]> git.ipfire.org Git - thirdparty/gnutls.git/commitdiff
The environment variable GNUTLS_FORCE_FIPS_MODE can be used to force the FIPS-140...
authorNikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 14 Aug 2014 08:11:03 +0000 (10:11 +0200)
committerNikos Mavrogiannopoulos <nmav@redhat.com>
Thu, 14 Aug 2014 08:12:15 +0000 (10:12 +0200)
lib/fips.c

index 908e5299f316e7d9ff0f3c20e221051949bacb0d..33cf4a6207b84c3fa2e9abf3eb2094b290173ebc 100644 (file)
@@ -47,10 +47,22 @@ unsigned _gnutls_fips_mode_enabled(void)
 unsigned f1p = 0, f2p;
 FILE* fd;
 static int fips_mode = -1;
+const char *p;
 
        if (fips_mode != -1)
                return fips_mode;
-               
+
+       p = getenv("GNUTLS_FORCE_FIPS_MODE");
+       if (p) {
+               if (p[0] == '1')
+                       fips_mode = 1;
+               else if (p[0] == '2')
+                       fips_mode = 2;
+               else
+                       fips_mode = 0;
+               return fips_mode;
+       }
+
        fd = fopen(FIPS_KERNEL_FILE, "r");
        if (fd != NULL) {
                f1p = fgetc(fd);