summaryrefslogtreecommitdiffstats
path: root/apps/openssl.c
diff options
context:
space:
mode:
authorDr. Stephen Henson <steve@openssl.org>2011-05-19 18:23:24 +0000
committerDr. Stephen Henson <steve@openssl.org>2011-05-19 18:23:24 +0000
commit57dd2ea808ea4564a5b1aa2dc4f7ce5b6811904b (patch)
treeb90cdb4df39ff9d8ad42a6eb080cdbf396895365 /apps/openssl.c
parent7043fa702fa102a45b102e11990b650360c35503 (diff)
add FIPS support to openssl utility (backport from HEAD)
Diffstat (limited to 'apps/openssl.c')
-rw-r--r--apps/openssl.c16
1 files changed, 16 insertions, 0 deletions
diff --git a/apps/openssl.c b/apps/openssl.c
index dab057bbff..1c880d90ba 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -129,6 +129,9 @@
#include "progs.h"
#include "s_apps.h"
#include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
* base prototypes (we cast each variable inside the function to the required
@@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[])
CRYPTO_set_locking_callback(lock_dbg_cb);
}
+ if(getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+ if (!FIPS_mode_set(1)) {
+ ERR_load_crypto_strings();
+ ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+ EXIT(1);
+ }
+#else
+ fprintf(stderr, "FIPS mode not supported.\n");
+ EXIT(1);
+#endif
+ }
+
apps_startup();
/* Lets load up our environment a little */