 if (bytesRead != 4) { | |
| 257 return SECFailure; | |
| 258 } | |
| 259 item->len = decodeInt(buf); | |
| 260 | |
| 261 item->data = PORT_Alloc(item->len); | |
| 262 if (item->data == NULL) { | |
| 263 item->len = 0; | |
| 264 return SECFailure; | |
| 265 } | |
| 266 bytesRead = PR_Read(fd, item->data, item->len); | |
| 267 if (bytesRead != item->len) { | |
| 268 PORT_Free(item->data); | |
| 269 item->data = NULL; | |
| 270 item->len = 0; | |
| 271 return SECFailure; | |
| 272 } | |
| 273 return SECSuccess; | |
| 274 } | |
| 275 | |
| 276 /* | |
| 277 * Define PSEUDO_FIPS if you can't do FIPS software integrity test (e.g., | |
| 278 * if you're using NSS as static libraries), but want to conform to the | |
| 279 * rest of the FIPS requirements. | |
| 280 */ | |
| 281 #ifdef NSS_STATIC | |
| 282 #define PSEUDO_FIPS | |
| 283 #endif | |
| 284 | |
| 285 PRBool | |
| 286 BLAPI_SHVerify(const char *name, PRFuncPtr addr) | |
| 287 { | |
| 288 #ifdef PSEUDO_FIPS | |
| 289 return PR_TRUE; /* a lie, hence *pseudo* FIPS */ | |
| 290 #else | |
| 291 PRBool result = PR_FALSE; /* if anything goes wrong, | |
| 292 * the signature does not verify */ | |
| 293 /* find our shared library name */ | |
| 294 char *shName = PR_GetLibraryFilePathname(name, addr); | |
| 295 if (!shName) { | |
| 296 goto loser; | |
| 297 } | |
| 298 result = BLAPI_SHVerifyFile(shName); | |
| 299 | |
| 300 loser: | |
| 301 if (shName != NULL) { | |
| 302 PR_Free(shName); | |
| 303 } | |
| 304 | |
| 305 return result; | |
| 306 #endif /* PSEUDO_FIPS */ | |
| 307 } | |
| 308 | |
| 309 PRBool | |
| 310 BLAPI_SHVerifyFile(const char *shName) | |
| 311 { | |
| 312 #ifdef PSEUDO_FIPS | |
| 313 return PR_TRUE; /* a lie, hence *pseudo* FIPS */ | |
| 314 #else | |
| 315 char *checkName = NULL; | |
| 316 PRFileDesc *checkFD = NULL; | |
| 317 PRFileDesc *shFD = NULL; | |
| 318 void *hashcx = NULL; | |
| 319 const SECHashObject *hashObj = NULL; | |
| 320 SECItem signature = { 0, NULL, 0 }; | |
| 321 SECItem hash; | |
| 322 int bytesRead, offset; | |
| 323 SECStatus rv; | |
| 324 DSAPublicKey key; | |
| 325 int count; | |
| 326 #ifdef FREEBL_USE_PRELINK | |
| 327 int pid = 0; | |
| 328 #endif | |
| 329 | |
| 330 PRBool result = PR_FALSE; /* if anything goes wrong, | |
| 331 * the signature does not verify */ | |
| 332 unsigned char buf[4096]; | |
| 333 unsigned char hashBuf[HASH_LENGTH_MAX]; | |
| 334 | |
| 335 PORT_Memset(&key,0,sizeof(key)); | |
| 336 hash.data = hashBuf; | |
| 337 hash.len = sizeof(hashBuf); | |
| 338 | |
| 339 if (!shName) { | |
| 340 goto loser; | |
| 341 } | |
| 342 | |
| 343 /* figure out the name of our check file */ | |
| 344 checkName = mkCheckFileName(shName); | |
| 345 if (!checkName) { | |
| 346 goto loser; | |
| 347 } | |
| 348 | |
| 349 /* open the check File */ | |
| 350 checkFD = PR_Open(checkName, PR_RDONLY, 0); | |
