From 6f68e8d0647aa8971d163a031e3679ae5b858df9 Mon Sep 17 00:00:00 2001
From: Will Cosgrove <will@panic.com>
Date: Wed, 26 May 2021 16:43:32 -0700
Subject: [PATCH] openssl.c: guards around calling FIPS_mode() #596 (#603)

Notes:
FIPS_mode() is not implemented in LibreSSL and this API is removed in OpenSSL 3.0 and was introduced in 0.9.7. Added guards around making this call.

Credit:
Will Cosgrove
---
 src/openssl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/openssl.c b/src/openssl.c
index 2ea9e1ba..7a6810f1 100644
--- a/src/openssl.c
+++ b/src/openssl.c
@@ -2230,8 +2230,14 @@ _libssh2_md5_init(libssh2_md5_ctx *ctx)
      * "digital envelope routines:FIPS_DIGESTINIT:disabled for fips"
      * So, just return 0 in FIPS mode
      */
+#if OPENSSL_VERSION_NUMBER >= 0x000907000L && \
+    defined(OPENSSL_VERSION_MAJOR) && \
+    OPENSSL_VERSION_MAJOR < 3 && \
+    !defined(LIBRESSL_VERSION_NUMBER)
      if(FIPS_mode() != 0)
          return 0;
+#endif
+
 #ifdef HAVE_OPAQUE_STRUCTS
     *ctx = EVP_MD_CTX_new();