Mercurial Mercurial > upstream > oracle > userland-gate / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
components/openssl/openssl-fips-140/patches/201-openssl_fips.patch
author Ronald Jordan <ron.jordan@oracle.com>
Wed, 26 Oct 2016 13:19:33 -0700
branchs11u3-sru
changeset 7163 ee09edbd5876
parent 4006 components/openssl/openssl-1.0.1-fips-140/patches/26-openssl_fips.patch@c737cefdce54
permissions -rw-r--r--
24784774 Upgrade 11.3-SRU to OpenSSL 1.0.2 20358335 memory leak in libcrypto 21297601 32-bit FIPS openssl(1) should link to the mediator link 21791492 Workaround to suppress the link check error should be removed 22021385 openssl ts sub-command dumps core 22021787 openssl s_client sub-command dumps core 22445522 openssl makefile contains undeclared dependency on rsync 22859741 Update OpenSSL FIPS module to 2.0.12 23230454 Use DES3 for pkcs12 certificate encryption 23285559 ssh libcrypto`solaris_locking_setup() atfork handler calls malloc() 24377801 solaris_dynlock_create() should check for a ret val of 0 from pthread_mutex_init 24943813 problem in LIBRARY/OPENSSL

#
# Patch developed in-house.  Solaris-specific; not suitable for upstream. 
#
--- openssl-0.9.8m/apps/openssl.c	Thu Oct 15 19:28:02 2009
+++ openssl-0.9.8m/apps/openssl.c	Fri Feb 26 16:12:30 2010
@@ -135,6 +135,9 @@
 # include <openssl/fips.h>
 #endif
 
+/* Solaris OpenSSL */
+#include <dlfcn.h>
+
 /*
  * The LHASH callbacks ("hash" & "cmp") have been replaced by functions with
  * the base prototypes (we cast each variable inside the function to the
@@ -155,9 +158,10 @@
 BIO *bio_err = NULL;
 #endif
 
+static int *modes;
+
 static void lock_dbg_cb(int mode, int type, const char *file, int line)
 {
-    static int modes[CRYPTO_NUM_LOCKS]; /* = {0, 0, ... } */
     const char *errstr = NULL;
     int rw;
 
@@ -167,7 +168,7 @@
         goto err;
     }
 
-    if (type < 0 || type >= CRYPTO_NUM_LOCKS) {
+    if (type < 0 || type >= CRYPTO_num_locks()) {
         errstr = "type out of bounds";
         goto err;
     }
@@ -305,6 +306,14 @@
     if (getenv("OPENSSL_DEBUG_LOCKING") != NULL)
 #endif
     {
+        modes = OPENSSL_malloc(CRYPTO_num_locks() * sizeof (int));
+        if (modes == NULL) {
+            ERR_load_crypto_strings();
+            BIO_printf(bio_err,"Memory allocation failure\n");
+            ERR_print_errors(bio_err);
+            EXIT(1);
+        }
+        memset(modes, 0, CRYPTO_num_locks() * sizeof (int));
         CRYPTO_set_locking_callback(lock_dbg_cb);
     }
 
@@ -308,18 +320,28 @@
         CRYPTO_set_locking_callback(lock_dbg_cb);
     }
 
+/*
+ * Solaris OpenSSL
+ * Add a further check for the FIPS_mode_set() symbol before calling to
+ * allow openssl(1openssl) to be run against both fips and non-fips libraries.
+ */
     if (getenv("OPENSSL_FIPS")) {
-#ifdef OPENSSL_FIPS
-        if (!FIPS_mode_set(1)) {
+
+        int (*FIPS_mode_set)(int);
+        FIPS_mode_set = (int (*)(int)) dlsym(RTLD_NEXT, "FIPS_mode_set");
+
+        if (FIPS_mode_set != NULL) {
+            if (!(*FIPS_mode_set)(1)) {
             ERR_load_crypto_strings();
             ERR_print_errors(BIO_new_fp(stderr, BIO_NOCLOSE));
             EXIT(1);
         }
-#else
-        fprintf(stderr, "FIPS mode not supported.\n");
+    } else {
+            fprintf(stderr, "Failed to enable FIPS mode. "
+                "For more information about running in FIPS mode see openssl(5).\n");
         EXIT(1);
-#endif
     }
+    }
 
     apps_startup();
upstream/oracle/userland-gate