Closed Bug 144487 Opened 23 years ago Closed 23 years ago

Enabling/Disabling FIPS - login resets master password

Categories

(NSS :: Libraries, defect, P1)

Product:
NSS
Component:
Libraries
Platform:
PowerPC
macOS
Type:
defect

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: carosendahl, Assigned: rrelyea)

Details

(Whiteboard: [NSS_TIP_20020510])

Attachments

(1 file, 1 obsolete file)

Shutdown old cert & key DB before we open the new one.
1.55 KB, patch
Details | Diff | Splinter Review
To reproduce: Start up the client. Preferences->Privacy & Security->Manage Certificates Import a cert or two for test purposes. (You should be prompted to set the master passowrd if this is a profile that has never touched the key db) Preferences->Privacy & Security->Device Manager Enable FIPS. Login to the FIPS module. At this point you might be prompted again to set the master password. If not, exit the browser and restart with the same profile (the new workaround to enable/disable FIPS requires a restart?) Preferences->Privacy & Security->Device Manager Disable FIPS. Login to the Software security device. At this point you should be prompted to set the master password. Expected Result: Since the master password is already set during the import of the certificates, logging in after switching modules should prompt for the existing password. Actual Result: Logging in after swapping the FIPS module (enable/disable) is prompting the user to create a new master password which is blanking out the key/cert dbs.
Whiteboard: [NSS_TIP_20020510]
Javi, could you confirm this bug on your Mac? Charles, could you try a standard Mozilla trunk build to see if it has the same problem? Thanks.
Priority: -- → P1
Hardware: PC → Macintosh
Target Milestone: --- → 3.5
Confirming on the [NSS_TIP_20020510] build on Mac OSX. This is not happening with the 5/14 Mozilla build.
I see this too. I'm currently debugging this to see what's going on..
I wasn't able to set breakpoints using Mac OS X, so I've gone back to debugging on Mac OS 9. What I'm seeing on Mac OS 9 is that whenever I press the "Enable FIPS" button, the application hangs and I have to force quit. Does QA see the same thing on Mac OS 9?
I'm not sure why yet, but the app intermittently hangs on the following line: http://lxr.mozilla.org/security/source/security/nss/lib/pk11wrap/pk11util.c#363 Of course everytime I step into the function to see what's going on, it actually works just fine.
I'm not seeing a lock up on OS9 when enabling FIPS, but I am seeing the same behavior as in the original bug description.
Assigned the bug to Bob. This bug may be related to his fix for bug 142659.
Assignee: wtc → relyea
Javi, could you try this patch out on the Mac. It's against the 3.5 branch (mozilla/security/lib/softoken/pkcs11.c). Thanks.
Applying this patch fixes the problem for me. I'll post another build for QA to test with shortly.
This is the patch that Bob checked in. The only differences from the previous patch are minor changes to the comments.
Attachment #84651 - Attachment is obsolete: true
The patch has been checked into the tip of NSS, NSS_3_5_BRANCH, and NSS_CLIENT_TAG (used by the Mozilla trunk build). John, could you verify the fix with either Javi's test build or today's Mozilla trunk build? Thanks.
Status: NEW → RESOLVED
Closed: 23 years ago
QA Contact: bishakhabanerjee → junruh
Resolution: --- → FIXED
Verified with the 5/28 Mozilla trunk build.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: