OpenSSL: Fix FIPS mode enabling in dynamic interface case
FIPS_mode_set(1) cannot be called multiple times which could happen in some dynamic interface cases. Avoid this by enabling FIPS mode only once. There is no code in wpa_supplicant to disable FIPS mode, so once it is enabled, it will remain enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen
parent
38934ed100
commit
4fc53159b9
1 changed files with 6 additions and 2 deletions
|
|
@ -757,7 +757,9 @@ void * tls_init(const struct tls_config *conf)
|
||||||
#ifdef CONFIG_FIPS
|
#ifdef CONFIG_FIPS
|
||||||
#ifdef OPENSSL_FIPS
|
#ifdef OPENSSL_FIPS
|
||||||
if (conf && conf->fips_mode) {
|
if (conf && conf->fips_mode) {
|
||||||
if (!FIPS_mode_set(1)) {
|
static int fips_enabled = 0;
|
||||||
|
|
||||||
|
if (!fips_enabled && !FIPS_mode_set(1)) {
|
||||||
wpa_printf(MSG_ERROR, "Failed to enable FIPS "
|
wpa_printf(MSG_ERROR, "Failed to enable FIPS "
|
||||||
"mode");
|
"mode");
|
||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
|
|
@ -765,8 +767,10 @@ void * tls_init(const struct tls_config *conf)
|
||||||
os_free(tls_global);
|
os_free(tls_global);
|
||||||
tls_global = NULL;
|
tls_global = NULL;
|
||||||
return NULL;
|
return NULL;
|
||||||
} else
|
} else {
|
||||||
wpa_printf(MSG_INFO, "Running in FIPS mode");
|
wpa_printf(MSG_INFO, "Running in FIPS mode");
|
||||||
|
fips_enabled = 1;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#else /* OPENSSL_FIPS */
|
#else /* OPENSSL_FIPS */
|
||||||
if (conf && conf->fips_mode) {
|
if (conf && conf->fips_mode) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue