1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/security/manager/ssl/src/nsPKCS11Slot.cpp Wed Dec 31 06:09:35 2014 +0100
1.3 @@ -0,0 +1,518 @@
1.4 +/* This Source Code Form is subject to the terms of the Mozilla Public
1.5 + * License, v. 2.0. If a copy of the MPL was not distributed with this
1.6 + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
1.7 +
1.8 +#include "nsPKCS11Slot.h"
1.9 +#include "nsPK11TokenDB.h"
1.10 +
1.11 +#include "nsCOMPtr.h"
1.12 +#include "nsISupportsArray.h"
1.13 +#include "nsString.h"
1.14 +#include "nsReadableUtils.h"
1.15 +#include "nsCRT.h"
1.16 +
1.17 +#include "secmod.h"
1.18 +
1.19 +#ifdef PR_LOGGING
1.20 +extern PRLogModuleInfo* gPIPNSSLog;
1.21 +#endif
1.22 +
1.23 +NS_IMPL_ISUPPORTS(nsPKCS11Slot, nsIPKCS11Slot)
1.24 +
1.25 +nsPKCS11Slot::nsPKCS11Slot(PK11SlotInfo *slot)
1.26 +{
1.27 + nsNSSShutDownPreventionLock locker;
1.28 + if (isAlreadyShutDown())
1.29 + return;
1.30 +
1.31 + PK11_ReferenceSlot(slot);
1.32 + mSlot = slot;
1.33 + mSeries = PK11_GetSlotSeries(slot);
1.34 + refreshSlotInfo();
1.35 +}
1.36 +
1.37 +void
1.38 +nsPKCS11Slot::refreshSlotInfo()
1.39 +{
1.40 + CK_SLOT_INFO slot_info;
1.41 + if (PK11_GetSlotInfo(mSlot, &slot_info) == SECSuccess) {
1.42 + // Set the Description field
1.43 + const char *ccDesc = (const char*)slot_info.slotDescription;
1.44 + const nsACString &cDesc = Substring(
1.45 + ccDesc,
1.46 + ccDesc+PL_strnlen(ccDesc, sizeof(slot_info.slotDescription)));
1.47 + mSlotDesc = NS_ConvertUTF8toUTF16(cDesc);
1.48 + mSlotDesc.Trim(" ", false, true);
1.49 + // Set the Manufacturer field
1.50 + const char *ccManID = (const char*)slot_info.manufacturerID;
1.51 + const nsACString &cManID = Substring(
1.52 + ccManID,
1.53 + ccManID+PL_strnlen(ccManID, sizeof(slot_info.manufacturerID)));
1.54 + mSlotManID = NS_ConvertUTF8toUTF16(cManID);
1.55 + mSlotManID.Trim(" ", false, true);
1.56 + // Set the Hardware Version field
1.57 + mSlotHWVersion = EmptyString();
1.58 + mSlotHWVersion.AppendInt(slot_info.hardwareVersion.major);
1.59 + mSlotHWVersion.AppendLiteral(".");
1.60 + mSlotHWVersion.AppendInt(slot_info.hardwareVersion.minor);
1.61 + // Set the Firmware Version field
1.62 + mSlotFWVersion = EmptyString();
1.63 + mSlotFWVersion.AppendInt(slot_info.firmwareVersion.major);
1.64 + mSlotFWVersion.AppendLiteral(".");
1.65 + mSlotFWVersion.AppendInt(slot_info.firmwareVersion.minor);
1.66 + }
1.67 +
1.68 +}
1.69 +
1.70 +nsPKCS11Slot::~nsPKCS11Slot()
1.71 +{
1.72 + nsNSSShutDownPreventionLock locker;
1.73 + if (isAlreadyShutDown()) {
1.74 + return;
1.75 + }
1.76 + destructorSafeDestroyNSSReference();
1.77 + shutdown(calledFromObject);
1.78 +}
1.79 +
1.80 +void nsPKCS11Slot::virtualDestroyNSSReference()
1.81 +{
1.82 + destructorSafeDestroyNSSReference();
1.83 +}
1.84 +
1.85 +void nsPKCS11Slot::destructorSafeDestroyNSSReference()
1.86 +{
1.87 + if (mSlot) {
1.88 + PK11_FreeSlot(mSlot);
1.89 + mSlot = nullptr;
1.90 + }
1.91 +}
1.92 +
1.93 +/* readonly attribute wstring name; */
1.94 +NS_IMETHODIMP
1.95 +nsPKCS11Slot::GetName(char16_t **aName)
1.96 +{
1.97 + nsNSSShutDownPreventionLock locker;
1.98 + if (isAlreadyShutDown())
1.99 + return NS_ERROR_NOT_AVAILABLE;
1.100 +
1.101 + char *csn = PK11_GetSlotName(mSlot);
1.102 + if (*csn) {
1.103 + *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(csn));
1.104 + } else if (PK11_HasRootCerts(mSlot)) {
1.105 + // This is a workaround to an Root Module bug - the root certs module has
1.106 + // no slot name. Not bothering to localize, because this is a workaround
1.107 + // and for now all the slot names returned by NSS are char * anyway.
