Closed Bug 589288 Opened 15 years ago Closed 14 years ago

FIPS wrongly enabled when CONFIG_CRYPTO_FIPS=n

Categories

(NSS :: Libraries, defect)

Product:
NSS
Component:
Libraries
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Returns 0 when /proc/sys/crypto/fips_enabled isn't there
620 bytes, patch
rrelyea
: review+
Details | Diff | Splinter Review
The Linux Kernel does not always have FIPS enabled. When the kernel is compiled without FIPS support nsslowhash:nsslow_GetFIPSEnabled() should not return 1 (true).
Attachment #467874 - Attachment is patch: true
Attachment #467874 - Attachment mime type: application/octet-stream → text/plain
Assignee: nobody → emaldona
Attachment #467874 - Flags: review?(rrelyea)
Blocks: FIPS2010
The wrong check for fips_enabled broke login on kernels with CONFIG_CRYPTO_FIPS=n.
Comment on attachment 467874 [details] [diff] [review] Returns 0 when /proc/sys/crypto/fips_enabled isn't there r+ rrelyea
Attachment #467874 - Flags: review?(rrelyea) → review+
Committed changes to the trunk Checking in nsslowhash.c; /cvsroot/mozilla/security/nss/lib/freebl/nsslowhash.c,v <-- nsslowhash.c new revision: 1.6; previous revision: 1.5
I forgot to pint out that I committed to trunk, not to the NSS_3_12_BRANCH. The the FIPS2010 flag is set for consideration for nss-3.12.8.
To be explicit, can I check the patch into the NSS_3_12_BRANCH?
yes.
Committed changes to NSS_3-12_BRANCH - Checking in nsslowhash.c; /cvsroot/mozilla/security/nss/lib/freebl/nsslowhash.c,v <-- nsslowhash.c new revision: 1.4.8.1; previous revision: 1.4
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: