From e51f113ad8321e319f3d62afaa052341d6bf8201 Mon Sep 17 00:00:00 2001 From: Ben Laurie Date: Sat, 13 Mar 2004 20:34:08 +0000 Subject: [PATCH] Add FIPS mode to openssl app. --- apps/Makefile | 1 + apps/openssl.c | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/apps/Makefile b/apps/Makefile index 2659a38624..1a2f1fd2a5 100644 --- a/apps/Makefile +++ b/apps/Makefile @@ -149,6 +149,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL) LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \ $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \ fi + TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(PROGRAM) -(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \ LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \ DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \ diff --git a/apps/openssl.c b/apps/openssl.c index e0d89d4ab4..697748c16c 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -129,6 +129,7 @@ #include "progs.h" #include "s_apps.h" #include +#include /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the * base prototypes (we cast each variable inside the function to the required @@ -231,6 +232,14 @@ int main(int Argc, char *Argv[]) arg.data=NULL; arg.count=0; +#ifdef OPENSSL_FIPS + if(getenv("OPENSSL_FIPS") && !FIPS_mode_set(1,Argv[0])) + { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + exit(1); + } +#endif if (bio_err == NULL) if ((bio_err=BIO_new(BIO_s_file())) != NULL) BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT); -- 2.25.1