pool/mozilla-nss
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
mozilla-nss/nss-fips-detect-fips-mode-fixes.patch
Wolfgang Rosenauer 13053eadb0 - Remove upstreamed bmo-1400603.patch 
- Added nss-bmo1930797.patch to fix failing tests in testsuite 

- update to NSS 3.106
  * bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
  * bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
  * bmo#1899402 - Correctly destroy bulkkey in error scenario.
  * bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
  * bmo#1923002 - Extract certificates with handshake collection script.
  * bmo#1923006 - Specify len_control for fuzz targets.
  * bmo#1923280 - Fix memory leak in dumpCertificatePEM.
  * bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
                  SECU_PrintCertificateBasicInfo.
  * bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
  * bmo#1921768 - allow null phKey in NSC_DeriveKey.
  * bmo#1921801 - Only create seed corpus zip from existing corpus.
  * bmo#1826035 - Use explicit allowlist for for KDF PRFS.
  * bmo#1920138 - Increase optimization level for fuzz builds.
  * bmo#1920470 - Remove incorrect assert.
  * bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
  * bmo#1920945 - Polish corpus collection for automation.
  * bmo#1917572 - Detect new and unfuzzed SSL options.
  * bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=465
2024-11-26 15:24:39 +00:00

77 lines
2.2 KiB
Diff
Raw Blame History

# HG changeset patch
# User M. Sirringhaus <msirringhaus@suse.de>
# Date 1584305671 -3600
# Sun Mar 15 21:54:31 2020 +0100
# Node ID 715834d4a258c535f3abbf116d69d5e77392593b
# Parent 4ddd7d49eeed4ea32850daf41a472ccb50dee45e
commit facacdb9078693d7a4219e84f73ea7b8f977ddc2
Author: Hans Petter Jansson <hpj@cl.no>
Patch 32: nss-fips-detect-fips-mode-fixes.patch
Index: nss/lib/freebl/nsslowhash.c
===================================================================
--- nss.orig/lib/freebl/nsslowhash.c
+++ nss/lib/freebl/nsslowhash.c
@@ -2,9 +2,13 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+#define _GNU_SOURCE 1
+#include <stdlib.h>
+
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
+
#include "prtypes.h"
#include "prenv.h"
#include "secerr.h"
@@ -27,6 +31,22 @@ struct NSSLOWHASHContextStr {
static NSSLOWInitContext dummyContext = { 0 };
static PRBool post_failed = PR_TRUE;
+static PRBool
+getFIPSEnv(void)
+{
+ char *fipsEnv = secure_getenv("NSS_FIPS");
+ if (!fipsEnv) {
+ return PR_FALSE;
+ }
+ if ((strcasecmp(fipsEnv, "fips") == 0) ||
+ (strcasecmp(fipsEnv, "true") == 0) ||
+ (strcasecmp(fipsEnv, "on") == 0) ||
+ (strcasecmp(fipsEnv, "1") == 0)) {
+ return PR_TRUE;
+ }
+ return PR_FALSE;
+}
+
NSSLOWInitContext *
NSSLOW_Init(void)
{
@@ -37,7 +57,7 @@ NSSLOW_Init(void)
#ifndef NSS_FIPS_DISABLED
/* make sure the FIPS product is installed if we are trying to
* go into FIPS mode */
- if (NSS_GetSystemFIPSEnabled()) {
+ if (NSS_GetSystemFIPSEnabled() || getFIPSEnv()) {
if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
post_failed = PR_TRUE;
Index: nss/lib/sysinit/nsssysinit.c
===================================================================
--- nss.orig/lib/sysinit/nsssysinit.c
+++ nss/lib/sysinit/nsssysinit.c
@@ -185,9 +185,9 @@ getFIPSMode(void)
size = fread(&d, 1, 1, f);
fclose(f);
if (size != 1)
- return PR_FALSE;
+ return getFIPSEnv();
if (d != '1')
- return PR_FALSE;
+ return getFIPSEnv();
return PR_TRUE;
#else
return PR_FALSE;
Reference in New Issue View Git Blame Copy Permalink