diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2020-09-05 13:08:27 +1000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2020-09-18 14:20:50 +0100 |
commit | 991a6bb58182d4d2077a68eb813c897b7de73462 (patch) | |
tree | 738fc724534be090323181dc445cf19e442b827c /providers/common | |
parent | 7a810fac866c6c1d93015999633ee2a29f17b3d2 (diff) |
Add option to fipsinstall to disable fips security checks at run time.
Changes merged from a patch by @richsalz.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12745)
Diffstat (limited to 'providers/common')
-rw-r--r-- | providers/common/securitycheck.c | 2 | ||||
-rw-r--r-- | providers/common/securitycheck_fips.c | 5 |
2 files changed, 4 insertions, 3 deletions
diff --git a/providers/common/securitycheck.c b/providers/common/securitycheck.c index 624843e3ab..9a425fb630 100644 --- a/providers/common/securitycheck.c +++ b/providers/common/securitycheck.c @@ -203,7 +203,7 @@ int digest_is_allowed(const EVP_MD *md) { # if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) if (securitycheck_enabled()) - return (digest_get_approved_nid(md) != NID_undef); + return digest_get_approved_nid(md) != NID_undef; # endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ return 1; } diff --git a/providers/common/securitycheck_fips.c b/providers/common/securitycheck_fips.c index f73eae9569..94457d6ccf 100644 --- a/providers/common/securitycheck_fips.c +++ b/providers/common/securitycheck_fips.c @@ -19,11 +19,12 @@ #include "prov/securitycheck.h" #include "prov/providercommonerr.h" +extern int FIPS_security_check_enabled(void); + int securitycheck_enabled(void) { #if !defined(OPENSSL_NO_FIPS_SECURITYCHECKS) - /* TODO(3.0): make this configurable */ - return 1; + return FIPS_security_check_enabled(); #else return 0; #endif /* OPENSSL_NO_FIPS_SECURITYCHECKS */ |