From: Mark Andrews <marka@isc.org>
Date: Thu, 16 Dec 2021 08:20:40 +0000 (+1100)
Subject: Use isc_fips_mode() and isc_fips_set_mode() in
X-Git-Tag: v9.19.12~38^2~44
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=e7aa100e9b2ff2bf81ba2e30ed0b93b30cbab621;p=thirdparty%2Fbind9.git

Use isc_fips_mode() and isc_fips_set_mode() in

bin/named/server.c and lib/dns/openssl_link.c
---

diff --git a/bin/named/server.c b/bin/named/server.c
index 3054429160d..a1e5467ab9f 100644
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -39,6 +39,7 @@
 #include <isc/commandline.h>
 #include <isc/dir.h>
 #include <isc/file.h>
+#include <isc/fips.h>
 #include <isc/hash.h>
 #include <isc/hex.h>
 #include <isc/hmac.h>
@@ -9840,12 +9841,10 @@ view_loaded(void *arg) {
 
 		named_os_started();
 
-#ifdef HAVE_FIPS_MODE
 		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
 			      NAMED_LOGMODULE_SERVER, ISC_LOG_NOTICE,
 			      "FIPS mode is %s",
-			      FIPS_mode() ? "enabled" : "disabled");
-#endif /* ifdef HAVE_FIPS_MODE */
+			      isc_fips_mode() ? "enabled" : "disabled");
 
 #if HAVE_LIBSYSTEMD
 		sd_notifyf(0,
diff --git a/lib/dns/openssl_link.c b/lib/dns/openssl_link.c
index cafc7478259..815ee32311e 100644
--- a/lib/dns/openssl_link.c
+++ b/lib/dns/openssl_link.c
@@ -27,6 +27,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
+#include <isc/fips.h>
 #include <isc/mem.h>
 #include <isc/mutex.h>
 #include <isc/mutexblock.h>
@@ -63,19 +64,19 @@ static ENGINE *global_engine = NULL;
 
 static void
 enable_fips_mode(void) {
-#ifdef HAVE_FIPS_MODE
-	if (FIPS_mode() != 0) {
+#if defined(ENABLE_FIPS_MODE)
+	if (isc_fips_mode()) {
 		/*
 		 * FIPS mode is already enabled.
 		 */
 		return;
 	}
 
-	if (FIPS_mode_set(1) == 0) {
+	if (isc_fips_set_mode(1) != ISC_R_SUCCESS) {
 		dst__openssl_toresult2("FIPS_mode_set", DST_R_OPENSSLFAILURE);
 		exit(1);
 	}
-#endif /* HAVE_FIPS_MODE */
+#endif
 }
 
 isc_result_t