Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled if FIPS i…
…s not enabled on build r=jcj,rrelyea

Differential Revision: https://phabricator.services.mozilla.com/D61236

--HG--
extra : moz-landing-system : lando
  • Loading branch information
vtapia committed Feb 11, 2020
1 parent d9aea9c commit 15011aa
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 0 deletions.
2 changes: 2 additions & 0 deletions lib/pk11wrap/pk11util.c
Expand Up @@ -99,6 +99,7 @@ int
secmod_GetSystemFIPSEnabled(void)
{
#ifdef LINUX
#ifndef NSS_FIPS_DISABLED
FILE *f;
char d;
size_t size;
Expand All @@ -116,6 +117,7 @@ secmod_GetSystemFIPSEnabled(void)
if (d == '1') {
return 1;
}
#endif
#endif
return 0;
}
Expand Down
4 changes: 4 additions & 0 deletions lib/sysinit/nsssysinit.c
Expand Up @@ -168,6 +168,7 @@ getFIPSEnv(void)
static PRBool
getFIPSMode(void)
{
#ifndef NSS_FIPS_DISABLED
FILE *f;
char d;
size_t size;
Expand All @@ -186,6 +187,9 @@ getFIPSMode(void)
if (d != '1')
return PR_FALSE;
return PR_TRUE;
#else
return PR_FALSE;
#endif
}

#define NSS_DEFAULT_FLAGS "flags=readonly"
Expand Down

0 comments on commit 15011aa

Please sign in to comment.