Network Security Services
CentOS Sources
2018-05-14 74449011e876d8839a7a1053f27fcea5cd1ccf4e
SOURCES/enable-fips-when-system-is-in-fips-mode.patch
@@ -1,7 +1,7 @@
diff -up nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11pars.c
--- nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode   2017-01-13 17:01:05.278296965 +0100
+++ nss/lib/pk11wrap/pk11pars.c   2017-01-13 17:04:52.968903200 +0100
@@ -672,6 +672,10 @@ SECMOD_CreateModuleEx(const char *librar
--- nss/lib/pk11wrap/pk11pars.c.852023_enable_fips_when_in_fips_mode   2018-03-05 16:58:32.000000000 +0100
+++ nss/lib/pk11wrap/pk11pars.c   2018-03-09 17:24:39.815838810 +0100
@@ -671,6 +671,10 @@ SECMOD_CreateModuleEx(const char *librar
 
     mod->internal = NSSUTIL_ArgHasFlag("flags", "internal", nssc);
     mod->isFIPS = NSSUTIL_ArgHasFlag("flags", "FIPS", nssc);
@@ -13,9 +13,9 @@
     slotParams = NSSUTIL_ArgGetParamValue("slotParams", nssc);
     mod->slotInfo = NSSUTIL_ArgParseSlotInfo(mod->arena, slotParams,
diff -up nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/pk11util.c
--- nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode   2017-01-13 17:01:05.278296965 +0100
+++ nss/lib/pk11wrap/pk11util.c   2017-01-13 17:06:24.171723872 +0100
@@ -94,6 +94,26 @@ SECMOD_Shutdown()
--- nss/lib/pk11wrap/pk11util.c.852023_enable_fips_when_in_fips_mode   2018-03-05 16:58:32.000000000 +0100
+++ nss/lib/pk11wrap/pk11util.c   2018-03-09 17:25:46.804347730 +0100
@@ -95,6 +95,26 @@ SECMOD_Shutdown()
     return SECSuccess;
 }
 
@@ -42,7 +42,7 @@
 /*
  * retrieve the internal module
  */
@@ -427,7 +447,7 @@ SECMOD_DeleteInternalModule(const char *
@@ -428,7 +448,7 @@ SECMOD_DeleteInternalModule(const char *
     SECMODModuleList **mlpp;
     SECStatus rv = SECFailure;
 
@@ -51,18 +51,18 @@
         PORT_SetError(SEC_ERROR_MODULE_STUCK);
         return rv;
     }
@@ -902,7 +922,7 @@ SECMOD_DestroyModuleList(SECMODModuleLis
 PRBool
 SECMOD_CanDeleteInternalModule(void)
 {
@@ -963,7 +983,7 @@ SECMOD_CanDeleteInternalModule(void)
 #ifdef NSS_FIPS_DISABLED
     return PR_FALSE;
 #else
-    return (PRBool)(pendingModule == NULL);
+    return (PRBool) ((pendingModule == NULL) && !SECMOD_GetSystemFIPSEnabled());
 #endif
 }
 
 /*
diff -up nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode nss/lib/pk11wrap/secmodi.h
--- nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode   2017-01-13 17:01:05.278296965 +0100
+++ nss/lib/pk11wrap/secmodi.h   2017-01-13 17:07:08.897624098 +0100
--- nss/lib/pk11wrap/secmodi.h.852023_enable_fips_when_in_fips_mode   2018-03-05 16:58:32.000000000 +0100
+++ nss/lib/pk11wrap/secmodi.h   2018-03-09 17:24:39.816838788 +0100
@@ -115,6 +115,13 @@ PK11SymKey *pk11_TokenKeyGenWithFlagsAnd
 CK_MECHANISM_TYPE pk11_GetPBECryptoMechanism(SECAlgorithmID *algid,
                                              SECItem **param, SECItem *pwd, PRBool faulty3DES);