Closed
Bug 762198
Opened 14 years ago
Closed 13 years ago
nsslowhash sha224 powerup self-test fails on fips mode
Categories
(NSS :: Libraries, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
3.14.2
People
(Reporter: elio.maldonado.batiz, Assigned: elio.maldonado.batiz)
References
Details
Attachments
(12 files, 2 obsolete files)
|
23.74 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
|
22.68 KB,
patch
|
Details | Diff | Splinter Review | |
|
802 bytes,
patch
|
Details | Diff | Splinter Review | |
|
831 bytes,
patch
|
Details | Diff | Splinter Review | |
|
1.08 KB,
patch
|
rrelyea
:
review-
|
Details | Diff | Splinter Review |
|
2.54 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
|
1.25 KB,
patch
|
KaiE
:
review-
|
Details | Diff | Splinter Review |
|
1.25 KB,
patch
|
Details | Diff | Splinter Review | |
|
578 bytes,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
|
1.01 KB,
patch
|
rrelyea
:
review+
|
Details | Diff | Splinter Review |
|
1.34 KB,
patch
|
elio.maldonado.batiz
:
review+
|
Details | Diff | Splinter Review |
|
1.12 KB,
patch
|
elio.maldonado.batiz
:
review+
|
Details | Diff | Splinter Review |
Originally reported in Fedora 17:
Alexandre Oliva 2012-06-05 18:34:08 EDT
+++ This bug was initially created as a clone of Bug #811753 +++
Description of problem:
crypt() returns NULL in fipsmode
crypt returned NULL for salt $6$FOOBAR
crypt returned NULL for salt $5$FOOBAR
Expected results:
$6$FOOBAR$yPOQuPE1ruwOrYiApWDYw9BxeLk/oIjajCgzubzO0PYEos/vnqpTnNI12VIdiUF8hiHT9bMslahk/0Oikb.nA.
$5$FOOBAR$cDCnc4lB6JRog7XV9JxxoKiWTHbH09P9xkfnf237ke7
--- Additional comment from aoliva@redhat.com on 2012-06-05 18:14:33 EDT ---
FWIW, I've managed to duplicate the problem on a F16-ish box, with glibc master (with or without my patches) and nss-softokn-{freebl,debuginfo}-3.13.4-1.fc16.x86_64
I didn't have FIPS enabled, so I used gdb to pretend it was enabled, setting a breakpoint on nsslowhash.c:305 and setting d to '1' before proceeding (that's where it tests what it read from /proc/sys/crypto/fips_enabled).
Then I stepped into freebl_fips_SHA_PowerUpSelfTest, only run when FIPS is enabled, and noticed the problem was that the SHA224 self-test was failing: SHA224_HashBuf set sha_computed_digest to a bitstream completely different from sha224_known_digest.
I'm not sufficiently familiar with these crypto algorithms to tell whether it is the test or the implementation that is broken, but I'm pretty sure that once either of them is fixed, SHA256 and SHA512 password crypto is going to work with glibc's crypt() build with --enable-nss-crypt.
So, I'm going to clone this bug and assign the clone to nss-softokn, so that this one remains about the glibc crypt changes.
[reply] [-]
Private
Comment 1 Elio Maldonado Batiz 2012-06-06 15:26:03 EDT
Though we can't currently enable system wide fips mode by doing a buildwith tis change
- if (!post && nsslow_GetFIPSEnabled()) {
+ if (!post && (1 || nsslow_GetFIPSEnabled())) { /* force the test to be run always */
crv = freebl_fipsPowerUpSelfTest();
if (crv != CKR_OK) {
post_failed = 1;
that forces execution of the powerup self-tests regradless and I can reproduce the problem. I booted in single user mode okay and switched to run level 3 where authentication of root failed, likewise on run level 5 regular user password was rejected. I checked the expected answer and it matches a value from
http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA224.pdf
so the computed value is indeed wrong.
| Assignee | ||
Updated•14 years ago
|
| Assignee | ||
Updated•14 years ago
|
Summary: softoken sha224 powerup self-test fails → softoken sha224 powerup self-test fails on fips mode
| Assignee | ||
Updated•14 years ago
|
Assignee: nobody → emaldona
| Assignee | ||
Updated•14 years ago
|
Status: NEW → ASSIGNED
| Assignee | ||
Comment 1•14 years ago
|
||
> user password was rejected. I checked the expected answer and it matches a
> value from
> http://csrc.nist.gov/groups/ST/toolkit/documents/Examples/SHA224.pdf
> so the computed value is indeed wrong.
