On Monday, 1 July 2019 17:19:55 CEST Stefan Strogin wrote: > LibreSSL does not support FIPS mode, check for FIPS_mode() in > ConfigureChecks.cmake.
Sorry, this doesn't work as there is no definition in config.h.cmake for it. Also I think it should be a function so that config.h is included! https://gitlab.com/cryptomilk/libssh-mirror/-/jobs/244166020 Could you please fix that? Thanks, Andreas > Signed-off-by: Stefan Strogin <[email protected]> > --- > ConfigureChecks.cmake | 4 ++++ > include/libssh/libcrypto.h | 4 ++++ > 2 files changed, 8 insertions(+) > > diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake > index 643a0a4b..a5f4e74b 100644 > --- a/ConfigureChecks.cmake > +++ b/ConfigureChecks.cmake > @@ -131,6 +131,10 @@ if (OPENSSL_FOUND) > set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) > check_function_exists(EVP_KDF_CTX_new_id > HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID) > > + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) > + set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) > + check_function_exists(FIPS_mode HAVE_FIPS_MODE) > + > set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) > set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) > check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES) > diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h > index 541912b5..94d6bfae 100644 > --- a/include/libssh/libcrypto.h > +++ b/include/libssh/libcrypto.h > @@ -112,7 +112,11 @@ typedef BN_CTX* bignum_CTX; > > > /* Returns true if the OpenSSL is operating in FIPS mode */ > +#ifdef HAVE_FIPS_MODE > #define ssh_fips_mode() (FIPS_mode() != 0) > +#else > +#define ssh_fips_mode() false > +#endif > > #endif /* HAVE_LIBCRYPTO */
