1 # |
|
2 # Patch developed in-house. Solaris-specific; not suitable for upstream. |
|
3 # |
|
4 --- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 |
|
5 +++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 |
|
6 @@ -135,6 +135,9 @@ |
|
7 # include <openssl/fips.h> |
|
8 #endif |
|
9 |
|
10 +/* Solaris OpenSSL */ |
|
11 +#include <dlfcn.h> |
|
12 + |
|
13 /* |
|
14 * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with |
|
15 * the base prototypes (we cast each variable inside the function to the |
|
16 @@ -155,9 +158,10 @@ |
|
17 BIO *bio_err = NULL; |
|
18 #endif |
|
19 |
|
20 +static int *modes; |
|
21 + |
|
22 static void lock_dbg_cb(int mode, int type, const char *file, int line) |
|
23 { |
|
24 - static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
|
25 const char *errstr = NULL; |
|
26 int rw; |
|
27 |
|
28 @@ -167,7 +168,7 @@ |
|
29 goto err; |
|
30 } |
|
31 |
|
32 - if (type < 0 || type >= CRYPTO_NUM_LOCKS) { |
|
33 + if (type < 0 || type >= CRYPTO_num_locks()) { |
|
34 errstr = "type out of bounds"; |
|
35 goto err; |
|
36 } |
|
37 @@ -305,6 +306,14 @@ |
|
38 if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
|
39 #endif |
|
40 { |
|
41 + modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); |
|
42 + if (modes == NULL) { |
|
43 + ERR_load_crypto_strings(); |
|
44 + BIO_printf(bio_err,"Memory allocation failure\n"); |
|
45 + ERR_print_errors(bio_err); |
|
46 + EXIT(1); |
|
47 + } |
|
48 + memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); |
|
49 CRYPTO_set_locking_callback(lock_dbg_cb); |
|
50 } |
|
51 |
|
52 @@ -308,18 +320,28 @@ |
|
53 CRYPTO_set_locking_callback(lock_dbg_cb); |
|
54 } |
|
55 |
|
56 +/* |
|
57 + * Solaris OpenSSL |
|
58 + * Add a further check for the FIPS_mode_set() symbol before calling to |
|
59 + * allow openssl(1openssl) to be run against both fips and non-fips libraries. |
|
60 + */ |
|
61 if (getenv("OPENSSL_FIPS")) { |
|
62 -#ifdef OPENSSL_FIPS |
|
63 - if (!FIPS_mode_set(1)) { |
|
64 + |
|
65 + int (*FIPS_mode_set)(int); |
|
66 + FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); |
|
67 + |
|
68 + if (FIPS_mode_set != NULL) { |
|
69 + if (!(*FIPS_mode_set)(1)) { |
|
70 ERR_load_crypto_strings(); |
|
71 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); |
|
72 EXIT(1); |
|
73 } |
|
74 -#else |
|
75 - fprintf(stderr, "FIPS mode not supported.\n"); |
|
76 + } else { |
|
77 + fprintf(stderr, "Failed to enable FIPS mode. " |
|
78 + "For more information about running in FIPS mode see openssl(5).\n"); |
|
79 EXIT(1); |
|
80 -#endif |
|
81 } |
|
82 + } |
|
83 |
|
84 apps_startup(); |
|
85 |
|