Bug 488350 - NSPR-free freebl interface need to do post tests only in fips mode.

r=wtc sr=nelson Both reviewers suggested a change to '1' if the /proc file failed to open.
author: rrelyea%redhat.com <devnull@localhost> 2009-04-15 21:31:55 +0000
committer: rrelyea%redhat.com <devnull@localhost> 2009-04-15 21:31:55 +0000
commit: d1750a5445b85d8444c3c61d9c08c3caeb4cbe34 (patch)
tree: 5d0e33e9515589322f1482d1419c1492d44f2ec8
parent: 96a6ed2844d8437f9b9a5712c9c1ce08cf8e4b72 (diff)
download: nss-hg-d1750a5445b85d8444c3c61d9c08c3caeb4cbe34.tar.gz
1 files changed, 22 insertions, 1 deletions
diff --git a/security/nss/lib/freebl/nsslowhash.c b/security/nss/lib/freebl/nsslowhash.c
index f705974d1..fe98d362e 100644
--- a/security/nss/lib/freebl/nsslowhash.c
+++ b/security/nss/lib/freebl/nsslowhash.c
@@ -267,6 +267,27 @@ struct NSSLOWHASHContextStr {
    
 };
 
+static int nsslow_GetFIPSEnabled(void) {
+#ifdef LINUX
+    FILE *f;
+    char d;
+    size_t size;
+
+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
+    if (!f)
+        return 1;
+
+    size = fread(&d, 1, 1, f);
+    fclose(f);
+    if (size != 1)
+        return 0;
+    if (d != '1')
+        return 0;
+#endif
+    return 1;
+}
+
+
 static int post = 0;
 
 static NSSLOWInitContext dummyContext = { 0 };
@@ -283,7 +304,7 @@ NSSLOW_Init(void)
     nsprAvailable = (rv ==  SECSuccess ) ? PR_TRUE : PR_FALSE;
 	
 
-    if (!post) {
+    if (!post && nsslow_GetFIPSEnabled()) {
 	crv = freebl_fipsPowerUpSelfTest();
 	if (crv != CKR_OK) {
 	    return NULL;
author	rrelyea%redhat.com <devnull@localhost>	2009-04-15 21:31:55 +0000
committer	rrelyea%redhat.com <devnull@localhost>	2009-04-15 21:31:55 +0000
commit	d1750a5445b85d8444c3c61d9c08c3caeb4cbe34 (patch)
tree	5d0e33e9515589322f1482d1419c1492d44f2ec8
parent	96a6ed2844d8437f9b9a5712c9c1ce08cf8e4b72 (diff)
download	nss-hg-d1750a5445b85d8444c3c61d9c08c3caeb4cbe34.tar.gz