The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140-2 mode

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-08-14 10:11:03 +0200
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2014-08-14 10:12:15 +0200
commit: df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b (patch)
tree: ad2a5711b56785b5bce3128db505cc5201790bfd /lib/fips.c
parent: 4cb717daa9f5ba4590d51d73dcbff69f988116d6 (diff)
download: gnutls-df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b.tar.gz
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/fips.c b/lib/fips.c
index 908e5299f3..33cf4a6207 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -47,10 +47,22 @@ unsigned _gnutls_fips_mode_enabled(void)
 unsigned f1p = 0, f2p;
 FILE* fd;
 static int fips_mode = -1;
+const char *p;
 
 	if (fips_mode != -1)
 		return fips_mode;
-		
+
+	p = getenv("GNUTLS_FORCE_FIPS_MODE");
+	if (p) {
+		if (p[0] == '1')
+			fips_mode = 1;
+		else if (p[0] == '2')
+			fips_mode = 2;
+		else
+			fips_mode = 0;
+		return fips_mode;
+	}
+
 	fd = fopen(FIPS_KERNEL_FILE, "r");
 	if (fd != NULL) {
 		f1p = fgetc(fd);
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-08-14 10:11:03 +0200
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2014-08-14 10:12:15 +0200
commit	df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b (patch)
tree	ad2a5711b56785b5bce3128db505cc5201790bfd /lib/fips.c
parent	4cb717daa9f5ba4590d51d73dcbff69f988116d6 (diff)
download	gnutls-df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b.tar.gz