/*
* WPA Supplicant / SSL/TLS interface functions for openssl
- * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2009, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
SSL_CTX *ssl;
if (tls_openssl_ref_count == 0) {
+#ifdef CONFIG_FIPS
+#ifdef OPENSSL_FIPS
+ if (conf->fips_mode) {
+ if (!FIPS_mode_set(1)) {
+ wpa_printf(MSG_ERROR, "Failed to enable FIPS "
+ "mode");
+ ERR_load_crypto_strings();
+ ERR_print_errors_fp(stderr);
+ return NULL;
+ } else
+ wpa_printf(MSG_INFO, "Running in FIPS mode");
+ }
+#else /* OPENSSL_FIPS */
+ if (conf->fips_mode) {
+ wpa_printf(MSG_ERROR, "FIPS mode requested, but not "
+ "supported");
+ return NULL;
+ }
+#endif /* OPENSSL_FIPS */
+#endif /* CONFIG_FIPS */
SSL_load_error_strings();
SSL_library_init();
#ifndef OPENSSL_NO_SHA256
tlsconf.opensc_engine_path = conf->opensc_engine_path;
tlsconf.pkcs11_engine_path = conf->pkcs11_engine_path;
tlsconf.pkcs11_module_path = conf->pkcs11_module_path;
+#ifdef CONFIG_FIPS
+ tlsconf.fips_mode = 1;
+#endif /* CONFIG_FIPS */
sm->ssl_ctx = tls_init(&tlsconf);
if (sm->ssl_ctx == NULL) {
wpa_printf(MSG_WARNING, "SSL: Failed to initialize TLS "