diff -ur gnutls-3.3.8.orig/lib/fips.c gnutls-3.3.8/lib/fips.c

--- gnutls-3.3.8.orig/lib/fips.c	2014-09-04 21:05:54.000000000 +0200

+++ gnutls-3.3.8/lib/fips.c	2014-11-18 09:46:47.376148426 +0100

@@ -37,6 +37,8 @@

 #define FIPS_KERNEL_FILE "/proc/sys/crypto/fips_enabled"

 #define FIPS_SYSTEM_FILE "/etc/system-fips"

+static int _fips_mode = -1;

+

 /* Returns:

  * 0 - FIPS mode disabled

  * 1 - FIPS mode enabled and enforced

@@ -46,21 +48,20 @@

 {

 unsigned f1p = 0, f2p;

 FILE* fd;

-static int fips_mode = -1;

 const char *p;

-	if (fips_mode != -1)

-		return fips_mode;

+	if (_fips_mode != -1)

+		return _fips_mode;

 	p = getenv("GNUTLS_FORCE_FIPS_MODE");

 	if (p) {

 		if (p[0] == '1')

-			fips_mode = 1;

+			_fips_mode = 1;

 		else if (p[0] == '2')

-			fips_mode = 2;

+			_fips_mode = 2;

 		else

-			fips_mode = 0;

-		return fips_mode;

+			_fips_mode = 0;

+		return _fips_mode;

 	}

 	fd = fopen(FIPS_KERNEL_FILE, "r");

@@ -76,20 +77,29 @@

 	if (f1p != 0 && f2p != 0) {

 		_gnutls_debug_log("FIPS140-2 mode enabled\n");

-		fips_mode = 1;

-		return fips_mode;

+		_fips_mode = 1;

+		return _fips_mode;

 	}

 	if (f2p != 0) {

 		/* a funny state where self tests are performed

 		 * and ignored */

 		_gnutls_debug_log("FIPS140-2 ZOMBIE mode enabled\n");

-		fips_mode = 2;

-		return fips_mode;

+		_fips_mode = 2;

+		return _fips_mode;

 	}

-	fips_mode = 0;

-	return fips_mode;

+	_fips_mode = 0;

+	return _fips_mode;

+}

+

+/* This _fips_mode == 2 is a strange mode where checks are being

+ * performed, but its output is ignored. */

+void _gnutls_fips_mode_reset_zombie(void)

+{

+	if (_fips_mode == 2) {

+		_fips_mode = 0;

+	}

 }

 #define GNUTLS_LIBRARY_NAME "libgnutls.so.28"

@@ -367,6 +377,9 @@

 		goto error;

 	}

+	if (_fips_mode == 2)

+		_fips_mode = 0;

+

 	return 0;

 error:

Only in gnutls-3.3.8/lib: fips.c.orig

diff -ur gnutls-3.3.8.orig/lib/fips.h gnutls-3.3.8/lib/fips.h

--- gnutls-3.3.8.orig/lib/fips.h	2014-09-04 21:05:54.000000000 +0200

+++ gnutls-3.3.8/lib/fips.h	2014-11-18 09:46:47.377148445 +0100

@@ -55,6 +55,7 @@

 int _gnutls_fips_perform_self_checks1(void);

 int _gnutls_fips_perform_self_checks2(void);

+void _gnutls_fips_mode_reset_zombie(void);

 #ifdef ENABLE_FIPS140

 unsigned _gnutls_fips_mode_enabled(void);

diff -ur gnutls-3.3.8.orig/lib/gnutls_global.c gnutls-3.3.8/lib/gnutls_global.c

--- gnutls-3.3.8.orig/lib/gnutls_global.c	2014-09-04 21:05:54.000000000 +0200

+++ gnutls-3.3.8/lib/gnutls_global.c	2014-11-18 09:46:47.377148445 +0100

@@ -326,6 +326,7 @@

 				goto out;

 			}

 		}

+		_gnutls_fips_mode_reset_zombie();

 	}

 #endif

 	_gnutls_switch_lib_state(LIB_STATE_OPERATIONAL);

Only in gnutls-3.3.8/lib: gnutls_global.c.orig