1.108 + *aName = ToNewUnicode(NS_LITERAL_STRING("Root Certificates"));
1.109 + } else {
1.110 + // same as above, this is a catch-all
1.111 + *aName = ToNewUnicode(NS_LITERAL_STRING("Unnamed Slot"));
1.112 + }
1.113 + if (!*aName) return NS_ERROR_OUT_OF_MEMORY;
1.114 + return NS_OK;
1.115 +}
1.116 +
1.117 +/* readonly attribute wstring desc; */
1.118 +NS_IMETHODIMP
1.119 +nsPKCS11Slot::GetDesc(char16_t **aDesc)
1.120 +{
1.121 + nsNSSShutDownPreventionLock locker;
1.122 + if (isAlreadyShutDown())
1.123 + return NS_ERROR_NOT_AVAILABLE;
1.124 +
1.125 + if (mSeries != PK11_GetSlotSeries(mSlot)) {
1.126 + refreshSlotInfo();
1.127 + }
1.128 +
1.129 + *aDesc = ToNewUnicode(mSlotDesc);
1.130 + if (!*aDesc) return NS_ERROR_OUT_OF_MEMORY;
1.131 + return NS_OK;
1.132 +}
1.133 +
1.134 +/* readonly attribute wstring manID; */
1.135 +NS_IMETHODIMP
1.136 +nsPKCS11Slot::GetManID(char16_t **aManID)
1.137 +{
1.138 + if (mSeries != PK11_GetSlotSeries(mSlot)) {
1.139 + refreshSlotInfo();
1.140 + }
1.141 + *aManID = ToNewUnicode(mSlotManID);
1.142 + if (!*aManID) return NS_ERROR_OUT_OF_MEMORY;
1.143 + return NS_OK;
1.144 +}
1.145 +
1.146 +/* readonly attribute wstring HWVersion; */
1.147 +NS_IMETHODIMP
1.148 +nsPKCS11Slot::GetHWVersion(char16_t **aHWVersion)
1.149 +{
1.150 + if (mSeries != PK11_GetSlotSeries(mSlot)) {
1.151 + refreshSlotInfo();
1.152 + }
1.153 + *aHWVersion = ToNewUnicode(mSlotHWVersion);
1.154 + if (!*aHWVersion) return NS_ERROR_OUT_OF_MEMORY;
1.155 + return NS_OK;
1.156 +}
1.157 +
1.158 +/* readonly attribute wstring FWVersion; */
1.159 +NS_IMETHODIMP
1.160 +nsPKCS11Slot::GetFWVersion(char16_t **aFWVersion)
1.161 +{
1.162 + if (mSeries != PK11_GetSlotSeries(mSlot)) {
1.163 + refreshSlotInfo();
1.164 + }
1.165 + *aFWVersion = ToNewUnicode(mSlotFWVersion);
1.166 + if (!*aFWVersion) return NS_ERROR_OUT_OF_MEMORY;
1.167 + return NS_OK;
1.168 +}
1.169 +
1.170 +/* nsIPK11Token getToken (); */
1.171 +NS_IMETHODIMP
1.172 +nsPKCS11Slot::GetToken(nsIPK11Token **_retval)
1.173 +{
1.174 + nsNSSShutDownPreventionLock locker;
1.175 + if (isAlreadyShutDown())
1.176 + return NS_ERROR_NOT_AVAILABLE;
1.177 +
1.178 + nsCOMPtr<nsIPK11Token> token = new nsPK11Token(mSlot);
1.179 + *_retval = token;
1.180 + NS_ADDREF(*_retval);
1.181 + return NS_OK;
1.182 +}
1.183 +
1.184 +/* readonly attribute wstring tokenName; */
1.185 +NS_IMETHODIMP
1.186 +nsPKCS11Slot::GetTokenName(char16_t **aName)
1.187 +{
1.188 + nsNSSShutDownPreventionLock locker;
1.189 + if (isAlreadyShutDown())
1.190 + return NS_ERROR_NOT_AVAILABLE;
1.191 +
1.192 + if (!PK11_IsPresent(mSlot)) {
