Add FIPS mode to openssl app.

2004-03-13 20:34:08 +00:00 · 2004-03-13 20:34:08 +00:00 · e51f113ad8
commit e51f113ad8
parent 839032c34d
2 changed files with 10 additions and 0 deletions
--- a/apps/Makefile
+++ b/apps/Makefile
@ -149,6 +149,7 @@ $(PROGRAM): progs.h $(E_OBJ) $(PROGRAM).o $(DLIBCRYPTO) $(DLIBSSL)
 	  LD_LIBRARY_PATH=..:$$LD_LIBRARY_PATH \
 	  $(CC) -o $(PROGRAM) $(CFLAGS) $(PROGRAM).o $(E_OBJ) $(PEX_LIBS) $(LIBSSL) $(LIBKRB5) $(LIBCRYPTO) $(EX_LIBS) ; \
 	fi
+	TOP=$(TOP) $(TOP)/fips/openssl_fips_fingerprint $(TOP)/libcrypto.a $(PROGRAM)
 	-(cd ..; OPENSSL="`pwd`/apps/openssl"; export OPENSSL; \
 		LD_LIBRARY_PATH="`pwd`:$$LD_LIBRARY_PATH"; \
 		DYLD_LIBRARY_PATH="`pwd`:$$DYLD_LIBRARY_PATH"; \
--- a/apps/openssl.c
+++ b/apps/openssl.c
@ -129,6 +129,7 @@
 #include "progs.h"
 #include "s_apps.h"
 #include <openssl/err.h>
+#include <openssl/fips.h>

 /* The LHASH callbacks ("hash" & "cmp") have been replaced by functions with the
 * base prototypes (we cast each variable inside the function to the required
@ -231,6 +232,14 @@ int main(int Argc, char *Argv[])
 	arg.data=NULL;
 	arg.count=0;

+#ifdef OPENSSL_FIPS
+	if(getenv("OPENSSL_FIPS") && !FIPS_mode_set(1,Argv[0]))
+		{
+		ERR_load_crypto_strings();
+		ERR_print_errors(BIO_new_fp(stderr,BIO_NOCLOSE));
+		exit(1);
+		}
+#endif
 	if (bio_err == NULL)
 		if ((bio_err=BIO_new(BIO_s_file())) != NULL)
 			BIO_set_fp(bio_err,stderr,BIO_NOCLOSE|BIO_FP_TEXT);