diff options
author | relyea%netscape.com <devnull@localhost> | 2003-02-05 00:31:15 +0000 |
---|---|---|
committer | relyea%netscape.com <devnull@localhost> | 2003-02-05 00:31:15 +0000 |
commit | 2e9a9e10b5ade63ed4e3f254e99e0d9463f94982 (patch) | |
tree | da42d31fcc155eecfe664e0ff7c0a5415933818f /security/nss/cmd/modutil/pk11.c | |
parent | d36c0a020f717e2cea423fd9a9f503809fc07901 (diff) | |
download | nss-hg-2e9a9e10b5ade63ed4e3f254e99e0d9463f94982.tar.gz |
Surface the Err codes if we fail to shift to FIPS mode.
Add new option to verify that we have shifted to FIPS mode.
Diffstat (limited to 'security/nss/cmd/modutil/pk11.c')
-rw-r--r-- | security/nss/cmd/modutil/pk11.c | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/nss/cmd/modutil/pk11.c b/security/nss/cmd/modutil/pk11.c index 0238c3f6e..25a10c25f 100644 --- a/security/nss/cmd/modutil/pk11.c +++ b/security/nss/cmd/modutil/pk11.c @@ -60,6 +60,10 @@ FipsMode(char *arg) return FIPS_SWITCH_FAILED_ERR; } PR_smprintf_free(internal_name); + if (!PK11_IsFIPS()) { + PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); + return FIPS_SWITCH_FAILED_ERR; + } PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); @@ -75,6 +79,10 @@ FipsMode(char *arg) return FIPS_SWITCH_FAILED_ERR; } PR_smprintf_free(internal_name); + if (PK11_IsFIPS()) { + PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); + return FIPS_SWITCH_FAILED_ERR; + } PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_OFF_ERR]); @@ -88,6 +96,41 @@ FipsMode(char *arg) return SUCCESS; } +/************************************************************************* + * + * C h k F i p s M o d e + * If arg=="true", verify FIPS mode is enabled on the internal module. + * If arg=="false", verify FIPS mode is disabled on the internal module. + */ +Error +ChkFipsMode(char *arg) +{ + + char *internal_name; + + if(!PORT_Strcasecmp(arg, "true")) { + if (PK11_IsFIPS()) { + PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); + } else { + PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); + return FIPS_SWITCH_FAILED_ERR; + } + + } else if(!PORT_Strcasecmp(arg, "false")) { + if(!PK11_IsFIPS()) { + PR_fprintf(PR_STDOUT, msgStrings[FIPS_DISABLED_MSG]); + } else { + PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); + return FIPS_SWITCH_FAILED_ERR; + } + } else { + PR_fprintf(PR_STDERR, errStrings[INVALID_FIPS_ARG]); + return INVALID_FIPS_ARG; + } + + return SUCCESS; +} + /************************************************************************ * Cipher and Mechanism name-bitmask translation tables */ |