10
|
1 |
--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009
|
|
2 |
+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010
|
2
|
3 |
@@ -130,6 +130,9 @@
|
|
4 |
#include "s_apps.h"
|
|
5 |
#include <openssl/err.h>
|
|
6 |
|
|
7 |
+/* Solaris OpenSSL */
|
|
8 |
+#include <dlfcn.h>
|
|
9 |
+
|
|
10 |
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
|
|
11 |
* base prototypes (we cast each variable inside the function to the required
|
|
12 |
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
|
|
13 |
@@ -151,9 +154,10 @@
|
|
14 |
#endif
|
|
15 |
|
|
16 |
|
|
17 |
+static int *modes;
|
|
18 |
+
|
|
19 |
static void lock_dbg_cb(int mode, int type, const char *file, int line)
|
|
20 |
{
|
|
21 |
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
|
|
22 |
const char *errstr = NULL;
|
|
23 |
int rw;
|
|
24 |
|
|
25 |
@@ -164,7 +168,7 @@
|
|
26 |
goto err;
|
|
27 |
}
|
|
28 |
|
|
29 |
- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
|
|
30 |
+ if (type < 0 || type >= CRYPTO_num_locks())
|
|
31 |
{
|
|
32 |
errstr = "type out of bounds";
|
|
33 |
goto err;
|
10
|
34 |
@@ -235,19 +239,29 @@
|
2
|
35 |
|
|
36 |
in_FIPS_mode = 0;
|
|
37 |
|
|
38 |
+/*
|
|
39 |
+ * Solaris OpenSSL
|
|
40 |
+ * Add a further check for the FIPS_mode_set() symbol before calling to
|
|
41 |
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
|
|
42 |
+ */
|
|
43 |
if(getenv("OPENSSL_FIPS")) {
|
10
|
44 |
-#ifdef OPENSSL_FIPS
|
2
|
45 |
- if (!FIPS_mode_set(1)) {
|
|
46 |
+
|
|
47 |
+ int (*FIPS_mode_set)(int);
|
|
48 |
+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
|
|
49 |
+
|
|
50 |
+ if (FIPS_mode_set != NULL) {
|
|
51 |
+ if (!(*FIPS_mode_set)(1)) {
|
|
52 |
ERR_load_crypto_strings();
|
|
53 |
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
|
|
54 |
EXIT(1);
|
|
55 |
}
|
|
56 |
in_FIPS_mode = 1;
|
10
|
57 |
-#else
|
|
58 |
- fprintf(stderr, "FIPS mode not supported.\n");
|
2
|
59 |
+ } else {
|
|
60 |
+ fprintf(stderr, "Failed to enable FIPS mode. "
|
|
61 |
+ "For more information about running in FIPS mode see openssl(5).\n");
|
10
|
62 |
EXIT(1);
|
|
63 |
-#endif
|
2
|
64 |
}
|
10
|
65 |
+ }
|
2
|
66 |
|
|
67 |
if (bio_err == NULL)
|
|
68 |
if ((bio_err=BIO_new(BIO_s_file())) != NULL)
|
10
|
69 |
@@ -272,6 +286,14 @@
|
2
|
70 |
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
|
|
71 |
#endif
|
|
72 |
{
|
|
73 |
+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
|
|
74 |
+ if (modes == NULL) {
|
|
75 |
+ ERR_load_crypto_strings();
|
|
76 |
+ BIO_printf(bio_err,"Memory allocation failure\n");
|
|
77 |
+ ERR_print_errors(bio_err);
|
|
78 |
+ EXIT(1);
|
|
79 |
+ }
|
|
80 |
+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
|
|
81 |
CRYPTO_set_locking_callback(lock_dbg_cb);
|
|
82 |
}
|
|
83 |
|
10
|
84 |
@@ -379,6 +401,8 @@
|
2
|
85 |
BIO_free(bio_err);
|
|
86 |
bio_err=NULL;
|
|
87 |
}
|
|
88 |
+
|
|
89 |
+ if (modes != NULL) OPENSSL_free(modes);
|
|
90 |
OPENSSL_EXIT(ret);
|
|
91 |
}
|
|
92 |
|