From: draht@suse.com Subject: LIBGCRYPT_FORCE_FIPS_MODE env environ LIBGCRYPT_FORCE_FIPS_MODE forces FIPS mode of libgcrypt Index: libgcrypt-1.5.2/src/fips.c =================================================================== --- libgcrypt-1.5.2.orig/src/fips.c +++ libgcrypt-1.5.2/src/fips.c @@ -123,6 +123,17 @@ _gcry_initialize_fips_mode (int force) goto leave; } + /* for convenience, so that a process can run fips-enabled, but + not necessarily all of them, enable FIPS mode via environment + variable LIBGCRYPT_FORCE_FIPS_MODE. */ + + if (getenv("LIBGCRYPT_FORCE_FIPS_MODE") != NULL) + { + gcry_assert (!no_fips_mode_required); + goto leave; + } + + /* For testing the system it is useful to override the system provided detection of the FIPS mode and force FIPS mode using a file. The filename is hardwired so that there won't be any