Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
mozilla-nss.6625
nss-fips-detect-fips-mode-fix.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-detect-fips-mode-fix.patch of Package mozilla-nss.6625
commit f82f43c8046c512c9f0f66f995f7877b2f46736e Author: Hans Petter Jansson <hpj@cl.no> Date: Wed Jan 31 16:52:49 2018 +0100 Detect FIPS mode properly. diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c index c84010e..3cc0027 100644 --- a/nss/lib/freebl/nsslowhash.c +++ b/nss/lib/freebl/nsslowhash.c @@ -6,6 +6,7 @@ #include "stubs.h" #endif #include "prtypes.h" +#include "prenv.h" #include "secerr.h" #include "blapi.h" #include "hasht.h" @@ -23,6 +24,22 @@ struct NSSLOWHASHContextStr { void *hashCtxt; }; +static PRBool +getFIPSEnv(void) +{ + char *fipsEnv = PR_GetEnvSecure("NSS_FIPS"); + if (!fipsEnv) { + return PR_FALSE; + } + if ((strcasecmp(fipsEnv, "fips") == 0) || + (strcasecmp(fipsEnv, "true") == 0) || + (strcasecmp(fipsEnv, "on") == 0) || + (strcasecmp(fipsEnv, "1") == 0)) { + return PR_TRUE; + } + return PR_FALSE; +} + static int nsslow_GetFIPSEnabled(void) { @@ -32,17 +49,22 @@ nsslow_GetFIPSEnabled(void) size_t size; f = fopen("/proc/sys/crypto/fips_enabled", "r"); - if (!f) - return 0; + if (!f) { + /* if we don't have a proc flag, fall back to the + * environment variable */ + return getFIPSEnv(); + } size = fread(&d, 1, 1, f); fclose(f); if (size != 1) - return 0; + return getFIPSEnv(); if (d != '1') - return 0; -#endif + return getFIPSEnv(); return 1; +#else + return getFIPSEnv(); +#endif } static NSSLOWInitContext dummyContext = { 0 }; diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c index 39e2ad7..5f0d346 100644 --- a/nss/lib/sysinit/nsssysinit.c +++ b/nss/lib/sysinit/nsssysinit.c @@ -146,7 +146,7 @@ getFIPSEnv(void) } return PR_FALSE; } -#ifdef XP_LINUX +#ifdef LINUX static PRBool getFIPSMode(void) @@ -158,16 +158,16 @@ getFIPSMode(void) f = fopen("/proc/sys/crypto/fips_enabled", "r"); if (!f) { /* if we don't have a proc flag, fall back to the - * environment variable */ + * environment variable */ return getFIPSEnv(); } size = fread(&d, 1, 1, f); fclose(f); if (size != 1) - return PR_FALSE; + return getFIPSEnv(); if (d != '1') - return PR_FALSE; + return getFIPSEnv(); return PR_TRUE; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor