Define isc_fips_mode() and isc_fips_set_mode()

isc_fips_mode() determines if the process is running in FIPS mode

isc_fips_set_mode() sets the process into FIPS mode

diff --git a/lib/isc/Makefile.am b/lib/isc/Makefile.am
index bb4c4dbd19dd57b0302bc38d1620dc01f6515654..87ae209b8da1e52f9b5d9d94bb73797825587a25 100644 (file)
--- a/lib/isc/Makefile.am
+++ b/lib/isc/Makefile.am
@@ -28,6 +28,7 @@ libisc_la_HEADERS =                   \
        include/isc/errno.h             \
        include/isc/error.h             \
        include/isc/file.h              \
+       include/isc/fips.h              \
        include/isc/formatcheck.h       \
        include/isc/fuzz.h              \
        include/isc/getaddresses.h      \
@@ -129,6 +130,7 @@ libisc_la_SOURCES =         \
        errno2result.h          \
        error.c                 \
        file.c                  \
+       fips.c                  \
        getaddresses.c          \
        hash.c                  \
        hashmap.c               \

diff --git a/lib/isc/fips.c b/lib/isc/fips.c
new file mode 100644 (file)
index 0000000..e97c6b0
--- /dev/null
+++ b/lib/isc/fips.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <isc/fips.h>
+#include <isc/util.h>
+
+#if defined(HAVE_EVP_DEFAULT_PROPERTIES_ENABLE_FIPS)
+#include <openssl/evp.h>
+bool
+isc_fips_mode(void) {
+       return (EVP_default_properties_is_fips_enabled(NULL) != 0);
+}
+
+isc_result_t
+isc_fips_set_mode(int mode) {
+       return (EVP_default_properties_enable_fips(NULL, mode) != 0
+                       ? ISC_R_SUCCESS
+                       : ISC_R_FAILURE);
+}
+#elif defined(HAVE_FIPS_MODE)
+#include <openssl/crypto.h>
+
+bool
+isc_fips_mode(void) {
+       return (FIPS_mode() != 0);
+}
+
+isc_result_t
+isc_fips_set_mode(int mode) {
+       return (FIPS_mode_set(mode) != 0 ? ISC_R_SUCCESS : ISC_R_FAILURE);
+}
+#else
+bool
+isc_fips_mode(void) {
+       return (false);
+}
+
+isc_result_t
+isc_fips_set_mode(int mode) {
+       UNUSED(mode);
+       return (ISC_R_NOTIMPLEMENTED);
+}
+#endif

diff --git a/lib/isc/include/isc/fips.h b/lib/isc/include/isc/fips.h
new file mode 100644 (file)
index 0000000..c75ac71
--- /dev/null
+++ b/lib/isc/include/isc/fips.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#pragma once
+
+/*****
+***** Module Info
+*****/
+
+/***
+ *** Imports
+ ***/
+
+#include <isc/lang.h>
+#include <isc/types.h>
+
+ISC_LANG_BEGINDECLS
+
+/***
+ *** Functions
+ ***/
+
+bool
+isc_fips_mode(void);
+/*
+ * Return if FIPS mode is currently enabled or not
+ */
+
+isc_result_t
+isc_fips_set_mode(int mode);
+/*
+ * Enable FIPS mode.
+ */
+
+ISC_LANG_ENDDECLS