properly reset the zombie mode in FIPS mode

This amends 9158f590f4a18c84fc9eb41877b29d73b30af879

3 files changed, 11 insertions, 0 deletions

diff --git a/lib/fips.c b/lib/fips.c
index dd68ba0d39..5dab35f1cb 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -92,6 +92,15 @@ const char *p;
 	return fips_mode;
 }
 
+/* This _fips_mode == 2 is a strange mode where checks are being
+ * performed, but its output is ignored. */
+void _gnutls_fips_mode_reset_zombie(void)
+{
+	if (_fips_mode == 2) {
+		_fips_mode = 0;
+	}
+}
+
 #define GNUTLS_LIBRARY_NAME "libgnutls.so.28"
 #define NETTLE_LIBRARY_NAME "libnettle.so.4"
 #define HOGWEED_LIBRARY_NAME "libhogweed.so.2"
diff --git a/lib/fips.h b/lib/fips.h
index dcd855c916..f7fc7f6253 100644
--- a/lib/fips.h
+++ b/lib/fips.h
@@ -55,6 +55,7 @@ inline static gnutls_lib_state_t _gnutls_get_lib_state(void)
 
 int _gnutls_fips_perform_self_checks1(void);
 int _gnutls_fips_perform_self_checks2(void);
+void _gnutls_fips_mode_reset_zombie(void);
 
 #ifdef ENABLE_FIPS140
 unsigned _gnutls_fips_mode_enabled(void);
diff --git a/lib/gnutls_global.c b/lib/gnutls_global.c
index 433a7f9194..404d1d4bd7 100644
--- a/lib/gnutls_global.c
+++ b/lib/gnutls_global.c
@@ -337,6 +337,7 @@ int gnutls_global_init(void)
 				goto out;
 			}
 		}
+		_gnutls_fips_mode_reset_zombie();
 	}
 #endif
 	_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);