1.193 + *aName = nullptr;
1.194 + return NS_OK;
1.195 + }
1.196 +
1.197 + if (mSeries != PK11_GetSlotSeries(mSlot)) {
1.198 + refreshSlotInfo();
1.199 + }
1.200 +
1.201 +
1.202 + *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(PK11_GetTokenName(mSlot)));
1.203 + if (!*aName) return NS_ERROR_OUT_OF_MEMORY;
1.204 + return NS_OK;
1.205 +}
1.206 +
1.207 +NS_IMETHODIMP
1.208 +nsPKCS11Slot::GetStatus(uint32_t *_retval)
1.209 +{
1.210 + nsNSSShutDownPreventionLock locker;
1.211 + if (isAlreadyShutDown())
1.212 + return NS_ERROR_NOT_AVAILABLE;
1.213 +
1.214 + if (PK11_IsDisabled(mSlot))
1.215 + *_retval = SLOT_DISABLED;
1.216 + else if (!PK11_IsPresent(mSlot))
1.217 + *_retval = SLOT_NOT_PRESENT;
1.218 + else if (PK11_NeedLogin(mSlot) && PK11_NeedUserInit(mSlot))
1.219 + *_retval = SLOT_UNINITIALIZED;
1.220 + else if (PK11_NeedLogin(mSlot) && !PK11_IsLoggedIn(mSlot, nullptr))
1.221 + *_retval = SLOT_NOT_LOGGED_IN;
1.222 + else if (PK11_NeedLogin(mSlot))
1.223 + *_retval = SLOT_LOGGED_IN;
1.224 + else
1.225 + *_retval = SLOT_READY;
1.226 + return NS_OK;
1.227 +}
1.228 +
1.229 +NS_IMPL_ISUPPORTS(nsPKCS11Module, nsIPKCS11Module)
1.230 +
1.231 +nsPKCS11Module::nsPKCS11Module(SECMODModule *module)
1.232 +{
1.233 + nsNSSShutDownPreventionLock locker;
1.234 + if (isAlreadyShutDown())
1.235 + return;
1.236 +
1.237 + SECMOD_ReferenceModule(module);
1.238 + mModule = module;
1.239 +}
1.240 +
1.241 +nsPKCS11Module::~nsPKCS11Module()
1.242 +{
1.243 + nsNSSShutDownPreventionLock locker;
1.244 + if (isAlreadyShutDown()) {
1.245 + return;
1.246 + }
1.247 + destructorSafeDestroyNSSReference();
1.248 + shutdown(calledFromObject);
1.249 +}
1.250 +
1.251 +void nsPKCS11Module::virtualDestroyNSSReference()
1.252 +{
1.253 + destructorSafeDestroyNSSReference();
1.254 +}
1.255 +
1.256 +void nsPKCS11Module::destructorSafeDestroyNSSReference()
1.257 +{
1.258 + if (mModule) {
1.259 + SECMOD_DestroyModule(mModule);
1.260 + mModule = nullptr;
1.261 + }
1.262 +}
1.263 +
1.264 +/* readonly attribute wstring name; */
1.265 +NS_IMETHODIMP
1.266 +nsPKCS11Module::GetName(char16_t **aName)
1.267 +{
1.268 + nsNSSShutDownPreventionLock locker;
1.269 + if (isAlreadyShutDown())
1.270 + return NS_ERROR_NOT_AVAILABLE;
1.271 +
1.272 + *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(mModule->commonName));
1.273 + return NS_OK;
1.274 +}
1.275 +
1.276 +/* readonly attribute wstring libName; */
1.277 +NS_IMETHODIMP
1.278 +nsPKCS11Module::GetLibName(char16_t **aName)
1.279 +{
1.280 + nsNSSShutDownPreventionLock locker;
1.281 + if (isAlreadyShutDown())
