Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:GA
compat-libgcrypt11.3673
libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff of Package compat-libgcrypt11.3673
--- ../libgcrypt-1.5.0-o/src/fips.c 2011-02-04 20:17:33.000000000 +0100 +++ src/fips.c 2011-09-19 13:22:17.000000000 +0200 @@ -96,60 +96,71 @@ local variable. If FORCE is passed as true, fips mode will be enabled anyway. Note: This function is not thread-safe and should be called before any threads are created. This function may only be called once. */ void _gcry_initialize_fips_mode (int force) { static int done; gpg_error_t err; /* Make sure we are not accidently called twice. */ if (done) { if ( fips_mode () ) { fips_new_state (STATE_FATALERROR); fips_noreturn (); } /* If not in fips mode an assert is sufficient. */ gcry_assert (!done); } done = 1; /* If the calling application explicitly requested fipsmode, do so. */ if (force) { gcry_assert (!no_fips_mode_required); goto leave; } + /* for convenience, so that a process can run fips-enabled, but + not necessarily all of them, enable FIPS mode via environment + variable LIBGCRYPT_FORCE_FIPS_MODE. */ + + if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL) + { + gcry_assert (!no_fips_mode_required); + goto leave; + } + + /* For testing the system it is useful to override the system provided detection of the FIPS mode and force FIPS mode using a file. The filename is hardwired so that there won't be any confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is actually used. The file itself may be empty. */ if ( !access (FIPS_FORCE_FILE, F_OK) ) { gcry_assert (!no_fips_mode_required); goto leave; } /* Checking based on /proc file properties. */ { static const char procfname[] = "/proc/sys/crypto/fips_enabled"; FILE *fp; int saved_errno; fp = fopen (procfname, "r"); if (fp) { char line[256]; if (fgets (line, sizeof line, fp) && atoi (line)) { /* System is in fips mode. */ fclose (fp); gcry_assert (!no_fips_mode_required); goto leave; } fclose (fp);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor