modify FIPS checks

- we need a way to notify an user about running misconfigured system which will turn to be unusable in real FIPS mode. For more details look at: http://bugzilla.redhat.com/show_bug.cgi?id=1009707#c25 - also fixes invisble verbose log about running in FIPS mode due to its misplacement
2025-12-24 17:20:24 +01:00 · 2014-06-20 15:44:01 +02:00
parent 6b4c33d3a5
commit 4f89028c67
2 changed files with 7 additions and 5 deletions
--- a/lib/utils_fips.c
+++ b/lib/utils_fips.c
@@ -37,12 +37,13 @@ int crypt_fips_mode(void)

 static void crypt_fips_verify(const char *name, const char *function)
 {
-	if (!crypt_fips_mode())
+	if (access(FIPS_MODULE_FILE, F_OK))
 		return;

 	if (!FIPSCHECK_verify(name, function)) {
 		fputs(_("FIPS checksum verification failed.\n"), stderr);
-		_exit(EXIT_FAILURE);
+		if (FIPSCHECK_kernel_fips_mode())
+			_exit(EXIT_FAILURE);
 	}
 }