1.282 + return NS_ERROR_NOT_AVAILABLE;
1.283 +
1.284 + if ( mModule->dllName ) {
1.285 + *aName = ToNewUnicode(NS_ConvertUTF8toUTF16(mModule->dllName));
1.286 + } else {
1.287 + *aName = nullptr;
1.288 + }
1.289 + return NS_OK;
1.290 +}
1.291 +
1.292 +/* nsIPKCS11Slot findSlotByName(in wstring name); */
1.293 +NS_IMETHODIMP
1.294 +nsPKCS11Module::FindSlotByName(const char16_t *aName,
1.295 + nsIPKCS11Slot **_retval)
1.296 +{
1.297 + nsNSSShutDownPreventionLock locker;
1.298 + if (isAlreadyShutDown())
1.299 + return NS_ERROR_NOT_AVAILABLE;
1.300 +
1.301 + char *asciiname = ToNewUTF8String(nsDependentString(aName));
1.302 + PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("Getting \"%s\"\n", asciiname));
1.303 + PK11SlotInfo *slotinfo = nullptr;
1.304 + PK11SlotList *slotList = PK11_FindSlotsByNames(mModule->dllName,
1.305 + asciiname /* slotName */, nullptr /* token Name */, false);
1.306 + if (!slotList) {
1.307 + /* name must be the token name */
1.308 + slotList = PK11_FindSlotsByNames(mModule->dllName,
1.309 + nullptr /*slot Name */, asciiname /* token Name */, false);
1.310 + }
1.311 + if (slotList) {
1.312 + /* should only be one */
1.313 + if (slotList->head && slotList->head->slot) {
1.314 + slotinfo = PK11_ReferenceSlot(slotList->head->slot);
1.315 + }
1.316 + PK11_FreeSlotList(slotList);
1.317 + }
1.318 + if (!slotinfo) {
1.319 + // workaround - the builtin module has no name
1.320 + if (!asciiname) {
1.321 + return NS_ERROR_FAILURE;
1.322 + } else if (nsCRT::strcmp(asciiname, "Root Certificates") == 0) {
1.323 + slotinfo = PK11_ReferenceSlot(mModule->slots[0]);
1.324 + } else {
1.325 + // give up
1.326 + nsMemory::Free(asciiname);
1.327 + return NS_ERROR_FAILURE;
1.328 + }
1.329 + }
1.330 + nsMemory::Free(asciiname);
1.331 + nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
1.332 + PK11_FreeSlot(slotinfo);
1.333 + *_retval = slot;
1.334 + NS_ADDREF(*_retval);
1.335 + return NS_OK;
1.336 +}
1.337 +
1.338 +/* nsIEnumerator listSlots (); */
1.339 +NS_IMETHODIMP
1.340 +nsPKCS11Module::ListSlots(nsIEnumerator **_retval)
1.341 +{
1.342 + nsNSSShutDownPreventionLock locker;
1.343 + if (isAlreadyShutDown())
1.344 + return NS_ERROR_NOT_AVAILABLE;
1.345 +
1.346 + nsresult rv = NS_OK;
1.347 + int i;
1.348 + /* get isupports array */
1.349 + nsCOMPtr<nsISupportsArray> array;
1.350 + rv = NS_NewISupportsArray(getter_AddRefs(array));
1.351 + if (NS_FAILED(rv)) return rv;
1.352 + /* applications which allow new slot creation (which Firefox now does
1.353 + * since it uses the WaitForSlotEvent call) need to hold the
