Blame SOURCES/openssl-fips-0.9.8e-fipsmode.patch

5820f5
diff -up openssl-fips-0.9.8e/crypto/o_init.c.fipsmode openssl-fips-0.9.8e/crypto/o_init.c
5820f5
--- openssl-fips-0.9.8e/crypto/o_init.c.fipsmode	2007-07-01 02:07:22.000000000 +0200
5820f5
+++ openssl-fips-0.9.8e/crypto/o_init.c	2009-04-15 13:48:51.000000000 +0200
5820f5
@@ -59,6 +59,45 @@
5820f5
 #include <e_os.h>
5820f5
 #include <openssl/err.h>
5820f5
 
5820f5
+#ifdef OPENSSL_FIPS
5820f5
+#include <sys/types.h>
5820f5
+#include <sys/stat.h>
5820f5
+#include <fcntl.h>
5820f5
+#include <unistd.h>
5820f5
+#include <errno.h>
5820f5
+#include <stdlib.h>
5820f5
+#include <openssl/fips.h>
5820f5
+#include <openssl/evp.h>
5820f5
+#include <openssl/rand.h>
5820f5
+
5820f5
+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
5820f5
+
5820f5
+static void init_fips_mode(void)
5820f5
+	{
5820f5
+	char buf[2] = "0";
5820f5
+	int fd;
5820f5
+	
5820f5
+	if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
5820f5
+		{
5820f5
+		buf[0] = '1';
5820f5
+		}
5820f5
+	else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
5820f5
+		{
5820f5
+		while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
5820f5
+		close(fd);
5820f5
+		}
5820f5
+	/* Failure reading the fips mode switch file means just not
5820f5
+	 * switching into FIPS mode. We would break too many things
5820f5
+	 * otherwise. 
5820f5
+	 */
5820f5
+	
5820f5
+	if (buf[0] == '1')
5820f5
+		{
5820f5
+		FIPS_mode_set(1);
5820f5
+		}
5820f5
+	}
5820f5
+#endif
5820f5
+
5820f5
 /* Perform any essential OpenSSL initialization operations.
5820f5
  * Currently only sets FIPS callbacks
5820f5
  */
5820f5
@@ -73,11 +112,10 @@ void OPENSSL_init(void)
5820f5
 #ifdef CRYPTO_MDEBUG
5820f5
 		CRYPTO_malloc_debug_init();
5820f5
 #endif
5820f5
-#ifdef OPENSSL_ENGINE
5820f5
+		init_fips_mode();
5820f5
 		int_EVP_MD_init_engine_callbacks();
5820f5
 		int_EVP_CIPHER_init_engine_callbacks();
5820f5
 		int_RAND_init_engine_callbacks();
5820f5
-#endif
5820f5
 		done = 1;
5820f5
 		}
5820f5
 #endif
5820f5
diff -up openssl-fips-0.9.8e/ssl/ssl_algs.c.fipsmode openssl-fips-0.9.8e/ssl/ssl_algs.c
5820f5
--- openssl-fips-0.9.8e/ssl/ssl_algs.c.fipsmode	2007-04-24 13:30:48.000000000 +0200
5820f5
+++ openssl-fips-0.9.8e/ssl/ssl_algs.c	2009-04-15 14:09:42.000000000 +0200
5820f5
@@ -64,6 +64,8 @@
5820f5
 int SSL_library_init(void)
5820f5
 	{
5820f5
 
5820f5
+	OPENSSL_init();
5820f5
+
5820f5
 #ifndef OPENSSL_NO_DES
5820f5
 	EVP_add_cipher(EVP_des_cbc());
5820f5
 	EVP_add_cipher(EVP_des_ede3_cbc());