mozilla-nss/nss-fips-tests-enable-fips.patch

Index: nss/tests/cert/cert.sh
===================================================================
--- nss.orig/tests/cert/cert.sh
+++ nss/tests/cert/cert.sh
@@ -1350,6 +1350,11 @@ cert_stresscerts()
 ##############################################################################
 cert_fips()
 {
+  OLD_FIPS_MODE=`echo ${NSS_FIPS}`
+  OLD_CHECKSUMS_MODE=`echo ${NSS_IGNORE_CHECKSUMS}`
+  export NSS_FIPS=1
+  export NSS_IGNORE_CHECKSUMS=1
+
   CERTFAILED=0
   echo "$SCRIPTNAME: Creating FIPS 140 DSA Certificates =============="
   cert_init_cert "${FIPSDIR}" "FIPS PUB 140 Test Certificate" 1000 "${D_FIPS}"
@@ -1390,6 +1395,8 @@ MODSCRIPT
     cert_log "SUCCESS: FIPS passed"
   fi
 
+  export NSS_FIPS=${OLD_FIPS_MODE}
+  export NSS_IGNORE_CHECKSUMS=${OLD_CHECKSUMS_MODE}
 }
 
 ########################## cert_rsa_exponent #################################
- update to NSS 3.108 * bmo#1923285 - libclang-16 -> libclang-19 * bmo#1939086 - Turn off Secure Email Trust Bit for Security Communication ECC RootCA1 * bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root CA1 and BJCA Global Root CA2 * bmo#1915902 - Remove SwissSign Silver CA – G2 * bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS * bmo#1942301 - fix fips test failure on windows * bmo#1935925 - change default sensitivity of KEM keys * bmo#1936001 - Part 1: Introduce frida hooks and script * bmo#1942350 - add missing arm_neon.h include to gcm.c * bmo#1831552 - ci: update windows workers to win2022 * bmo#1831552 - strip trailing carriage returns in tools tests * bmo#1880256 - work around unix/windows path translation issues in cert test script * bmo#1831552 - ci: let the windows setup script work without $m * bmo#1880255 - detect msys * bmo#1936680 - add a specialized CTR_Update variant for AES-GCM * bmo#1930807 - NSS policy updates * bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG * bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero * bmo#1930806 - FIPS changes need to be upstreamed - updated POST * bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing * bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality * bmo#1935984 - Ensure zero-initialization of collectArgs.cert * bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate * bmo#1915898 - Fix actual underlying ODR violations issue * bmo#1184059 - mozilla::pkix: allow reference ID labels to begin and/or end with hyphens OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=471 2025-03-02 14:54:06 +00:00			`Index: nss/tests/cert/cert.sh`
			`===================================================================`
			`--- nss.orig/tests/cert/cert.sh`
			`+++ nss/tests/cert/cert.sh`
			`@@ -1350,6 +1350,11 @@ cert_stresscerts()`
			`##############################################################################`
			`cert_fips()`
			`{`
			+ OLD_FIPS_MODE=`echo ${NSS_FIPS}`
			+ OLD_CHECKSUMS_MODE=`echo ${NSS_IGNORE_CHECKSUMS}`
			`+ export NSS_FIPS=1`
			`+ export NSS_IGNORE_CHECKSUMS=1`
			`+`
			`CERTFAILED=0`
			`echo "$SCRIPTNAME: Creating FIPS 140 DSA Certificates =============="`
			`cert_init_cert "${FIPSDIR}" "FIPS PUB 140 Test Certificate" 1000 "${D_FIPS}"`
			`@@ -1390,6 +1395,8 @@ MODSCRIPT`
			`cert_log "SUCCESS: FIPS passed"`
			`fi`

			`+ export NSS_FIPS=${OLD_FIPS_MODE}`
			`+ export NSS_IGNORE_CHECKSUMS=${OLD_CHECKSUMS_MODE}`
			`}`

			`########################## cert_rsa_exponent #################################`