From 15011aaf05ace9960923a831f2a8712f2e6c50b5 Mon Sep 17 00:00:00 2001
From: Victor Tapia <victor.tapia@canonical.com>
Date: Tue, 11 Feb 2020 15:52:08 +0000
Subject: [PATCH] Bug 1582169 - Disable reading /proc/sys/crypto/fips_enabled
 if FIPS is not enabled on build r=jcj,rrelyea

Differential Revision: https://phabricator.services.mozilla.com/D61236

--HG--
extra : moz-landing-system : lando
---
 lib/pk11wrap/pk11util.c  | 2 ++
 lib/sysinit/nsssysinit.c | 4 ++++
 2 files changed, 6 insertions(+)

diff --git a/lib/pk11wrap/pk11util.c b/lib/pk11wrap/pk11util.c
index 502c4d00cb..906a2f7d55 100644
--- a/lib/pk11wrap/pk11util.c
+++ b/lib/pk11wrap/pk11util.c
@@ -99,6 +99,7 @@ int
 secmod_GetSystemFIPSEnabled(void)
 {
 #ifdef LINUX
+#ifndef NSS_FIPS_DISABLED
     FILE *f;
     char d;
     size_t size;
@@ -116,6 +117,7 @@ secmod_GetSystemFIPSEnabled(void)
     if (d == '1') {
         return 1;
     }
+#endif
 #endif
     return 0;
 }
diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c
index bd0fac2f48..8eb22eff0f 100644
--- a/lib/sysinit/nsssysinit.c
+++ b/lib/sysinit/nsssysinit.c
@@ -168,6 +168,7 @@ getFIPSEnv(void)
 static PRBool
 getFIPSMode(void)
 {
+#ifndef NSS_FIPS_DISABLED
     FILE *f;
     char d;
     size_t size;
@@ -186,6 +187,9 @@ getFIPSMode(void)
     if (d != '1')
         return PR_FALSE;
     return PR_TRUE;
+#else
+    return PR_FALSE;
+#endif
 }
 
 #define NSS_DEFAULT_FLAGS "flags=readonly"