Overview

File gnutls-fips_mode_enabled.patch of Package gnutls.18749

Index: gnutls-3.6.7/lib/fips.c
===================================================================
--- gnutls-3.6.7.orig/lib/fips.c	2020-04-07 11:11:54.490109339 +0200
+++ gnutls-3.6.7/lib/fips.c	2020-04-21 14:54:51.262199739 +0200
@@ -38,7 +38,6 @@ unsigned int _gnutls_lib_state = LIB_STA
 #include <dlfcn.h>
 
 #define FIPS_KERNEL_FILE "/proc/sys/crypto/fips_enabled"
-#define FIPS_SYSTEM_FILE "/etc/system-fips"
 
 /* We provide a per-thread FIPS-mode so that an application
  * can use gnutls_fips140_set_mode() to override a specific
@@ -53,7 +52,7 @@ static int _skip_integrity_checks = 0;
  */
 unsigned _gnutls_fips_mode_enabled(void)
 {
-	unsigned f1p = 0, f2p;
+	unsigned f1p = 0;
 	FILE* fd;
 	const char *p;
 	unsigned ret;
@@ -80,7 +79,7 @@ unsigned _gnutls_fips_mode_enabled(void)
 	p = secure_getenv("GNUTLS_FORCE_FIPS_MODE");
 	if (p) {
 		if (p[0] == '1')
-			ret = 1;
+			ret = GNUTLS_FIPS140_STRICT;
 		else if (p[0] == '2')
 			ret = GNUTLS_FIPS140_SELFTESTS;
 		else if (p[0] == '3')
@@ -102,22 +101,12 @@ unsigned _gnutls_fips_mode_enabled(void)
 		else f1p = 0;
 	}
 
-	f2p = !access(FIPS_SYSTEM_FILE, F_OK);
-
-	if (f1p != 0 && f2p != 0) {
+	if (f1p != 0) {
 		_gnutls_debug_log("FIPS140-2 mode enabled\n");
 		ret = GNUTLS_FIPS140_STRICT;
 		goto exit;
 	}
 
-	if (f2p != 0) {
-		/* a funny state where self tests are performed
-		 * and ignored */
-		_gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n");
-		ret = GNUTLS_FIPS140_SELFTESTS;
-		goto exit;
-	}
-
 	ret = GNUTLS_FIPS140_DISABLED;
 	goto exit;
openSUSE Build Service is sponsored by
Places