1.354 + * ModuleList Read lock to prevent the slot array from changing out
1.355 + * from under it. */
1.356 + SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
1.357 + SECMOD_GetReadLock(lock);
1.358 + for (i=0; i<mModule->slotCount; i++) {
1.359 + if (mModule->slots[i]) {
1.360 + nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(mModule->slots[i]);
1.361 + array->AppendElement(slot);
1.362 + }
1.363 + }
1.364 + SECMOD_ReleaseReadLock(lock);
1.365 + rv = array->Enumerate(_retval);
1.366 + return rv;
1.367 +}
1.368 +
1.369 +NS_IMPL_ISUPPORTS(nsPKCS11ModuleDB, nsIPKCS11ModuleDB, nsICryptoFIPSInfo)
1.370 +
1.371 +nsPKCS11ModuleDB::nsPKCS11ModuleDB()
1.372 +{
1.373 +}
1.374 +
1.375 +nsPKCS11ModuleDB::~nsPKCS11ModuleDB()
1.376 +{
1.377 +}
1.378 +
1.379 +/* nsIPKCS11Module getInternal (); */
1.380 +NS_IMETHODIMP
1.381 +nsPKCS11ModuleDB::GetInternal(nsIPKCS11Module **_retval)
1.382 +{
1.383 + nsNSSShutDownPreventionLock locker;
1.384 + SECMODModule *nssMod =
1.385 + SECMOD_CreateModule(nullptr, SECMOD_INT_NAME, nullptr, SECMOD_INT_FLAGS);
1.386 + nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod);
1.387 + SECMOD_DestroyModule(nssMod);
1.388 + *_retval = module;
1.389 + NS_ADDREF(*_retval);
1.390 + return NS_OK;
1.391 +}
1.392 +
1.393 +/* nsIPKCS11Module getInternalFIPS (); */
1.394 +NS_IMETHODIMP
1.395 +nsPKCS11ModuleDB::GetInternalFIPS(nsIPKCS11Module **_retval)
1.396 +{
1.397 + nsNSSShutDownPreventionLock locker;
1.398 + SECMODModule *nssMod =
1.399 + SECMOD_CreateModule(nullptr, SECMOD_FIPS_NAME, nullptr, SECMOD_FIPS_FLAGS);
1.400 + nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(nssMod);
1.401 + SECMOD_DestroyModule(nssMod);
1.402 + *_retval = module;
1.403 + NS_ADDREF(*_retval);
1.404 + return NS_OK;
1.405 +}
1.406 +
1.407 +/* nsIPKCS11Module findModuleByName(in wstring name); */
1.408 +NS_IMETHODIMP
1.409 +nsPKCS11ModuleDB::FindModuleByName(const char16_t *aName,
1.410 + nsIPKCS11Module **_retval)
1.411 +{
1.412 + nsNSSShutDownPreventionLock locker;
1.413 + NS_ConvertUTF16toUTF8 aUtf8Name(aName);
1.414 + SECMODModule *mod =
1.415 + SECMOD_FindModule(const_cast<char *>(aUtf8Name.get()));
1.416 + if (!mod)
1.417 + return NS_ERROR_FAILURE;
1.418 + nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(mod);
1.419 + SECMOD_DestroyModule(mod);
1.420 + *_retval = module;
1.421 + NS_ADDREF(*_retval);
1.422 + return NS_OK;
1.423 +}
1.424 +
1.425 +/* This is essentially the same as nsIPK11Token::findTokenByName, except
1.426 + * that it returns an nsIPKCS11Slot, which may be desired.
