gnutls_fips140_set_mode — API function


#include <gnutls/gnutls.h>

void gnutls_fips140_set_mode(gnutls_fips_mode_t mode, unsigned flags);


gnutls_fips_mode_t mode

the FIPS140-2 mode to switch to

unsigned flags

should be zero or GNUTLS_FIPS140_SET_MODE_THREAD


That function is not thread-safe when changing the mode with no flags (globally), and should be called prior to creating any threads. Its behavior with no flags after threads are created is undefined.

When the flag GNUTLS_FIPS140_SET_MODE_THREAD is specified then this call will change the FIPS140-2 mode for this particular thread and not for the whole process. That way an application can utilize this function to set and reset mode for specific operations.

This function never fails but will be a no-op if used when the library is not in FIPS140-2 mode. When asked to switch to unknown values for  mode or to GNUTLS_FIPS140_SELFTESTS mode, the library switches to GNUTLS_FIPS140_STRICT mode.



