Mercurial Mercurial > sustaining > oi_151a > sfw-gate / annotate
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
usr/src/lib/openssl/Patches/26-openssl_fips.patch
author Cyril Plisko <cyril.plisko@grigale.com>
Tue, 06 Apr 2010 16:00:14 +0300
changeset 11 87960ed158f9
parent 10 612517e396e0
permissions -rw-r--r--
Import sfw build 137 Bugs Fixed ---------- 6926835 Wireshark cannot open files typed into the location bar 6930214 CVE-2010-0624: Heap-based buffer overflow in GNU Tar 6933424 Various sfw manual pages need to be adjusted to use the new OpenSolaris package names. 6937764 upgrade OpenSSL to 0.9.8n (and fix CVE-2010-0740)
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
     1
 
--- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
     2
 
+++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     3
 
@@ -130,6 +130,9 @@
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     4
 
 #include "s_apps.h"
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     5
 
 #include <openssl/err.h>
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     6
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     7
 
+/* Solaris OpenSSL */
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     8
 
+#include <dlfcn.h>
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
     9
 
+
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    10
 
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    11
 
  * base prototypes (we cast each variable inside the function to the required
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    12
 
  * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    13
 
@@ -151,9 +154,10 @@
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    14
 
 #endif
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    15
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    16
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    17
 
+static int *modes;
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    18
 
+
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    19
 
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    20
 
 	{
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    21
 
-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    22
 
 	const char *errstr = NULL;
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    23
 
 	int rw;
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    24
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    25
 
@@ -164,7 +168,7 @@
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    26
 
 		goto err;
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    27
 
 		}
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    28
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    29
 
-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    30
 
+	if (type < 0 || type >= CRYPTO_num_locks())
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    31
 
 		{
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    32
 
 		errstr = "type out of bounds";
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    33
 
 		goto err;
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    34
 
@@ -235,19 +239,29 @@
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    35
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    36
 
 	in_FIPS_mode = 0;
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    37
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    38
 
+/*
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    39
 
+ * Solaris OpenSSL
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    40
 
+ * Add a further check for the FIPS_mode_set() symbol before calling to
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    41
 
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    42
 
+ */
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    43
 
 	if(getenv("OPENSSL_FIPS")) {
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    44
 
-#ifdef OPENSSL_FIPS
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    45
 
-		if (!FIPS_mode_set(1)) {
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    46
 
+
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    47
 
+	int (*FIPS_mode_set)(int);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    48
 
+	FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    49
 
+
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    50
 
+	if (FIPS_mode_set != NULL) {
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    51
 
+		if (!(*FIPS_mode_set)(1)) {
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    52
 
 			ERR_load_crypto_strings();
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    53
 
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    54
 
 			EXIT(1);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    55
 
 		}
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    56
 
 		in_FIPS_mode = 1;
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    57
 
-#else
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    58
 
-		fprintf(stderr, "FIPS mode not supported.\n");
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    59
 
+	} else {
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    60
 
+			fprintf(stderr, "Failed to enable FIPS mode. "
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    61
 
+			    "For more information about running in FIPS mode see openssl(5).\n");
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    62
 
 		EXIT(1);
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    63
 
-#endif
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    64
 
 		}
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    65
 
+		}
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    66
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    67
 
 	if (bio_err == NULL)
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    68
 
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    69
 
@@ -272,6 +286,14 @@
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    70
 
 	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    71
 
 #endif
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    72
 
 		{
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    73
 
+		modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    74
 
+		if (modes == NULL) {
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    75
 
+			ERR_load_crypto_strings();
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    76
 
+			BIO_printf(bio_err,"Memory allocation failure\n");
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    77
 
+			ERR_print_errors(bio_err);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    78
 
+			EXIT(1);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    79
 
+		}
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    80
 
+		memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    81
 
 		CRYPTO_set_locking_callback(lock_dbg_cb);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    82
 
 		}
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    83
10
612517e396e0 Import sfw build 136
Cyril Plisko <cyril.plisko@grigale.com>
parents: 2
diff changeset 
    84
 
@@ -379,6 +401,8 @@
2
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    85
 
 		BIO_free(bio_err);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    86
 
 		bio_err=NULL;
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    87
 
 		}
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    88
 
+
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    89
 
+	if (modes != NULL) OPENSSL_free(modes);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    90
 
 	OPENSSL_EXIT(ret);
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    91
 
 	}
8f1801a322e9 Import sfw build 128
Cyril Plisko <cyril.plisko@grigale.com>
parents:
diff changeset 
    92
sustaining/oi_151a/sfw-gate