Expose FIPS funcs for OpenSSL. (#3939)

* Expose FIPS funcs for OpenSSL.

* Remove FIPS customization / conditionals.

It seems that the FIPS functions are always defined, regardless of if
the FIPS module is present.

* Do not include FIPS_selftest_check func.

* Libressl does not have FIPS.

2 files changed, 29 insertions, 0 deletions

diff --git a/src/_cffi_src/build_openssl.py b/src/_cffi_src/build_openssl.py
index 86ee5007..7ec235ff 100644
--- a/src/_cffi_src/build_openssl.py
+++ b/src/_cffi_src/build_openssl.py
@@ -76,6 +76,7 @@ ffi = build_ffi_for_binding(
         "engine",
         "err",
         "evp",
+        "fips",
         "hmac",
         "nid",
         "objects",
diff --git a/src/_cffi_src/openssl/fips.py b/src/_cffi_src/openssl/fips.py
new file mode 100644
index 00000000..c92bca49
--- /dev/null
+++ b/src/_cffi_src/openssl/fips.py
@@ -0,0 +1,28 @@
+# This file is dual licensed under the terms of the Apache License, Version
+# 2.0, and the BSD License. See the LICENSE file in the root of this repository
+# for complete details.
+
+from __future__ import absolute_import, division, print_function
+
+INCLUDES = """
+#include <openssl/crypto.h>
+"""
+
+TYPES = """
+static const long Cryptography_HAS_FIPS;
+"""
+
+FUNCTIONS = """
+int FIPS_mode_set(int);
+int FIPS_mode(void);
+"""
+
+CUSTOMIZATIONS = """
+#if CRYPTOGRAPHY_IS_LIBRESSL
+static const long Cryptography_HAS_FIPS = 0;
+int (*FIPS_mode_set)(int) = NULL;
+int (*FIPS_mode)(void) = NULL;
+#else
+static const long Cryptography_HAS_FIPS = 1;
+#endif
+"""