Delegate FIPS mode detection to configured crypto backend.

System FIPS mode check is no longer dependent on /etc/system-fips file. The change should be compatible with older distributions since we now depend on crypto backend internal routine. This commit affects only FIPS enabled systems (with FIPS enabled builds). In case this causes any regression in current distributions feel free to drop the patch. For reference see https://bugzilla.redhat.com/show_bug.cgi?id=2080516
2025-12-05 16:00:05 +01:00 · 2022-06-28 16:23:34 +02:00
parent 429afe8fc3
commit 5b001b7962
16 changed files with 65 additions and 92 deletions
--- a/lib/crypto_backend/crypto_nss.c
+++ b/lib/crypto_backend/crypto_nss.c
@@ -400,3 +400,8 @@ int crypt_backend_memeq(const void *m1, const void *m2, size_t n)
 {
 	return NSS_SecureMemcmp(m1, m2, n);
 }
+
+bool crypt_fips_mode(void)
+{
+	return false;
+}