Mercurial Mercurial > upstream > oracle > userland-gate / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch
changeset 1586 2d3ec080d6a3
parent 363 9c0cad004039
child 1641 2fc479afcf70 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch	Mon Dec 09 15:11:31 2013 -0800
@@ -0,0 +1,82 @@
+--- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
++++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
+@@ -133,6 +133,9 @@
+ #include <openssl/fips.h>
+ #endif
+ 
++/* Solaris OpenSSL */
++#include <dlfcn.h>
++
+ /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
+  * base prototypes (we cast each variable inside the function to the required
+  * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
+@@ -152,9 +155,10 @@
+ #endif
+ 
+ 
++static int *modes;
++
+ static void lock_dbg_cb(int mode, int type, const char *file, int line)
+ 	{
+-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ 	const char *errstr = NULL;
+ 	int rw;
+ 	
+@@ -165,7 +169,7 @@
+ 		goto err;
+ 		}
+ 
+-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
++	if (type < 0 || type >= CRYPTO_num_locks())
+ 		{
+ 		errstr = "type out of bounds";
+ 		goto err;
+@@ -310,6 +314,14 @@
+ 	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+ #endif
+ 		{
++		modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
++		if (modes == NULL) {
++			ERR_load_crypto_strings();
++			BIO_printf(bio_err,"Memory allocation failure\n");
++			ERR_print_errors(bio_err);
++			EXIT(1);
++		}
++		memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
+ 		CRYPTO_set_locking_callback(lock_dbg_cb);
+ 		}
+ 
+@@ -313,18 +325,28 @@
+ 		CRYPTO_set_locking_callback(lock_dbg_cb);
+ 		}
+ 
++/*
++ * Solaris OpenSSL
++ * Add a further check for the FIPS_mode_set() symbol before calling to
++ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
++ */
+ 	if(getenv("OPENSSL_FIPS")) {
+-#ifdef OPENSSL_FIPS
+-		if (!FIPS_mode_set(1)) {
++
++	int (*FIPS_mode_set)(int);
++	FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
++
++	if (FIPS_mode_set != NULL) {
++		if (!(*FIPS_mode_set)(1)) {
+ 			ERR_load_crypto_strings();
+ 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ 			EXIT(1);
+ 		}
+-#else
+-		fprintf(stderr, "FIPS mode not supported.\n");
++	} else {
++			fprintf(stderr, "Failed to enable FIPS mode. "
++			    "For more information about running in FIPS mode see openssl(5).\n");
+ 		EXIT(1);
+-#endif
+ 		}
++		}
+ 
+ 	apps_startup();
+
upstream/oracle/userland-gate