diff options
| author | Robert Relyea <rrelyea@redhat.com> | 2023-04-12 08:19:35 -0700 |
|---|---|---|
| committer | Robert Relyea <rrelyea@redhat.com> | 2023-04-12 08:19:35 -0700 |
| commit | 2386c64d2cf4194c8f63ae2e8d5b9e83544679eb (patch) | |
| tree | ab0536e1141042e65242d1257534a8ae3f28f6ff /cmd/nss-policy-check/nss-policy-check.c | |
| parent | af6cccfbf3d14f62f86e322ea56b4c3a4e3fd5df (diff) | |
| download | nss-hg-2386c64d2cf4194c8f63ae2e8d5b9e83544679eb.tar.gz | |
Bug 1806010 FIPS-104-3 requires we restart post programmatically
FIPS -140-3 requires that we give applications a way to restart the Power On Self-Tests programmatically. Unloading the shared library is insufficient. Shutting down softoken and restarting it with a special flag is.
This path accomplishes this task by:
1) adding a new startup flag init argument flag called forcePost which is
parsed at FC_Initialize time.
2) Code which checks if the post ran properly takes a new Bool which tells the function whether or not to rerun the post operations. If post operations are to be rerun, all test flags are set to unknown or fail and the tests are rerun. The results are returned.
3) Public facing functions to verify integrity looks for a special non-valid character flag as the first character of the filename and uses that to decide if we should rerun post or not. Callers add the flag if post should be rerun.
4) pk11mode, the general FIPS test program makes sure we can turn on the forcePost flag.
Differential Revision: https://phabricator.services.mozilla.com/D165050
Diffstat (limited to 'cmd/nss-policy-check/nss-policy-check.c')
| -rw-r--r-- | cmd/nss-policy-check/nss-policy-check.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/cmd/nss-policy-check/nss-policy-check.c b/cmd/nss-policy-check/nss-policy-check.c index 0a77d7c7a..b806dfba6 100644 --- a/cmd/nss-policy-check/nss-policy-check.c +++ b/cmd/nss-policy-check/nss-policy-check.c @@ -221,12 +221,12 @@ breakout: } snprintf(moduleSpec, sizeof(moduleSpec), - "name=\"Policy File\" " - "parameters=\"configdir='sql:%s' " - "secmod='%s' " - "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" " - "NSS=\"flags=%s\"", - path, filename, flags); + "name=\"Policy File\" " + "parameters=\"configdir='sql:%s' " + "secmod='%s' " + "flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" " + "NSS=\"flags=%s\"", + path, filename, flags); module = SECMOD_LoadModule(moduleSpec, NULL, PR_TRUE); if (!module || !module->loaded || atoi(PR_GetEnvSecure("NSS_POLICY_LOADED")) != 1) { |