diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/fips.c | 5 | ||||
-rw-r--r-- | lib/random.c | 4 |
2 files changed, 4 insertions, 5 deletions
diff --git a/lib/fips.c b/lib/fips.c index 3c43250aaf..75f26f629e 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -102,14 +102,13 @@ unsigned _gnutls_fips_mode_enabled(void) else f1p = 0; } - f2p = !access(FIPS_SYSTEM_FILE, F_OK); - - if (f1p != 0 && f2p != 0) { + if (f1p != 0) { _gnutls_debug_log("FIPS140-2 mode enabled\n"); ret = GNUTLS_FIPS140_STRICT; goto exit; } + f2p = !access(FIPS_SYSTEM_FILE, F_OK); if (f2p != 0) { /* a funny state where self tests are performed * and ignored */ diff --git a/lib/random.c b/lib/random.c index 6462738416..605fc8d51a 100644 --- a/lib/random.c +++ b/lib/random.c @@ -105,9 +105,9 @@ int _gnutls_rnd_preinit(void) #elif defined(ENABLE_FIPS140) /* The FIPS140 random generator is only enabled when we are compiled - * with FIPS support, _and_ the system requires FIPS140. + * with FIPS support, _and_ the system is in FIPS installed state. */ - if (_gnutls_fips_mode_enabled() == 1) { + if (_gnutls_fips_mode_enabled() != 0) { ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops); if (ret < 0) return ret; |