Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-fips-140/patches/204-fips-by-default.patch
author Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
Thu, 13 Oct 2016 14:47:30 -0700
changeset 7103 398c9d0ab0f3
child 7239 81dd404b35f2
permissions -rw-r--r--
24588300 OpenSSL FIPS work based on 1.0.2 for Oracle Solaris: Phase I 20800792 openssl-1.0.1-fips-140: using obsolete -xarch option

# Developed in house: Solaris specific
# This patch enables FIPS mode in the _init routine.
--- a/crypto/cryptlib.c 2016-09-02 14:10:14.157867400 -0700
+++ b/crypto/cryptlib.c 2016-09-02 14:08:38.308229315 -0700
@@ -117,6 +117,8 @@
 #include <openssl/safestack.h>
 #include <pthread.h>
 
+extern	unsigned char FIPS_signature[];
+
 #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16)
 static double SSLeay_MSVC5_hack = 0.0; /* and for VC1.5 */
 #endif
@@ -531,6 +582,14 @@
         (void) pthread_mutex_init(&solaris_openssl_locks[i], NULL);
     }
 
+    if ((FIPS_signature[0] != 0x00) || (FIPS_signature[1] != 0xFF)) {
+        /* Set FIPS mode by default if FIPS_signature is already set */
+        if (FIPS_mode_set(1) != 1) {
+            fprintf(stderr, "Failed to set FIPS mode.\n");
+            abort();
+        }
+    }
+
     (void) pthread_atfork(solaris_fork_prep, solaris_fork_post, solaris_fork_post);
 }
upstream/oracle/userland-gate