From 90e49a11733bfba9c3c505ac487282d35757f682 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Wed, 4 Apr 2012 14:17:09 +0200
Subject: Add GCRYCTL_SET_ENFORCED_FIPS_FLAG command.

* doc/gcrypt.texi: Add documentation of the new command.
* src/fips.c (_gcry_enforced_fips_mode): Report the enforced fips mode
only when fips mode is enabled.
(_gcry_set_enforced_fips_mode): New function.
* src/g10lib.h: Add the _gcry_set_enforced_fips_mode prototype.
* src/gcrypt.h.in: Add the GCRYCTL_SET_ENFORCED_FIPS_FLAG.
* src/global.c (_gcry_vcontrol): Handle the new command.
---
 src/fips.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/fips.c')

diff --git a/src/fips.c b/src/fips.c
index a3445eb2..e45baba6 100644
--- a/src/fips.c
+++ b/src/fips.c
@@ -274,9 +274,17 @@ _gcry_fips_mode (void)
 int
 _gcry_enforced_fips_mode (void)
 {
+  if (!_gcry_fips_mode ())
+    return 0;
   return enforced_fips_mode;
 }
 
+/* Set a flag telling whether we are in the enforced fips mode.  */
+void
+_gcry_set_enforced_fips_mode (void)
+{
+  enforced_fips_mode = 1;
+}
 
 /* If we do not want to enforce the fips mode, we can set a flag so
    that the application may check whether it is still in fips mode.
-- 
cgit v1.2.1