From e436c963f0976b885a7db04681344779e26dd3b5 Mon Sep 17 00:00:00 2001
From: Arne Schwabe <arne@rfc2549.org>
Date: Wed, 23 Apr 2014 09:56:37 +0200
Subject: Update OpenSSL to 1.0.1g and statically link OpenVPN with it

---
 main/openssl/apps/enc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'main/openssl/apps/enc.c')

diff --git a/main/openssl/apps/enc.c b/main/openssl/apps/enc.c
index 076225c4..719acc32 100644
--- a/main/openssl/apps/enc.c
+++ b/main/openssl/apps/enc.c
@@ -129,6 +129,7 @@ int MAIN(int argc, char **argv)
 	char *engine = NULL;
 #endif
 	const EVP_MD *dgst=NULL;
+	int non_fips_allow = 0;
 
 	apps_startup();
 
@@ -281,6 +282,8 @@ int MAIN(int argc, char **argv)
 			if (--argc < 1) goto bad;
 			md= *(++argv);
 			}
+		else if (strcmp(*argv,"-non-fips-allow") == 0)
+			non_fips_allow = 1;
 		else if	((argv[0][0] == '-') &&
 			((c=EVP_get_cipherbyname(&(argv[0][1]))) != NULL))
 			{
@@ -589,6 +592,11 @@ bad:
 		 */
 
 		BIO_get_cipher_ctx(benc, &ctx);
+
+		if (non_fips_allow)
+			EVP_CIPHER_CTX_set_flags(ctx,
+				EVP_CIPH_FLAG_NON_FIPS_ALLOW);
+
 		if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, enc))
 			{
 			BIO_printf(bio_err, "Error setting cipher %s\n",
-- 
cgit v1.2.3