--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-fips-140/patches/201-openssl_fips.patch Fri Aug 28 11:04:52 2015 -0700
@@ -0,0 +1,85 @@
+#
+# Patch developed in-house. Solaris-specific; not suitable for upstream.
+#
+--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009
++++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010
+@@ -135,6 +135,9 @@
+ # include <openssl/fips.h>
+ #endif
+
++/* Solaris OpenSSL */
++#include <dlfcn.h>
++
+ /*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+@@ -155,9 +158,10 @@
+ BIO *bio_err = NULL;
+ #endif
+
++static int *modes;
++
+ static void lock_dbg_cb(int mode, int type, const char *file, int line)
+ {
+- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+@@ -167,7 +168,7 @@
+ goto err;
+ }
+
+- if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
++ if (type < 0 || type >= CRYPTO_num_locks()) {
+ errstr = "type out of bounds";
+ goto err;
+ }
+@@ -305,6 +306,14 @@
+ if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+ #endif
+ {
++ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
++ if (modes == NULL) {
++ ERR_load_crypto_strings();
++ BIO_printf(bio_err,"Memory allocation failure\n");
++ ERR_print_errors(bio_err);
++ EXIT(1);
++ }
++ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
+@@ -308,18 +320,28 @@
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+
++/*
++ * Solaris OpenSSL
++ * Add a further check for the FIPS_mode_set() symbol before calling to
++ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
++ */
+ if (getenv("OPENSSL_FIPS")) {
+-#ifdef OPENSSL_FIPS
+- if (!FIPS_mode_set(1)) {
++
++ int (*FIPS_mode_set)(int);
++ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
++
++ if (FIPS_mode_set != NULL) {
++ if (!(*FIPS_mode_set)(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+ EXIT(1);
+ }
+-#else
+- fprintf(stderr, "FIPS mode not supported.\n");
++ } else {
++ fprintf(stderr, "Failed to enable FIPS mode. "
++ "For more information about running in FIPS mode see openssl(5).\n");
+ EXIT(1);
+-#endif
+ }
++ }
+
+ apps_startup();
+