Define isc_fips_mode() and isc_fips_set_mode()

isc_fips_mode() determines if the process is running in FIPS mode isc_fips_set_mode() sets the process into FIPS mode
2022-07-20 11:26:06 +10:00
parent 6e64ec2af4
commit 5a2e82557e
3 changed files with 102 additions and 0 deletions
--- a/lib/isc/Makefile.am
+++ b/lib/isc/Makefile.am
@@ -28,6 +28,7 @@ libisc_la_HEADERS =			\
 	include/isc/errno.h		\
 	include/isc/error.h		\
 	include/isc/file.h		\
+	include/isc/fips.h		\
 	include/isc/formatcheck.h	\
 	include/isc/fuzz.h		\
 	include/isc/getaddresses.h	\
@@ -129,6 +130,7 @@ libisc_la_SOURCES =		\
 	errno2result.h		\
 	error.c			\
 	file.c			\
+	fips.c			\
 	getaddresses.c		\
 	hash.c			\
 	hashmap.c		\
--- a/lib/isc/fips.c
+++ b/lib/isc/fips.c
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+/*! \file */
+
+#include <isc/fips.h>
+#include <isc/util.h>
+
+#if defined(HAVE_EVP_DEFAULT_PROPERTIES_ENABLE_FIPS)
+#include <openssl/evp.h>
+bool
+isc_fips_mode(void) {
+	return (EVP_default_properties_is_fips_enabled(NULL) != 0);
+}
+
+isc_result_t
+isc_fips_set_mode(int mode) {
+	return (EVP_default_properties_enable_fips(NULL, mode) != 0
+			? ISC_R_SUCCESS
+			: ISC_R_FAILURE);
+}
+#elif defined(HAVE_FIPS_MODE)
+#include <openssl/crypto.h>
+
+bool
+isc_fips_mode(void) {
+	return (FIPS_mode() != 0);
+}
+
+isc_result_t
+isc_fips_set_mode(int mode) {
+	return (FIPS_mode_set(mode) != 0 ? ISC_R_SUCCESS : ISC_R_FAILURE);
+}
+#else
+bool
+isc_fips_mode(void) {
+	return (false);
+}
+
+isc_result_t
+isc_fips_set_mode(int mode) {
+	UNUSED(mode);
+	return (ISC_R_NOTIMPLEMENTED);
+}
+#endif
--- a/lib/isc/include/isc/fips.h
+++ b/lib/isc/include/isc/fips.h
@@ -0,0 +1,45 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+#pragma once
+
+/*****
+***** Module Info
+*****/
+
+/***
+ *** Imports
+ ***/
+
+#include <isc/lang.h>
+#include <isc/types.h>
+
+ISC_LANG_BEGINDECLS
+
+/***
+ *** Functions
+ ***/
+
+bool
+isc_fips_mode(void);
+/*
+ * Return if FIPS mode is currently enabled or not
+ */
+
+isc_result_t
+isc_fips_set_mode(int mode);
+/*
+ * Enable FIPS mode.
+ */
+
+ISC_LANG_ENDDECLS