Use isc_fips_mode() and isc_fips_set_mode() in

bin/named/server.c and lib/dns/openssl_link.c

bin/named/server.c

@@ -39,6 +39,7 @@
 #include <isc/commandline.h>
 #include <isc/dir.h>
 #include <isc/file.h>
+#include <isc/fips.h>
 #include <isc/hash.h>
 #include <isc/hex.h>
 #include <isc/hmac.h>
@@ -9840,12 +9841,10 @@ view_loaded(void *arg) {
 
 		named_os_started();
 
-#ifdef HAVE_FIPS_MODE
 		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
 			      NAMED_LOGMODULE_SERVER, ISC_LOG_NOTICE,
 			      "FIPS mode is %s",
-			      FIPS_mode() ? "enabled" : "disabled");
+			      isc_fips_mode() ? "enabled" : "disabled");
-#endif /* ifdef HAVE_FIPS_MODE */
 
 #if HAVE_LIBSYSTEMD
 		sd_notifyf(0,

lib/dns/openssl_link.c

@@ -27,6 +27,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <isc/fips.h>
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/mutexblock.h>
@@ -63,19 +64,19 @@ static ENGINE *global_engine = NULL;
 
 static void
 enable_fips_mode(void) {
-#ifdef HAVE_FIPS_MODE
+#if defined(ENABLE_FIPS_MODE)
-	if (FIPS_mode() != 0) {
+	if (isc_fips_mode()) {
 		/*
 		 * FIPS mode is already enabled.
 		 */
 		return;
 	}
 
-	if (FIPS_mode_set(1) == 0) {
+	if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
 		dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE);
 		exit(1);
 	}
-#endif /* HAVE_FIPS_MODE */
+#endif
 }
 
 isc_result_t