Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:Update
gnutls
gnutls-fips_mode_enabled.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gnutls-fips_mode_enabled.patch of Package gnutls
Index: gnutls-3.6.7/lib/fips.c =================================================================== --- gnutls-3.6.7.orig/lib/fips.c 2020-04-07 11:11:54.490109339 +0200 +++ gnutls-3.6.7/lib/fips.c 2020-04-21 14:54:51.262199739 +0200 @@ -38,7 +38,6 @@ unsigned int _gnutls_lib_state = LIB_STA #include <dlfcn.h> #define FIPS_KERNEL_FILE "/proc/sys/crypto/fips_enabled" -#define FIPS_SYSTEM_FILE "/etc/system-fips" /* We provide a per-thread FIPS-mode so that an application * can use gnutls_fips140_set_mode() to override a specific @@ -53,7 +52,7 @@ static int _skip_integrity_checks = 0; */ unsigned _gnutls_fips_mode_enabled(void) { - unsigned f1p = 0, f2p; + unsigned f1p = 0; FILE* fd; const char *p; unsigned ret; @@ -80,7 +79,7 @@ unsigned _gnutls_fips_mode_enabled(void) p = secure_getenv("GNUTLS_FORCE_FIPS_MODE"); if (p) { if (p[0] == '1') - ret = 1; + ret = GNUTLS_FIPS140_STRICT; else if (p[0] == '2') ret = GNUTLS_FIPS140_SELFTESTS; else if (p[0] == '3') @@ -102,22 +101,12 @@ unsigned _gnutls_fips_mode_enabled(void) else f1p = 0; } - f2p = !access(FIPS_SYSTEM_FILE, F_OK); - - if (f1p != 0 && f2p != 0) { + if (f1p != 0) { _gnutls_debug_log("FIPS140-2 mode enabled\n"); ret = GNUTLS_FIPS140_STRICT; goto exit; } - if (f2p != 0) { - /* a funny state where self tests are performed - * and ignored */ - _gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n"); - ret = GNUTLS_FIPS140_SELFTESTS; - goto exit; - } - ret = GNUTLS_FIPS140_DISABLED; goto exit;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor