1 files changed, 27 insertions, 2 deletions

diff --git a/security/nss/lib/pk11wrap/pk11util.c b/security/nss/lib/pk11wrap/pk11util.c
index e316f1f1a..502c4d00c 100644
--- a/security/nss/lib/pk11wrap/pk11util.c
+++ b/security/nss/lib/pk11wrap/pk11util.c
@@ -95,6 +95,31 @@ SECMOD_Shutdown()
     return SECSuccess;
 }
 
+int
+secmod_GetSystemFIPSEnabled(void)
+{
+#ifdef LINUX
+    FILE *f;
+    char d;
+    size_t size;
+
+    f = fopen("/proc/sys/crypto/fips_enabled", "r");
+    if (!f) {
+        return 0;
+    }
+
+    size = fread(&d, 1, sizeof(d), f);
+    fclose(f);
+    if (size != sizeof(d)) {
+        return 0;
+    }
+    if (d == '1') {
+        return 1;
+    }
+#endif
+    return 0;
+}
+
 /*
  * retrieve the internal module
  */
@@ -428,7 +453,7 @@ SECMOD_DeleteInternalModule(const char *name)
     SECMODModuleList **mlpp;
     SECStatus rv = SECFailure;
 
-    if (pendingModule) {
+    if (secmod_GetSystemFIPSEnabled() || pendingModule) {
         PORT_SetError(SEC_ERROR_MODULE_STUCK);
         return rv;
     }
@@ -963,7 +988,7 @@ SECMOD_CanDeleteInternalModule(void)
 #ifdef NSS_FIPS_DISABLED
     return PR_FALSE;
 #else
-    return (PRBool)(pendingModule == NULL);
+    return (PRBool)((pendingModule == NULL) && !secmod_GetSystemFIPSEnabled());
 #endif
 }