OpenSSL: Fix FIPS mode enabling in dynamic interface case
FIPS_mode_set(1) cannot be called multiple times which could happen in some dynamic interface cases. Avoid this by enabling FIPS mode only once. There is no code in wpa_supplicant to disable FIPS mode, so once it is enabled, it will remain enabled. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
38934ed100
commit
4fc53159b9
1 changed files with 6 additions and 2 deletions
|
@ -757,7 +757,9 @@ void * tls_init(const struct tls_config *conf)
|
|||
#ifdef CONFIG_FIPS
|
||||
#ifdef OPENSSL_FIPS
|
||||
if (conf && conf->fips_mode) {
|
||||
if (!FIPS_mode_set(1)) {
|
||||
static int fips_enabled = 0;
|
||||
|
||||
if (!fips_enabled && !FIPS_mode_set(1)) {
|
||||
wpa_printf(MSG_ERROR, "Failed to enable FIPS "
|
||||
"mode");
|
||||
ERR_load_crypto_strings();
|
||||
|
@ -765,8 +767,10 @@ void * tls_init(const struct tls_config *conf)
|
|||
os_free(tls_global);
|
||||
tls_global = NULL;
|
||||
return NULL;
|
||||
} else
|
||||
} else {
|
||||
wpa_printf(MSG_INFO, "Running in FIPS mode");
|
||||
fips_enabled = 1;
|
||||
}
|
||||
}
|
||||
#else /* OPENSSL_FIPS */
|
||||
if (conf && conf->fips_mode) {
|
||||
|
|
Loading…
Reference in a new issue