FIPS140 mode is detected on run-time.

That allows a library compiled in FIPS140 mode to operate as the full library if the system is not in FIPS mode.
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-12-09 11:03:25 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-12-09 11:08:59 +0100
commit: 80596228381b256eab9e4980295f32487e530454 (patch)
tree: 958a20e1e445e42b1e20ab57ce91606bda474662 /lib/fips.c
parent: 49a856323097012a465334889310de1103c966ae (diff)
download: gnutls-80596228381b256eab9e4980295f32487e530454.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/lib/fips.c b/lib/fips.c
index 3444e4d577..3f3fec0d0f 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -39,7 +39,11 @@ unsigned _gnutls_fips_mode_enabled(void)
 {
 unsigned f1p, f2p;
 FILE* fd;
+static int fips_mode = -1;
 
+	if (fips_mode != -1)
+		return fips_mode;
+		
 	fd = fopen(FIPS_KERNEL_FILE, "r");
 	if (fd != NULL) {
 		f1p = fgetc(fd);
@@ -53,17 +57,20 @@ FILE* fd;
 
 	if (f1p != 0 && f2p != 0) {
 		_gnutls_debug_log("FIPS140-2 mode enabled\n");
-		return 1;
+		fips_mode = 1;
+		return fips_mode;
 	}
 
 	if (f2p != 0) {
 		/* a funny state where self tests are performed
 		 * and ignored */
 		_gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n");
-		return 2;
+		fips_mode = 2;
+		return fips_mode;
 	}
 
-	return 0;
+	fips_mode = 0;
+	return fips_mode;
 }
 
 #define GNUTLS_LIBRARY_NAME "libgnutls.so.28"
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-12-09 11:03:25 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-12-09 11:08:59 +0100
commit	80596228381b256eab9e4980295f32487e530454 (patch)
tree	958a20e1e445e42b1e20ab57ce91606bda474662 /lib/fips.c
parent	49a856323097012a465334889310de1103c966ae (diff)
download	gnutls-80596228381b256eab9e4980295f32487e530454.tar.gz