diff options
| author | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-08-14 10:11:03 +0200 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@redhat.com> | 2014-08-14 10:12:15 +0200 |
| commit | df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b (patch) | |
| tree | ad2a5711b56785b5bce3128db505cc5201790bfd /lib/fips.c | |
| parent | 4cb717daa9f5ba4590d51d73dcbff69f988116d6 (diff) | |
| download | gnutls-df2a9540df2d187f90f5f45ee5cd7c9358f1ba7b.tar.gz | |
The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140-2 mode
Diffstat (limited to 'lib/fips.c')
| -rw-r--r-- | lib/fips.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/lib/fips.c b/lib/fips.c index 908e5299f3..33cf4a6207 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -47,10 +47,22 @@ unsigned _gnutls_fips_mode_enabled(void) unsigned f1p = 0, f2p; FILE* fd; static int fips_mode = -1; +const char *p; if (fips_mode != -1) return fips_mode; - + + p = getenv("GNUTLS_FORCE_FIPS_MODE"); + if (p) { + if (p[0] == '1') + fips_mode = 1; + else if (p[0] == '2') + fips_mode = 2; + else + fips_mode = 0; + return fips_mode; + } + fd = fopen(FIPS_KERNEL_FILE, "r"); if (fd != NULL) { f1p = fgetc(fd); |