openssl: Don't re-enter FIPS mode if we are already using it

If FIPS mode has been enabled by other means, under some environments it can't be entered again. It fails with "FIPS mode already set". To avoid it, we first check the mode before changing it.
author: Martin Willi <martin@revosec.ch> 2014-04-02 15:16:15 +0200
committer: Martin Willi <martin@revosec.ch> 2014-06-04 15:53:11 +0200
commit: d34d800c6c77f2dc6efba12ab079b49f1a39301e (patch)
tree: fe52b29ab3b8efe3727d321d99c09804f05faaa0 /src/libstrongswan/plugins/openssl/openssl_plugin.c
parent: 549502bcb20ed6a91fc7afaaaa9e23f382d56632 (diff)
download: strongswan-d34d800c6c77f2dc6efba12ab079b49f1a39301e.tar.bz2
strongswan-d34d800c6c77f2dc6efba12ab079b49f1a39301e.tar.xz
1 files changed, 3 insertions, 2 deletions
diff --git a/src/libstrongswan/plugins/openssl/openssl_plugin.c b/src/libstrongswan/plugins/openssl/openssl_plugin.c
index 1ca1690ad..a426cdcb3 100644
--- a/src/libstrongswan/plugins/openssl/openssl_plugin.c
+++ b/src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -526,9 +526,10 @@ plugin_t *openssl_plugin_create()
 #ifdef OPENSSL_FIPS
 	if (fips_mode)
 	{
-		if (!FIPS_mode_set(fips_mode))
+		if (FIPS_mode() != fips_mode && !FIPS_mode_set(fips_mode))
 		{
-			DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d)", fips_mode);
+			DBG1(DBG_LIB, "unable to set openssl FIPS mode(%d) from (%d)",
+				 fips_mode, FIPS_mode());
 			return NULL;
 		}
 	}
author	Martin Willi <martin@revosec.ch>	2014-04-02 15:16:15 +0200
committer	Martin Willi <martin@revosec.ch>	2014-06-04 15:53:11 +0200
commit	d34d800c6c77f2dc6efba12ab079b49f1a39301e (patch)
tree	fe52b29ab3b8efe3727d321d99c09804f05faaa0 /src/libstrongswan/plugins/openssl/openssl_plugin.c
parent	549502bcb20ed6a91fc7afaaaa9e23f382d56632 (diff)
download	strongswan-d34d800c6c77f2dc6efba12ab079b49f1a39301e.tar.bz2 strongswan-d34d800c6c77f2dc6efba12ab079b49f1a39301e.tar.xz