Closed Bug 528758 Opened 10 years ago Closed 10 years ago

FIPS mode broken in RC1 on Windows

Categories

(Thunderbird :: Build Config, defect)

x86
Windows Vista
defect
Not set

Tracking

(thunderbird3.0 .1-fixed)

VERIFIED FIXED
Thunderbird 3.0rc1
Tracking Status
thunderbird3.0 --- .1-fixed

People

(Reporter: rjohnson19, Assigned: gozer)

References

Details

(Whiteboard: [fixed RC1 build 2])

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2b3pre) Gecko/20091114 Namoroka/3.6b3pre Firefox/3.6
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.5) Gecko/20091112 Thunderbird/3.0

I think this is the same issue as Firefox bug 521878. FIPS mode does not work because nssdbm3.dll is digitally signed.

Reproducible: Always

Steps to Reproduce:
1. Set a Master Password in Tools -> Options -> Security -> Passwords
2. Go to Options -> Advanced -> Certificates -> Security Devices
3. Press the Enable FIPS button.
Actual Results:  
Nothing happens visibly, and this error appears in the Error Console:
Error: uncaught exception: [Exception... "Component returned failure code: 0x80004005 (NS_ERROR_FAILURE) [nsIPKCS11ModuleDB.toggleFIPSMode]"  nsresult: "0x80004005 (NS_ERROR_FAILURE)"  location: "JS frame :: chrome://pippki/content/device_manager.js :: toggleFIPS :: line 545"  data: no]

Expected Results:  
The Enable FIPS mode button becomes disabled to indicate you are now in FIPS mode.
Flags: blocking-thunderbird3?
Blocks: qa-tb3.0rc1
I did not find a litmus test for FIPS
Flags: in-testsuite?
Flags: in-litmus?
gozer, this feels a bit like bug 521878 - what version of the release tools did we use for build/signing (I couldn't see it on the wiki).
Assignee: nobody → gozer
(In reply to comment #1)
> I did not find a litmus test for FIPS

Just added https://litmus.mozilla.org/show_test.cgi?id=9705 to cover this bug. I'd need to read more docs to add more.

THe bug is WFM on Mac os X
Flags: in-litmus? → in-litmus+
(In reply to comment #3)
 
> THe bug is WFM on Mac os X

But I can't disable FIPS after enabling it.
(In reply to comment #3)
> > I did not find a litmus test for FIPS
> 
> Just added https://litmus.mozilla.org/show_test.cgi?id=9705 to cover this bug.
> I'd need to read more docs to add more.
> 
> THe bug is WFM on Mac os X

Marcia wanted to add some FIPS tests to Litmus when those things have been fixed.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 509319
Huh, sorry. That's Thunderbird. :/ Reopening.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
(In reply to comment #2)
> gozer, this feels a bit like bug 521878 - what version of the release tools did
> we use for build/signing (I couldn't see it on the wiki).

Most certainly must be it. Looking at the signing logs, I can see clearly that nssdbm3.dll was authenticode signed.

The version of the release tools used for signing was the same one as for beta 4. The signing automation updates a bunch of things, except for itself, that it has to be done manually. I failed to do that, so we are indeed missing http://hg.mozilla.org/build/tools/rev/115349b92de8.

This only affects Win32 binaries, and they could easily be re-signed from the unsigned files.
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Just to note on OS X current nightly builds will crash when you try to enable the FIPS mode. That crash is covered by bug 503418.
Flags: blocking-thunderbird3? → blocking-thunderbird3+
Tagged hg.mozilla.org/build/tools tip as THUNDERBIRD_3_0rc1_RELEASE for build2 signinig.
Target Milestone: --- → Thunderbird 3.0rc1
Status: ASSIGNED → RESOLVED
Closed: 10 years ago10 years ago
Resolution: --- → FIXED
Whiteboard: [fixed RC1 build 2]
Status: RESOLVED → VERIFIED
Whiteboard: [fixed RC1 build 2] → [fixed RC1 build 2][fixedtb301]
Whiteboard: [fixed RC1 build 2][fixedtb301] → [fixed RC1 build 2]
This is in litmus, not currently planning on doing a testsuite for it.
Flags: in-testsuite?
You need to log in before you can comment on or make changes to this bug.