]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
Detect if FIPS mode is configured at the OS level
authorMark Andrews <marka@isc.org>
Wed, 29 Jun 2022 04:10:06 +0000 (14:10 +1000)
committerMark Andrews <marka@isc.org>
Mon, 3 Apr 2023 02:04:58 +0000 (12:04 +1000)
Always look for FIPS_mode and EVP_default_properties_enable_fips
rather than just when requested by --enable-fips.

configure.ac

index f829571271c0f61b5f3d6e1ae25d11435483495c..1cc2a537c88166a3c9dbf850edd89a3835662892 100644 (file)
@@ -777,6 +777,8 @@ AC_CHECK_FUNCS([TLS_server_method TLS_client_method])
 # does not support FIPS mode.
 #
 # [pairwise: --enable-fips-mode, --disable-fips-mode]
+AC_CHECK_FUNCS(EVP_default_properties_enable_fips FIPS_mode)
+
 AC_ARG_ENABLE([fips-mode],
              [AS_HELP_STRING([--enable-fips-mode],
                              [enable FIPS mode in OpenSSL library [default=no]])],
@@ -785,11 +787,9 @@ AC_ARG_ENABLE([fips-mode],
 AC_MSG_CHECKING([whether to enable FIPS mode in OpenSSL library])
 AS_CASE([$enable_fips_mode],
        [yes], [AC_MSG_RESULT([yes])
-               AC_CHECK_FUNCS([EVP_default_properties_enable_fips],
-                              [],
-                              [AC_CHECK_FUNCS([FIPS_mode],
-                                              [],
-                                              AC_MSG_FAILURE([OpenSSL FIPS mode requested but not available.])]))],
+               AC_DEFINE([ENABLE_FIPS_MODE], [1], [Define to 1 if you want FIPS mode to be enabled])
+               AS_IF([test "x$ac_cv_func_FIPS_mode" != xyes -a "x$ac_cv_func_EVP_default_properties_enable_fips" != xyes],
+                     AC_MSG_FAILURE([OpenSSL FIPS mode requested but not available.]))],
        [no], [AC_MSG_RESULT([no])])
 
 AX_RESTORE_FLAGS([openssl])