Add support for enabling and enforcing FIPS mode in OpenSSL:

* Add configure option --enable-fips-mode that detects and enables FIPS mode * Add a function to enable FIPS mode and call it on crypto init * Log an OpenSSL error when FIPS_mode_set() fails and exit * Report FIPS mode status in a separate log message from named
2018-10-14 14:32:02 +02:00
parent 0f62a5ce04
commit c4cee27f9b
5 changed files with 89 additions and 1 deletions
--- a/config.h.in
+++ b/config.h.in
@@ -147,6 +147,9 @@
 /* Define to 1 if you have the <fcntl.h> header file. */
 #undef HAVE_FCNTL_H

+/* Define to 1 if you have the `FIPS_mode' function. */
+#undef HAVE_FIPS_MODE
+
 /* Build with GeoIP support */
 #undef HAVE_GEOIP