Added support for fips states.

This implies that when in FIPS mode and the library is not in operational state (i.e., all self checks succeeded), crypto functionality of the library will fail. This includes: * API functions of gnutls/crypto.h * API functions of gnutls/abstract.h * API functions of gnutls/x509.h * gnutls_init() * API functions of gnutls/xssl.h
author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-11 18:07:17 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2013-11-27 11:41:05 +0100
commit: 0f8af4f83efde3c8d448ed4bd8ae0879e2112607 (patch)
tree: 29a7d8c8bd69a74775a94d255e8140dfded93f65 /lib/gnutls_state.c
parent: 8b03afa66a73aa981cd0098520a464ad3089535a (diff)
download: gnutls-0f8af4f83efde3c8d448ed4bd8ae0879e2112607.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/lib/gnutls_state.c b/lib/gnutls_state.c
index 231e6b0b64..21a8f99cee 100644
--- a/lib/gnutls_state.c
+++ b/lib/gnutls_state.c
@@ -45,6 +45,7 @@
 #include <gnutls_extensions.h>
 #include <system.h>
 #include <random.h>
+#include <fips.h>
 #include <gnutls/dtls.h>
 
 /* These should really be static, but src/tests.c calls them.  Make
@@ -307,6 +308,8 @@ int gnutls_init(gnutls_session_t * session, unsigned int flags)
 {
 	int ret;
 	record_parameters_st *epoch;
+	
+	FAIL_IF_FIPS_ERROR;
 
 	*session = gnutls_calloc(1, sizeof(struct gnutls_session_int));
 	if (*session == NULL)
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-11 18:07:17 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2013-11-27 11:41:05 +0100
commit	0f8af4f83efde3c8d448ed4bd8ae0879e2112607 (patch)
tree	29a7d8c8bd69a74775a94d255e8140dfded93f65 /lib/gnutls_state.c
parent	8b03afa66a73aa981cd0098520a464ad3089535a (diff)
download	gnutls-0f8af4f83efde3c8d448ed4bd8ae0879e2112607.tar.gz