|
|
5820f5 |
diff -up openssl-fips-0.9.8e/crypto/o_init.c.fipsmode openssl-fips-0.9.8e/crypto/o_init.c
|
|
|
5820f5 |
--- openssl-fips-0.9.8e/crypto/o_init.c.fipsmode 2007-07-01 02:07:22.000000000 +0200
|
|
|
5820f5 |
+++ openssl-fips-0.9.8e/crypto/o_init.c 2009-04-15 13:48:51.000000000 +0200
|
|
|
5820f5 |
@@ -59,6 +59,45 @@
|
|
|
5820f5 |
#include <e_os.h>
|
|
|
5820f5 |
#include <openssl/err.h>
|
|
|
5820f5 |
|
|
|
5820f5 |
+#ifdef OPENSSL_FIPS
|
|
|
5820f5 |
+#include <sys/types.h>
|
|
|
5820f5 |
+#include <sys/stat.h>
|
|
|
5820f5 |
+#include <fcntl.h>
|
|
|
5820f5 |
+#include <unistd.h>
|
|
|
5820f5 |
+#include <errno.h>
|
|
|
5820f5 |
+#include <stdlib.h>
|
|
|
5820f5 |
+#include <openssl/fips.h>
|
|
|
5820f5 |
+#include <openssl/evp.h>
|
|
|
5820f5 |
+#include <openssl/rand.h>
|
|
|
5820f5 |
+
|
|
|
5820f5 |
+#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
|
|
|
5820f5 |
+
|
|
|
5820f5 |
+static void init_fips_mode(void)
|
|
|
5820f5 |
+ {
|
|
|
5820f5 |
+ char buf[2] = "0";
|
|
|
5820f5 |
+ int fd;
|
|
|
5820f5 |
+
|
|
|
5820f5 |
+ if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
|
|
|
5820f5 |
+ {
|
|
|
5820f5 |
+ buf[0] = '1';
|
|
|
5820f5 |
+ }
|
|
|
5820f5 |
+ else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
|
|
|
5820f5 |
+ {
|
|
|
5820f5 |
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
|
|
|
5820f5 |
+ close(fd);
|
|
|
5820f5 |
+ }
|
|
|
5820f5 |
+ /* Failure reading the fips mode switch file means just not
|
|
|
5820f5 |
+ * switching into FIPS mode. We would break too many things
|
|
|
5820f5 |
+ * otherwise.
|
|
|
5820f5 |
+ */
|
|
|
5820f5 |
+
|
|
|
5820f5 |
+ if (buf[0] == '1')
|
|
|
5820f5 |
+ {
|
|
|
5820f5 |
+ FIPS_mode_set(1);
|
|
|
5820f5 |
+ }
|
|
|
5820f5 |
+ }
|
|
|
5820f5 |
+#endif
|
|
|
5820f5 |
+
|
|
|
5820f5 |
/* Perform any essential OpenSSL initialization operations.
|
|
|
5820f5 |
* Currently only sets FIPS callbacks
|
|
|
5820f5 |
*/
|
|
|
5820f5 |
@@ -73,11 +112,10 @@ void OPENSSL_init(void)
|
|
|
5820f5 |
#ifdef CRYPTO_MDEBUG
|
|
|
5820f5 |
CRYPTO_malloc_debug_init();
|
|
|
5820f5 |
#endif
|
|
|
5820f5 |
-#ifdef OPENSSL_ENGINE
|
|
|
5820f5 |
+ init_fips_mode();
|
|
|
5820f5 |
int_EVP_MD_init_engine_callbacks();
|
|
|
5820f5 |
int_EVP_CIPHER_init_engine_callbacks();
|
|
|
5820f5 |
int_RAND_init_engine_callbacks();
|
|
|
5820f5 |
-#endif
|
|
|
5820f5 |
done = 1;
|
|
|
5820f5 |
}
|
|
|
5820f5 |
#endif
|
|
|
5820f5 |
diff -up openssl-fips-0.9.8e/ssl/ssl_algs.c.fipsmode openssl-fips-0.9.8e/ssl/ssl_algs.c
|
|
|
5820f5 |
--- openssl-fips-0.9.8e/ssl/ssl_algs.c.fipsmode 2007-04-24 13:30:48.000000000 +0200
|
|
|
5820f5 |
+++ openssl-fips-0.9.8e/ssl/ssl_algs.c 2009-04-15 14:09:42.000000000 +0200
|
|
|
5820f5 |
@@ -64,6 +64,8 @@
|
|
|
5820f5 |
int SSL_library_init(void)
|
|
|
5820f5 |
{
|
|
|
5820f5 |
|
|
|
5820f5 |
+ OPENSSL_init();
|
|
|
5820f5 |
+
|
|
|
5820f5 |
#ifndef OPENSSL_NO_DES
|
|
|
5820f5 |
EVP_add_cipher(EVP_des_cbc());
|
|
|
5820f5 |
EVP_add_cipher(EVP_des_ede3_cbc());
|