diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-02-07 13:18:32 +0000 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2020-02-07 13:18:32 +0000 |
commit | 963657514d24c29604e0b873c17dcee0d3efd345 (patch) | |
tree | 346b4ec46380cbc96fe18f4128f88ef544fd1e71 | |
parent | 5f775f8c3d916bf09c5791518b73d2cc548cf89b (diff) | |
download | rspamd-963657514d24c29604e0b873c17dcee0d3efd345.tar.gz rspamd-963657514d24c29604e0b873c17dcee0d3efd345.zip |
[Minor] Add explicit checks for FIPS mode presence
-rw-r--r-- | CMakeLists.txt | 11 | ||||
-rw-r--r-- | config.h.in | 1 | ||||
-rw-r--r-- | src/libutil/util.c | 4 |
3 files changed, 16 insertions, 0 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 29986a740..a41dd8abb 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -331,8 +331,19 @@ CHECK_SYMBOL_EXISTS(I_SETSIG "sys/types.h;sys/ioctl.h" HAVE_SETSIG) CHECK_SYMBOL_EXISTS(O_ASYNC "sys/types.h;sys/fcntl.h" HAVE_OASYNC) CHECK_SYMBOL_EXISTS(O_NOFOLLOW "sys/types.h;sys/fcntl.h" HAVE_ONOFOLLOW) CHECK_SYMBOL_EXISTS(O_CLOEXEC "sys/types.h;sys/fcntl.h" HAVE_OCLOEXEC) + +# OpenSSL specific stuff LIST(APPEND CMAKE_REQUIRED_INCLUDES "${LIBSSL_INCLUDE}") +IF(LIBCRYPT_LIBRARY_PATH) + SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBCRYPT_LIBRARY_PATH};${LIBCRYPT_LIBRARY}") + SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-L${LIBSSL_LIBRARY_PATH};${LIBSSL_LIBRARY}") +ELSE() + SET(CMAKE_REQUIRED_LIBRARIES "${CMAKE_REQUIRED_LIBRARIES};-lcrypt;-lssl") +ENDIF() + CHECK_SYMBOL_EXISTS(SSL_set_tlsext_host_name "openssl/ssl.h" HAVE_SSL_TLSEXT_HOSTNAME) +CHECK_SYMBOL_EXISTS(FIPS_mode "openssl/crypto.h" HAVE_FIPS_MODE) + CHECK_SYMBOL_EXISTS(dirfd "sys/types.h;unistd.h;dirent.h" HAVE_DIRFD) CHECK_SYMBOL_EXISTS(fpathconf "sys/types.h;unistd.h" HAVE_FPATHCONF) CHECK_SYMBOL_EXISTS(sigaltstack "signal.h" HAVE_SIGALTSTACK) diff --git a/config.h.in b/config.h.in index c2d73a0a9..b3aefd980 100644 --- a/config.h.in +++ b/config.h.in @@ -32,6 +32,7 @@ #cmakedefine HAVE_FCNTL_H 1 #cmakedefine HAVE_FDATASYNC 1 #cmakedefine HAVE_FETCH_H 1 +#cmakedefine HAVE_FIPS_MODE 1 #cmakedefine HAVE_FLOCK 1 #cmakedefine HAVE_FPATHCONF 1 #cmakedefine HAVE_GETPAGESIZE 1 diff --git a/src/libutil/util.c b/src/libutil/util.c index 3256becb9..119082964 100644 --- a/src/libutil/util.c +++ b/src/libutil/util.c @@ -2484,6 +2484,7 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx, } if (cfg->fips_mode) { +#ifdef HAVE_FIPS_MODE int mode = FIPS_mode (); unsigned long err = (unsigned long)-1; @@ -2505,6 +2506,9 @@ rspamd_config_libs (struct rspamd_external_libs_ctx *ctx, else { msg_info_config ("OpenSSL FIPS mode is enabled"); } +#else + msg_warn_config ("SSL FIPS mode is enabled but not supported by OpenSSL library!"); +#endif } if (cfg->ssl_ca_path) { |