diff options
| author | Kai Engert <kaie@kuix.de> | 2016-04-11 19:32:00 +0200 |
|---|---|---|
| committer | Kai Engert <kaie@kuix.de> | 2016-04-11 19:32:00 +0200 |
| commit | d51bb02ec4b2a75bb503b55bb33bf03ddc329678 (patch) | |
| tree | ab7cd267238863244b38d2f6d20b61d28cb79273 | |
| parent | ebfb3b7624a2176663f4d74f30ab6878623a9a9c (diff) | |
| download | nss-hg-d51bb02ec4b2a75bb503b55bb33bf03ddc329678.tar.gz | |
Bug 1262768, NSS 3.24 impacts Windows performance tests, patch by Bob Relyea, fixes and r=kaieNSS_3_24_BETA6
| -rw-r--r-- | coreconf/config.mk | 11 | ||||
| -rw-r--r-- | lib/freebl/fipsfreebl.c | 2 | ||||
| -rw-r--r-- | lib/softoken/fipstest.c | 2 | ||||
| -rw-r--r-- | lib/softoken/legacydb/lgfips.c | 7 |
4 files changed, 16 insertions, 6 deletions
diff --git a/coreconf/config.mk b/coreconf/config.mk index 61d757bcc..a0b81e42c 100644 --- a/coreconf/config.mk +++ b/coreconf/config.mk @@ -174,6 +174,17 @@ ifdef NSS_PKIX_NO_LDAP DEFINES += -DNSS_PKIX_NO_LDAP endif +# FIPS support requires startup tests to be executed at load time of shared modules. +# For performance reasons, these tests are disabled by default. +# When compiling binaries that must support FIPS mode, +# you should define NSS_FORCE_FIPS +# +# NSS_NO_INIT_SUPPORT is always defined on platforms that don't support +# executing the startup tests at library load time. +ifndef NSS_FORCE_FIPS +DEFINES += -DNSS_NO_INIT_SUPPORT +endif + # Avoid building object leak test code for optimized library ifndef BUILD_OPT ifdef PKIX_OBJECT_LEAK_TEST diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c index a4679f729..61314ba38 100644 --- a/lib/freebl/fipsfreebl.c +++ b/lib/freebl/fipsfreebl.c @@ -43,7 +43,7 @@ static void INIT_FUNCTION bl_startup_tests(void); /* Windows pre-defined entry */ -#ifdef XP_WIN +#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT) #include <windows.h> BOOL WINAPI DllMain( diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c index 8f9f8cc3c..fc1f0d0be 100644 --- a/lib/softoken/fipstest.c +++ b/lib/softoken/fipstest.c @@ -34,7 +34,7 @@ static void INIT_FUNCTION sftk_startup_tests(void); /* Windows pre-defined entry */ -#ifdef XP_WIN +#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT) #include <windows.h> BOOL WINAPI DllMain( diff --git a/lib/softoken/legacydb/lgfips.c b/lib/softoken/legacydb/lgfips.c index 9d4bb2720..6d651e6b4 100644 --- a/lib/softoken/legacydb/lgfips.c +++ b/lib/softoken/legacydb/lgfips.c @@ -24,7 +24,7 @@ /* GCC Attribute */ -#ifdef __GNUC__ +#if defined(__GNUC__) && !defined(NSS_NO_INIT_SUPPORT) #define INIT_FUNCTION __attribute__((constructor)) #else #define INIT_FUNCTION @@ -33,7 +33,7 @@ static void INIT_FUNCTION lg_startup_tests(void); /* Windows pre-defined entry */ -#ifdef XP_WIN +#if defined(XP_WIN) && !defined(NSS_NO_INIT_SUPPORT) #include <windows.h> BOOL WINAPI DllMain( @@ -100,13 +100,12 @@ lg_startup_tests(void) PRBool lg_FIPSEntryOK() { -#ifdef NO_INIT_SUPPORT +#ifdef NSS_NO_INIT_SUPPORT /* this should only be set on platforms that can't handle one of the INIT * schemes. This code allows those platforms to continue to function, * though they don't meet the strict NIST requirements. If NO_INIT_SUPPORT * is not set, and init support has not been properly enabled, softken * will always fail because of the test below */ - */ if (!lg_self_tests_ran) { lg_startup_tests(); } |