No, it doesn't match. In fact the messages there are are quite diffrent from what we use which is a common message for all algorithms. This self-test is intended to check that we produce the same answer to the same message it is not a known answer test in the fips sense. It is not the actual implemnttion of sha224 (based on sha256) but the value used as expected in the test which is wrong.
For some odd reason I have in mozilla/security/nss/lib/freebl/nsslowhash.c,v
/* known SHA224 hmac (28 bytes) */
static const PRUint8 known_SHA224_hmac[] = {
0x1c, 0xc3, 0x06, 0x8e, 0xce, 0x37, 0x68, 0xfb,
0x1a, 0x82, 0x4a, 0xbe, 0x2b, 0x00, 0x51, 0xf8,
0x9d, 0xb6, 0xe0, 0x90, 0x0d, 0x00, 0xc9, 0x64,
0x9a, 0xb8, 0x98, 0x4e };
wheres in mozilla/security/nss/lib/softoken/fipstest.c
/* SHA-224 Known Digest Message (224-bits). */
static const PRUint8 sha224_known_digest[] = {
0x89,0x5e,0x7f,0xfd,0x0e,0xd8,0x35,0x6f,
0x64,0x6d,0xf2,0xde,0x5e,0xed,0xa6,0x7f,
0x29,0xd1,0x12,0x73,0x42,0x84,0x95,0x4f,
0x8e,0x08,0xe5,0xcb
};
Sure enough, when I replace the softoken value with the one from nsslowhash the higher level fips tests (set and unset fips mode) fail for sha224. The value from softoken/fipstest is the correct one and the fix is to use that on the nsslowhash.c. I also verified that this fixes the problem in fedora.
| Assignee | ||
Updated•14 years ago
|
Target Milestone: --- → 3.14
| Assignee | ||
Comment 2•14 years ago
|
||
Attachment #632328 -
Flags: review?(rrelyea)
| Assignee | ||
Comment 3•14 years ago
|
||
Theis test suite goes beyond the scope of this bug and is proabably worth a separate bug.
Attachment #632334 -
Flags: review?(rrelyea)
| Assignee | ||
Comment 4•14 years ago
|
||
Attachment #632334 -
Attachment is obsolete: true
Attachment #632334 -
Flags: review?(rrelyea)
Attachment #632740 -
Flags: review?(rrelyea)
| Assignee | ||
Comment 5•14 years ago
|
||
A minimalist reproducer with instructions on how to, in a safe manner, reproduce the bug and confirm its fix is at https://bugzilla.redhat.com/attachment.cgi?id=591327.
Comment 6•14 years ago
|
||
Comment on attachment 632328 [details] [diff] [review]
Use the same expected value as in softoken selftests
r+ rrelyea
Attachment #632328 -
Flags: review?(rrelyea) → review+
Comment 7•14 years ago
|
||
Comment on attachment 632740 [details] [diff] [review]
V2: Lowhash API test suite
r+ with some comments:
1) don't check in our fipstest.c change. There is a more complete version in my DSA-2 checkin awaiting review. (DSA-2 picks up lots of new hwshes. as part of this I've aded support for 224 in a more generic way). Your patch would needlessly conflict with mine.
OK, there is only one comment, I've convinced myself that the long test (1 million) is sufficient to cover the rollover case we were worried about (which happens at 64 K).
bob
Attachment #632740 -
Flags: review?(rrelyea) → review+
| Assignee | ||
Comment 8•14 years ago
|
||
Fix and new tests checked in to trunk:
/cvsroot/mozilla/security/nss/cmd/manifest.mn,v <-- manifest.mn
new revision: 1.33; previous revision: 1.32
done
RCS file: /cvsroot/mozilla/security/nss/cmd/lowhashtest/Makefile,v
done
Checking in mozilla/security/nss/cmd/lowhashtest/Makefile;
/cvsroot/mozilla/security/nss/cmd/lowhashtest/Makefile,v <-- Makefile
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/lowhashtest/lowhashtest.c,v
done
Checking in mozilla/security/nss/cmd/lowhashtest/lowhashtest.c;
/cvsroot/mozilla/security/nss/cmd/lowhashtest/lowhashtest.c,v <-- lowhashtest.c
initial revision: 1.1
done
RCS file: /cvsroot/mozilla/security/nss/cmd/lowhashtest/manifest.mn,v
done
Checking in mozilla/security/nss/cmd/lowhashtest/manifest.mn;
/cvsroot/mozilla/security/nss/cmd/lowhashtest/manifest.mn,v <-- manifest.mn
initial revision: 1.1
done
Checking in mozilla/security/nss/tests/all.sh;
/cvsroot/mozilla/security/nss/tests/all.sh,v <-- all.sh
new revision: 1.59; previous revision: 1.58
done
RCS file: /cvsroot/mozilla/security/nss/tests/lowhash/lowhash.sh,v
done
Checking in mozilla/security/nss/tests/lowhash/lowhash.sh;
/cvsroot/mozilla/security/nss/tests/lowhash/lowhash.sh,v <-- lowhash.sh
initial revision: 1.1
done
| Assignee | ||
Comment 9•14 years ago
|
||
| Assignee | ||
Updated•14 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
| Assignee | ||
Comment 10•14 years ago
|
||
Changes checked in to fix Tinderbox
new revision: 1.2; previous revision: 1.1
done
| Assignee | ||
Comment 11•14 years ago
|
||
A syntax error was also breaking Tinderfox
/cvsroot/mozilla/security/nss/cmd/lowhashtest/lowhashtest.c,v <-- lowhashtest.c
new revision: 1.2; previous revision: 1.1
done
| Assignee | ||
Updated•14 years ago
|
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
| Assignee | ||
Comment 12•14 years ago
|
||
| Assignee | ||
Comment 13•14 years ago
|
||
| Assignee | ||
Comment 14•14 years ago
|
||
Attachment #632953 -
Flags: review?(rrelyea)
| Assignee | ||
Updated•14 years ago
|
Attachment #632953 -
Attachment description: Build lowhosh only for Linux → Build lowhashtest only for Linux.
| Assignee | ||
Comment 15•14 years ago
|
||
Comment on attachment 632953 [details] [diff] [review]
Build lowhashtest only for Linux.
Would
+ifeq ($(FREEBL_LOWHASH),1)
+LOWHASHTEST_SRCDIR = lowhashtest # Add the lowhashtest directory to DIRS.
+endif
be a better way of testing? It resembles what is done on freebl.
Comment 16•14 years ago
|
||
Comment on attachment 632953 [details] [diff] [review]
Build lowhashtest only for Linux.
r- you need to build only if the proper FREEBL define is set.
Attachment #632953 -
Flags: review?(rrelyea) → review-
Comment 17•14 years ago
|
||
r+ for the patch in comment 15 (please test it first, of course).
| Assignee | ||
Comment 18•14 years ago
|
||
| Assignee | ||
Updated•14 years ago
|
Attachment #633078 -
Flags: review?(rrelyea)
Comment 19•14 years ago
|
||
Only Linux machines succeeded building.
Mac, Windows, SunOS tinderbox build machines are all busted.
I'll have a quick look if I can figure out what to do, if I can't, I'll backout.
Comment 20•14 years ago
|
||
Are the NSSLOWHASH_Begin functions supposed to be Linux specific,
or supposed to be cross platform code?
Comment 21•14 years ago
|
||
Comment on attachment 633078 [details] [diff] [review]
Run lowhashtest only if built and build it if FREEBL_LOWHASH=1
This appears to make sense, although this should get some cleanup.
I'd use a default init of variable LOWHASHTEST_SRCDIR to empty (prior to the check for FREEBL_LOWHASH, but that's my personal taste, your code will work.
Instead of checking explicitly for ".exe", it would be good to use a check with $BINSUFFIX (variable might have a slightly similar name).
Given tinderbox redness, I'll attempt to checkin this patch, and you could address review requests in a followup patch.
