unify fips handling to isc_crypto and make the toggle one way

Since algorithm fetching is handled purely in libisc, FIPS mode toggling can be purely done in within the library instead of provider fetching in the binary for OpenSSL >=3.0. Disabling FIPS mode isn't a realistic requirement and isn't done anywhere in the codebase. Make the FIPS mode toggle enable-only to reflect the situation.
2025-08-31 14:35:26 +00:00 · 2024-12-16 15:31:15 +03:00
parent ce47cb3ab6
commit f4ab4f07e3
21 changed files with 200 additions and 368 deletions
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -38,7 +38,6 @@
 #include <isc/commandline.h>
 #include <isc/dir.h>
 #include <isc/file.h>
-#include <isc/fips.h>
 #include <isc/hash.h>
 #include <isc/hex.h>
 #include <isc/hmac.h>
@@ -9377,7 +9376,7 @@ view_loaded(void *arg) {

 		isc_log_write(NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER,
 			      ISC_LOG_NOTICE, "FIPS mode is %s",
-			      isc_fips_mode() ? "enabled" : "disabled");
+			      isc_crypto_fips_mode() ? "enabled" : "disabled");

 #if HAVE_LIBSYSTEMD
 		sd_notifyf(0,