Merge pull request #819 from sfackler/fips

FIPS mode support

3 files changed, 29 insertions, 0 deletions

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 84dd192e..b250e15b 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -2694,4 +2694,9 @@ extern "C" {
     pub fn SMIME_read_CMS(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut CMS_ContentInfo;
     #[cfg(not(libressl))]
     pub fn CMS_ContentInfo_free(cms: *mut CMS_ContentInfo);
+
+    #[cfg(not(libressl))]
+    pub fn FIPS_mode_set(onoff: c_int) -> c_int;
+    #[cfg(not(libressl))]
+    pub fn FIPS_mode() -> c_int;
 }
diff --git a/openssl/src/fips.rs b/openssl/src/fips.rs
new file mode 100644
index 00000000..374a8299
--- /dev/null
+++ b/openssl/src/fips.rs
@@ -0,0 +1,22 @@
+//! FIPS 140-2 support.
+//!
+//! See [OpenSSL's documentation] for details.
+//!
+//! [OpenSSL's documentation]: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
+use cvt;
+use error::ErrorStack;
+use ffi;
+
+/// Moves the library into or out of the FIPS 140-2 mode of operation.
+///
+/// This corresponds to `FIPS_mode_set`.
+pub fn enable(enabled: bool) -> Result<(), ErrorStack> {
+    unsafe { cvt(ffi::FIPS_mode_set(enabled as _)).map(|_| ()) }
+}
+
+/// Determines if the library is running in the FIPS 140-2 mode of operation.
+///
+/// This corresponds to `FIPS_mode`.
+pub fn enabled() -> bool {
+    unsafe { ffi::FIPS_mode() != 0 }
+}
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index 2302b7a4..7c366aba 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -41,6 +41,8 @@ pub mod dsa;
 pub mod ec;
 pub mod error;
 pub mod ex_data;
+#[cfg(not(libressl))]
+pub mod fips;
 pub mod hash;
 pub mod memcmp;
 pub mod nid;