Comment 22•14 years ago
|
||
Elio was quicker than I...
| Assignee | ||
Comment 23•14 years ago
|
||
This checkin happened before I had read your comments, and done for the same reason.
Checking in mozilla/security/nss/cmd/Makefile;
/cvsroot/mozilla/security/nss/cmd/Makefile,v <-- Makefile
new revision: 1.10; previous revision: 1.9
done
Checking in mozilla/security/nss/cmd/manifest.mn;
/cvsroot/mozilla/security/nss/cmd/manifest.mn,v <-- manifest.mn
new revision: 1.34; previous revision: 1.33
done
Checking in mozilla/security/nss/tests/lowhash/lowhash.sh;
/cvsroot/mozilla/security/nss/tests/lowhash/lowhash.sh,v <-- lowhash.sh
new revision: 1.2; previous revision: 1.1
done
I will address your comments soon, let us see green first. Thanks you.
Comment 24•14 years ago
|
||
Comment on attachment 633078 [details] [diff] [review]
Run lowhashtest only if built and build it if FREEBL_LOWHASH=1
r+ rrelyea
Attachment #633078 -
Flags: review?(rrelyea) → review+
| Assignee | ||
Comment 25•13 years ago
|
||
Attachment #655714 -
Flags: review?(kaie)
Comment 26•13 years ago
|
||
Comment on attachment 655714 [details] [diff] [review]
Clanup suggested by Kai on Comment 21
Elio, PROG_SUFFIX already includes the dot
Please use
lowhashtest${PROG_SUFFIX}
r- on this patch.
r+ on a new patch with the dot removed.
Attachment #655714 -
Flags: review?(kaie) → review-
| Assignee | ||
Comment 27•13 years ago
|
||
Checked in to trunk:
rity/nss/cmd/Makefile ./mozilla/security/nss/tests/lowhash/lowhash.sh
Checking in ./mozilla/security/nss/cmd/Makefile;
/cvsroot/mozilla/security/nss/cmd/Makefile,v <-- Makefile
new revision: 1.11; previous revision: 1.10
done
Checking in ./mozilla/security/nss/tests/lowhash/lowhash.sh;
/cvsroot/mozilla/security/nss/tests/lowhash/lowhash.sh,v <-- lowhash.sh
new revision: 1.3; previous revision: 1.2
done
| Assignee | ||
Comment 28•13 years ago
|
||
Dropped the unwanted period.
| Assignee | ||
Updated•13 years ago
|
Attachment #656282 -
Attachment description: The paatch as it was applied. → The patch as it was applied.
| Assignee | ||
Comment 29•13 years ago
|
||
This last checkin caused Tinderbox build failures on Mac OS X and Windows.
I tested on Mac OS X and the suspect is the first line in:
+LOWHASHTEST_SRCDIR = ""
ifeq ($(FREEBL_LOWHASH),1)
LOWHASHTEST_SRCDIR = lowhashtest # Add the lowhashtest directory to DIRS.
endif
When I change it to
LOWHASHTEST_SRCDIR=
The build proceeds. I'm currently waiting for the test suite to complete.
| Assignee | ||
Comment 30•13 years ago
|
||
| Assignee | ||
Updated•13 years ago
|
Attachment #656485 -
Flags: review?(rrelyea)
Comment 31•13 years ago
|
||
Comment on attachment 656485 [details] [diff] [review]
Fix for MacOSX/Windows build failures
checked in as an attempt to fix bustage
Checking in Makefile;
/cvsroot/mozilla/security/nss/cmd/Makefile,v <-- Makefile
new revision: 1.12; previous revision: 1.11
done
| Assignee | ||
Updated•13 years ago
|
Status: REOPENED → RESOLVED
Closed: 14 years ago → 13 years ago
Resolution: --- → FIXED
Comment 32•13 years ago
|
||
Comment on attachment 656485 [details] [diff] [review]
Fix for MacOSX/Windows build failures
r+ rrelyea
Attachment #656485 -
Flags: review?(rrelyea) → review+
| Assignee | ||
Comment 33•13 years ago
|
||
Reopening, this bug is not fixed because attachment 632328 [details] [diff] [review] was never applied.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
| Assignee | ||
Updated•13 years ago
|
Version: 3.13.4 → 3.14.1
| Assignee | ||
Comment 34•13 years ago
|
||
Essentially the same as the one that got r+' - updated to account for the code having moved by one line.
