Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-fips-140/patches/201-openssl_fips.patch
changeset 4822 1fb8a14c6702
parent 4370 7043c27399f1 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-fips-140/patches/201-openssl_fips.patch	Fri Aug 28 11:04:52 2015 -0700
@@ -0,0 +1,85 @@
+#
+# Patch developed in-house.  Solaris-specific; not suitable for upstream. 
+#
+--- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
++++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
+@@ -135,6 +135,9 @@
+ # include <openssl/fips.h>
+ #endif
+ 
++/* Solaris OpenSSL */
++#include <dlfcn.h>
++
+ /*
+  * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+  * the base prototypes (we cast each variable inside the function to the
+@@ -155,9 +158,10 @@
+ BIO *bio_err = NULL;
+ #endif
+ 
++static int *modes;
++
+ static void lock_dbg_cb(int mode, int type, const char *file, int line)
+ {
+-    static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+     const char *errstr = NULL;
+     int rw;
+ 
+@@ -167,7 +168,7 @@
+         goto err;
+     }
+ 
+-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
++    if (type < 0 || type >= CRYPTO_num_locks()) {
+         errstr = "type out of bounds";
+         goto err;
+     }
+@@ -305,6 +306,14 @@
+     if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+ #endif
+     {
++        modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
++        if (modes == NULL) {
++            ERR_load_crypto_strings();
++            BIO_printf(bio_err,"Memory allocation failure\n");
++            ERR_print_errors(bio_err);
++            EXIT(1);
++        }
++        memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
+         CRYPTO_set_locking_callback(lock_dbg_cb);
+     }
+ 
+@@ -308,18 +320,28 @@
+         CRYPTO_set_locking_callback(lock_dbg_cb);
+     }
+ 
++/*
++ * Solaris OpenSSL
++ * Add a further check for the FIPS_mode_set() symbol before calling to
++ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
++ */
+     if (getenv("OPENSSL_FIPS")) {
+-#ifdef OPENSSL_FIPS
+-        if (!FIPS_mode_set(1)) {
++
++        int (*FIPS_mode_set)(int);
++        FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
++
++        if (FIPS_mode_set != NULL) {
++            if (!(*FIPS_mode_set)(1)) {
+             ERR_load_crypto_strings();
+             ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+             EXIT(1);
+         }
+-#else
+-        fprintf(stderr, "FIPS mode not supported.\n");
++    } else {
++            fprintf(stderr, "Failed to enable FIPS mode. "
++                "For more information about running in FIPS mode see openssl(5).\n");
+         EXIT(1);
+-#endif
+     }
++    }
+ 
+     apps_startup();
+
upstream/oracle/userland-gate