| 351 if (checkFD == NULL) { | |
| 352 #ifdef DEBUG_SHVERIFY | |
| 353 fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n", | |
| 354 checkName, (int)PR_GetError(), (int)PR_GetOSError()); | |
| 355 #endif /* DEBUG_SHVERIFY */ | |
| 356 goto loser; | |
| 357 } | |
| 358 | |
| 359 /* read and Verify the headerthe header */ | |
| 360 bytesRead = PR_Read(checkFD, buf, 12); | |
| 361 if (bytesRead != 12) { | |
| 362 goto loser; | |
| 363 } | |
| 364 if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) { | |
| 365 goto loser; | |
| 366 } | |
| 367 if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) || | |
| 368 (buf[3] < NSS_SIGN_CHK_MINOR_VERSION)) { | |
| 369 goto loser; | |
| 370 } | |
| 371 #ifdef notdef | |
| 372 if (decodeInt(&buf[8]) != CKK_DSA) { | |
| 373 goto loser; | |
| 374 } | |
| 375 #endif | |
| 376 | |
| 377 /* seek past any future header extensions */ | |
| 378 offset = decodeInt(&buf[4]); | |
| 379 PR_Seek(checkFD, offset, PR_SEEK_SET); | |
| 380 | |
| 381 /* read the key */ | |
| 382 rv = readItem(checkFD,&key.params.prime); | |
| 383 if (rv != SECSuccess) { | |
| 384 goto loser; | |
| 385 } | |
| 386 rv = readItem(checkFD,&key.params.subPrime); | |
| 387 if (rv != SECSuccess) { | |
| 388 goto loser; | |
| 389 } | |
| 390 rv = readItem(checkFD,&key.params.base); | |
| 391 if (rv != SECSuccess) { | |
| 392 goto loser; | |
| 393 } | |
| 394 rv = readItem(checkFD,&key.publicValue); | |
| 395 if (rv != SECSuccess) { | |
| 396 goto loser; | |
| 397 } | |
| 398 /* read the siganture */ | |
| 399 rv = readItem(checkFD,&signature); | |
| 400 if (rv != SECSuccess) { | |
| 401 goto loser; | |
| 402 } | |
| 403 | |
| 404 /* done with the check file */ | |
| 405 PR_Close(checkFD); | |
| 406 checkFD = NULL; | |
| 407 | |
| 408 hashObj = HASH_GetRawHashObject(PQG_GetHashType(&key.params)); | |
| 409 if (hashObj == NULL) { | |
| 410 goto loser; | |
| 411 } | |
| 412 | |
| 413 /* open our library file */ | |
| 414 #ifdef FREEBL_USE_PRELINK | |
| 415 shFD = bl_OpenUnPrelink(shName,&pid); | |
| 416 #else | |
| 417 shFD = PR_Open(shName, PR_RDONLY, 0); | |
| 418 #endif | |
| 419 if (shFD == NULL) { | |
| 420 #ifdef DEBUG_SHVERIFY | |
| 421 fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n", | |
| 422 shName, (int)PR_GetError(), (int)PR_GetOSError()); | |
| 423 #endif /* DEBUG_SHVERIFY */ | |
| 424 goto loser; | |
| 425 } | |
| 426 | |
| 427 /* hash our library file with SHA1 */ | |
| 428 hashcx = hashObj->create(); | |
| 429 if (hashcx == NULL) { | |
| 430 goto loser; | |
| 431 } | |
| 432 hashObj->begin(hashcx); | |
| 433 | |
| 434 count = 0; | |
| 435 while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) { | |
| 436 hashObj->update(hashcx, buf, bytesRead); | |
| 437 count += bytesRead; | |
| 438 } | |
| 439 #ifdef FREEBL_USE_PRELINK | |
