From 6ff9c48811cee25afccb8f181a398563a1b3a360 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Thu, 27 Jan 2011 14:29:48 +0000
Subject: [PATCH] New FIPS_lock() function for minimal FIPS locking API: to
 avoid dependencies on OpenSSL locking code. Use API in some internal FIPS
 files.

Remove redundant ENGINE defines from fips.h
---
 fips/fips.h           | 12 ++-----
 fips/rand/fips_rand.c |  2 ++
 fips/utl/Makefile     |  6 ++--
 fips/utl/fips_lck.c   | 73 +++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 80 insertions(+), 13 deletions(-)
 create mode 100644 fips/utl/fips_lck.c

diff --git a/fips/fips.h b/fips/fips.h
index 6bc69c660d..061ed9394b 100644
--- a/fips/fips.h
+++ b/fips/fips.h
@@ -119,16 +119,8 @@ int FIPS_evp_digest(const void *data, size_t count,
 void FIPS_evp_md_ctx_destroy(EVP_MD_CTX *ctx);
 int FIPS_evp_md_ctx_cleanup(EVP_MD_CTX *ctx);
 
-#ifdef OPENSSL_FIPS_SOURCE
-#define ENGINE_init FIPS_engine_init
-#define ENGINE_finish FIPS_engine_finish
-#define ENGINE_get_digest FIPS_engine_get_digest
-#define ENGINE_get_digest_engine FIPS_engine_get_digest_engine
-#define ENGINE_get_RAND FIPS_engine_get_rand
-#define ENGINE_get_default_RAND FIPS_engine_get_default_rand
-#define EVP_SignFinal FIPS_evp_signfinal
-#define EVP_VerifyFinal FIPS_evp_verifyfinal
-#endif
+void FIPS_set_locking_callback (void (*func)(int mode, int type,
+				const char *file,int line));
 
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/fips/rand/fips_rand.c b/fips/rand/fips_rand.c
index 84fac32ffe..b0505782d3 100644
--- a/fips/rand/fips_rand.c
+++ b/fips/rand/fips_rand.c
@@ -47,6 +47,8 @@
  *
  */
 
+#define OPENSSL_FIPSEVP
+
 /*
  * This is a FIPS approved AES PRNG based on ANSI X9.31 A.2.4.
  */
diff --git a/fips/utl/Makefile b/fips/utl/Makefile
index f00d8a66e5..577578ee70 100644
--- a/fips/utl/Makefile
+++ b/fips/utl/Makefile
@@ -2,7 +2,7 @@
 # OpenSSL/fips/utl/Makefile
 #
 
-DIR=	callback
+DIR=	utl
 TOP=	../..
 CC=	cc
 INCLUDES=
@@ -22,8 +22,8 @@ TEST=
 APPS=
 
 LIB=$(TOP)/libcrypto.a
-LIBSRC= fips_err.c fips_md.c fips_enc.c
-LIBOBJ= fips_err.o fips_md.o fips_enc.o
+LIBSRC= fips_err.c fips_md.c fips_enc.c fips_lck.c
+LIBOBJ= fips_err.o fips_md.o fips_enc.o fips_lck.o
 
 SRC= $(LIBSRC)
 
diff --git a/fips/utl/fips_lck.c b/fips/utl/fips_lck.c
new file mode 100644
index 0000000000..47168af233
--- /dev/null
+++ b/fips/utl/fips_lck.c
@@ -0,0 +1,73 @@
+/* fips/utl/fips_lck.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project.
+ */
+/* ====================================================================
+ * Copyright (c) 2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ */
+
+#define OPENSSL_FIPSEVP
+
+#include <openssl/evp.h>
+#include <openssl/fips.h>
+
+/* FIPS locking callbacks */
+
+void (*fips_lck_cb)(int mode, int type,const char *file,int line) = 0;
+
+void FIPS_lock(int mode, int type,const char *file,int line)
+	{
+	if (fips_lck_cb)
+		fips_lck_cb(mode, type, file, line);
+	}
+
+void FIPS_set_locking_callback (void (*func)(int mode, int type,
+				const char *file,int line))
+	{
+	fips_lck_cb = func;
+	}
-- 
2.34.1