20735615 Upgrade OpenSSL version to 1.0.1m
20735495 problem in LIBRARY/OPENSSL
20735520 problem in LIBRARY/OPENSSL
20735531 problem in LIBRARY/OPENSSL
20735537 problem in LIBRARY/OPENSSL
20735541 problem in LIBRARY/OPENSSL
20735555 problem in LIBRARY/OPENSSL
20735563 problem in LIBRARY/OPENSSL
20688058 problem in LIBRARY/OPENSSL
#
# Patch developed in-house. Solaris-specific; not suitable for upstream.
#
--- openssl-0.9.8m/apps/openssl.c Thu Oct 15 19:28:02 2009
+++ openssl-0.9.8m/apps/openssl.c Fri Feb 26 16:12:30 2010
@@ -135,6 +135,9 @@
# include <openssl/fips.h>
#endif
+/* Solaris OpenSSL */
+#include <dlfcn.h>
+
/*
* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
* the base prototypes (we cast each variable inside the function to the
@@ -155,9 +158,10 @@
BIO *bio_err = NULL;
#endif
+static int *modes;
+
static void lock_dbg_cb(int mode, int type, const char *file, int line)
{
- static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
const char *errstr = NULL;
int rw;
@@ -167,7 +168,7 @@
goto err;
}
- if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+ if (type < 0 || type >= CRYPTO_num_locks()) {
errstr = "type out of bounds";
goto err;
}
@@ -305,6 +306,14 @@
if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
#endif
{
+ modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
+ if (modes == NULL) {
+ ERR_load_crypto_strings();
+ BIO_printf(bio_err,"Memory allocation failure\n");
+ ERR_print_errors(bio_err);
+ EXIT(1);
+ }
+ memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
CRYPTO_set_locking_callback(lock_dbg_cb);
}
@@ -308,18 +320,28 @@
CRYPTO_set_locking_callback(lock_dbg_cb);
}
+/*
+ * Solaris OpenSSL
+ * Add a further check for the FIPS_mode_set() symbol before calling to
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
+ */
if (getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
- if (!FIPS_mode_set(1)) {
+
+ int (*FIPS_mode_set)(int);
+ FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
+
+ if (FIPS_mode_set != NULL) {
+ if (!(*FIPS_mode_set)(1)) {
ERR_load_crypto_strings();
ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
EXIT(1);
}
-#else
- fprintf(stderr, "FIPS mode not supported.\n");
+ } else {
+ fprintf(stderr, "Failed to enable FIPS mode. "
+ "For more information about running in FIPS mode see openssl(5).\n");
EXIT(1);
-#endif
}
+ }
apps_startup();