diff options
author | Jakub Jelen <jjelen@redhat.com> | 2019-03-21 17:04:46 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2019-04-29 13:18:09 +0200 |
commit | e4465073527b12b8efef338b212b78e3434959ee (patch) | |
tree | 87d9a32072aa4fedec43f133c4b21bbac7b81610 | |
parent | 67beaf363fc16be235edf9cbf2f580f7906ef99c (diff) | |
download | libssh-e4465073527b12b8efef338b212b78e3434959ee.tar.gz libssh-e4465073527b12b8efef338b212b78e3434959ee.tar.xz libssh-e4465073527b12b8efef338b212b78e3434959ee.zip |
Provide a function to query crypto backend for FIPS status
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
-rw-r--r-- | include/libssh/libcrypto.h | 4 | ||||
-rw-r--r-- | include/libssh/libgcrypt.h | 2 | ||||
-rw-r--r-- | include/libssh/libmbedcrypto.h | 2 |
3 files changed, 8 insertions, 0 deletions
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h index 8db7d751..27cb6ad9 100644 --- a/include/libssh/libcrypto.h +++ b/include/libssh/libcrypto.h @@ -31,6 +31,7 @@ #include <openssl/md5.h> #include <openssl/hmac.h> #include <openssl/evp.h> +#include <openssl/crypto.h> typedef EVP_MD_CTX* SHACTX; typedef EVP_MD_CTX* SHA256CTX; @@ -102,6 +103,9 @@ typedef BN_CTX* bignum_CTX; #define bignum_cmp(num1,num2) BN_cmp(num1,num2) #define bignum_rshift1(dest, src) BN_rshift1(dest, src) +/* Returns true if the OpenSSL is operating in FIPS mode */ +#define ssh_fips_mode() (FIPS_mode() != 0) + #endif /* HAVE_LIBCRYPTO */ #endif /* LIBCRYPTO_H_ */ diff --git a/include/libssh/libgcrypt.h b/include/libssh/libgcrypt.h index 707fd27a..4d98ece3 100644 --- a/include/libssh/libgcrypt.h +++ b/include/libssh/libgcrypt.h @@ -102,6 +102,8 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp, enum gcry_mpi_format informat, enum gcry_mpi_format outformat); +#define ssh_fips_mode() false + #endif /* HAVE_LIBGCRYPT */ #endif /* LIBGCRYPT_H_ */ diff --git a/include/libssh/libmbedcrypto.h b/include/libssh/libmbedcrypto.h index c98a50cf..c2afddf5 100644 --- a/include/libssh/libmbedcrypto.h +++ b/include/libssh/libmbedcrypto.h @@ -126,5 +126,7 @@ int ssh_mbedtls_random(void *where, int len, int strong); ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const mbedtls_ecp_point *p); +#define ssh_fips_mode() false + #endif /* HAVE_LIBMBEDCRYPTO */ #endif /* LIBMBEDCRYPTO_H_ */ |