Closed
Bug 1419721
Opened 7 years ago
Closed 7 years ago
SECMOD_CanDeleteInternalModule() should return false when build doesn't support FIPS
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.35
People
(Reporter: ttaubert, Assigned: ttaubert)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
PSM uses SECMOD_CanDeleteInternalModule() to check whether FIPS can be toggled or not. If the NSS build doesn't support FIPS (as is the case with the one that we ship) this should always return false.
There is no point in trying to remove the internal module only to fail and then switch back. We only support removing the internal module to switch between FIPS and non-FIPS mode.
|
Assignee | |
Updated•7 years ago
|
Assignee: nobody → ttaubert
Status: NEW → ASSIGNED
|
||
Comment 1•7 years ago
|
||
Comment on attachment 8930861 [details]
Bug 1419721 - SECMOD_CanDeleteInternalModule() should return false when build doesn't support FIPS r?franziskus
Franziskus Kiefer [:fkiefer or :franziskus] has approved the revision.
https://phabricator.services.mozilla.com/D271#6624
Attachment #8930861 -
Flags: review+
|
|
Assignee | |
Comment 2•7 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Target Milestone: --- → 3.35
|
||
Comment 3•7 years ago
|
||
This is going to prevent NSS from landing in Firefox because of this:
https://dxr.mozilla.org/mozilla-central/rev/960f50c2e0a991ab2ab313132e69fb2c96cb7866/security/manager/ssl/tests/unit/test_pkcs11_module.js#126
Do we have to disable that test?
Flags: needinfo?(ttaubert)
|
|
Assignee | |
Comment 4•7 years ago
|
||
Yeah, we hit that in bug 1420060 already. Franziskus has a simple fix though:
https://hg.mozilla.org/try/rev/d9c8a082eac8387df85f9553d8b7b9822ea256d9
Blocks: 1420060
Flags: needinfo?(ttaubert)
You need to log in
before you can comment on or make changes to this bug.
Description
•