diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-04-16 12:37:04 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2013-04-16 12:37:04 +0200 |
| commit | f4de6496a2df21ddc31d61e4f5cf7fd9e7301e71 (patch) | |
| tree | caada065d084f9a531b4cccd3cf8dffbf4f20866 /src | |
| parent | ef934caba83f20acc6e8a2c1699837a3eb3972e3 (diff) | |
| download | strongswan-f4de6496a2df21ddc31d61e4f5cf7fd9e7301e71.tar.bz2 strongswan-f4de6496a2df21ddc31d61e4f5cf7fd9e7301e71.tar.xz | |
support of OpenSSL FIPS-140-2 library
Diffstat (limited to 'src')
| -rw-r--r-- | src/libstrongswan/plugins/openssl/Makefile.am | 2 | ||||
| -rw-r--r-- | src/libstrongswan/plugins/openssl/openssl_plugin.c | 19 |
2 files changed, 20 insertions, 1 deletions
diff --git a/src/libstrongswan/plugins/openssl/Makefile.am b/src/libstrongswan/plugins/openssl/Makefile.am index e71567311..0ca27983f 100644 --- a/src/libstrongswan/plugins/openssl/Makefile.am +++ b/src/libstrongswan/plugins/openssl/Makefile.am @@ -1,7 +1,7 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -AM_CFLAGS = -rdynamic +AM_CFLAGS = -rdynamic -DFIPS_MODE=${fips_mode} if MONOLITHIC noinst_LTLIBRARIES = libstrongswan-openssl.la diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c index 915082234..ce6610ad6 100644 --- a/src/libstrongswan/plugins/openssl/openssl_plugin.c +++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c @@ -457,6 +457,25 @@ METHOD(plugin_t, destroy, void, plugin_t *openssl_plugin_create() { private_openssl_plugin_t *this; + int fips_mode; + + fips_mode = lib->settings->get_int(lib->settings, + "libstrongswan.plugins.openssl.fips_mode", FIPS_MODE); +#ifdef OPENSSL_FIPS + if (!FIPS_mode_set(fips_mode)) + { + DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode); + return NULL; + } + DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ",fips_mode, + fips_mode ? "en" : "dis"); +#else + DBG1(DBG_LIB, "openssl FIPS mode(%d) unavailable", fips_mode); + if (fips_mode) + { + return NULL; + } +#endif INIT(this, .public = { |