From: Dr. Stephen Henson <steve@openssl.org>
Date: Mon, 4 Apr 2011 17:16:28 +0000 (+0000)
Subject: FIPS mode support for openssl utility: doesn't work properly yet due
X-Git-Tag: OpenSSL-fips-2_0-rc1~596
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=856650deb01bed257622d1ecb64db6d83cf5cdcc;p=oweals%2Fopenssl.git

FIPS mode support for openssl utility: doesn't work properly yet due
to missing DRBG support in libcrypto.
---

diff --git a/apps/openssl.c b/apps/openssl.c
index dab057bbff..1c880d90ba 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -129,6 +129,9 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
  * base prototypes (we cast each variable inside the function to the required
@@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[])
 		CRYPTO_set_locking_callback(lock_dbg_cb);
 		}
 
+	if(getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+		if (!FIPS_mode_set(1)) {
+			ERR_load_crypto_strings();
+			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+			EXIT(1);
+		}
+#else
+		fprintf(stderr, "FIPS mode not supported.\n");
+		EXIT(1);
+#endif
+		}
+
 	apps_startup();
 
 	/* Lets load up our environment a little */