1.427 + */
1.428 +/* nsIPKCS11Module findSlotByName(in wstring name); */
1.429 +NS_IMETHODIMP
1.430 +nsPKCS11ModuleDB::FindSlotByName(const char16_t *aName,
1.431 + nsIPKCS11Slot **_retval)
1.432 +{
1.433 + nsNSSShutDownPreventionLock locker;
1.434 + NS_ConvertUTF16toUTF8 aUtf8Name(aName);
1.435 + PK11SlotInfo *slotinfo =
1.436 + PK11_FindSlotByName(const_cast<char*>(aUtf8Name.get()));
1.437 + if (!slotinfo)
1.438 + return NS_ERROR_FAILURE;
1.439 + nsCOMPtr<nsIPKCS11Slot> slot = new nsPKCS11Slot(slotinfo);
1.440 + PK11_FreeSlot(slotinfo);
1.441 + *_retval = slot;
1.442 + NS_ADDREF(*_retval);
1.443 + return NS_OK;
1.444 +}
1.445 +
1.446 +/* nsIEnumerator listModules (); */
1.447 +NS_IMETHODIMP
1.448 +nsPKCS11ModuleDB::ListModules(nsIEnumerator **_retval)
1.449 +{
1.450 + nsNSSShutDownPreventionLock locker;
1.451 + nsresult rv = NS_OK;
1.452 + /* get isupports array */
1.453 + nsCOMPtr<nsISupportsArray> array;
1.454 + rv = NS_NewISupportsArray(getter_AddRefs(array));
1.455 + if (NS_FAILED(rv)) return rv;
1.456 + /* get the default list of modules */
1.457 + SECMODModuleList *list = SECMOD_GetDefaultModuleList();
1.458 + /* lock down the list for reading */
1.459 + SECMODListLock *lock = SECMOD_GetDefaultModuleListLock();
1.460 + SECMOD_GetReadLock(lock);
1.461 + while (list) {
1.462 + nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
1.463 + array->AppendElement(module);
1.464 + list = list->next;
1.465 + }
1.466 + /* Get the modules in the database that didn't load */
1.467 + list = SECMOD_GetDeadModuleList();
1.468 + while (list) {
1.469 + nsCOMPtr<nsIPKCS11Module> module = new nsPKCS11Module(list->module);
1.470 + array->AppendElement(module);
1.471 + list = list->next;
1.472 + }
1.473 + SECMOD_ReleaseReadLock(lock);
1.474 + rv = array->Enumerate(_retval);
1.475 + return rv;
1.476 +}
1.477 +
1.478 +NS_IMETHODIMP nsPKCS11ModuleDB::GetCanToggleFIPS(bool *aCanToggleFIPS)
1.479 +{
1.480 + nsNSSShutDownPreventionLock locker;
1.481 + *aCanToggleFIPS = SECMOD_CanDeleteInternalModule();
1.482 + return NS_OK;
1.483 +}
1.484 +
1.485 +
1.486 +/* void toggleFIPSMode (); */
1.487 +NS_IMETHODIMP nsPKCS11ModuleDB::ToggleFIPSMode()
1.488 +{
1.489 + nsNSSShutDownPreventionLock locker;
1.490 + // The way to toggle FIPS mode in NSS is extremely obscure.
1.491 + // Basically, we delete the internal module, and voila it
1.492 + // gets replaced with the opposite module, ie if it was
1.493 + // FIPS before, then it becomes non-FIPS next.
1.494 + SECMODModule *internal;
1.495 +
1.496 + // This function returns us a pointer to a local copy of
1.497 + // the internal module stashed in NSS. We don't want to
1.498 + // delete it since it will cause much pain in NSS.
1.499 + internal = SECMOD_GetInternalModule();
1.500 + if (!internal)
1.501 + return NS_ERROR_FAILURE;
1.502 +
1.503 + SECStatus srv = SECMOD_DeleteInternalModule(internal->commonName);
1.504 + if (srv != SECSuccess)
1.505 + return NS_ERROR_FAILURE;
1.506 +
1.507 + return NS_OK;
1.508 +}
1.509 +
1.510 +/* readonly attribute boolean isFIPSEnabled; */
1.511 +NS_IMETHODIMP nsPKCS11ModuleDB::GetIsFIPSEnabled(bool *aIsFIPSEnabled)
1.512 +{
1.513 + nsNSSShutDownPreventionLock locker;
1.514 + *aIsFIPSEnabled = PK11_IsFIPS();
1.515 + return NS_OK;
1.516 +}
1.517 +
1.518 +NS_IMETHODIMP nsPKCS11ModuleDB::GetIsFIPSModeActive(bool *aIsFIPSModeActive)
1.519 +{
1.520 + return GetIsFIPSEnabled(aIsFIPSModeActive);
1.521 +}
