author | Misaki Miyashita <Misaki.Miyashita@Oracle.COM> |
Sun, 22 Mar 2015 13:14:43 -0700 | |
branch | s11-update |
changeset 4006 | c737cefdce54 |
parent 2921 | 8da1e7689d13 |
permissions | -rw-r--r-- |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
1 |
# |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
2 |
# Patch developed in-house. Solaris-specific; not suitable for upstream. |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
3 |
# |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
4 |
--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
5 |
+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
6 |
@@ -135,6 +135,9 @@ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
7 |
# include <openssl/fips.h> |
2921
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
8 |
#endif |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
9 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
10 |
+/* Solaris OpenSSL */ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
11 |
+#include <dlfcn.h> |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
12 |
+ |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
13 |
/* |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
14 |
* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
15 |
* the base prototypes (we cast each variable inside the function to the |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
16 |
@@ -155,9 +158,10 @@ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
17 |
BIO *bio_err = NULL; |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
18 |
#endif |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
19 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
20 |
+static int *modes; |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
21 |
+ |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
22 |
static void lock_dbg_cb(int mode, int type, const char *file, int line) |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
23 |
{ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
24 |
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
25 |
const char *errstr = NULL; |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
26 |
int rw; |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
27 |
|
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
28 |
@@ -167,7 +168,7 @@ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
29 |
goto err; |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
30 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
31 |
|
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
32 |
- if (type < 0 || type >= CRYPTO_NUM_LOCKS) { |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
33 |
+ if (type < 0 || type >= CRYPTO_num_locks()) { |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
34 |
errstr = "type out of bounds"; |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
35 |
goto err; |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
36 |
} |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
37 |
@@ -305,6 +306,14 @@ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
38 |
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
2921
8da1e7689d13
PSARC/2013/383 OpenSSL FIPS 140-2 version update
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
363
diff
changeset
|
39 |
#endif |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
40 |
{ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
41 |
+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
42 |
+ if (modes == NULL) { |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
43 |
+ ERR_load_crypto_strings(); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
44 |
+ BIO_printf(bio_err,"Memory allocation failure\n"); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
45 |
+ ERR_print_errors(bio_err); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
46 |
+ EXIT(1); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
47 |
+ } |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
48 |
+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
49 |
CRYPTO_set_locking_callback(lock_dbg_cb); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
50 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
51 |
|
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
52 |
@@ -308,18 +320,28 @@ |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
53 |
CRYPTO_set_locking_callback(lock_dbg_cb); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
54 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
55 |
|
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
56 |
+/* |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
57 |
+ * Solaris OpenSSL |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
58 |
+ * Add a further check for the FIPS_mode_set() symbol before calling to |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
59 |
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries. |
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
60 |
+ */ |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
61 |
if (getenv("OPENSSL_FIPS")) { |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
62 |
-#ifdef OPENSSL_FIPS |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
63 |
- if (!FIPS_mode_set(1)) { |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
64 |
+ |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
65 |
+ int (*FIPS_mode_set)(int); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
66 |
+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
67 |
+ |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
68 |
+ if (FIPS_mode_set != NULL) { |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
69 |
+ if (!(*FIPS_mode_set)(1)) { |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
70 |
ERR_load_crypto_strings(); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
71 |
ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
72 |
EXIT(1); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
73 |
} |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
74 |
-#else |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
75 |
- fprintf(stderr, "FIPS mode not supported.\n"); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
76 |
+ } else { |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
77 |
+ fprintf(stderr, "Failed to enable FIPS mode. " |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
78 |
+ "For more information about running in FIPS mode see openssl(5).\n"); |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
79 |
EXIT(1); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
80 |
-#endif |
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
81 |
} |
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
82 |
+ } |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
83 |
|
4006
c737cefdce54
20735615 Upgrade OpenSSL version to 1.0.1m
Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
parents:
2921
diff
changeset
|
84 |
apps_startup(); |
363
9c0cad004039
7039910 move OpenSSL from SFW to Userland gate
Jan Pechanec <Jan.Pechanec@Oracle.COM>
parents:
diff
changeset
|
85 |