1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
--- cmd/modutil/modutil.h.orig 2018-08-31 12:55:53 UTC
+++ cmd/modutil/modutil.h
@@ -22,8 +22,8 @@
#include "error.h"
Error LoadMechanismList(void);
-Error FipsMode(char *arg);
-Error ChkFipsMode(char *arg);
+Error FipsMode(const char *arg);
+Error ChkFipsMode(const char *arg);
Error AddModule(char *moduleName, char *libFile, char *ciphers,
char *mechanisms, char *modparms);
Error DeleteModule(char *moduleName);
--- cmd/modutil/pk11.c.orig 2018-08-31 12:55:53 UTC
+++ cmd/modutil/pk11.c
@@ -16,7 +16,7 @@
* disable FIPS mode on the internal module.
*/
Error
-FipsMode(char *arg)
+FipsMode(const char *arg)
{
char *internal_name;
@@ -25,16 +25,18 @@ FipsMode(char *arg)
internal_name = PR_smprintf("%s",
SECMOD_GetInternalModule()->commonName);
if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) {
- PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError()));
+ PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name);
PR_smprintf_free(internal_name);
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
return FIPS_SWITCH_FAILED_ERR;
}
- PR_smprintf_free(internal_name);
if (!PK11_IsFIPS()) {
+ PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name);
+ PR_smprintf_free(internal_name);
PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]);
return FIPS_SWITCH_FAILED_ERR;
}
+ PR_smprintf_free(internal_name);
PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]);
} else {
PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]);
@@ -75,7 +77,7 @@ FipsMode(char *arg)
* If arg=="false", verify FIPS mode is disabled on the internal module.
*/
Error
-ChkFipsMode(char *arg)
+ChkFipsMode(const char *arg)
{
if (!PORT_Strcasecmp(arg, "true")) {
if (PK11_IsFIPS()) {
|
