FIPS mode support for openssl utility: doesn't work properly yet due

to missing DRBG support in libcrypto.
author: Dr. Stephen Henson <steve@openssl.org> 2011-04-04 17:16:28 +0000
committer: Dr. Stephen Henson <steve@openssl.org> 2011-04-04 17:16:28 +0000
commit: 856650deb01bed257622d1ecb64db6d83cf5cdcc (patch)
tree: 1ac66d87239ee05ffb8b92dc28a8e9c7c7dec6fc /apps
parent: ab1415d2f5b56a17efbd6b2add7a0ff2dbb903c5 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/apps/openssl.c b/apps/openssl.c
index dab057bbff..1c880d90ba 100644
--- a/apps/openssl.c
+++ b/apps/openssl.c
@@ -129,6 +129,9 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
+#ifdef OPENSSL_FIPS
+#include <openssl/fips.h>
+#endif
 
 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
  * base prototypes (we cast each variable inside the function to the required
@@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[])
 		CRYPTO_set_locking_callback(lock_dbg_cb);
 		}
 
+	if(getenv("OPENSSL_FIPS")) {
+#ifdef OPENSSL_FIPS
+		if (!FIPS_mode_set(1)) {
+			ERR_load_crypto_strings();
+			ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+			EXIT(1);
+		}
+#else
+		fprintf(stderr, "FIPS mode not supported.\n");
+		EXIT(1);
+#endif
+		}
+
 	apps_startup();
 
 	/* Lets load up our environment a little */
author	Dr. Stephen Henson <steve@openssl.org>	2011-04-04 17:16:28 +0000
committer	Dr. Stephen Henson <steve@openssl.org>	2011-04-04 17:16:28 +0000
commit	856650deb01bed257622d1ecb64db6d83cf5cdcc (patch)
tree	1ac66d87239ee05ffb8b92dc28a8e9c7c7dec6fc /apps
parent	ab1415d2f5b56a17efbd6b2add7a0ff2dbb903c5 (diff)