modify FIPS checks

- we need a way to notify an user about running misconfigured system which
will turn to be unusable in real FIPS mode. For more details look at:
http://bugzilla.redhat.com/show_bug.cgi?id=1009707#c25

- also fixes invisble verbose log about running in FIPS mode due to its misplacement

lib/utils_fips.c

@@ -37,12 +37,13 @@ int crypt_fips_mode(void)
 
 static void crypt_fips_verify(const char *name, const char *function)
 {
-	if (!crypt_fips_mode())
+	if (access(FIPS_MODULE_FILE, F_OK))
 		return;
 
 	if (!FIPSCHECK_verify(name, function)) {
 		fputs(_("FIPS checksum verification failed.\n"), stderr);
-		_exit(EXIT_FAILURE);
+		if (FIPSCHECK_kernel_fips_mode())
+			_exit(EXIT_FAILURE);
 	}
 }
 

src/cryptsetup.c

@@ -1487,9 +1487,6 @@ int main(int argc, const char **argv)
 	bindtextdomain(PACKAGE, LOCALEDIR);
 	textdomain(PACKAGE);
 
-	if (crypt_fips_mode())
-		crypt_log(NULL, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n"));
-
 	popt_context = poptGetContext(PACKAGE, argc, argv, popt_options, 0);
 	poptSetOtherOptionHelp(popt_context,
 	                       _("[OPTION...] <action> <action-specific>"));
@@ -1531,6 +1528,10 @@ int main(int argc, const char **argv)
 	if (r < -1)
 		usage(popt_context, EXIT_FAILURE, poptStrerror(r),
 		      poptBadOption(popt_context, POPT_BADOPTION_NOALIAS));
+
+	if (crypt_fips_mode())
+		crypt_log(NULL, CRYPT_LOG_VERBOSE, _("Running in FIPS mode.\n"));
+
 	if (opt_version_mode) {
 		log_std("%s %s\n", PACKAGE_NAME, PACKAGE_VERSION);
 		poptFreeContext(popt_context);