mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00
Code Issues Releases Wiki Activity

Detect if FIPS mode is configured at the OS level

Browse Source 
Always look for FIPS_mode and EVP_default_properties_enable_fips
rather than just when requested by --enable-fips.
This commit is contained in:
Mark Andrews 2022-06-29 14:10:06 +10:00
parent 7aa9b80f83
commit 6e64ec2af4
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
configure.ac
View File

@ -777,6 +777,8 @@ AC_CHECK_FUNCS([TLS_server_method TLS_client_method])
# does not support FIPS mode. # does not support FIPS mode.
# #
# [pairwise: --enable-fips-mode, --disable-fips-mode] # [pairwise: --enable-fips-mode, --disable-fips-mode]
AC_CHECK_FUNCS(EVP_default_properties_enable_fips FIPS_mode)
AC_ARG_ENABLE([fips-mode], AC_ARG_ENABLE([fips-mode],
[AS_HELP_STRING([--enable-fips-mode], [AS_HELP_STRING([--enable-fips-mode],
[enable FIPS mode in OpenSSL library [default=no]])], [enable FIPS mode in OpenSSL library [default=no]])],
@ -785,11 +787,9 @@ AC_ARG_ENABLE([fips-mode],
AC_MSG_CHECKING([whether to enable FIPS mode in OpenSSL library]) AC_MSG_CHECKING([whether to enable FIPS mode in OpenSSL library])
AS_CASE([$enable_fips_mode], AS_CASE([$enable_fips_mode],
[yes], [AC_MSG_RESULT([yes]) [yes], [AC_MSG_RESULT([yes])
AC_CHECK_FUNCS([EVP_default_properties_enable_fips], AC_DEFINE([ENABLE_FIPS_MODE], [1], [Define to 1 if you want FIPS mode to be enabled])
[], AS_IF([test "x$ac_cv_func_FIPS_mode" != xyes -a "x$ac_cv_func_EVP_default_properties_enable_fips" != xyes],
[AC_CHECK_FUNCS([FIPS_mode], AC_MSG_FAILURE([OpenSSL FIPS mode requested but not available.]))],
[],
AC_MSG_FAILURE([OpenSSL FIPS mode requested but not available.])]))],
[no], [AC_MSG_RESULT([no])]) [no], [AC_MSG_RESULT([no])])
AX_RESTORE_FLAGS([openssl]) AX_RESTORE_FLAGS([openssl])