Add FIPS mode to openssl app.

diff --git a/apps/Makefile b/apps/Makefile
index 2659a3862433e2ea6f2a5f9bb9bb69b3c3cfe30a..1a2f1fd2a50ca98e94a752ef096899952be08550 100644 (file)
--- a/apps/Makefile
+++ b/apps/Makefile
@@ -149,6 +149,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
          LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
          $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
        fi
+       TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(PROGRAM)
        -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
                LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
                DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \

diff --git a/apps/openssl.c b/apps/openssl.c
index e0d89d4ab413fee3c8c22ee62d96b6f687227c2b..697748c16c95152545a35d66e47cfaac91f9c827 100644 (file)
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -129,6 +129,7 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
+#include <openssl/fips.h>
 
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
  * base prototypes (we cast each variable inside the function to the required
@@ -231,6 +232,14 @@ int main(int Argc, char *Argv[])
        arg.data=NULL;
        arg.count=0;
 
+#ifdef OPENSSL_FIPS
+       if(getenv("OPENSSL_FIPS") && !FIPS_mode_set(1,Argv[0]))
+               {
+               ERR_load_crypto_strings();
+               ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+               exit(1);
+               }
+#endif
        if (bio_err == NULL)
                if ((bio_err=BIO_new(BIO_s_file())) != NULL)
                        BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);