Closed Bug 306114 Opened 19 years ago Closed 19 years ago

JSS cannot enable or disable FIPSMODE multiple times

Categories

(JSS Graveyard :: Library, defect)

Product:
JSS Graveyard
Version:
4.1.1
Platform:
Sun
Solaris
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: glenbeasley, Assigned: glenbeasley)

Details

Attachments

(1 file)

Fix FIPSMODE, and added test program
8.96 KB, patch
Sandeep.Konchady
: review+
wtc
: superreview+
Details | Diff | Splinter Review 
JSS can enable or disable the database to be in FIPSMODE,
but if FIPSMODE is enabled and you try to enable FIPSMODE
you get the following exception:
  java.security.GeneralSecurityException: Failed to toggle FIPS mode
	at org.mozilla.jss.CryptoManager.enableFIPS(Native Method)
	at org.mozilla.jss.CryptoManager.initialize(CryptoManager.java:854)
	at FipsTest.main(FipsTest.java:73)
Status: NEW → ASSIGNED
Fixed the problem in CryptoManager.c by initializing the status variable, so
that if the db is already in the mode desired, the function will return
SECsuccess instead of the exception. 

Added FipsTest.java to the tests suites, and added FipsTest to all.pl 
to test "enable FIPSMODE" and "disable FIPSMODE". 

Note: 
We need to changes the strings to 140-2 when the 140-2 validation is complete:
	private String FIPSSlotDescription =
	    "NSS Internal FIPS-140-1 Cryptographic Services		     
";
and 
	private String FIPSKeyStorageSlotDescription =
	    "NSS Internal FIPS-140-1 Private Key and Certificate Storage     
";


Also there is some terminology confusion between "slot" and "token" in 
the JSS methods, but we can create a separate bug for this if we 
desire to clarify. FipsTest.java demostrates the confusion by finding the
InternalKeyStorageToken and the InternalCryptoToken: when FIPS is enabled 
the user needs to use the FipsSlotDescription to get the tokens.
Attachment #194473 - Flags: superreview?(wtchang)
Attachment #194473 - Flags: review?(Sandeep.Konchady)
Comment on attachment 194473 [details] [diff] [review]
Fix FIPSMODE, and added test program 

New test looks fine.  I have a couple of comments though.

[1] In CryptoManager.c is SECSuccess defined somewhere?

[2] FipsTest.java has a commented package declaration.	This could be removed.
Attachment #194473 - Flags: review?(Sandeep.Konchady) → review+
Comment on attachment 194473 [details] [diff] [review]
Fix FIPSMODE, and added test program 

r=wtc on the bug fix.  I don't have time to review
the new test program.  Sorry.
Attachment #194473 - Flags: superreview?(wtchang) → superreview+
Sandeep: SECSuccess is defined in the NSS header nss/lib/util/seccomon.h, and
nss/lib/util/secitem.h includes seccommon.h 
Cryptomanager.c includes secitem.h


Checking in CryptoManager.c;
/cvsroot/mozilla/security/jss/org/mozilla/jss/CryptoManager.c,v  <-- 
CryptoManager.c
new revision: 1.13; previous revision: 1.12
done
RCS file: /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/FipsTest.java,v
done
Checking in tests/FipsTest.java;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/FipsTest.java,v  <-- 
FipsTest.java
initial revision: 1.1
done
Checking in tests/all.pl;
/cvsroot/mozilla/security/jss/org/mozilla/jss/tests/all.pl,v  <--  all.pl
new revision: 1.22; previous revision: 1.21
done
Status: ASSIGNED → RESOLVED
Closed: 19 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: