Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15-SP2
mozilla-nss.14664
nss-fips-detect-fips-mode-fixes.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-detect-fips-mode-fixes.patch of Package mozilla-nss.14664
commit facacdb9078693d7a4219e84f73ea7b8f977ddc2 Author: Hans Petter Jansson <hpj@cl.no> Date: Sun Mar 15 21:54:31 2020 +0100 Patch 32: nss-fips-detect-fips-mode-fixes.patch diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c index 69a2c1a..026f4ca 100644 --- a/nss/lib/freebl/nsslowhash.c +++ b/nss/lib/freebl/nsslowhash.c @@ -2,10 +2,15 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ +#define _GNU_SOURCE 1 +#include <stdlib.h> + #ifdef FREEBL_NO_DEPEND #include "stubs.h" #endif + #include "prtypes.h" +#include "prenv.h" #include "secerr.h" #include "blapi.h" #include "hasht.h" @@ -24,6 +29,23 @@ struct NSSLOWHASHContextStr { }; #ifndef NSS_FIPS_DISABLED + +static PRBool +getFIPSEnv(void) +{ + char *fipsEnv = secure_getenv("NSS_FIPS"); + if (!fipsEnv) { + return PR_FALSE; + } + if ((strcasecmp(fipsEnv, "fips") == 0) || + (strcasecmp(fipsEnv, "true") == 0) || + (strcasecmp(fipsEnv, "on") == 0) || + (strcasecmp(fipsEnv, "1") == 0)) { + return PR_TRUE; + } + return PR_FALSE; +} + static int nsslow_GetFIPSEnabled(void) { @@ -45,6 +67,7 @@ nsslow_GetFIPSEnabled(void) #endif /* LINUX */ return 1; } + #endif /* NSS_FIPS_DISABLED */ static NSSLOWInitContext dummyContext = { 0 }; @@ -60,7 +83,7 @@ NSSLOW_Init(void) #ifndef NSS_FIPS_DISABLED /* make sure the FIPS product is installed if we are trying to * go into FIPS mode */ - if (nsslow_GetFIPSEnabled()) { + if (nsslow_GetFIPSEnabled() || getFIPSEnv()) { if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); post_failed = PR_TRUE; diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c index bd0fac2..acfcd19 100644 --- a/nss/lib/sysinit/nsssysinit.c +++ b/nss/lib/sysinit/nsssysinit.c @@ -175,16 +175,16 @@ getFIPSMode(void) f = fopen("/proc/sys/crypto/fips_enabled", "r"); if (!f) { /* if we don't have a proc flag, fall back to the - * environment variable */ + * environment variable */ return getFIPSEnv(); } size = fread(&d, 1, 1, f); fclose(f); if (size != 1) - return PR_FALSE; + return getFIPSEnv(); if (d != '1') - return PR_FALSE; + return getFIPSEnv(); return PR_TRUE; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor