52 static ELFsign_status_t elfsign_adjustoffsets(ELFsign_t ess,
55 static ELFsign_status_t elfsign_switch(ELFsign_t ess,
243 	ELFsign_t	ess;  in elfsign_begin()  local
272 	if ((ess = malloc(sizeof (struct ELFsign_s))) == NULL) {  in elfsign_begin()
275 	(void) memset((void *)ess, 0, sizeof (struct ELFsign_s));  in elfsign_begin()
277 	if (!elfcertlib_init(ess)) {  in elfsign_begin()
282 	ess->es_elf = NULL;  in elfsign_begin()
283 	ess->es_action = action;  in elfsign_begin()
284 	ess->es_version = FILESIG_UNKNOWN;  in elfsign_begin()
285 	ess->es_pathname = NULL;  in elfsign_begin()
286 	ess->es_certpath = NULL;  in elfsign_begin()
289 		*essp = ess;  in elfsign_begin()
293 	if ((ess->es_fd = open(filename, oflags)) == -1) {  in elfsign_begin()
294 		elfsign_end(ess);  in elfsign_begin()
297 	if ((fstat(ess->es_fd, &stb) == -1) || !S_ISREG(stb.st_mode)) {  in elfsign_begin()
298 		elfsign_end(ess);  in elfsign_begin()
301 	if ((ess->es_pathname = strdup(filename)) == NULL) {  in elfsign_begin()
302 		elfsign_end(ess);  in elfsign_begin()
310 	ess->es_flock.l_type = l_type;  in elfsign_begin()
311 	ess->es_flock.l_whence = SEEK_CUR;  in elfsign_begin()
312 	ess->es_flock.l_start = 0;  in elfsign_begin()
313 	ess->es_flock.l_len = 0;  in elfsign_begin()
314 	if (fcntl(ess->es_fd, F_SETLK, &ess->es_flock) == -1) {  in elfsign_begin()
316 		    ess->es_pathname, strerror(errno));  in elfsign_begin()
317 		elfsign_end(ess);  in elfsign_begin()
322 		elfsign_end(ess);  in elfsign_begin()
326 	if ((ess->es_elf = elf_begin(ess->es_fd, elfcmd,  in elfsign_begin()
329 		elfsign_end(ess);  in elfsign_begin()
333 	if (gelf_getehdr(ess->es_elf, &elfehdr) == NULL) {  in elfsign_begin()
335 		elfsign_end(ess);  in elfsign_begin()
338 	ess->es_has_phdr = (elfehdr.e_phnum != 0);  in elfsign_begin()
341 	ident = elf_getident(ess->es_elf, NULL);  in elfsign_begin()
344 		elfsign_end(ess);  in elfsign_begin()
347 	ess->es_same_endian = (ident[EI_DATA] == uorder.c[0]);  in elfsign_begin()
348 	ess->es_ei_class = ident[EI_CLASS];  in elfsign_begin()
354 	if (elf_getshstrndx(ess->es_elf, &ess->es_shstrndx) == 0) {  in elfsign_begin()
355 		elfsign_end(ess);  in elfsign_begin()
363 	(void) elf_flagelf(ess->es_elf, ELF_C_SET, ELF_F_LAYOUT);  in elfsign_begin()
365 	*essp = ess;  in elfsign_begin()
376 elfsign_end(ELFsign_t ess)  in elfsign_end()  argument
378 	if (ess == NULL)  in elfsign_end()
381 	if (ess->es_elf != NULL && ES_ACTISUPDATE(ess->es_action)) {  in elfsign_end()
382 		if (elf_update(ess->es_elf, ELF_C_WRITE) == -1) {  in elfsign_end()
389 	if (ess->es_fd != -1) {  in elfsign_end()
390 		(void) close(ess->es_fd);  in elfsign_end()
391 		ess->es_fd = -1;  in elfsign_end()
394 	if (ess->es_pathname != NULL) {  in elfsign_end()
395 		free(ess->es_pathname);  in elfsign_end()
396 		ess->es_pathname = NULL;  in elfsign_end()
398 	if (ess->es_certpath != NULL) {  in elfsign_end()
399 		free(ess->es_certpath);  in elfsign_end()
400 		ess->es_certpath = NULL;  in elfsign_end()
403 	if (ess->es_elf != NULL) {  in elfsign_end()
