Re: [PATCH v2] libcrypto: fix compilation with LibreSSL

[Andreas Schneider <asn@xxxxxxxxxxxxxx>]

On Monday, July 1, 2019 5:19:55 PM CEST Stefan Strogin wrote:
> LibreSSL does not support FIPS mode, check for FIPS_mode() in
> ConfigureChecks.cmake.

Hi Stefan,

this looks good for me. Thanks for your contribution!


	Andreas

> 
> Signed-off-by: Stefan Strogin <steils@xxxxxxxxxx>
> ---
>  ConfigureChecks.cmake      | 4 ++++
>  include/libssh/libcrypto.h | 4 ++++
>  2 files changed, 8 insertions(+)
> 
> diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
> index 643a0a4b..a5f4e74b 100644
> --- a/ConfigureChecks.cmake
> +++ b/ConfigureChecks.cmake
> @@ -131,6 +131,10 @@ if (OPENSSL_FOUND)
>      set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
>      check_function_exists(EVP_KDF_CTX_new_id
> HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
> 
> +    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
> +    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
> +    check_function_exists(FIPS_mode HAVE_FIPS_MODE)
> +
>      set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
>      set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
>      check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
> diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
> index 541912b5..94d6bfae 100644
> --- a/include/libssh/libcrypto.h
> +++ b/include/libssh/libcrypto.h
> @@ -112,7 +112,11 @@ typedef BN_CTX* bignum_CTX;
> 
> 
>  /* Returns true if the OpenSSL is operating in FIPS mode */
> +#ifdef HAVE_FIPS_MODE
>  #define ssh_fips_mode() (FIPS_mode() != 0)
> +#else
> +#define ssh_fips_mode() false
> +#endif
> 
>  #endif /* HAVE_LIBCRYPTO */


-- 
Andreas Schneider                 asn@xxxxxxxxxxxxxx
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D