author | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> |
Thu, 28 May 2015 09:54:36 -0700 | |
changeset 4370 | 7043c27399f1 |
parent 4002 | components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch@95b8f35fcdd5 |
permissions | -rw-r--r-- |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
1 |
# |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
2 |
# Patch developed in-house. Solaris-specific; not suitable for upstream. |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
3 |
# |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
4 |
--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
5 |
+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
6 |
@@ -135,6 +135,9 @@ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
7 |
# include <openssl/fips.h> |
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
8 |
#endif |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
9 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
10 |
+/* Solaris OpenSSL */ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
11 |
+#include <dlfcn.h> |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
12 |
+ |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
13 |
/* |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
14 |
* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
15 |
* the base prototypes (we cast each variable inside the function to the |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
16 |
@@ -155,9 +158,10 @@ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
17 |
BIO *bio_err = NULL; |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
18 |
#endif |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
19 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
20 |
+static int *modes; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
21 |
+ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
22 |
static void lock_dbg_cb(int mode, int type, const char *file, int line) |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
23 |
{ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
24 |
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
25 |
const char *errstr = NULL; |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
26 |
int rw; |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
27 |
|
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
28 |
@@ -167,7 +168,7 @@ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
29 |
goto err; |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
30 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
31 |
|
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
32 |
- if (type < 0 || type >= CRYPTO_NUM_LOCKS) { |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
33 |
+ if (type < 0 || type >= CRYPTO_num_locks()) { |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
34 |
errstr = "type out of bounds"; |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
35 |
goto err; |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
36 |
} |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
37 |
@@ -305,6 +306,14 @@ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
38 |
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
1586
2d3ec080d6a3
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
39 |
#endif |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
40 |
{ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
41 |
+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
42 |
+ if (modes == NULL) { |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
43 |
+ ERR_load_crypto_strings(); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
44 |
+ BIO_printf(bio_err,"Memory allocation failure\n"); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
45 |
+ ERR_print_errors(bio_err); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
46 |
+ EXIT(1); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
47 |
+ } |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
48 |
+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
49 |
CRYPTO_set_locking_callback(lock_dbg_cb); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
50 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
51 |
|
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
52 |
@@ -308,18 +320,28 @@ |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
53 |
CRYPTO_set_locking_callback(lock_dbg_cb); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
54 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
55 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
56 |
+/* |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
57 |
+ * Solaris OpenSSL |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
58 |
+ * Add a further check for the FIPS_mode_set() symbol before calling to |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
59 |
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
60 |
+ */ |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
61 |
if (getenv("OPENSSL_FIPS")) { |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
62 |
-#ifdef OPENSSL_FIPS |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
63 |
- if (!FIPS_mode_set(1)) { |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
64 |
+ |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
65 |
+ int (*FIPS_mode_set)(int); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
66 |
+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
67 |
+ |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
68 |
+ if (FIPS_mode_set != NULL) { |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
69 |
+ if (!(*FIPS_mode_set)(1)) { |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
70 |
ERR_load_crypto_strings(); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
71 |
ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
72 |
EXIT(1); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
73 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
74 |
-#else |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
75 |
- fprintf(stderr, "FIPS mode not supported.\n"); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
76 |
+ } else { |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
77 |
+ fprintf(stderr, "Failed to enable FIPS mode. " |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
78 |
+ "For more information about running in FIPS mode see openssl(5).\n"); |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
79 |
EXIT(1); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
80 |
-#endif |
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
81 |
} |
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
82 |
+ } |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
83 |
|
4002
95b8f35fcdd5
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
1641
diff
changeset
|
84 |
apps_startup(); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
85 |