gnutls-cli: added --fips140-mode command line option

That option will report the status of the FIPS140-2 mode in the library.

2 files changed, 16 insertions, 1 deletions

diff --git a/src/cli-args.def b/src/cli-args.def
index facc22ca1e..600c10fefe 100644
--- a/src/cli-args.def
+++ b/src/cli-args.def
@@ -343,7 +343,6 @@ flag = {
     doc       = "Change the default (^) delimiter used for inline commands. The delimiter is expected to be a single US-ASCII character (octets 0 - 127). This option is only relevant if inline commands are enabled via the inline-commands option";
 };
 
-
 flag = {
     name      = provider;
     arg-type  = file;
@@ -352,6 +351,12 @@ flag = {
     doc      = "This will override the default options in /etc/gnutls/pkcs11.conf";
 };
 
+flag = {
+    name      = fips140-mode;
+    descrip   = "Reports the status of the FIPS140-2 mode in gnutls library";
+    doc      = "";
+};
+
 doc-section = {
   ds-type   = 'SEE ALSO'; // or anything else
   ds-format = 'texi';      // or texi or mdoc format
diff --git a/src/cli.c b/src/cli.c
index 0d2215a07d..867c646fcb 100644
--- a/src/cli.c
+++ b/src/cli.c
@@ -1303,6 +1303,16 @@ static void cmd_parser(int argc, char **argv)
 	if (rest == NULL && argc > 0)
 		rest = argv[0];
 
+
+	if (HAVE_OPT(FIPS140_MODE)) {
+		if (gnutls_fips140_mode_enabled() != 0) {
+			fprintf(stderr, "library is in FIPS140-2 mode\n");
+			exit(0);
+		}
+		fprintf(stderr, "library is NOT in FIPS140-2 mode\n");
+		exit(1);
+	}
+
 	if (HAVE_OPT(BENCHMARK_CIPHERS)) {
 		benchmark_cipher(OPT_VALUE_DEBUG);
 		exit(0);