eessppeelllloo/cryptsetup
1
0
Fork 0
mirror of https://gitlab.com/cryptsetup/cryptsetup.git synced 2025-12-11 19:00:02 +01:00
Code Issues Packages Projects Releases Wiki Activity

Cache FIPS mode check.

Browse Source 
We do not support switch while the crypto backend is already initialized,
so it does not make sense to check repeatedly for the FIPS mode status.
This commit is contained in:
Milan Broz
2021-09-14 09:56:05 +02:00
parent f8eb7b225a
commit 75e45462f0
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/utils_fips.c
View File

@@ -26,6 +26,9 @@
#if !ENABLE_FIPS
bool crypt_fips_mode(void) { return false; }
#else
static bool fips_checked = false;
static bool fips_mode = false;
static bool kernel_fips_mode(void)
{
int fd;
@@ -41,6 +44,12 @@ static bool kernel_fips_mode(void)
bool crypt_fips_mode(void)
{
return kernel_fips_mode() && !access("/etc/system-fips", F_OK);
if (fips_checked)
return fips_mode;
fips_mode = kernel_fips_mode() && !access("/etc/system-fips", F_OK);
fips_checked = true;
return fips_mode;
}
#endif /* ENABLE_FIPS */