author | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> |
Mon, 09 Dec 2013 15:11:31 -0800 | |
changeset 1586 | 2d3ec080d6a3 |
parent 363 | components/openssl/openssl-0.9.8-fips-140/patches/26-openssl_fips.patch@9c0cad004039 |
child 1641 | 2fc479afcf70 |
permissions | -rw-r--r-- |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
1 |
--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
2 |
+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 |
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
3 |
@@ -133,6 +133,9 @@ |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
4 |
#include <openssl/fips.h> |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
5 |
#endif |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
6 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
7 |
+/* Solaris OpenSSL */ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
8 |
+#include <dlfcn.h> |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
9 |
+ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
10 |
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
11 |
* base prototypes (we cast each variable inside the function to the required |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
12 |
* type of "FUNCTION*"). This removes the necessity for macro-generated wrapper |
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
13 |
@@ -152,9 +155,10 @@ |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
14 |
#endif |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
15 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
16 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
17 |
+static int *modes; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
18 |
+ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
19 |
static void lock_dbg_cb(int mode, int type, const char *file, int line) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
20 |
{ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
21 |
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
22 |
const char *errstr = NULL; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
23 |
int rw; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
24 |
|
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
25 |
@@ -165,7 +169,7 @@ |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
26 |
goto err; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
27 |
} |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
28 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
29 |
- if (type < 0 || type >= CRYPTO_NUM_LOCKS) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
30 |
+ if (type < 0 || type >= CRYPTO_num_locks()) |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
31 |
{ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
32 |
errstr = "type out of bounds"; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
33 |
goto err; |
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
34 |
@@ -310,6 +314,14 @@ |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
35 |
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
36 |
#endif |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
37 |
{ |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
38 |
+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
39 |
+ if (modes == NULL) { |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
40 |
+ ERR_load_crypto_strings(); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
41 |
+ BIO_printf(bio_err,"Memory allocation failure\n"); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
42 |
+ ERR_print_errors(bio_err); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
43 |
+ EXIT(1); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
44 |
+ } |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
45 |
+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
46 |
CRYPTO_set_locking_callback(lock_dbg_cb); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
47 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
48 |
|
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
49 |
@@ -313,18 +325,28 @@ |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
50 |
CRYPTO_set_locking_callback(lock_dbg_cb); |
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
51 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
52 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
53 |
+/* |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
54 |
+ * Solaris OpenSSL |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
55 |
+ * Add a further check for the FIPS_mode_set() symbol before calling to |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
56 |
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
57 |
+ */ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
58 |
if(getenv("OPENSSL_FIPS")) { |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
59 |
-#ifdef OPENSSL_FIPS |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
60 |
- if (!FIPS_mode_set(1)) { |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
61 |
+ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
62 |
+ int (*FIPS_mode_set)(int); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
63 |
+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
64 |
+ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
65 |
+ if (FIPS_mode_set != NULL) { |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
66 |
+ if (!(*FIPS_mode_set)(1)) { |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
67 |
ERR_load_crypto_strings(); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
68 |
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
69 |
EXIT(1); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
70 |
} |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
71 |
-#else |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
72 |
- fprintf(stderr, "FIPS mode not supported.\n"); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
73 |
+ } else { |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
74 |
+ fprintf(stderr, "Failed to enable FIPS mode. " |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
75 |
+ "For more information about running in FIPS mode see openssl(5).\n"); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
76 |
EXIT(1); |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
77 |
-#endif |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
78 |
} |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
79 |
+ } |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
80 |
|
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
81 |
apps_startup(); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
82 |