|
1 # |
|
2 # Patch developed in-house. Solaris-specific; not suitable for upstream. |
|
3 # |
1 --- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 |
4 --- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009 |
2 +++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 |
5 +++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010 |
3 @@ -134,6 +134,9 @@ |
6 @@ -135,6 +135,9 @@ |
4 #include <openssl/fips.h> |
7 # include <openssl/fips.h> |
5 #endif |
8 #endif |
6 |
9 |
7 +/* Solaris OpenSSL */ |
10 +/* Solaris OpenSSL */ |
8 +#include <dlfcn.h> |
11 +#include <dlfcn.h> |
9 + |
12 + |
10 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the |
13 /* |
11 * base prototypes (we cast each variable inside the function to the required |
14 * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with |
12 * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper |
15 * the base prototypes (we cast each variable inside the function to the |
13 @@ -153,9 +156,10 @@ |
16 @@ -155,9 +158,10 @@ |
|
17 BIO *bio_err = NULL; |
14 #endif |
18 #endif |
15 |
|
16 |
19 |
17 +static int *modes; |
20 +static int *modes; |
18 + |
21 + |
19 static void lock_dbg_cb(int mode, int type, const char *file, int line) |
22 static void lock_dbg_cb(int mode, int type, const char *file, int line) |
20 { |
23 { |
21 - static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
24 - static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */ |
22 const char *errstr = NULL; |
25 const char *errstr = NULL; |
23 int rw; |
26 int rw; |
24 |
|
25 @@ -166,7 +170,7 @@ |
|
26 goto err; |
|
27 } |
|
28 |
27 |
29 - if (type < 0 || type >= CRYPTO_NUM_LOCKS) |
28 @@ -167,7 +168,7 @@ |
30 + if (type < 0 || type >= CRYPTO_num_locks()) |
29 goto err; |
31 { |
30 } |
32 errstr = "type out of bounds"; |
31 |
33 goto err; |
32 - if (type < 0 || type >= CRYPTO_NUM_LOCKS) { |
34 @@ -311,6 +315,14 @@ |
33 + if (type < 0 || type >= CRYPTO_num_locks()) { |
35 if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
34 errstr = "type out of bounds"; |
|
35 goto err; |
|
36 } |
|
37 @@ -305,6 +306,14 @@ |
|
38 if (getenv("OPENSSL_DEBUG_LOCKING") != NULL) |
36 #endif |
39 #endif |
37 { |
40 { |
38 + modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); |
41 + modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int)); |
39 + if (modes == NULL) { |
42 + if (modes == NULL) { |
40 + ERR_load_crypto_strings(); |
43 + ERR_load_crypto_strings(); |
41 + BIO_printf(bio_err,"Memory allocation failure\n"); |
44 + BIO_printf(bio_err,"Memory allocation failure\n"); |
42 + ERR_print_errors(bio_err); |
45 + ERR_print_errors(bio_err); |
43 + EXIT(1); |
46 + EXIT(1); |
44 + } |
47 + } |
45 + memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); |
48 + memset(modes, 0, CRYPTO_num_locks() * sizeof (int)); |
46 CRYPTO_set_locking_callback(lock_dbg_cb); |
49 CRYPTO_set_locking_callback(lock_dbg_cb); |
47 } |
50 } |
48 |
51 |
49 @@ -314,18 +326,28 @@ |
52 @@ -308,18 +320,28 @@ |
50 CRYPTO_set_locking_callback(lock_dbg_cb); |
53 CRYPTO_set_locking_callback(lock_dbg_cb); |
51 } |
54 } |
52 |
55 |
53 +/* |
56 +/* |
54 + * Solaris OpenSSL |
57 + * Solaris OpenSSL |
55 + * Add a further check for the FIPS_mode_set() symbol before calling to |
58 + * Add a further check for the FIPS_mode_set() symbol before calling to |
56 + * allow openssl(1openssl) to be run against both fips and non-fips libraries. |
59 + * allow openssl(1openssl) to be run against both fips and non-fips libraries. |
57 + */ |
60 + */ |
58 if(getenv("OPENSSL_FIPS")) { |
61 if (getenv("OPENSSL_FIPS")) { |
59 -#ifdef OPENSSL_FIPS |
62 -#ifdef OPENSSL_FIPS |
60 - if (!FIPS_mode_set(1)) { |
63 - if (!FIPS_mode_set(1)) { |
61 + |
64 + |
62 + int (*FIPS_mode_set)(int); |
65 + int (*FIPS_mode_set)(int); |
63 + FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); |
66 + FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set"); |
64 + |
67 + |
65 + if (FIPS_mode_set != NULL) { |
68 + if (FIPS_mode_set != NULL) { |
66 + if (!(*FIPS_mode_set)(1)) { |
69 + if (!(*FIPS_mode_set)(1)) { |
67 ERR_load_crypto_strings(); |
70 ERR_load_crypto_strings(); |
68 ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); |
71 ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE)); |
69 EXIT(1); |
72 EXIT(1); |
70 } |
73 } |
71 -#else |
74 -#else |
72 - fprintf(stderr, "FIPS mode not supported.\n"); |
75 - fprintf(stderr, "FIPS mode not supported.\n"); |
73 + } else { |
76 + } else { |
74 + fprintf(stderr, "Failed to enable FIPS mode. " |
77 + fprintf(stderr, "Failed to enable FIPS mode. " |
75 + "For more information about running in FIPS mode see openssl(5).\n"); |
78 + "For more information about running in FIPS mode see openssl(5).\n"); |
76 EXIT(1); |
79 EXIT(1); |
77 -#endif |
80 -#endif |
78 } |
81 } |
79 + } |
82 + } |
80 |
83 |
81 apps_startup(); |
84 apps_startup(); |
82 |
85 |