--- a/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch Tue Mar 24 10:15:01 2015 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch Tue Mar 24 20:05:38 2015 -0700
@@ -1,82 +1,85 @@
+#
+# Patch developed in-house. Solaris-specific; not suitable for upstream.
+#
--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009
+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010
-@@ -134,6 +134,9 @@
- #include <openssl/fips.h>
+@@ -135,6 +135,9 @@
+ # include <openssl/fips.h>
#endif
+/* Solaris OpenSSL */
+#include <dlfcn.h>
+
- /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
- * base prototypes (we cast each variable inside the function to the required
- * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
-@@ -153,9 +156,10 @@
+ /*
+ * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
+ * the base prototypes (we cast each variable inside the function to the
+@@ -155,9 +158,10 @@
+ BIO *bio_err = NULL;
#endif
-
+static int *modes;
+
static void lock_dbg_cb(int mode, int type, const char *file, int line)
- {
-- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
- const char *errstr = NULL;
- int rw;
-
-@@ -166,7 +170,7 @@
- goto err;
- }
+ {
+- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
+ const char *errstr = NULL;
+ int rw;
+
+@@ -167,7 +168,7 @@
+ goto err;
+ }
-- if (type < 0 || type >= CRYPTO_NUM_LOCKS)
-+ if (type < 0 || type >= CRYPTO_num_locks())
- {
- errstr = "type out of bounds";
- goto err;
-@@ -311,6 +315,14 @@
- if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
+- if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
++ if (type < 0 || type >= CRYPTO_num_locks()) {
+ errstr = "type out of bounds";
+ goto err;
+ }
+@@ -305,6 +306,14 @@
+ if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
#endif
- {
-+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
-+ if (modes == NULL) {
-+ ERR_load_crypto_strings();
-+ BIO_printf(bio_err,"Memory allocation failure\n");
-+ ERR_print_errors(bio_err);
-+ EXIT(1);
-+ }
-+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
+ {
++ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
++ if (modes == NULL) {
++ ERR_load_crypto_strings();
++ BIO_printf(bio_err,"Memory allocation failure\n");
++ ERR_print_errors(bio_err);
++ EXIT(1);
++ }
++ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
-@@ -314,18 +326,28 @@
- CRYPTO_set_locking_callback(lock_dbg_cb);
- }
+@@ -308,18 +320,28 @@
+ CRYPTO_set_locking_callback(lock_dbg_cb);
+ }
+/*
+ * Solaris OpenSSL
+ * Add a further check for the FIPS_mode_set() symbol before calling to
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
+ */
- if(getenv("OPENSSL_FIPS")) {
+ if (getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
-- if (!FIPS_mode_set(1)) {
+- if (!FIPS_mode_set(1)) {
+
-+ int (*FIPS_mode_set)(int);
-+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
++ int (*FIPS_mode_set)(int);
++ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
+
-+ if (FIPS_mode_set != NULL) {
-+ if (!(*FIPS_mode_set)(1)) {
- ERR_load_crypto_strings();
- ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
- EXIT(1);
- }
++ if (FIPS_mode_set != NULL) {
++ if (!(*FIPS_mode_set)(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
+ EXIT(1);
+ }
-#else
-- fprintf(stderr, "FIPS mode not supported.\n");
-+ } else {
-+ fprintf(stderr, "Failed to enable FIPS mode. "
-+ "For more information about running in FIPS mode see openssl(5).\n");
- EXIT(1);
+- fprintf(stderr, "FIPS mode not supported.\n");
++ } else {
++ fprintf(stderr, "Failed to enable FIPS mode. "
++ "For more information about running in FIPS mode see openssl(5).\n");
+ EXIT(1);
-#endif
- }
-+ }
+ }
++ }
- apps_startup();
+ apps_startup();