From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 19 May 2011 18:23:24 +0000 (+0000)
Subject: add FIPS support to openssl utility (backport from HEAD)
X-Git-Tag: OpenSSL_1_0_1-beta1~309
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=57dd2ea808ea4564a5b1aa2dc4f7ce5b6811904b;p=oweals%2Fopenssl.git

add FIPS support to openssl utility (backport from HEAD)
---

diff --git a/apps/openssl.c b/apps/openssl.c
index dab057bbff..1c880d90ba 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -129,6 +129,9 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
  * base prototypes (we cast each variable inside the function to the required
@@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[])
 		CRYPTO_set_locking_callback(lock_dbg_cb);
 		}
 
+	if(getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+		if (!FIPS_mode_set(1)) {
+			ERR_load_crypto_strings();
+			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+			EXIT(1);
+		}
+#else
+		fprintf(stderr, "FIPS mode not supported.\n");
+		EXIT(1);
+#endif
+		}
+
 	apps_startup();
 
 	/* Lets load up our environment a little */