Open Bug 460534 Opened 16 years ago Updated 2 years ago

Unable to activate FIPS security module

Categories

(Firefox :: Settings UI, defect)

Product:
Firefox
Component:
Settings UI
Platform:
x86
Linux
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: rebecca.menessec, Unassigned)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101419 Gentoo Firefox/3.0.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.3) Gecko/2008101419 Gentoo Firefox/3.0.3

I *believe* this is a prefs/UI problem rather than a libraries problem, but I'm unsure.  When attempting to enable the FIPS security module, the error console catches this output:

Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIPKCS11ModuleDB.toggleFIPSMode]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://pippki/content/device_manager.js :: toggleFIPS :: line 504"  data: no]

Thereafter, for the browsing session, Firefox logs more errors to the console when attempting to remember passwords for sites and displays other odd PSM-related behaviour, and does not close the prompt bar until "Not Now" is clicked.

Reproducible: Always

Steps to Reproduce:
Enter Tools/Preferences/Advanced/Security Devices, press "Enable FIPS", from a cold start of the browser, restart, or long-running session.
Rebecca, were you able to resolve this problem?
No.

I'm now using Fox 3.6.2pre, courtesy Ubuntu Mozilla Daily Builds team, and matching xulrunner-1.9.1.2, and I've got the same problem, so it hasn't magicked itself away.

Also, upgrading the semi-ancient libnss3 (3.12.3.1) with 3.12.5 (courtesy Debian sid) and moving from Gentoo x86 to Ubuntu Karmic amd64 (with some Lucid bits) has not fixed the problem.  PSM still snaps in half the moment I click the Enable button, and magically works again after complete Fox / xr / platform restart.
...I think I should add that I have *never* used Fox on any Linux, on any machine, and been able to switch on the FIPS-140-2 bits.

On the one hand, I've been around FIPS-certified gear like the recently cracked 140-2 / partial 140-3 certified USB flash drive that turned out to not encrypt data with a user key, but instead a short, hard-coded, easily retrieved, constant string.  (Constant across all manufactured product, even.)  So I know I'm not necessarily missing out on better security.

On the other hand, I might (or someone else might) eventually be in another job where some idiot security officer or overzealous "IT guy" demands Fox be run in "FIPS mode" or else uninstalled.  So far, I've been amazingly lucky in being a UNIX admin allowed to install Linux on my issued laptop in the first place.
Encountering exactly the same problem in thunderbird on solaris11. Well....
Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIStringBundle.GetStringFromName]" nsresult: "0x80004005 (NS_ERROR_FAILURE)" location: "JS frame :: chrome://pippki/content/device_manager.js :: toggleFIPS :: line 548" data: no]
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.