1 files changed, 124 insertions, 6 deletions
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c
index 2924def2bb..fef0afb29f 100644
--- a/src/lib/libcrypto/cryptlib.c
+++ b/src/lib/libcrypto/cryptlib.c
@@ -105,7 +105,9 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
        "engine",
        "ui",
        "hwcrhk",               /* This is a HACK which will disappear in 0.9.8 */
-#if CRYPTO_NUM_LOCKS != 33
+        "fips",
+        "fips2",
+#if CRYPTO_NUM_LOCKS != 35
 # error "Inconsistency between crypto.h and cryptlib.c"
 #endif
        };
@@ -478,13 +480,12 @@ const char *CRYPTO_get_lock_name(int type)
                return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
        }
-#ifdef _DLL
+#if defined(_WIN32) && defined(_WINDLL)
-#ifdef OPENSSL_SYS_WIN32
 /* All we really need to do is remove the 'error' state when a thread
 * detaches */
-BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
+BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
             LPVOID lpvReserved)
        {
        switch(fdwReason)
@@ -503,8 +504,6 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
        }
 #endif
-#endif
 void OpenSSLDie(const char *file,int line,const char *assertion)
        {
        fprintf(stderr,
@@ -512,3 +511,122 @@ void OpenSSLDie(const char *file,int line,const char *assertion)
                file,line,assertion);
        abort();
        }
+#ifdef OPENSSL_FIPS
+static int fips_started = 0;
+static int fips_mode = 0;
+static void *fips_rand_check = 0;
+static unsigned long fips_thread = 0;
+void fips_set_started(void)
+        {
+        fips_started = 1;
+        }
+int fips_is_started(void)
+        {
+        return fips_started;
+        }
+int fips_is_owning_thread(void)
+        {
+        int ret = 0;
+        if (fips_is_started())
+                {
+                CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
+                        ret = 1;
+                CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+int fips_set_owning_thread(void)
+        {
+        int ret = 0;
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == 0)
+                        {
+                        fips_thread = CRYPTO_thread_id();
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+int fips_clear_owning_thread(void)
+        {
+        int ret = 0;
+        if (fips_is_started())
+                {
+                CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
+                if (fips_thread == CRYPTO_thread_id())
+                        {
+                        fips_thread = 0;
+                        ret = 1;
+                        }
+                CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
+                }
+        return ret;
+        }
+void fips_set_mode(int onoff)
+        {
+        int owning_thread = fips_is_owning_thread();
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+                fips_mode = onoff;
+                if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+                }
+        }
+void fips_set_rand_check(void *rand_check)
+        {
+        int owning_thread = fips_is_owning_thread();
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
+                fips_rand_check = rand_check;
+                if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
+                }
+        }
+int FIPS_mode(void)
+        {
+        int ret = 0;
+        int owning_thread = fips_is_owning_thread();
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+                ret = fips_mode;
+                if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+                }
+        return ret;
+        }
+void *FIPS_rand_check(void)
+        {
+        void *ret = 0;
+        int owning_thread = fips_is_owning_thread();
+        if (fips_is_started())
+                {
+                if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
+                ret = fips_rand_check;
+                if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
+                }
+        return ret;
+        }
+#endif /* OPENSSL_FIPS */

diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c index 2924def2bb..fef0afb29f 100644 --- a/src/lib/libcrypto/cryptlib.c +++ b/src/lib/libcrypto/cryptlib.c
@@ -105,7 +105,9 @@ static const char* lock_names[CRYPTO_NUM_LOCKS] =
