1 diff -up openssl-0.9.8j/crypto/o_init.c.fipsmode openssl-0.9.8j/crypto/o_init.c
2 --- openssl-0.9.8j/crypto/o_init.c.fipsmode 2008-11-05 19:36:36.000000000 +0100
3 +++ openssl-0.9.8j/crypto/o_init.c 2009-01-14 17:57:39.000000000 +0100
6 #include <openssl/err.h>
9 +#include <sys/types.h>
10 +#include <sys/stat.h>
15 +#include <openssl/fips.h>
16 +#include <openssl/evp.h>
17 +#include <openssl/rand.h>
19 +#define FIPS_MODE_SWITCH_FILE "/proc/sys/crypto/fips_enabled"
21 +static void init_fips_mode(void)
26 + if (getenv("OPENSSL_FORCE_FIPS_MODE") != NULL)
30 + else if ((fd = open(FIPS_MODE_SWITCH_FILE, O_RDONLY)) >= 0)
32 + while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
35 + /* Failure reading the fips mode switch file means just not
36 + * switching into FIPS mode. We would break too many things
47 /* Perform any essential OpenSSL initialization operations.
48 * Currently only sets FIPS callbacks
50 @@ -73,11 +112,10 @@ void OPENSSL_init(void)
52 CRYPTO_malloc_debug_init();
54 -#ifdef OPENSSL_ENGINE
56 int_EVP_MD_init_engine_callbacks();
57 int_EVP_CIPHER_init_engine_callbacks();
58 int_RAND_init_engine_callbacks();