FS#19242 : [nss] FIPS 140 does not get enabled

FS#19242 - [nss] FIPS 140 does not get enabled

Attached to Project: Arch Linux
Opened by Corsakh (corsakh) - Sunday, 25 April 2010, 09:58 GMT
Last edited by Ionut Biru (wonder) - Wednesday, 26 May 2010, 17:06 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Jan de Groot (JGC) Ionut Biru (wonder)
Architecture	All
Severity	Medium
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

FIPS 140 mode can not be enabled in Firefox. I think this is due to the file libsoftokn3.chk missing from the /usr/lib folder.

More information here:

https://bugzilla.redhat.com/show_bug.cgi?id=173537
http://www.mozilla.org/projects/securit … s/tn6.html

The same is true for Thunderbird.

Steps to reproduce:

Edit -> Preferences -> Advanced -> Encryption -> Security Devices -> Enable FIPS

This task depends upon

Closed by Ionut Biru (wonder)
Wednesday, 26 May 2010, 17:06 GMT
Reason for closing: Fixed
Additional comments about closing: nss-3.12.6-3

Comment by Corsakh (corsakh) - Sunday, 25 April 2010, 09:59 GMT

The second link is http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn6.html

Firefox is version 3.6.3

Comment by Ionut Biru (wonder) - Sunday, 25 April 2010, 11:50 GMT

basically is not a bug in firefox but one in nss

Comment by Corsakh (corsakh) - Monday, 10 May 2010, 07:04 GMT

The file is now there but FIPS 140 still does not get enabled when I click on the button.

Comment by Jan de Groot (JGC) - Monday, 10 May 2010, 07:14 GMT

ok, found the issue here. Though we copy the .chk files, makepkg strips the libraries, rendering the .chk files invalid. They should get regenerated after stripping using "shlibsign -i"

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#19242 - [nss] FIPS 140 does not get enabled

Details

Loading...