ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

openssl: Properly log FIPS mode when enabled via openssl.conf 

Enabling FIPS mode twice will fail, so if it is enabled in openssl.conf
it should be disabled in strongswan.conf (or the other way around).

Either way, we should log whether FIPS mode is enabled or not.

References #412.
This commit is contained in:
Tobias Brunner 2013-09-27 09:11:55 +02:00
parent e4d63cfae7
commit c8f34ba7b6
1 changed files with 13 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/libstrongswan/plugins/openssl/openssl_plugin.c
View File

@ -520,13 +520,14 @@ plugin_t *openssl_plugin_create()
fips_mode = lib->settings->get_int(lib->settings,
"libstrongswan.plugins.openssl.fips_mode", FIPS_MODE);
#ifdef OPENSSL_FIPS
if (!FIPS_mode_set(fips_mode))
if (fips_mode)
{
DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
return NULL;
if (!FIPS_mode_set(fips_mode))
{
DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
return NULL;
}
}
DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ",fips_mode,
fips_mode ? "en" : "dis");
#else
if (fips_mode)
{
@ -550,6 +551,13 @@ plugin_t *openssl_plugin_create()
OPENSSL_config(NULL);
OpenSSL_add_all_algorithms();
#ifdef OPENSSL_FIPS
/* we do this here as it may have been enabled via openssl.conf */
fips_mode = FIPS_mode();
DBG1(DBG_LIB, "openssl FIPS mode(%d) - %sabled ", fips_mode,
fips_mode ? "en" : "dis");
#endif /* OPENSSL_FIPS */
#ifndef OPENSSL_NO_ENGINE
/* activate support for hardware accelerators */
ENGINE_load_builtin_engines();