From 0d4658740b4a7f94cdbbfaa6d4d7dbc047660d4c Mon Sep 17 00:00:00 2001
From: Stefan Strogin <steils@gentoo.org>
Date: Wed, 3 Jul 2019 18:49:07 +0300
Subject: [PATCH] libcrypto: fix compilation with LibreSSL

LibreSSL does not support FIPS mode, check for FIPS_mode() in
ConfigureChecks.cmake.

Signed-off-by: Stefan Strogin <steils@gentoo.org>
Reviewed-by: Jakub Jelen <jjelen@redhat.com>
---
 ConfigureChecks.cmake      | 4 ++++
 config.h.cmake             | 3 +++
 include/libssh/libcrypto.h | 4 ++++
 3 files changed, 11 insertions(+)

diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
index 39e30a4f..02844622 100644
--- a/ConfigureChecks.cmake
+++ b/ConfigureChecks.cmake
@@ -128,6 +128,10 @@ if (OPENSSL_FOUND)
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(EVP_KDF_CTX_new_id HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID)
 
+    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+    check_function_exists(FIPS_mode HAVE_OPENSSL_FIPS_MODE)
+
     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
     check_function_exists(RAND_priv_bytes HAVE_OPENSSL_RAND_PRIV_BYTES)
diff --git a/config.h.cmake b/config.h.cmake
index c2590fdc..832f59e6 100644
--- a/config.h.cmake
+++ b/config.h.cmake
@@ -120,6 +120,9 @@
 /* Define to 1 if you have the `EVP_KDF_CTX_new_id' function. */
 #cmakedefine HAVE_OPENSSL_EVP_KDF_CTX_NEW_ID 1
 
+/* Define to 1 if you have the `FIPS_mode' function. */
+#cmakedefine HAVE_OPENSSL_FIPS_MODE 1
+
 /* Define to 1 if you have the `OPENSSL_ia32cap_loc' function. */
 #cmakedefine HAVE_OPENSSL_IA32CAP_LOC 1
 
diff --git a/include/libssh/libcrypto.h b/include/libssh/libcrypto.h
index 541912b5..fff6ff55 100644
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -112,7 +112,11 @@ typedef BN_CTX* bignum_CTX;
 
 
 /* Returns true if the OpenSSL is operating in FIPS mode */
+#ifdef HAVE_OPENSSL_FIPS_MODE
 #define ssh_fips_mode() (FIPS_mode() != 0)
+#else
+#define ssh_fips_mode() false
+#endif
 
 #endif /* HAVE_LIBCRYPTO */