Attachment #632328 -
Attachment is obsolete: true
| Assignee | ||
Updated•13 years ago
|
Attachment #684123 -
Flags: review?(rrelyea)
| Assignee | ||
Comment 35•13 years ago
|
||
The tests didn't detect this because they were actually testing the code softoken and not the one in nsslowhash.c. That source file has CK_RV freebl_fipsPowerUpSelfTest( void ) which the tests should call to ensure they are testing the correct library. I propose that we declare it in nsslowhash.h and have the test call it. If it is beyond the original scope of this bug I would enter a a separate bug. Bob, what do you think? Are there any security reasons to keep freebl_fipsPowerUpSelfTest() test private?
| Assignee | ||
Comment 36•13 years ago
|
||
If adding it to nsslowhash.h is not wise perhaps we could create a private header for the benefit of the tests.
Comment 37•13 years ago
|
||
Comment on attachment 684123 [details] [diff] [review]
V2: Use same expected values as in softoken selftest
r+ rrelyea
Attachment #684123 -
Flags: review?(rrelyea) → review+
Comment 38•13 years ago
|
||
Do not close this bug until you've added a freebl test which tests the NSSLOWHASH interface for freebl in FIPS mode. This will save you many headaches in the future....
bob
| Assignee | ||
Updated•13 years ago
|
Summary: softoken sha224 powerup self-test fails on fips mode → nsslowhash sha224 powerup self-test fails on fips mode
| Assignee | ||
Comment 39•13 years ago
|
||
Committed to the TRUNK for 3.14.1
curity/nss/lib/freebl/nsslowhash.c
Checking in ./mozilla/security/nss/lib/freebl/nsslowhash.c;
/cvsroot/mozilla/security/nss/lib/freebl/nsslowhash.c,v <-- nsslowhash.c
new revision: 1.10; previous revision: 1.9
done
Keeping it open as there is more to come testing wise.
| Assignee | ||
Comment 40•13 years ago
|
||
(In reply to Robert Relyea from comment #38)
> Do not close this bug until you've added a freebl test which tests the
> NSSLOWHASH interface for freebl in FIPS mode. This will save you many
> headaches in the future....
For a headache-free future I must ensure that one of our Tinderbox reporting test systems has fips_enabled turned on. Only specific relaeses of RHEL/Fedora are guaranteed to work with FIPS turned on. I'll work with Kai to find a suitable one.
Comment 41•13 years ago
|
||
Elio: all of the Tinderboxes run some tests with FIPS mode enabled. So if you
make NSSLOWHASH tests part of the Softoken FIPS power-up self-test, you will
have test coverage, with no Tinderbox changes needed.
A note on the meaning of two version-related fields:
Version: the NSS version in which the bug was introduced. If unknown, just use
the default value "trunk".
Target Milestone: the NSS version in which the bug is fixed.
The sha224_known_digest array was added in NSS 3.13 (bug 356713), so the Version
field of this bug should be 3.13.
Status: REOPENED → ASSIGNED
Priority: -- → P2
Target Milestone: 3.14 → 3.14.2
Version: 3.14.1 → 3.13
| Assignee | ||
Comment 42•13 years ago
|
||
(In reply to Wan-Teh Chang from comment #41)
> Elio: all of the Tinderboxes run some tests with FIPS mode enabled. So if you
> make NSSLOWHASH tests part of the Softoken FIPS power-up self-test, you will
> have test coverage, with no Tinderbox changes needed.
The softoken FIPS powerup self tests test softoken but the Low Hash test I need to to tests in the one on freebl and that's the one that glibc calls. In the main function for my test
http://mxr.mozilla.org/security/source/security/nss/cmd/lowhashtest/lowhashtest.c#409 I have the call initCtx = NSSLOW_Init(); Look at its implementation at
http://mxr.mozilla.org/security/source/security/nss/lib/freebl/nsslowhash.c#287
...
