Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch
author Misaki Miyashita <Misaki.Miyashita@Oracle.COM>
Fri, 20 Mar 2015 15:31:27 -0700
changeset 4002 95b8f35fcdd5
parent 1641 2fc479afcf70
permissions -rw-r--r--
20735615 Upgrade OpenSSL version to 1.0.1m 20735495 problem in LIBRARY/OPENSSL 20735520 problem in LIBRARY/OPENSSL 20735531 problem in LIBRARY/OPENSSL 20735537 problem in LIBRARY/OPENSSL 20735541 problem in LIBRARY/OPENSSL 20735555 problem in LIBRARY/OPENSSL 20735563 problem in LIBRARY/OPENSSL 20688058 problem in LIBRARY/OPENSSL

#
# Patch developed in-house.  Solaris-specific; not suitable for upstream. 
#
--- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
+++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
@@ -135,6 +135,9 @@
 # include <openssl/fips.h>
 #endif
 
+/* Solaris OpenSSL */
+#include <dlfcn.h>
+
 /*
  * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
  * the base prototypes (we cast each variable inside the function to the
@@ -155,9 +158,10 @@
 BIO *bio_err = NULL;
 #endif
 
+static int *modes;
+
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
 {
-    static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
     const char *errstr = NULL;
     int rw;
 
@@ -167,7 +168,7 @@
         goto err;
     }
 
-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+    if (type < 0 || type >= CRYPTO_num_locks()) {
         errstr = "type out of bounds";
         goto err;
     }
@@ -305,6 +306,14 @@
     if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
 #endif
     {
+        modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
+        if (modes == NULL) {
+            ERR_load_crypto_strings();
+            BIO_printf(bio_err,"Memory allocation failure\n");
+            ERR_print_errors(bio_err);
+            EXIT(1);
+        }
+        memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
         CRYPTO_set_locking_callback(lock_dbg_cb);
     }
 
@@ -308,18 +320,28 @@
         CRYPTO_set_locking_callback(lock_dbg_cb);
     }
 
+/*
+ * Solaris OpenSSL
+ * Add a further check for the FIPS_mode_set() symbol before calling to
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
+ */
     if (getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
-        if (!FIPS_mode_set(1)) {
+
+        int (*FIPS_mode_set)(int);
+        FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
+
+        if (FIPS_mode_set != NULL) {
+            if (!(*FIPS_mode_set)(1)) {
             ERR_load_crypto_strings();
             ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
             EXIT(1);
         }
-#else
-        fprintf(stderr, "FIPS mode not supported.\n");
+    } else {
+            fprintf(stderr, "Failed to enable FIPS mode. "
+                "For more information about running in FIPS mode see openssl(5).\n");
         EXIT(1);
-#endif
     }
+    }
 
     apps_startup();
upstream/oracle/userland-gate