mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-11-25 18:12:57 +01:00
e0c4386e7e
* Fixed PKCS12 Decoding crashes ([CVE-2024-0727])
* Fixed Excessive time spent checking invalid RSA public keys
([CVE-2023-6237])
* Fixed POLY1305 MAC implementation corrupting vector registers on
PowerPC CPUs which support PowerISA 2.07 ([CVE-2023-6129])
* Fix excessive time spent in DH check / generation with large Q
parameter value ([CVE-2023-5678])
Release notes can be found at
https://www.openssl.org/news/openssl-3.0-notes.html.
Approved by: emaste
MFC after: 3 days
Merge commit '9dd13e84fa8eca8f3462bd55485aa3da8c37f54a'
57 lines
2.1 KiB
Plaintext
57 lines
2.1 KiB
Plaintext
$ ! OpenSSL Internal Verification Procedure
|
|
$ !
|
|
$ ! This script checks the consistency of a OpenSSL installation
|
|
$ ! It had better be spawned, as it creates process logicals
|
|
$
|
|
$ ! Generated information
|
|
$ INSTALLTOP := {- $config{INSTALLTOP} -}
|
|
$ OPENSSLDIR := {- $config{OPENSSLDIR} -}
|
|
$
|
|
$ ! Make sure that INSTALLTOP and OPENSSLDIR become something one
|
|
$ ! can use to call the startup procedure
|
|
$ INSTALLTOP_ = F$PARSE("A.;",INSTALLTOP,,,"NO_CONCEAL") -
|
|
- ".][000000" - "[000000." - "][" - "]A.;" + "."
|
|
$ OPENSSLDIR_ = F$PARSE("A.;",OPENSSLDIR,,,"NO_CONCEAL") -
|
|
- ".][000000" - "[000000." - "][" - "]A.;" + "."
|
|
$
|
|
$ v := {- sprintf "%02d", split(/\./, $config{version}) -}
|
|
$ pz := {- $target{pointer_size} -}
|
|
$
|
|
$ @'INSTALLTOP_'SYS$STARTUP]openssl_startup'v'
|
|
$ @'INSTALLTOP_'SYS$STARTUP]openssl_utils'v'
|
|
$
|
|
$ IF F$SEARCH("OSSL$LIBCRYPTO''pz'") .EQS. "" -
|
|
.OR. F$SEARCH("OSSL$LIBSSL''pz'") .EQS. "" {- output_off() if $disabled{shared}; "" -}-
|
|
.OR. F$SEARCH("OSSL$LIBCRYPTO_SHR''pz'") .EQS. "" -
|
|
.OR. F$SEARCH("OSSL$LIBSSL_SHR''pz'") .EQS. "" {- output_on() if $disabled{shared}; "" -}-
|
|
.OR. F$SEARCH("OSSL$INCLUDE:[OPENSSL]crypto.h") .EQS. "" -
|
|
.OR. F$SEARCH("OPENSSL:crypto.h") .EQS. "" -
|
|
.OR. F$SEARCH("OSSL$EXE:OPENSSL''v'.EXE") .EQS. ""
|
|
$ THEN
|
|
$ WRITE SYS$ERROR "Installation inconsistent"
|
|
$ EXIT %x00018292 ! RMS$_FNF, file not found
|
|
$ ENDIF
|
|
$
|
|
$ ON ERROR THEN GOTO error
|
|
$
|
|
$ ! If something else is wrong with the installation, we're likely
|
|
$ ! to get an image activation error here
|
|
$ openssl version -a
|
|
$
|
|
$ ! FUTURE ENHANCEMENT: Verify that engines are where they should be.
|
|
$ ! openssl engine -c -t checker
|
|
$
|
|
$ ! Verify that the built in providers are reachable. If they aren't,
|
|
$ ! then we're likely to get an image activation error here
|
|
$ openssl list -provider base -providers
|
|
$ openssl list -provider default -providers
|
|
$ openssl list -provider legacy -providers
|
|
$
|
|
$ WRITE SYS$ERROR "OpenSSL IVP passed"
|
|
$ EXIT %x10000001
|
|
$
|
|
$ error:
|
|
$ save_status = $STATUS
|
|
$ WRITE SYS$ERROR "OpenSSL IVP failed"
|
|
$ EXIT 'save_status'
|