Provide a function to query crypto backend for FIPS status

Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>

include/libssh/libcrypto.h

@@ -31,6 +31,7 @@
 #include <openssl/md5.h>
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
+#include <openssl/crypto.h>
 
 typedef EVP_MD_CTX* SHACTX;
 typedef EVP_MD_CTX* SHA256CTX;
@@ -102,6 +103,9 @@ typedef BN_CTX* bignum_CTX;
 #define bignum_cmp(num1,num2) BN_cmp(num1,num2)
 #define bignum_rshift1(dest, src) BN_rshift1(dest, src)
 
+/* Returns true if the OpenSSL is operating in FIPS mode */
+#define ssh_fips_mode() (FIPS_mode() != 0)
+
 #endif /* HAVE_LIBCRYPTO */
 
 #endif /* LIBCRYPTO_H_ */

include/libssh/libgcrypt.h

@@ -102,6 +102,8 @@ ssh_string ssh_sexp_extract_mpi(const gcry_sexp_t sexp,
                                 enum gcry_mpi_format informat,
                                 enum gcry_mpi_format outformat);
 
+#define ssh_fips_mode() false
+
 #endif /* HAVE_LIBGCRYPT */
 
 #endif /* LIBGCRYPT_H_ */

include/libssh/libmbedcrypto.h

@@ -126,5 +126,7 @@ int ssh_mbedtls_random(void *where, int len, int strong);
 ssh_string make_ecpoint_string(const mbedtls_ecp_group *g, const
         mbedtls_ecp_point *p);
 
+#define ssh_fips_mode() false
+
 #endif /* HAVE_LIBMBEDCRYPTO */
 #endif /* LIBMBEDCRYPTO_H_ */