1 #

     2 # Patch developed in-house.  Solaris-specific; not suitable for upstream. 

     3 #

     4 --- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009

     5 +++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010

     6 @@ -135,6 +135,9 @@

     7  # include <openssl/fips.h>

     8  #endif

     9  

    10 +/* Solaris OpenSSL */

    11 +#include <dlfcn.h>

    12 +

    13  /*

    14   * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with

    15   * the base prototypes (we cast each variable inside the function to the

    16 @@ -155,9 +158,10 @@

    17  BIO *bio_err = NULL;

    18  #endif

    19  

    20 +static int *modes;

    21 +

    22  static void lock_dbg_cb(int mode, int type, const char *file, int line)

    23  {

    24 -    static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */

    25      const char *errstr = NULL;

    26      int rw;

    27  

    28 @@ -167,7 +168,7 @@

    29          goto err;

    30      }

    31  

    32 -    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {

    33 +    if (type < 0 || type >= CRYPTO_num_locks()) {

    34          errstr = "type out of bounds";

    35          goto err;

    36      }

    37 @@ -305,6 +306,14 @@

    38      if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)

    39  #endif

    40      {

    41 +        modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));

    42 +        if (modes == NULL) {

    43 +            ERR_load_crypto_strings();

    44 +            BIO_printf(bio_err,"Memory allocation failure\n");

    45 +            ERR_print_errors(bio_err);

    46 +            EXIT(1);

    47 +        }

    48 +        memset(modes, 0, CRYPTO_num_locks() * sizeof (int));

    49          CRYPTO_set_locking_callback(lock_dbg_cb);

    50      }

    51  

    52 @@ -308,18 +320,28 @@

    53          CRYPTO_set_locking_callback(lock_dbg_cb);

    54      }

    55  

    56 +/*

    57 + * Solaris OpenSSL

    58 + * Add a further check for the FIPS_mode_set() symbol before calling to

    59 + * allow openssl(1openssl) to be run against both fips and non-fips libraries.

    60 + */

    61      if (getenv("OPENSSL_FIPS")) {

    62 -#ifdef OPENSSL_FIPS

    63 -        if (!FIPS_mode_set(1)) {

    64 +

    65 +        int (*FIPS_mode_set)(int);

    66 +        FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");

    67 +

    68 +        if (FIPS_mode_set != NULL) {

    69 +            if (!(*FIPS_mode_set)(1)) {

    70              ERR_load_crypto_strings();

    71              ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));

    72              EXIT(1);

    73          }

    74 -#else

    75 -        fprintf(stderr, "FIPS mode not supported.\n");

    76 +    } else {

    77 +            fprintf(stderr, "Failed to enable FIPS mode. "

    78 +                "For more information about running in FIPS mode see openssl(5).\n");

    79          EXIT(1);

    80 -#endif

    81      }

    82 +    }

    83  

    84      apps_startup();

    85