Overview

File libgcrypt-1.5.0-LIBGCRYPT_FORCE_FIPS_MODE-env.diff of Package libgcrypt.10717

From: draht@suse.com
Subject: LIBGCRYPT_FORCE_FIPS_MODE env

environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt

Index: libgcrypt-1.5.2/src/fips.c
===================================================================
--- libgcrypt-1.5.2.orig/src/fips.c
+++ libgcrypt-1.5.2/src/fips.c
@@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force)
       goto leave;
     }
 
+  /* for convenience, so that a process can run fips-enabled, but
+     not necessarily all of them, enable FIPS mode via environment
+     variable LIBGCRYPT_FORCE_FIPS_MODE.	 */
+
+  if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL)
+    {
+      gcry_assert (!no_fips_mode_required);
+      goto leave;
+    }
+
+
   /* For testing the system it is useful to override the system
      provided detection of the FIPS mode and force FIPS mode using a
      file.  The filename is hardwired so that there won't be any
openSUSE Build Service is sponsored by
Places