304 if (!post && nsslow_GetFIPSEnabled()) {
305 crv = freebl_fipsPowerUpSelfTest();
306 if (crv != CKR_OK) {
307 post_failed = 1;
308 return NULL;
309 }
....
Unless nsslow_GetFIPSEnabled() return tre Line 305 dosn't get executed.
See http://mxr.mozilla.org/security/source/security/nss/lib/freebl/nsslowhash.c#218
Unless it's a Linux installation that has "/proc/sys/crypto/fips_enabled" that whe you query it gives you 1 (because the system was configured to be on FIPS mode) the freebl powerup self-test won't get executed. That's what hid from me that I had actually not applied the my patch.
We do need a system that supports FIPS mode - the system-wide FIPS mode. RHEL-6.2 is guaranteed to work as it was actually certified by Red Hat. Fedora-12 I verified supported FIPS but it is too old. Recent versions of fedora don't cut it though I expect the upcoming F-18 will but it hasn't been fixed yet.
| Assignee | ||
Comment 43•13 years ago
|
||
Instructions to set a Red Hat Enterprise Linux system, or Fedora, on FIPS mode are at
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Federal_Standards_And_Regulations-Federal_Information_Processing_Standard.html
See section 7.2.1. Enabling FIPS Mode
and as root you can execute cat /proc/sys/crypto/fips_enabled to see fips is enabled.
Comment 44•13 years ago
|
||
I'll install a RHEL 6 VM with FIPS enabled.
Comment 45•13 years ago
|
||
Comment on attachment 633078 [details] [diff] [review]
Run lowhashtest only if built and build it if FREEBL_LOWHASH=1
>+ for fips_mode in 0 1; do
>+ echo "lowhashtest with fips mode=${mode}"
>+ export NSS_FIPS=${fips_mode}
>+ for TEST in ${TESTS}
>+ do
> echo "lowhashtest ${TEST}"
> ${BINDIR}/lowhashtest ${TEST} 2>&1
> RESULT=$?
> html_msg ${RESULT} 0 "lowhashtest with fips mode=${mode} for ${TEST}"
>+ done
> done
Elio, the lowhash.sh script still refers to ${mode} in two places, that should be changed to ${fips_mode} everywhere, to make sure the created output helpful.
(Currently our output never says "mode=0" nor "mode=1", it always says "mode=" (empty)).
Comment 46•13 years ago
|
||
Attachment #691394 -
Flags: review?(emaldona)
Comment 47•13 years ago
|
||
It would be good if the output of the test in some way indicated that the system has FIPS enabled, and that the additional power up tests indeed have been executed.
Comment 48•13 years ago
|
||
Attachment #691420 -
Flags: review?(emaldona)
Comment 49•13 years ago
|
||
A new build slave has been added to http://tinderbox.mozilla.org/showbuilds.cgi?tree=NSS
Its name is "nssfips", it's a RHEL 6.3 system with FIPS enabled systemwide.
For testing purposes, the system uses the two small patches that I attached.
| Assignee | ||
Updated•13 years ago
|
Attachment #691394 -
Flags: review?(emaldona) → review+
| Assignee | ||
Updated•13 years ago
|
Attachment #691420 -
Flags: review?(emaldona) → review+
Comment 50•13 years ago
|
||
Comment on attachment 691394 [details] [diff] [review]
patch to fix the mode output when running the lowhash text [checked in]
Checking in lowhash.sh;
/cvsroot/mozilla/security/nss/tests/lowhash/lowhash.sh,v <-- lowhash.sh
new revision: 1.4; previous revision: 1.3
done
Attachment #691394 -
Attachment description: patch to fix the mode output when running the lowhash text → patch to fix the mode output when running the lowhash text [checked in]
Comment 51•13 years ago
|
||
Comment on attachment 691420 [details] [diff] [review]
patch to report the system's FIPS setting in the test output [checked in]
Checking in lowhash.sh;
/cvsroot/mozilla/security/nss/tests/lowhash/lowhash.sh,v <-- lowhash.sh
new revision: 1.5; previous revision: 1.4
done
Attachment #691420 -
Attachment description: patch to report the system's FIPS setting in the test output → patch to report the system's FIPS setting in the test output [checked in]
| Assignee | ||
Updated•13 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 13 years ago → 13 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•