Use isc_fips_mode() and isc_fips_set_mode() in

bin/named/server.c and lib/dns/openssl_link.c

diff --git a/bin/named/server.c b/bin/named/server.c
index 3054429160d2a2291ccfe0e38b18ac97ee2e0e17..a1e5467ab9f931874aafe8eb1fc95b5c76d08c9d 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -39,6 +39,7 @@
 #include <isc/commandline.h>
 #include <isc/dir.h>
 #include <isc/file.h>
+#include <isc/fips.h>
 #include <isc/hash.h>
 #include <isc/hex.h>
 #include <isc/hmac.h>
@@ -9840,12 +9841,10 @@ view_loaded(void *arg) {
 
                named_os_started();
 
-#ifdef HAVE_FIPS_MODE
                isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
                              NAMED_LOGMODULE_SERVER, ISC_LOG_NOTICE,
                              "FIPS mode is %s",
-                             FIPS_mode() ? "enabled" : "disabled");
-#endif /* ifdef HAVE_FIPS_MODE */
+                             isc_fips_mode() ? "enabled" : "disabled");
 
 #if HAVE_LIBSYSTEMD
                sd_notifyf(0,

diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index cafc74782597c6e6b2ff8af722e8afa31232d247..815ee32311e4bfdd14694738135bb3d51723f985 100644 (file)
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -27,6 +27,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <isc/fips.h>
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/mutexblock.h>
@@ -63,19 +64,19 @@ static ENGINE *global_engine = NULL;
 
 static void
 enable_fips_mode(void) {
-#ifdef HAVE_FIPS_MODE
-       if (FIPS_mode() != 0) {
+#if defined(ENABLE_FIPS_MODE)
+       if (isc_fips_mode()) {
                /*
                 * FIPS mode is already enabled.
                 */
                return;
        }
 
-       if (FIPS_mode_set(1) == 0) {
+       if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
                dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE);
                exit(1);
        }
-#endif /* HAVE_FIPS_MODE */
+#endif
 }
 
 isc_result_t