| 440 bl_CloseUnPrelink(shFD, pid); | |
| 441 #else | |
| 442 PR_Close(shFD); | |
| 443 #endif | |
| 444 shFD = NULL; | |
| 445 | |
| 446 hashObj->end(hashcx, hash.data, &hash.len, hash.len); | |
| 447 | |
| 448 | |
| 449 /* verify the hash against the check file */ | |
| 450 if (DSA_VerifyDigest(&key, &signature, &hash) == SECSuccess) { | |
| 451 result = PR_TRUE; | |
| 452 } | |
| 453 #ifdef DEBUG_SHVERIFY | |
| 454 { | |
| 455 int i,j; | |
| 456 fprintf(stderr,"File %s: %d bytes\n",shName, count); | |
| 457 fprintf(stderr," hash: %d bytes\n", hash.len); | |
| 458 #define STEP 10 | |
| 459 for (i=0; i < hash.len; i += STEP) { | |
| 460 fprintf(stderr," "); | |
| 461 for (j=0; j < STEP && (i+j) < hash.len; j++) { | |
| 462 fprintf(stderr," %02x", hash.data[i+j]); | |
| 463 } | |
| 464 fprintf(stderr,"\n"); | |
| 465 } | |
| 466 fprintf(stderr," signature: %d bytes\n", signature.len); | |
| 467 for (i=0; i < signature.len; i += STEP) { | |
| 468 fprintf(stderr," "); | |
| 469 for (j=0; j < STEP && (i+j) < signature.len; j++) { | |
| 470 fprintf(stderr," %02x", signature.data[i+j]); | |
| 471 } | |
| 472 fprintf(stderr,"\n"); | |
| 473 } | |
| 474 fprintf(stderr,"Verified : %s\n",result?"TRUE": "FALSE"); | |
| 475 } | |
| 476 #endif /* DEBUG_SHVERIFY */ | |
| 477 | |
| 478 | |
| 479 loser: | |
| 480 if (checkName != NULL) { | |
| 481 PORT_Free(checkName); | |
| 482 } | |
| 483 if (checkFD != NULL) { | |
| 484 PR_Close(checkFD); | |
| 485 } | |
| 486 if (shFD != NULL) { | |
| 487 PR_Close(shFD); | |
| 488 } | |
| 489 if (hashcx != NULL) { | |
| 490 if (hashObj) { | |
| 491 hashObj->destroy(hashcx,PR_TRUE); | |
| 492 } | |
| 493 } | |
| 494 if (signature.data != NULL) { | |
| 495 PORT_Free(signature.data); | |
| 496 } | |
| 497 if (key.params.prime.data != NULL) { | |
| 498 PORT_Free(key.params.prime.data); | |
| 499 } | |
| 500 if (key.params.subPrime.data != NULL) { | |
| 501 PORT_Free(key.params.subPrime.data); | |
| 502 } | |
| 503 if (key.params.base.data != NULL) { | |
| 504 PORT_Free(key.params.base.data); | |
| 505 } | |
| 506 if (key.publicValue.data != NULL) { | |
| 507 PORT_Free(key.publicValue.data); | |
| 508 } | |
| 509 | |
| 510 return result; | |
| 511 #endif /* PSEUDO_FIPS */ | |
| 512 } | |
| 513 | |
| 514 PRBool | |
| 515 BLAPI_VerifySelf(const char *name) | |
| 516 { | |
| 517 if (name == NULL) { | |
| 518 /* | |
| 519 * If name is NULL, freebl is statically linked into softoken. | |
| 520 * softoken will call BLAPI_SHVerify next to verify itself. | |
| 521 */ | |
| 522 return PR_TRUE; | |
| 523 } | |
| 524 return BLAPI_SHVerify(name, (PRFuncPtr) decodeInt); | |
| 525 } | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2078763002:
Delete bundled copy of NSS and replace with README. (Closed)
Base URL: https://chromium.googlesource.com/chromium/deps/nss@master