105	"engine",	105	"engine",
106	"ui",	106	"ui",
107	"hwcrhk", /* This is a HACK which will disappear in 0.9.8 */	107	"hwcrhk", /* This is a HACK which will disappear in 0.9.8 */
108	#if CRYPTO_NUM_LOCKS != 33	108	"fips",
		109	"fips2",
		110	#if CRYPTO_NUM_LOCKS != 35
109	# error "Inconsistency between crypto.h and cryptlib.c"	111	# error "Inconsistency between crypto.h and cryptlib.c"
110	#endif	112	#endif
111	};	113	};
@@ -478,13 +480,12 @@ const char *CRYPTO_get_lock_name(int type)
478	return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));	480	return(sk_value(app_locks,type-CRYPTO_NUM_LOCKS));
479	}	481	}
480		482
481	#ifdef _DLL	483	#if defined(_WIN32) && defined(_WINDLL)
482	#ifdef OPENSSL_SYS_WIN32
483		484
484	/* All we really need to do is remove the 'error' state when a thread	485	/* All we really need to do is remove the 'error' state when a thread
485	* detaches */	486	* detaches */
486		487
487	BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,	488	BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason,
488	LPVOID lpvReserved)	489	LPVOID lpvReserved)
489	{	490	{
490	switch(fdwReason)	491	switch(fdwReason)
@@ -503,8 +504,6 @@ BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason,
503	}	504	}
504	#endif	505	#endif
505		506
506	#endif
507
508	void OpenSSLDie(const char file,int line,const char assertion)	507	void OpenSSLDie(const char file,int line,const char assertion)
509	{	508	{
510	fprintf(stderr,	509	fprintf(stderr,
@@ -512,3 +511,122 @@ void OpenSSLDie(const char file,int line,const char assertion)
512	file,line,assertion);	511	file,line,assertion);
513	abort();	512	abort();
514	}	513	}
		514
		515	#ifdef OPENSSL_FIPS
		516	static int fips_started = 0;
		517	static int fips_mode = 0;
		518	static void *fips_rand_check = 0;
		519	static unsigned long fips_thread = 0;
		520
		521	void fips_set_started(void)
		522	{
		523	fips_started = 1;
		524	}
		525
		526	int fips_is_started(void)
		527	{
		528	return fips_started;
		529	}
		530
		531	int fips_is_owning_thread(void)
		532	{
		533	int ret = 0;
		534
		535	if (fips_is_started())
		536	{
		537	CRYPTO_r_lock(CRYPTO_LOCK_FIPS2);
		538	if (fips_thread != 0 && fips_thread == CRYPTO_thread_id())
		539	ret = 1;
		540	CRYPTO_r_unlock(CRYPTO_LOCK_FIPS2);
		541	}
		542	return ret;
		543	}
		544
		545	int fips_set_owning_thread(void)
		546	{
		547	int ret = 0;
		548
		549	if (fips_is_started())
		550	{
		551	CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
		552	if (fips_thread == 0)
		553	{
		554	fips_thread = CRYPTO_thread_id();
		555	ret = 1;
		556	}
		557	CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
		558	}
		559	return ret;
		560	}
		561
		562	int fips_clear_owning_thread(void)
		563	{
		564	int ret = 0;
		565
		566	if (fips_is_started())
		567	{
		568	CRYPTO_w_lock(CRYPTO_LOCK_FIPS2);
		569	if (fips_thread == CRYPTO_thread_id())
		570	{
		571	fips_thread = 0;
		572	ret = 1;
		573	}
		574	CRYPTO_w_unlock(CRYPTO_LOCK_FIPS2);
		575	}
		576	return ret;
		577	}
		578
		579	void fips_set_mode(int onoff)
		580	{
		581	int owning_thread = fips_is_owning_thread();
		582
		583	if (fips_is_started())
		584	{
		585	if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
		586	fips_mode = onoff;
		587	if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
		588	}
		589	}
		590
		591	void fips_set_rand_check(void *rand_check)
		592	{
		593	int owning_thread = fips_is_owning_thread();
		594
		595	if (fips_is_started())
		596	{
		597	if (!owning_thread) CRYPTO_w_lock(CRYPTO_LOCK_FIPS);
		598	fips_rand_check = rand_check;
		599	if (!owning_thread) CRYPTO_w_unlock(CRYPTO_LOCK_FIPS);
		600	}
		601	}
		602
		603	int FIPS_mode(void)
		604	{
		605	int ret = 0;
		606	int owning_thread = fips_is_owning_thread();
		607
		608	if (fips_is_started())
		609	{
		610	if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
		611	ret = fips_mode;
		612	if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
		613	}
		614	return ret;
		615	}
		616
		617	void *FIPS_rand_check(void)
		618	{
		619	void *ret = 0;
		620	int owning_thread = fips_is_owning_thread();
		621
		622	if (fips_is_started())
		623	{
		624	if (!owning_thread) CRYPTO_r_lock(CRYPTO_LOCK_FIPS);
		625	ret = fips_rand_check;
		626	if (!owning_thread) CRYPTO_r_unlock(CRYPTO_LOCK_FIPS);
		627	}
		628	return ret;
		629	}
		630
		631	#endif /* OPENSSL_FIPS */
		632