diff options
author | Tim Taubert <ttaubert@mozilla.com> | 2017-11-22 17:15:40 +0100 |
---|---|---|
committer | Tim Taubert <ttaubert@mozilla.com> | 2017-11-22 17:15:40 +0100 |
commit | d2e6e4c459aeedb5a46d8013ab70942f1e24bd9b (patch) | |
tree | 07aeae021e0ed625d81b8c29e73263e3734f90e6 | |
parent | 684fb509962b5723053c3b01ad3132d210def158 (diff) | |
download | nss-hg-d2e6e4c459aeedb5a46d8013ab70942f1e24bd9b.tar.gz |
Bug 1419721 - SECMOD_CanDeleteInternalModule() should return false when build doesn't support FIPS r=franziskus
Summary:
Firefox/PSM uses SECMOD_CanDeleteInternalModule() to check whether FIPS can be
toggled or not. If the NSS build doesn't support FIPS (as is the case with the
one that Mozilla ships) this should always return false.
There is no point in trying to remove the internal module only to fail and then
switch back. We only support removing the internal module to switch between
FIPS and non-FIPS mode.
Reviewers: franziskus
Reviewed By: franziskus
Bug #: 1419721
Differential Revision: https://phabricator.services.mozilla.com/D271
-rw-r--r-- | lib/pk11wrap/pk11util.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c index a962e9bb3..e316f1f1a 100644 --- a/lib/pk11wrap/pk11util.c +++ b/lib/pk11wrap/pk11util.c @@ -437,6 +437,11 @@ SECMOD_DeleteInternalModule(const char *name) return rv; } +#ifdef NSS_FIPS_DISABLED + PORT_SetError(PR_OPERATION_NOT_SUPPORTED_ERROR); + return rv; +#endif + SECMOD_GetWriteLock(moduleLock); for (mlpp = &modules, mlp = modules; mlp != NULL; mlpp = &mlp->next, mlp = *mlpp) { @@ -955,7 +960,11 @@ SECMOD_DestroyModuleList(SECMODModuleList *list) PRBool SECMOD_CanDeleteInternalModule(void) { +#ifdef NSS_FIPS_DISABLED + return PR_FALSE; +#else return (PRBool)(pendingModule == NULL); +#endif } /* |