summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2020-02-07 13:18:32 +0000
committerVsevolod Stakhov <vsevolod@highsecure.ru>2020-02-07 13:18:32 +0000
commit963657514d24c29604e0b873c17dcee0d3efd345 (patch)
tree346b4ec46380cbc96fe18f4128f88ef544fd1e71
parent5f775f8c3d916bf09c5791518b73d2cc548cf89b (diff)
downloadrspamd-963657514d24c29604e0b873c17dcee0d3efd345.tar.gz
rspamd-963657514d24c29604e0b873c17dcee0d3efd345.zip
[Minor] Add explicit checks for FIPS mode presence
-rw-r--r--CMakeLists.txt11
-rw-r--r--config.h.in1
-rw-r--r--src/libutil/util.c4
3 files changed, 16 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 29986a740..a41dd8abb 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -331,8 +331,19 @@ CHECK_SYMBOL_EXISTS(I_SETSIG "sys/types.h;sys/ioctl.h" HAVE_SETSIG)
CHECK_SYMBOL_EXISTS(O_ASYNC "sys/types.h;sys/fcntl.h" HAVE_OASYNC)
CHECK_SYMBOL_EXISTS(O_NOFOLLOW "sys/types.h;sys/fcntl.h" HAVE_ONOFOLLOW)
CHECK_SYMBOL_EXISTS(O_CLOEXEC "sys/types.h;sys/fcntl.h" HAVE_OCLOEXEC)
+
+# OpenSSL specific stuff
LIST(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSL_INCLUDE}")
+IF(LIBCRYPT_LIBRARY_PATH)
+ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBCRYPT_LIBRARY_PATH};${LIBCRYPT_LIBRARY}")
+ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBSSL_LIBRARY_PATH};${LIBSSL_LIBRARY}")
+ELSE()
+ SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-lcrypt;-lssl")
+ENDIF()
+
CHECK_SYMBOL_EXISTS(SSL_set_tlsext_host_name "openssl/ssl.h" HAVE_SSL_TLSEXT_HOSTNAME)
+CHECK_SYMBOL_EXISTS(FIPS_mode "openssl/crypto.h" HAVE_FIPS_MODE)
+
CHECK_SYMBOL_EXISTS(dirfd "sys/types.h;unistd.h;dirent.h" HAVE_DIRFD)
CHECK_SYMBOL_EXISTS(fpathconf "sys/types.h;unistd.h" HAVE_FPATHCONF)
CHECK_SYMBOL_EXISTS(sigaltstack "signal.h" HAVE_SIGALTSTACK)
diff --git a/config.h.in b/config.h.in
index c2d73a0a9..b3aefd980 100644
--- a/config.h.in
+++ b/config.h.in
@@ -32,6 +32,7 @@
#cmakedefine HAVE_FCNTL_H 1
#cmakedefine HAVE_FDATASYNC 1
#cmakedefine HAVE_FETCH_H 1
+#cmakedefine HAVE_FIPS_MODE 1
#cmakedefine HAVE_FLOCK 1
#cmakedefine HAVE_FPATHCONF 1
#cmakedefine HAVE_GETPAGESIZE 1
diff --git a/src/libutil/util.c b/src/libutil/util.c
index 3256becb9..119082964 100644
--- a/src/libutil/util.c
+++ b/src/libutil/util.c
@@ -2484,6 +2484,7 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx,
}
if (cfg->fips_mode) {
+#ifdef HAVE_FIPS_MODE
int mode = FIPS_mode ();
unsigned long err = (unsigned long)-1;
@@ -2505,6 +2506,9 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx,
else {
msg_info_config ("OpenSSL FIPS mode is enabled");
}
+#else
+ msg_warn_config ("SSL FIPS mode is enabled but not supported by OpenSSL library!");
+#endif
}
if (cfg->ssl_ca_path) {