From 856650deb01bed257622d1ecb64db6d83cf5cdcc Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 4 Apr 2011 17:16:28 +0000 Subject: [PATCH] FIPS mode support for openssl utility: doesn't work properly yet due to missing DRBG support in libcrypto. --- apps/openssl.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/apps/openssl.c b/apps/openssl.c index dab057bbff..1c880d90ba 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -129,6 +129,9 @@ #include "progs.h" #include "s_apps.h" #include +#ifdef OPENSSL_FIPS +#include +#endif /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the * base prototypes (we cast each variable inside the function to the required @@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[]) CRYPTO_set_locking_callback(lock_dbg_cb); } + if(getenv("OPENSSL_FIPS")) { +#ifdef OPENSSL_FIPS + if (!FIPS_mode_set(1)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } +#else + fprintf(stderr, "FIPS mode not supported.\n"); + EXIT(1); +#endif + } + apps_startup(); /* Lets load up our environment a little */ -- 2.25.1