--- a/components/openssl/README Mon Oct 27 13:21:58 2014 -0700
+++ b/components/openssl/README Sat Oct 25 10:54:16 2014 -0700
@@ -30,7 +30,7 @@
fips-140, and once for 1.0.1 FIPS-140 canister (in the openssl-fips component)
needed to build 1.0.1 FIPS-140 certified libraries. All builds apart from
static libraries for wanboot are done for 32 and 64 bits. So, in total, OpenSSL
-is built seven times. OpenSSL for wanboot is only build on sparc.
+is built seven times. OpenSSL for wanboot is only built on sparc.
See also comments in all the Makefiles for more information.
@@ -238,14 +238,14 @@
address before execution. This address is defined in
$ON/usr/src/psm/stand/boot/sparc/common/mapfile:
- 27 LOAD_SEGMENT text {
- 28 FLAGS = READ EXECUTE;
- 29 VADDR = 0x130000;
- 30 ASSIGN_SECTION {
- 31 TYPE = PROGBITS;
- 32 FLAGS = ALLOC !WRITE;
- 33 };
- 34 };
+ LOAD_SEGMENT text {
+ FLAGS = READ EXECUTE;
+ VADDR = 0x130000;
+ ASSIGN_SECTION {
+ TYPE = PROGBITS;
+ FLAGS = ALLOC !WRITE;
+ };
+ };
This address (VADDR) NEEDS TO BE GREATER THEN
size of wanboot binary + 0x4000
--- a/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c Mon Oct 27 13:21:58 2014 -0700
+++ b/components/openssl/openssl-1.0.1-fips-140/engines/pkcs11/e_pk11.c Sat Oct 25 10:54:16 2014 -0700
@@ -1157,8 +1157,22 @@
}
}
-
- /* Attempt to load PKCS#11 library */
+ /*
+ * If initialization of the locks fails pk11_init_all_locks()
+ * will do the cleanup.
+ */
+ if (!pk11_init_all_locks())
+ goto err;
+ for (i = 0; i < OP_MAX; i++)
+ session_cache[i].head = NULL;
+ /*
+ * Initialize active lists. We only use active lists
+ * for asymmetric ciphers.
+ */
+ for (i = 0; i < OP_MAX; i++)
+ active_list[i] = NULL;
+
+ /* Attempt to load PKCS#11 library. */
if (!pk11_dso)
{
pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
@@ -1245,20 +1259,6 @@
pk11_library_initialized = CK_TRUE;
pk11_pid = getpid();
- /*
- * if initialization of the locks fails pk11_init_all_locks()
- * will do the cleanup.
- */
- if (!pk11_init_all_locks())
- goto err;
- for (i = 0; i < OP_MAX; i++)
- session_cache[i].head = NULL;
- /*
- * initialize active lists. We only use active lists
- * for asymmetric ciphers.
- */
- for (i = 0; i < OP_MAX; i++)
- active_list[i] = NULL;
if (!pk11_atfork_initialized)
{
@@ -1324,8 +1324,12 @@
for (i = 0; i < OP_MAX; i++)
pk11_free_active_list(i);
- pFuncList->C_CloseSession(global_session);
- global_session = CK_INVALID_HANDLE;
+ /* Global session is not present when there are no slots. */
+ if (global_session != CK_INVALID_HANDLE)
+ {
+ pFuncList->C_CloseSession(global_session);
+ global_session = CK_INVALID_HANDLE;
+ }
/*
* Since we are part of a library (libcrypto.so), calling this function
--- a/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c Mon Oct 27 13:21:58 2014 -0700
+++ b/components/openssl/openssl-1.0.1/engines/pkcs11/e_pk11.c Sat Oct 25 10:54:16 2014 -0700
@@ -1163,7 +1163,22 @@
}
- /* Attempt to load PKCS#11 library */
+ /*
+ * If initialization of the locks fails pk11_init_all_locks()
+ * will do the cleanup.
+ */
+ if (!pk11_init_all_locks())
+ goto err;
+ for (i = 0; i < OP_MAX; i++)
+ session_cache[i].head = NULL;
+ /*
+ * Initialize active lists. We only use active lists
+ * for asymmetric ciphers.
+ */
+ for (i = 0; i < OP_MAX; i++)
+ active_list[i] = NULL;
+
+ /* Attempt to load PKCS#11 library. */
if (!pk11_dso)
{
pk11_dso = DSO_load(NULL, get_PK11_LIBNAME(), NULL, 0);
@@ -1250,20 +1265,6 @@
pk11_library_initialized = CK_TRUE;
pk11_pid = getpid();
- /*
- * if initialization of the locks fails pk11_init_all_locks()
- * will do the cleanup.
- */
- if (!pk11_init_all_locks())
- goto err;
- for (i = 0; i < OP_MAX; i++)
- session_cache[i].head = NULL;
- /*
- * initialize active lists. We only use active lists
- * for asymmetric ciphers.
- */
- for (i = 0; i < OP_MAX; i++)
- active_list[i] = NULL;
if (!pk11_atfork_initialized)
{
@@ -1329,8 +1330,12 @@
for (i = 0; i < OP_MAX; i++)
pk11_free_active_list(i);
- pFuncList->C_CloseSession(global_session);
- global_session = CK_INVALID_HANDLE;
+ /* Global session is not present when there are no slots. */
+ if (global_session != CK_INVALID_HANDLE)
+ {
+ pFuncList->C_CloseSession(global_session);
+ global_session = CK_INVALID_HANDLE;
+ }
/*
* Since we are part of a library (libcrypto.so), calling this function