summaryrefslogtreecommitdiff
path: root/lib/fips.c
diff options
context:
space:
mode:
authorNikos Mavrogiannopoulos <nmav@redhat.com>2015-06-03 15:42:42 +0200
committerNikos Mavrogiannopoulos <nmav@redhat.com>2015-06-04 13:41:18 +0200
commite93f699bfc56153818d792fd10c32c6f29a6ee4d (patch)
tree61cf62869052030375c791617a12a79d90842638 /lib/fips.c
parent90cb64ea21d0d1cbf3ad9997309bd697579e5200 (diff)
downloadgnutls-e93f699bfc56153818d792fd10c32c6f29a6ee4d.tar.gz
fips140: when GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS is setup do not perform integrity tests
Diffstat (limited to 'lib/fips.c')
-rw-r--r--lib/fips.c46
1 files changed, 27 insertions, 19 deletions
diff --git a/lib/fips.c b/lib/fips.c
index ac74533ce0..7c4b4b994b 100644
--- a/lib/fips.c
+++ b/lib/fips.c
@@ -38,6 +38,7 @@ unsigned int _gnutls_lib_mode = LIB_STATE_POWERON;
#define FIPS_SYSTEM_FILE "/etc/system-fips"
static int _fips_mode = -1;
+static int _skip_integrity_checks = 0;
/* Returns:
* 0 - FIPS mode disabled
@@ -53,6 +54,11 @@ const char *p;
if (_fips_mode != -1)
return _fips_mode;
+ p = getenv("GNUTLS_SKIP_FIPS_INTEGRITY_CHECKS");
+ if (p && p[0] == '1') {
+ _skip_integrity_checks = 1;
+ }
+
p = getenv("GNUTLS_FORCE_FIPS_MODE");
if (p) {
if (p[0] == '1')
@@ -353,28 +359,30 @@ int _gnutls_fips_perform_self_checks2(void)
goto error;
}
- ret = check_binary_integrity(GNUTLS_LIBRARY_NAME, "gnutls_global_init");
- if (ret == 0) {
- gnutls_assert();
- goto error;
- }
+ if (_skip_integrity_checks == 0) {
+ ret = check_binary_integrity(GNUTLS_LIBRARY_NAME, "gnutls_global_init");
+ if (ret == 0) {
+ gnutls_assert();
+ goto error;
+ }
- ret = check_binary_integrity(NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
- if (ret == 0) {
- gnutls_assert();
- goto error;
- }
+ ret = check_binary_integrity(NETTLE_LIBRARY_NAME, "nettle_aes_set_encrypt_key");
+ if (ret == 0) {
+ gnutls_assert();
+ goto error;
+ }
- ret = check_binary_integrity(HOGWEED_LIBRARY_NAME, "nettle_mpz_sizeinbase_256_u");
- if (ret == 0) {
- gnutls_assert();
- goto error;
- }
+ ret = check_binary_integrity(HOGWEED_LIBRARY_NAME, "nettle_mpz_sizeinbase_256_u");
+ if (ret == 0) {
+ gnutls_assert();
+ goto error;
+ }
- ret = check_binary_integrity(GMP_LIBRARY_NAME, "__gmpz_init");
- if (ret == 0) {
- gnutls_assert();
- goto error;
+ ret = check_binary_integrity(GMP_LIBRARY_NAME, "__gmpz_init");
+ if (ret == 0) {
+ gnutls_assert();
+ goto error;
+ }
}
return 0;
View Lorry Controller Status