Overview

File nss-CC-runtime_algorithm_selection.patch of Package mozilla-nss.1743

# HG changeset patch
# Parent 740e482f544b07e24057df77e5179a5f8d104c69
# Parent  59fcd0fcab86aadd25235db8a5cd3bf9d9922f55
Disable hardware accelerated algorithms in FIPS mode

diff --git a/lib/freebl/rijndael.c b/lib/freebl/rijndael.c
--- a/lib/freebl/rijndael.c
+++ b/lib/freebl/rijndael.c
@@ -13,16 +13,18 @@
 #include "prtypes.h"
 #include "blapi.h"
 #include "rijndael.h"
 
 #include "cts.h"
 #include "ctr.h"
 #include "gcm.h"
 
+#include "fips.h"
+
 #ifdef USE_HW_AES
 #include "intel-aes.h"
 #include "mpi.h"
 
 static int has_intel_aes = 0;
 static PRBool use_hw_aes = PR_FALSE;
 
 #ifdef INTEL_GCM
@@ -1057,16 +1059,17 @@ aes_InitContext(AESContext *cx, const un
 #ifdef INTEL_GCM
 	    has_intel_avx = -1;
 	    has_intel_clmul = -1;
 #endif
 	}
     }
     use_hw_aes = (PRBool)
 		(has_intel_aes > 0 && (keysize % 8) == 0 && blocksize == 16);
+    use_hw_aes = (PRBool) (use_hw_aes && (!FIPS_mode()));
 #ifdef INTEL_GCM
     use_hw_gcm = (PRBool)
 		(use_hw_aes && has_intel_avx>0 && has_intel_clmul>0);
 #endif
 #endif  /* USE_HW_AES */
     /* Nb = (block size in bits) / 32 */
     cx->Nb = blocksize / 4;
     /* Nk = (key size in bits) / 32 */
openSUSE Build Service is sponsored by
Places