From b26ddfd72f6acd33c44b764bfe78318b720fe3c5 Mon Sep 17 00:00:00 2001
From: Jun Aruga <jaruga@redhat.com>
Date: Tue, 16 May 2023 22:01:43 +0200
Subject: [PATCH] [ruby/openssl] Fix warnings about the OPENSSL_FIPS macro in
 OpenSSL 1.1.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The commit <https://github.com/ruby/openssl/commit/c5b2bc1268bc> made the warnings below
in the case of OpenSSL 1.1 where the `OPENSSL_FIPS` macro is not defined.

```
$ bundle install --standalone

$ bundle exec rake compile -- \
  --with-openssl-dir=$HOME/.local/openssl-1.1.1t-debug \
  --with-cflags="-Wundef"
mkdir -p tmp/x86_64-linux/openssl/3.2.1
cd tmp/x86_64-linux/openssl/3.2.1
/usr/local/ruby-3.2.1/bin/ruby -I. -r.rake-compiler-siteconf.rb ../../../../ext/openssl/extconf.rb -- --with-openssl-dir=/home/jaruga/.local/openssl-1.1.1t-debug --with-cflags=-Wundef
...
gcc -I. -I/usr/local/ruby-3.2.1/include/ruby-3.2.0/x86_64-linux -I/usr/local/ruby-3.2.1/include/ruby-3.2.0/ruby/backward -I/usr/local/ruby-3.2.1/include/ruby-3.2.0 -I../../../../ext/openssl -DRUBY_EXTCONF_H=\"extconf.h\" -I/home/jaruga/.local/openssl-1.1.1t-debug/include    -fPIC -Wundef  -o ossl.o -c ../../../../ext/openssl/ossl.c
../../../../ext/openssl/ossl.c: In function ‘ossl_fips_mode_get’:
../../../../ext/openssl/ossl.c:425:7: warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef]
  425 | #elif OPENSSL_FIPS
      |       ^~~~~~~~~~~~
../../../../ext/openssl/ossl.c: In function ‘ossl_fips_mode_set’:
../../../../ext/openssl/ossl.c:460:7: warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef]
  460 | #elif OPENSSL_FIPS
      |       ^~~~~~~~~~~~
../../../../ext/openssl/ossl.c: In function ‘Init_openssl’:
../../../../ext/openssl/ossl.c:1218:7: warning: "OPENSSL_FIPS" is not defined, evaluates to 0 [-Wundef]
 1218 | #elif OPENSSL_FIPS
      |       ^~~~~~~~~~~~
...
cp tmp/x86_64-linux/openssl/3.2.1/openssl.so tmp/x86_64-linux/stage/lib/openssl.so
```

https://github.com/ruby/openssl/commit/b4228cbcd6
---
 ext/openssl/ossl.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ext/openssl/ossl.c b/ext/openssl/ossl.c
index be97b97a1a2d96..81069c8b93fa0e 100644
--- a/ext/openssl/ossl.c
+++ b/ext/openssl/ossl.c
@@ -422,7 +422,7 @@ ossl_fips_mode_get(VALUE self)
     VALUE enabled;
     enabled = EVP_default_properties_is_fips_enabled(NULL) ? Qtrue : Qfalse;
     return enabled;
-#elif OPENSSL_FIPS
+#elif defined(OPENSSL_FIPS)
     VALUE enabled;
     enabled = FIPS_mode() ? Qtrue : Qfalse;
     return enabled;
@@ -457,7 +457,7 @@ ossl_fips_mode_set(VALUE self, VALUE enabled)
         }
     }
     return enabled;
-#elif OPENSSL_FIPS
+#elif defined(OPENSSL_FIPS)
     if (RTEST(enabled)) {
 	int mode = FIPS_mode();
 	if(!mode && !FIPS_mode_set(1)) /* turning on twice leads to an error */
@@ -1215,7 +1215,7 @@ Init_openssl(void)
 /* OpenSSL 3 is FIPS-capable even when it is installed without fips option */
 #if OSSL_OPENSSL_PREREQ(3, 0, 0)
                     Qtrue
-#elif OPENSSL_FIPS
+#elif defined(OPENSSL_FIPS)
 		    Qtrue
 #else
 		    Qfalse