diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-05-19 18:23:24 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-05-19 18:23:24 +0000 |
commit | 57dd2ea808ea4564a5b1aa2dc4f7ce5b6811904b (patch) | |
tree | b90cdb4df39ff9d8ad42a6eb080cdbf396895365 | |
parent | 7043fa702fa102a45b102e11990b650360c35503 (diff) |
add FIPS support to openssl utility (backport from HEAD)
-rw-r--r-- | apps/openssl.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/apps/openssl.c b/apps/openssl.c index dab057bbff..1c880d90ba 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -129,6 +129,9 @@ #include "progs.h" #include "s_apps.h" #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the * base prototypes (we cast each variable inside the function to the required @@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[]) CRYPTO_set_locking_callback(lock_dbg_cb); } + if(getenv("OPENSSL_FIPS")) { +#ifdef OPENSSL_FIPS + if (!FIPS_mode_set(1)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } +#else + fprintf(stderr, "FIPS mode not supported.\n"); + EXIT(1); +#endif + } + apps_startup(); /* Lets load up our environment a little */ |