From 75e45462f097a9a75747b3f44d7672f2547e63e9 Mon Sep 17 00:00:00 2001
From: Milan Broz <gmazyland@gmail.com>
Date: Tue, 14 Sep 2021 09:56:05 +0200
Subject: [PATCH 04/11] Cache FIPS mode check.

We do not support switch while the crypto backend is already initialized,
so it does not make sense to check repeatedly for the FIPS mode status.
---
 lib/utils_fips.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/utils_fips.c b/lib/utils_fips.c
index 0c2b6434..640ff0e3 100644
--- a/lib/utils_fips.c
+++ b/lib/utils_fips.c
@@ -26,6 +26,9 @@
 #if !ENABLE_FIPS
 bool crypt_fips_mode(void) { return false; }
 #else
+static bool fips_checked = false;
+static bool fips_mode = false;
+
 static bool kernel_fips_mode(void)
 {
 	int fd;
@@ -41,6 +44,12 @@ static bool kernel_fips_mode(void)
 
 bool crypt_fips_mode(void)
 {
-	return kernel_fips_mode() && !access("/etc/system-fips", F_OK);
+	if (fips_checked)
+		return fips_mode;
+
+	fips_mode = kernel_fips_mode() && !access("/etc/system-fips", F_OK);
+	fips_checked = true;
+
+	return fips_mode;
 }
 #endif /* ENABLE_FIPS */
-- 
2.27.0