1 --- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009

     2 +++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010

     3 @@ -134,6 +134,9 @@

     4  #include <openssl/fips.h>

     5  #endif

     6  

     7 +/* Solaris OpenSSL */

     8 +#include <dlfcn.h>

     9 +

    10  /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the

    11   * base prototypes (we cast each variable inside the function to the required

    12   * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper

    13 @@ -153,9 +156,10 @@

    14  #endif

    15  

    16  

    17 +static int *modes;

    18 +

    19  static void lock_dbg_cb(int mode, int type, const char *file, int line)

    20  	{

    21 -	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */

    22  	const char *errstr = NULL;

    23  	int rw;

    24  	

    25 @@ -166,7 +170,7 @@

    26  		goto err;

    27  		}

    28  

    29 -	if (type < 0 || type >= CRYPTO_NUM_LOCKS)

    30 +	if (type < 0 || type >= CRYPTO_num_locks())

    31  		{

    32  		errstr = "type out of bounds";

    33  		goto err;

    34 @@ -311,6 +315,14 @@

    35  	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)

    36  #endif

    37  		{

    38 +		modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));

    39 +		if (modes == NULL) {

    40 +			ERR_load_crypto_strings();

    41 +			BIO_printf(bio_err,"Memory allocation failure\n");

    42 +			ERR_print_errors(bio_err);

    43 +			EXIT(1);

    44 +		}

    45 +		memset(modes, 0, CRYPTO_num_locks() * sizeof (int));

    46  		CRYPTO_set_locking_callback(lock_dbg_cb);

    47  		}

    48  

    49 @@ -314,18 +326,28 @@

    50  		CRYPTO_set_locking_callback(lock_dbg_cb);

    51  		}

    52  

    53 +/*

    54 + * Solaris OpenSSL

    55 + * Add a further check for the FIPS_mode_set() symbol before calling to

    56 + * allow openssl(1openssl) to be run against both fips and non-fips libraries.

    57 + */

    58  	if(getenv("OPENSSL_FIPS")) {

    59 -#ifdef OPENSSL_FIPS

    60 -		if (!FIPS_mode_set(1)) {

    61 +

    62 +	int (*FIPS_mode_set)(int);

    63 +	FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");

    64 +

    65 +	if (FIPS_mode_set != NULL) {

    66 +		if (!(*FIPS_mode_set)(1)) {

    67  			ERR_load_crypto_strings();

    68  			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));

    69  			EXIT(1);

    70  		}

    71 -#else

    72 -		fprintf(stderr, "FIPS mode not supported.\n");

    73 +	} else {

    74 +			fprintf(stderr, "Failed to enable FIPS mode. "

    75 +			    "For more information about running in FIPS mode see openssl(5).\n");

    76  		EXIT(1);

    77 -#endif

    78  		}

    79 +		}

    80  

    81  	apps_startup();

    82