ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

Define isc_fips_mode() and isc_fips_set_mode()

Browse Source 
isc_fips_mode() determines if the process is running in FIPS mode

isc_fips_set_mode() sets the process into FIPS mode
This commit is contained in:
Mark Andrews
2022-07-20 11:26:06 +10:00
parent 6e64ec2af4
commit 5a2e82557e
3 changed files with 102 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/isc/Makefile.am
View File

@@ -28,6 +28,7 @@ libisc_la_HEADERS = \
include/isc/errno.h \ include/isc/errno.h \
include/isc/error.h \ include/isc/error.h \
include/isc/file.h \ include/isc/file.h \
include/isc/fips.h \
include/isc/formatcheck.h \ include/isc/formatcheck.h \
include/isc/fuzz.h \ include/isc/fuzz.h \
include/isc/getaddresses.h \ include/isc/getaddresses.h \
@@ -129,6 +130,7 @@ libisc_la_SOURCES = \
errno2result.h \ errno2result.h \
error.c \ error.c \
file.c \ file.c \
fips.c \
getaddresses.c \ getaddresses.c \
hash.c \ hash.c \
hashmap.c \ hashmap.c \

55
lib/isc/fips.c Normal file
View File

@@ -0,0 +1,55 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <isc/fips.h>
#include <isc/util.h>
#if defined(HAVE_EVP_DEFAULT_PROPERTIES_ENABLE_FIPS)
#include <openssl/evp.h>
bool
isc_fips_mode(void) {
return (EVP_default_properties_is_fips_enabled(NULL) != 0);
}
isc_result_t
isc_fips_set_mode(int mode) {
return (EVP_default_properties_enable_fips(NULL, mode) != 0
? ISC_R_SUCCESS
: ISC_R_FAILURE);
}
#elif defined(HAVE_FIPS_MODE)
#include <openssl/crypto.h>
bool
isc_fips_mode(void) {
return (FIPS_mode() != 0);
}
isc_result_t
isc_fips_set_mode(int mode) {
return (FIPS_mode_set(mode) != 0 ? ISC_R_SUCCESS : ISC_R_FAILURE);
}
#else
bool
isc_fips_mode(void) {
return (false);
}
isc_result_t
isc_fips_set_mode(int mode) {
UNUSED(mode);
return (ISC_R_NOTIMPLEMENTED);
}
#endif

45
lib/isc/include/isc/fips.h Normal file
View File

@@ -0,0 +1,45 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
#pragma once
/*****
***** Module Info
*****/
/***
*** Imports
***/
#include <isc/lang.h>
#include <isc/types.h>
ISC_LANG_BEGINDECLS
/***
*** Functions
***/
bool
isc_fips_mode(void);
/*
* Return if FIPS mode is currently enabled or not
*/
isc_result_t
isc_fips_set_mode(int mode);
/*
* Enable FIPS mode.
*/
ISC_LANG_ENDDECLS