From 45c15a65ad6fd66b5bb5d018b79a6cc8a76c4d74 Mon Sep 17 00:00:00 2001
From: Steven Fackler <sfackler@gmail.com>
Date: Sat, 6 Jan 2018 08:50:50 -0800
Subject: [PATCH] FIPS mode support

Closes #818
---
 openssl-sys/src/lib.rs |  5 +++++
 openssl/src/fips.rs    | 22 ++++++++++++++++++++++
 openssl/src/lib.rs     |  2 ++
 3 files changed, 29 insertions(+)
 create mode 100644 openssl/src/fips.rs

diff --git a/openssl-sys/src/lib.rs b/openssl-sys/src/lib.rs
index 84dd192ec..b250e15bf 100644
--- a/openssl-sys/src/lib.rs
+++ b/openssl-sys/src/lib.rs
@@ -2694,4 +2694,9 @@ extern "C" {
     pub fn SMIME_read_CMS(bio: *mut BIO, bcont: *mut *mut BIO) -> *mut CMS_ContentInfo;
     #[cfg(not(libressl))]
     pub fn CMS_ContentInfo_free(cms: *mut CMS_ContentInfo);
+
+    #[cfg(not(libressl))]
+    pub fn FIPS_mode_set(onoff: c_int) -> c_int;
+    #[cfg(not(libressl))]
+    pub fn FIPS_mode() -> c_int;
 }
diff --git a/openssl/src/fips.rs b/openssl/src/fips.rs
new file mode 100644
index 000000000..374a82991
--- /dev/null
+++ b/openssl/src/fips.rs
@@ -0,0 +1,22 @@
+//! FIPS 140-2 support.
+//!
+//! See [OpenSSL's documentation] for details.
+//!
+//! [OpenSSL's documentation]: https://www.openssl.org/docs/fips/UserGuide-2.0.pdf
+use cvt;
+use error::ErrorStack;
+use ffi;
+
+/// Moves the library into or out of the FIPS 140-2 mode of operation.
+///
+/// This corresponds to `FIPS_mode_set`.
+pub fn enable(enabled: bool) -> Result<(), ErrorStack> {
+    unsafe { cvt(ffi::FIPS_mode_set(enabled as _)).map(|_| ()) }
+}
+
+/// Determines if the library is running in the FIPS 140-2 mode of operation.
+///
+/// This corresponds to `FIPS_mode`.
+pub fn enabled() -> bool {
+    unsafe { ffi::FIPS_mode() != 0 }
+}
diff --git a/openssl/src/lib.rs b/openssl/src/lib.rs
index 2302b7a4f..7c366aba9 100644
--- a/openssl/src/lib.rs
+++ b/openssl/src/lib.rs
@@ -41,6 +41,8 @@ pub mod dsa;
 pub mod ec;
 pub mod error;
 pub mod ex_data;
+#[cfg(not(libressl))]
+pub mod fips;
 pub mod hash;
 pub mod memcmp;
 pub mod nid;
-- 
GitLab