Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS is not enabled on build r=jcj,rrelyea

Differential Revision: https://phabricator.services.mozilla.com/D61236
author: Victor Tapia <victor.tapia@canonical.com> 2020-02-11 15:52:08 +0000
committer: Victor Tapia <victor.tapia@canonical.com> 2020-02-11 15:52:08 +0000
commit: 27ccf9b133ee44120ff53dfeba5409d84d1f1da1 (patch)
tree: ff4b1dda1748a44b1bad87e5151cfa7e68be396b
parent: e4abeaa6fc9db458bdbd1965d33fda2fc1a66817 (diff)
download: nss-hg-27ccf9b133ee44120ff53dfeba5409d84d1f1da1.tar.gz
2 files changed, 6 insertions, 0 deletions
diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c
index 502c4d00c..906a2f7d5 100644
--- a/lib/pk11wrap/pk11util.c
+++ b/lib/pk11wrap/pk11util.c
@@ -99,6 +99,7 @@ int
 secmod_GetSystemFIPSEnabled(void)
 {
 #ifdef LINUX
+#ifndef NSS_FIPS_DISABLED
     FILE *f;
     char d;
     size_t size;
@@ -117,6 +118,7 @@ secmod_GetSystemFIPSEnabled(void)
         return 1;
     }
 #endif
+#endif
     return 0;
 }
 
diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
index bd0fac2f4..8eb22eff0 100644
--- a/lib/sysinit/nsssysinit.c
+++ b/lib/sysinit/nsssysinit.c
@@ -168,6 +168,7 @@ getFIPSEnv(void)
 static PRBool
 getFIPSMode(void)
 {
+#ifndef NSS_FIPS_DISABLED
     FILE *f;
     char d;
     size_t size;
@@ -186,6 +187,9 @@ getFIPSMode(void)
     if (d != '1')
         return PR_FALSE;
     return PR_TRUE;
+#else
+    return PR_FALSE;
+#endif
 }
 
 #define NSS_DEFAULT_FLAGS "flags=readonly"
author	Victor Tapia <victor.tapia@canonical.com>	2020-02-11 15:52:08 +0000
committer	Victor Tapia <victor.tapia@canonical.com>	2020-02-11 15:52:08 +0000
commit	27ccf9b133ee44120ff53dfeba5409d84d1f1da1 (patch)
tree	ff4b1dda1748a44b1bad87e5151cfa7e68be396b
parent	e4abeaa6fc9db458bdbd1965d33fda2fc1a66817 (diff)
download	nss-hg-27ccf9b133ee44120ff53dfeba5409d84d1f1da1.tar.gz