404 		(void) elf_end(ess->es_elf);  in elfsign_end()
405 		ess->es_elf = NULL;  in elfsign_end()
408 	elfcertlib_fini(ess);  in elfsign_end()
410 	free(ess);  in elfsign_end()
417 elfsign_setcertpath(ELFsign_t ess, const char *certpath)  in elfsign_setcertpath()  argument
427 	if ((ess->es_certpath = strdup(certpath)) == NULL)  in elfsign_setcertpath()
430 	if (ES_ACTISUPDATE(ess->es_action)) {  in elfsign_setcertpath()
435 		if (elfcertlib_getcert(ess, ess->es_certpath, NULL,  in elfsign_setcertpath()
436 		    &cert, ess->es_action)) {  in elfsign_setcertpath()
439 					ess->es_version = (ess->es_action ==  in elfsign_setcertpath()
443 					ess->es_version = (ess->es_action ==  in elfsign_setcertpath()
447 			elfcertlib_releasecert(ess, cert);  in elfsign_setcertpath()
449 		if (ess->es_version == FILESIG_UNKNOWN)  in elfsign_setcertpath()
459 elfsign_setcallbackctx(ELFsign_t ess, void *ctx)  in elfsign_setcallbackctx()  argument
461 	ess->es_callbackctx = ctx;  in elfsign_setcallbackctx()
468 elfsign_setsigvercallback(ELFsign_t ess,  in elfsign_setsigvercallback()  argument
471 	ess->es_sigvercallback = cb;  in elfsign_setsigvercallback()
481 elfsign_signatures(ELFsign_t ess,  in elfsign_signatures()  argument
495 	if ((ess == NULL) || (fsspp == NULL)) {  in elfsign_signatures()
504 	while ((scn = elf_nextscn(ess->es_elf, scn)) != NULL) {  in elfsign_signatures()
515 		sh_name = elf_strptr(ess->es_elf, ess->es_shstrndx,  in elfsign_signatures()
543 		if ((scn = elf_getscn(ess->es_elf, ess->es_shstrndx)) == 0) {  in elfsign_signatures()
579 		if ((sig_scn = elf_newscn(ess->es_elf)) == 0) {  in elfsign_signatures()
613 		if (elfsign_adjustoffsets(ess, scn,  in elfsign_signatures()
652 			(void) elfsign_switch(ess,  in elfsign_signatures()
660 		if (elfsign_adjustoffsets(ess, sig_scn, fssize) !=  in elfsign_signatures()
671 		if (elfsign_switch(ess, *fsspp, ES_GET) != ELFSIGN_SUCCESS) {  in elfsign_signatures()
683 elfsign_adjustoffsets(ELFsign_t ess, Elf_Scn *scn, uint64_t new_size)  in elfsign_adjustoffsets()  argument
704 	name = elf_strptr(ess->es_elf, ess->es_shstrndx,  in elfsign_adjustoffsets()
706 	if (shdr.sh_flags & SHF_ALLOC && ess->es_has_phdr) {  in elfsign_adjustoffsets()
728 	scnp = elf_getscn(ess->es_elf, 0);	/* "seek" to start */  in elfsign_adjustoffsets()
729 	while ((scnp = elf_nextscn(ess->es_elf, scnp)) != NULL) {  in elfsign_adjustoffsets()
734 		name = elf_strptr(ess->es_elf, ess->es_shstrndx,  in elfsign_adjustoffsets()
736 		if (shdr.sh_flags & SHF_ALLOC && ess->es_has_phdr) {  in elfsign_adjustoffsets()
790 		name = elf_strptr(ess->es_elf, ess->es_shstrndx,  in elfsign_adjustoffsets()
807 	if (gelf_getehdr(ess->es_elf, &elfehdr) == NULL) {  in elfsign_adjustoffsets()
812 		if (ess->es_ei_class == ELFCLASS32)  in elfsign_adjustoffsets()
815 		else if (ess->es_ei_class == ELFCLASS64)  in elfsign_adjustoffsets()
822 		if (gelf_update_ehdr(ess->es_elf, &elfehdr) == 0) {  in elfsign_adjustoffsets()
841 elfsign_insert_dso(ELFsign_t ess,  in elfsign_insert_dso()  argument
