Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command.

* doc/gcrypt.texi: Add documentation of the new command. * src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode only when fips mode is enabled. (_gcry_set_enforced_fips_mode): New function. * src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype. * src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG. * src/global.c (_gcry_vcontrol): Handle the new command.
author: Tomas Mraz <tmraz@fedoraproject.org> 2012-04-04 14:17:09 +0200
committer: Werner Koch <wk@gnupg.org> 2012-04-04 16:11:37 +0200
commit: 90e49a11733bfba9c3c505ac487282d35757f682 (patch)
tree: 7c4696e2ced4e66469095885bef94bef23efd112 /src/fips.c
parent: 70cca617ed75ea292e1fed769114dda5cc1d76f1 (diff)
download: libgcrypt-90e49a11733bfba9c3c505ac487282d35757f682.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/src/fips.c b/src/fips.c
index a3445eb2..e45baba6 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -274,9 +274,17 @@ _gcry_fips_mode (void)
 int
 _gcry_enforced_fips_mode (void)
 {
+  if (!_gcry_fips_mode ())
+    return 0;
   return enforced_fips_mode;
 }
 
+/* Set a flag telling whether we are in the enforced fips mode.  */
+void
+_gcry_set_enforced_fips_mode (void)
+{
+  enforced_fips_mode = 1;
+}
 
 /* If we do not want to enforce the fips mode, we can set a flag so
    that the application may check whether it is still in fips mode.
author	Tomas Mraz <tmraz@fedoraproject.org>	2012-04-04 14:17:09 +0200
committer	Werner Koch <wk@gnupg.org>	2012-04-04 16:11:37 +0200
commit	90e49a11733bfba9c3c505ac487282d35757f682 (patch)
tree	7c4696e2ced4e66469095885bef94bef23efd112 /src/fips.c
parent	70cca617ed75ea292e1fed769114dda5cc1d76f1 (diff)
download	libgcrypt-90e49a11733bfba9c3c505ac487282d35757f682.tar.gz