Don't limit uploads.

[fedora-mingw.git] / openssl / openssl-0.9.8j-kernel-fipsmode.patch

diff -up openssl-0.9.8j/crypto/o_init.c.fipsmode openssl-0.9.8j/crypto/o_init.c
--- openssl-0.9.8j/crypto/o_init.c.fipsmode     2008-11-05 19:36:36.000000000 +0100
+++ openssl-0.9.8j/crypto/o_init.c      2009-01-14 17:57:39.000000000 +0100
@@ -59,6 +59,45 @@
 #include <e_os.h>
 #include <openssl/err.h>
 
+#ifdef OPENSSL_FIPS
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <errno.h>
+#include <stdlib.h>
+#include <openssl/fips.h>
+#include <openssl/evp.h>
+#include <openssl/rand.h>
+
+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
+
+static void init_fips_mode(void)
+       {
+       char buf[2] = "0";
+       int fd;
+       
+       if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
+               {
+               buf[0] = '1';
+               }
+       else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
+               {
+               while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
+               close(fd);
+               }
+       /* Failure reading the fips mode switch file means just not
+        * switching into FIPS mode. We would break too many things
+        * otherwise. 
+        */
+       
+       if (buf[0] == '1')
+               {
+               FIPS_mode_set(1);
+               }
+       }
+#endif
+
 /* Perform any essential OpenSSL initialization operations.
  * Currently only sets FIPS callbacks
  */
@@ -73,11 +112,10 @@ void OPENSSL_init(void)
 #ifdef CRYPTO_MDEBUG
                CRYPTO_malloc_debug_init();
 #endif
-#ifdef OPENSSL_ENGINE
+               init_fips_mode();
                int_EVP_MD_init_engine_callbacks();
                int_EVP_CIPHER_init_engine_callbacks();
                int_RAND_init_engine_callbacks();
-#endif
                done = 1;
                }
 #endif