--- cmd/modutil/modutil.h.orig 2018-08-31 12:55:53 UTC +++ cmd/modutil/modutil.h @@ -22,8 +22,8 @@ #include "error.h" Error LoadMechanismList(void); -Error FipsMode(char *arg); -Error ChkFipsMode(char *arg); +Error FipsMode(const char *arg); +Error ChkFipsMode(const char *arg); Error AddModule(char *moduleName, char *libFile, char *ciphers, char *mechanisms, char *modparms); Error DeleteModule(char *moduleName); --- cmd/modutil/pk11.c.orig 2018-08-31 12:55:53 UTC +++ cmd/modutil/pk11.c @@ -16,7 +16,7 @@ * disable FIPS mode on the internal module. */ Error -FipsMode(char *arg) +FipsMode(const char *arg) { char *internal_name; @@ -25,16 +25,18 @@ FipsMode(char *arg) internal_name = PR_smprintf("%s", SECMOD_GetInternalModule()->commonName); if (SECMOD_DeleteInternalModule(internal_name) != SECSuccess) { - PR_fprintf(PR_STDERR, "%s\n", SECU_Strerror(PORT_GetError())); + PR_fprintf(PR_STDERR, "FipsMode(true): %s (%s)\n", SECU_Strerror(PORT_GetError()), internal_name); PR_smprintf_free(internal_name); PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } - PR_smprintf_free(internal_name); if (!PK11_IsFIPS()) { + PR_fprintf(PR_STDERR, "FipsMode(true): in module %s", internal_name); + PR_smprintf_free(internal_name); PR_fprintf(PR_STDERR, errStrings[FIPS_SWITCH_FAILED_ERR]); return FIPS_SWITCH_FAILED_ERR; } + PR_smprintf_free(internal_name); PR_fprintf(PR_STDOUT, msgStrings[FIPS_ENABLED_MSG]); } else { PR_fprintf(PR_STDERR, errStrings[FIPS_ALREADY_ON_ERR]); @@ -75,7 +77,7 @@ FipsMode(char *arg) * If arg=="false", verify FIPS mode is disabled on the internal module. */ Error -ChkFipsMode(char *arg) +ChkFipsMode(const char *arg) { if (!PORT_Strcasecmp(arg, "true")) { if (PK11_IsFIPS()) {