FIPS mode support for openssl utility: doesn't work properly yet due
to missing DRBG support in libcrypto.
This commit is contained in:
Dr. Stephen Henson
parent
ab1415d2f5
commit
856650deb0
1 changed files with 16 additions and 0 deletions
|
|
@ -129,6 +129,9 @@
|
||||||
#include "progs.h"
|
#include "progs.h"
|
||||||
#include "s_apps.h"
|
#include "s_apps.h"
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
#include <openssl/fips.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
|
/* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
|
||||||
* base prototypes (we cast each variable inside the function to the required
|
* base prototypes (we cast each variable inside the function to the required
|
||||||
|
|
@ -310,6 +313,19 @@ int main(int Argc, char *ARGV[])
|
||||||
CRYPTO_set_locking_callback(lock_dbg_cb);
|
CRYPTO_set_locking_callback(lock_dbg_cb);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(getenv("OPENSSL_FIPS")) {
|
||||||
|
#ifdef OPENSSL_FIPS
|
||||||
|
if (!FIPS_mode_set(1)) {
|
||||||
|
ERR_load_crypto_strings();
|
||||||
|
ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
|
||||||
|
EXIT(1);
|
||||||
|
}
|
||||||
|
#else
|
||||||
|
fprintf(stderr, "FIPS mode not supported.\n");
|
||||||
|
EXIT(1);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
apps_startup();
|
apps_startup();
|
||||||
|
|
||||||
/* Lets load up our environment a little */
|
/* Lets load up our environment a little */
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue