Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch
author Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
Fri, 13 Dec 2013 07:45:20 -0800
changeset 1596 59869c4257d0
parent 1586 components/openssl/openssl-0.9.8-fips-140/patches/26-openssl_fips.patch@2d3ec080d6a3
child 1641 2fc479afcf70
permissions -rw-r--r--
PSARC/2013/383 OpenSSL FIPS 140-2 version update 15801760 SUNBT7181479 FIPS-capable version of OpenSSL using OpenSSL FIPS Object Module v2

--- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
+++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
@@ -133,6 +133,9 @@
 #include <openssl/fips.h>
 #endif
 
+/* Solaris OpenSSL */
+#include <dlfcn.h>
+
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
  * base prototypes (we cast each variable inside the function to the required
  * type of "FUNCTION*"). This removes the necessity for macro-generated wrapper
@@ -152,9 +155,10 @@
 #endif
 
 
+static int *modes;
+
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
 	{
-	static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
 	const char *errstr = NULL;
 	int rw;
 	
@@ -165,7 +169,7 @@
 		goto err;
 		}
 
-	if (type < 0 || type >= CRYPTO_NUM_LOCKS)
+	if (type < 0 || type >= CRYPTO_num_locks())
 		{
 		errstr = "type out of bounds";
 		goto err;
@@ -310,6 +314,14 @@
 	if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
 #endif
 		{
+		modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
+		if (modes == NULL) {
+			ERR_load_crypto_strings();
+			BIO_printf(bio_err,"Memory allocation failure\n");
+			ERR_print_errors(bio_err);
+			EXIT(1);
+		}
+		memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
 		CRYPTO_set_locking_callback(lock_dbg_cb);
 		}
 
@@ -313,18 +325,28 @@
 		CRYPTO_set_locking_callback(lock_dbg_cb);
 		}
 
+/*
+ * Solaris OpenSSL
+ * Add a further check for the FIPS_mode_set() symbol before calling to
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
+ */
 	if(getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
-		if (!FIPS_mode_set(1)) {
+
+	int (*FIPS_mode_set)(int);
+	FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
+
+	if (FIPS_mode_set != NULL) {
+		if (!(*FIPS_mode_set)(1)) {
 			ERR_load_crypto_strings();
 			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
 			EXIT(1);
 		}
-#else
-		fprintf(stderr, "FIPS mode not supported.\n");
+	} else {
+			fprintf(stderr, "Failed to enable FIPS mode. "
+			    "For more information about running in FIPS mode see openssl(5).\n");
 		EXIT(1);
-#endif
 		}
+		}
 
 	apps_startup();
upstream/oracle/userland-gate