2020-06-27 23:18:50 +02:00
|
|
|
# HG changeset patch
|
|
|
|
|
# User M. Sirringhaus <msirringhaus@suse.de>
|
|
|
|
|
# Date 1584305671 -3600
|
|
|
|
|
# Sun Mar 15 21:54:31 2020 +0100
|
|
|
|
|
# Node ID 715834d4a258c535f3abbf116d69d5e77392593b
|
|
|
|
|
# Parent 4ddd7d49eeed4ea32850daf41a472ccb50dee45e
|
|
|
|
|
commit facacdb9078693d7a4219e84f73ea7b8f977ddc2
|
|
|
|
|
Author: Hans Petter Jansson <hpj@cl.no>
|
|
|
|
|
Patch 32: nss-fips-detect-fips-mode-fixes.patch
|
|
|
|
|
|
2023-03-13 09:10:43 +01:00
|
|
|
Index: nss/lib/freebl/nsslowhash.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- nss.orig/lib/freebl/nsslowhash.c
|
|
|
|
|
+++ nss/lib/freebl/nsslowhash.c
|
2023-07-05 13:49:19 +02:00
|
|
|
@@ -2,9 +2,13 @@
|
2020-06-27 23:18:50 +02:00
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
|
|
+#define _GNU_SOURCE 1
|
|
|
|
|
+#include <stdlib.h>
|
|
|
|
|
+
|
|
|
|
|
#ifdef FREEBL_NO_DEPEND
|
|
|
|
|
#include "stubs.h"
|
|
|
|
|
#endif
|
2023-07-05 13:49:19 +02:00
|
|
|
+
|
|
|
|
|
#include "prtypes.h"
|
|
|
|
|
#include "prenv.h"
|
|
|
|
|
#include "secerr.h"
|
2023-10-27 09:13:16 +02:00
|
|
|
@@ -27,6 +31,22 @@ struct NSSLOWHASHContextStr {
|
|
|
|
|
static NSSLOWInitContext dummyContext = { 0 };
|
|
|
|
|
static PRBool post_failed = PR_TRUE;
|
2020-06-27 23:18:50 +02:00
|
|
|
|
|
|
|
|
+static PRBool
|
|
|
|
|
+getFIPSEnv(void)
|
|
|
|
|
+{
|
|
|
|
|
+ char *fipsEnv = secure_getenv("NSS_FIPS");
|
|
|
|
|
+ if (!fipsEnv) {
|
|
|
|
|
+ return PR_FALSE;
|
|
|
|
|
+ }
|
|
|
|
|
+ if ((strcasecmp(fipsEnv, "fips") == 0) ||
|
|
|
|
|
+ (strcasecmp(fipsEnv, "true") == 0) ||
|
|
|
|
|
+ (strcasecmp(fipsEnv, "on") == 0) ||
|
|
|
|
|
+ (strcasecmp(fipsEnv, "1") == 0)) {
|
|
|
|
|
+ return PR_TRUE;
|
|
|
|
|
+ }
|
|
|
|
|
+ return PR_FALSE;
|
|
|
|
|
+}
|
|
|
|
|
+
|
2023-10-27 09:13:16 +02:00
|
|
|
NSSLOWInitContext *
|
|
|
|
|
NSSLOW_Init(void)
|
2020-06-27 23:18:50 +02:00
|
|
|
{
|
2023-10-27 09:13:16 +02:00
|
|
|
@@ -37,7 +57,7 @@ NSSLOW_Init(void)
|
2020-06-27 23:18:50 +02:00
|
|
|
#ifndef NSS_FIPS_DISABLED
|
|
|
|
|
/* make sure the FIPS product is installed if we are trying to
|
|
|
|
|
* go into FIPS mode */
|
2023-10-27 09:13:16 +02:00
|
|
|
- if (NSS_GetSystemFIPSEnabled()) {
|
|
|
|
|
+ if (NSS_GetSystemFIPSEnabled() || getFIPSEnv()) {
|
2023-07-05 13:49:19 +02:00
|
|
|
if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
|
2020-06-27 23:18:50 +02:00
|
|
|
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
|
|
|
|
post_failed = PR_TRUE;
|
2023-03-13 09:10:43 +01:00
|
|
|
Index: nss/lib/sysinit/nsssysinit.c
|
|
|
|
|
===================================================================
|
|
|
|
|
--- nss.orig/lib/sysinit/nsssysinit.c
|
|
|
|
|
+++ nss/lib/sysinit/nsssysinit.c
|
|
|
|
|
@@ -178,16 +178,16 @@ getFIPSMode(void)
|
2020-06-27 23:18:50 +02:00
|
|
|
f = fopen("/proc/sys/crypto/fips_enabled", "r");
|
|
|
|
|
if (!f) {
|
|
|
|
|
/* if we don't have a proc flag, fall back to the
|
|
|
|
|
- * environment variable */
|
|
|
|
|
+ * environment variable */
|
|
|
|
|
return getFIPSEnv();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
size = fread(&d, 1, 1, f);
|
|
|
|
|
fclose(f);
|
|
|
|
|
if (size != 1)
|
|
|
|
|
- return PR_FALSE;
|
|
|
|
|
+ return getFIPSEnv();
|
|
|
|
|
if (d != '1')
|
|
|
|
|
- return PR_FALSE;
|
|
|
|
|
+ return getFIPSEnv();
|
|
|
|
|
return PR_TRUE;
|
|
|
|
|
#else
|
|
|
|
|
return PR_FALSE;
|