850 	return (filesig_insert_dso(fssp, ess->es_version, dn, dn_len,  in elfsign_insert_dso()
856 elfsign_extract_sig(ELFsign_t ess,  in elfsign_extract_sig()  argument
886 	if (ess->es_version == FILESIG_UNKNOWN) {  in elfsign_extract_sig()
887 		ess->es_version = version;  in elfsign_extract_sig()
894 elfsign_hash_common(ELFsign_t ess, uchar_t *hash, size_t *hash_len,  in elfsign_hash_common()  argument
911 	scn = elf_getscn(ess->es_elf, 0);	/* "seek" to start */  in elfsign_hash_common()
913 	while ((scn = elf_nextscn(ess->es_elf, scn)) != 0) {  in elfsign_hash_common()
922 		name = elf_strptr(ess->es_elf, ess->es_shstrndx,  in elfsign_hash_common()
928 		    (ess->es_version == FILESIG_VERSION1 ||  in elfsign_hash_common()
929 		    ess->es_version == FILESIG_VERSION3)) {  in elfsign_hash_common()
992 elfsign_hash(ELFsign_t ess, uchar_t *hash, size_t *hash_len)  in elfsign_hash()  argument
994 	return (elfsign_hash_common(ess, hash, hash_len, B_FALSE));  in elfsign_hash()
1005 elfsign_hash_mem_resident(ELFsign_t ess, uchar_t *hash, size_t *hash_len)  in elfsign_hash_mem_resident()  argument
1007 	return (elfsign_hash_common(ess, hash, hash_len, B_TRUE));  in elfsign_hash_mem_resident()
1020 elfsign_verify_signature(ELFsign_t ess, struct ELFsign_sig_info **esipp)  in elfsign_verify_signature()  argument
1043 	if (elfsign_signatures(ess, &fssp, &fslen, ES_GET) != ELFSIGN_SUCCESS) {  in elfsign_verify_signature()
1059 		ess->es_version = filesig_extract(fsgp, &fsx);  in elfsign_verify_signature()
1061 		    version_to_str(ess->es_version));  in elfsign_verify_signature()
1062 		switch (ess->es_version) {  in elfsign_verify_signature()
1090 			elfcertlib_releasecert(ess, cert);  in elfsign_verify_signature()
1095 		if (!elfcertlib_getcert(ess, ess->es_certpath,  in elfsign_verify_signature()
1096 		    fsx.fsx_signer_DN, &cert, ess->es_action)) {  in elfsign_verify_signature()
1099 			    fsx.fsx_signer_DN, ess->es_pathname);  in elfsign_verify_signature()
1108 		if ((ess->es_action == ES_GET_CRYPTO ||  in elfsign_verify_signature()
1109 		    ess->es_action == ES_GET_FIPS140 ||  in elfsign_verify_signature()
1111 		    !elfcertlib_verifycert(ess, cert)) {  in elfsign_verify_signature()
1130 		if (elfsign_hash(ess, hash, &hash_len) != ELFSIGN_SUCCESS) {  in elfsign_verify_signature()
1149 		if (elfcertlib_verifysig(ess, cert,  in elfsign_verify_signature()
1151 			if (ess->es_sigvercallback)  in elfsign_verify_signature()
1152 				(ess->es_sigvercallback)  in elfsign_verify_signature()
1153 				    (ess->es_callbackctx, fssp, fslen, cert);  in elfsign_verify_signature()
1165 		elfcertlib_releasecert(ess, cert);  in elfsign_verify_signature()
1193 elfsign_switch(ELFsign_t ess, struct filesignatures *fssp,  in elfsign_switch()  argument
1200 	if (ess->es_same_endian)  in elfsign_switch()
1256 elfsign_buffer_len(ELFsign_t ess, size_t *ip, uchar_t *cp,  in elfsign_buffer_len()  argument
1264 		if (!ess->es_same_endian) {  in elfsign_buffer_len()
1271 		if (!ess->es_same_endian) {  in elfsign_buffer_len()