diff options
author | rrelyea%redhat.com <devnull@localhost> | 2009-04-15 21:31:55 +0000 |
---|---|---|
committer | rrelyea%redhat.com <devnull@localhost> | 2009-04-15 21:31:55 +0000 |
commit | d1750a5445b85d8444c3c61d9c08c3caeb4cbe34 (patch) | |
tree | 5d0e33e9515589322f1482d1419c1492d44f2ec8 | |
parent | 96a6ed2844d8437f9b9a5712c9c1ce08cf8e4b72 (diff) | |
download | nss-hg-d1750a5445b85d8444c3c61d9c08c3caeb4cbe34.tar.gz |
Bug 488350 - NSPR-free freebl interface need to do post tests only in fips mode.
r=wtc
sr=nelson
Both reviewers suggested a change to '1' if the /proc file failed to open.
-rw-r--r-- | security/nss/lib/freebl/nsslowhash.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/security/nss/lib/freebl/nsslowhash.c b/security/nss/lib/freebl/nsslowhash.c index f705974d1..fe98d362e 100644 --- a/security/nss/lib/freebl/nsslowhash.c +++ b/security/nss/lib/freebl/nsslowhash.c @@ -267,6 +267,27 @@ struct NSSLOWHASHContextStr { }; +static int nsslow_GetFIPSEnabled(void) { +#ifdef LINUX + FILE *f; + char d; + size_t size; + + f = fopen("/proc/sys/crypto/fips_enabled", "r"); + if (!f) + return 1; + + size = fread(&d, 1, 1, f); + fclose(f); + if (size != 1) + return 0; + if (d != '1') + return 0; +#endif + return 1; +} + + static int post = 0; static NSSLOWInitContext dummyContext = { 0 }; @@ -283,7 +304,7 @@ NSSLOW_Init(void) nsprAvailable = (rv == SECSuccess ) ? PR_TRUE : PR_FALSE; - if (!post) { + if (!post && nsslow_GetFIPSEnabled()) { crv = freebl_fipsPowerUpSelfTest(); if (crv != CKR_OK) { return NULL; |