ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

openssl: Don't re-enter FIPS mode if we are already using it 

If FIPS mode has been enabled by other means, under some environments it can't
be entered again. It fails with "FIPS mode already set". To avoid it, we first
check the mode before changing it.
This commit is contained in:
Martin Willi 2014-04-02 15:16:15 +02:00
parent 549502bcb2
commit d34d800c6c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/libstrongswan/plugins/openssl/openssl_plugin.c
View File

@ -526,9 +526,10 @@ plugin_t *openssl_plugin_create()
#ifdef OPENSSL_FIPS
if (fips_mode)
{
if (!FIPS_mode_set(fips_mode))
if (FIPS_mode() != fips_mode && !FIPS_mode_set(fips_mode))
{
DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d) from (%d)",
fips_mode, FIPS_mode());
return NULL;
}
}