File nss-fips-detect-fips-mode-fix.patch of Package mozilla-nss.6625

commit f82f43c8046c512c9f0f66f995f7877b2f46736e
Author: Hans Petter Jansson <hpj@cl.no>
Date:   Wed Jan 31 16:52:49 2018 +0100

    Detect FIPS mode properly.

diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c
index c84010e..3cc0027 100644
--- a/nss/lib/freebl/nsslowhash.c
+++ b/nss/lib/freebl/nsslowhash.c
@@ -6,6 +6,7 @@
 #include "stubs.h"
 #endif
 #include "prtypes.h"
+#include "prenv.h"
 #include "secerr.h"
 #include "blapi.h"
 #include "hasht.h"
@@ -23,6 +24,22 @@ struct NSSLOWHASHContextStr {
     void *hashCtxt;
 };
 
+static PRBool
+getFIPSEnv(void)
+{
+    char *fipsEnv = PR_GetEnvSecure("NSS_FIPS");
+    if (!fipsEnv) {
+        return PR_FALSE;
+    }
+    if ((strcasecmp(fipsEnv, "fips") == 0) ||
+        (strcasecmp(fipsEnv, "true") == 0) ||
+        (strcasecmp(fipsEnv, "on") == 0) ||
+        (strcasecmp(fipsEnv, "1") == 0)) {
+        return PR_TRUE;
+    }
+    return PR_FALSE;
+}
+
 static int
 nsslow_GetFIPSEnabled(void)
 {
@@ -32,17 +49,22 @@ nsslow_GetFIPSEnabled(void)
     size_t size;
 
     f = fopen("/proc/sys/crypto/fips_enabled", "r");
-    if (!f)
-        return 0;
+    if (!f) {
+        /* if we don't have a proc flag, fall back to the
+         * environment variable */
+        return getFIPSEnv();
+    }
 
     size = fread(&d, 1, 1, f);
     fclose(f);
     if (size != 1)
-        return 0;
+        return getFIPSEnv();
     if (d != '1')
-        return 0;
-#endif
+        return getFIPSEnv();
     return 1;
+#else
+    return getFIPSEnv();
+#endif
 }
 
 static NSSLOWInitContext dummyContext = { 0 };
diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c
index 39e2ad7..5f0d346 100644
--- a/nss/lib/sysinit/nsssysinit.c
+++ b/nss/lib/sysinit/nsssysinit.c
@@ -146,7 +146,7 @@ getFIPSEnv(void)
     }
     return PR_FALSE;
 }
-#ifdef XP_LINUX
+#ifdef LINUX
 
 static PRBool
 getFIPSMode(void)
@@ -158,16 +158,16 @@ getFIPSMode(void)
     f = fopen("/proc/sys/crypto/fips_enabled", "r");
     if (!f) {
         /* if we don't have a proc flag, fall back to the
-     * environment variable */
+         * environment variable */
         return getFIPSEnv();
     }
 
     size = fread(&d, 1, 1, f);
     fclose(f);
     if (size != 1)
-        return PR_FALSE;
+        return getFIPSEnv();
     if (d != '1')
-        return PR_FALSE;
+        return getFIPSEnv();
     return PR_TRUE;
 }