Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.5:Update
mozilla-nss.14401
nss-fips-detect-fips-mode-fixes.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nss-fips-detect-fips-mode-fixes.patch of Package mozilla-nss.14401
From 31064913a58b7e1c8c3c198d6415aab4b98e25fe Mon Sep 17 00:00:00 2001 From: Hans Petter Jansson <hpj@cl.no> Date: Wed, 20 Nov 2019 10:14:26 +0100 Subject: [PATCH 10/10] 32 --- nss/lib/freebl/nsslowhash.c | 21 ++++++++++++++++++++- nss/lib/sysinit/nsssysinit.c | 6 +++--- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c index 69a2c1a..27a3ec6 100644 --- a/nss/lib/freebl/nsslowhash.c +++ b/nss/lib/freebl/nsslowhash.c @@ -6,6 +6,7 @@ #include "stubs.h" #endif #include "prtypes.h" +#include "prenv.h" #include "secerr.h" #include "blapi.h" #include "hasht.h" @@ -24,6 +25,23 @@ struct NSSLOWHASHContextStr { }; #ifndef NSS_FIPS_DISABLED + +static PRBool +getFIPSEnv(void) +{ + char *fipsEnv = PR_GetEnvSecure("NSS_FIPS"); + if (!fipsEnv) { + return PR_FALSE; + } + if ((strcasecmp(fipsEnv, "fips") == 0) || + (strcasecmp(fipsEnv, "true") == 0) || + (strcasecmp(fipsEnv, "on") == 0) || + (strcasecmp(fipsEnv, "1") == 0)) { + return PR_TRUE; + } + return PR_FALSE; +} + static int nsslow_GetFIPSEnabled(void) { @@ -45,6 +63,7 @@ nsslow_GetFIPSEnabled(void) #endif /* LINUX */ return 1; } + #endif /* NSS_FIPS_DISABLED */ static NSSLOWInitContext dummyContext = { 0 }; @@ -60,7 +79,7 @@ NSSLOW_Init(void) #ifndef NSS_FIPS_DISABLED /* make sure the FIPS product is installed if we are trying to * go into FIPS mode */ - if (nsslow_GetFIPSEnabled()) { + if (nsslow_GetFIPSEnabled() || getFIPSEnv()) { if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); post_failed = PR_TRUE; diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c index bd0fac2..acfcd19 100644 --- a/nss/lib/sysinit/nsssysinit.c +++ b/nss/lib/sysinit/nsssysinit.c @@ -175,16 +175,16 @@ getFIPSMode(void) f = fopen("/proc/sys/crypto/fips_enabled", "r"); if (!f) { /* if we don't have a proc flag, fall back to the - * environment variable */ + * environment variable */ return getFIPSEnv(); } size = fread(&d, 1, 1, f); fclose(f); if (size != 1) - return PR_FALSE; + return getFIPSEnv(); if (d != '1') - return PR_FALSE; + return getFIPSEnv(); return PR_TRUE; } -- 2.21.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor