Closed
Bug 502294
Opened 16 years ago
Closed 16 years ago
NSSLOW_Init does not trigger a power-up self-test for DSA
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
3.12.4
People
(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)
References
Details
(Whiteboard: FIPS Thaw)
Attachments
(1 obsolete file)
From the FIPS validation laboratory we are advised that NSSLOW_Init does not trigger a power-up self-test for DSA. Per Implementation Guidance, Section 9.3, a KAT is required for DSA.
We do a power-up self test for DSA in freebl but not in the code for the nspr-free version in nsslowhash.c. Since DSA is used in the self-integrity check a power-up self test for DSA is required.
|
||
Comment 1•16 years ago
|
||
OK, since we have to thaw the FIPS tree for this, we should also plan to
fix bug 501605 at the same time. That bug is probably more important to
Mozilla than FIPS validation, and we wouldn't want Mozilla to have to choose
between the two.
Priority: -- → P1
Whiteboard: FIPS Thaw
|
Assignee | |
Comment 2•16 years ago
|
||
Comment on attachment 386779 [details] [diff] [review]
adds code to nsslowhash for a power up dsa self test
The latest communication from the lab is that the DSA KAT is not required after all.
Attachment #386779 -
Attachment is obsolete: true
|
|
||
Comment 3•16 years ago
|
||
Elio, If you've received additional emails from the lab, please forward copies
to me. The lab is supposed to be CC'ing me on all communications about our
evaluation, but apparently that doesn't always happen.
|
|
Assignee | |
Comment 4•16 years ago
|
||
(In reply to comment #3) On its way to you.
|
|
||
Comment 5•16 years ago
|
||
So, is this bug now resolved "WORKS FOR ME" ?
|
|
Assignee | |
Comment 6•16 years ago
|
||
(In reply to comment #5) Now it is.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•