diff options
author | Dr. Stephen Henson <steve@openssl.org> | 2011-04-04 17:16:28 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2011-04-04 17:16:28 +0000 |
commit | 856650deb01bed257622d1ecb64db6d83cf5cdcc (patch) | |
tree | 1ac66d87239ee05ffb8b92dc28a8e9c7c7dec6fc /apps | |
parent | ab1415d2f5b56a17efbd6b2add7a0ff2dbb903c5 (diff) |
FIPS mode support for openssl utility: doesn't work properly yet due
to missing DRBG support in libcrypto.
Diffstat (limited to 'apps')
-rw-r--r-- | apps/openssl.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/apps/openssl.c b/apps/openssl.c index dab057bbff..1c880d90ba 100644 --- a/apps/openssl.c +++ b/apps/openssl.c @@ -129,6 +129,9 @@ #include "progs.h" #include "s_apps.h" #include <openssl/err.h> +#ifdef OPENSSL_FIPS +#include <openssl/fips.h> +#endif /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the * base prototypes (we cast each variable inside the function to the required @@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[]) CRYPTO_set_locking_callback(lock_dbg_cb); } + if(getenv("OPENSSL_FIPS")) { +#ifdef OPENSSL_FIPS + if (!FIPS_mode_set(1)) { + ERR_load_crypto_strings(); + ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE)); + EXIT(1); + } +#else + fprintf(stderr, "FIPS mode not supported.\n"); + EXIT(1); +#endif + } + apps_startup(); /* Lets load up our environment a little */ |