Skip to content

Commit

Permalink
Make fips mode work with openssl 3
Browse files Browse the repository at this point in the history
  • Loading branch information
@prefiks
prefiks committed Jul 10, 2024
1 parent 1f0d84e commit 631b119
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions c_src/fast_tls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1460,8 +1460,15 @@ static ERL_NIF_TERM set_fips_mode_nif(ErlNifEnv *env, int argc,

if (ret != 1)
return ssl_error(env, "FIPS_mode_set() failed");
#elif __GNUC__
#warning OpenSSL 3 FIPS support not implemented
#else
int fips_mode = EVP_default_properties_is_fips_enabled(NULL);

if ((fips_mode == 0 && enable != 0) ||
(fips_mode != 0 && enable == 0))
ret = EVP_default_properties_enable_fips(NULL, enable);

if (ret != 1)
return ssl_error(env, "FIPS_mode_set() failed");
#endif

return enif_make_atom(env, "ok");
Expand All @@ -1473,10 +1480,7 @@ static ERL_NIF_TERM get_fips_mode_nif(ErlNifEnv *env, int argc,
#if OPENSSL_VERSION_NUMBER < 0x30000000L
const char *ret = FIPS_mode() ? "true" : "false";
#else
#if __GNUC__
#warning OpenSSL 3 FIPS support not implemented
#endif
static const char *ret = "false";
const char *ret = EVP_default_properties_is_fips_enabled(NULL) ? "true" : "false";
#endif

return enif_make_atom(env, ret);
Expand Down

0 comments on commit 631b119

Please sign in to comment.