Bug 1004102 - NSS needs to conform to new FIPS standard. [rhel-7.0.0]
NSS needs to conform to new FIPS standard. [rhel-7.0.0]
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: nss-softokn (Show other bugs)
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Elio Maldonado Batiz
Hubert Kario
Depends On:
Blocks: 1113520 717789
  Show dependency treegraph
Reported: 2013-09-03 19:53 EDT by Bob Relyea
Modified: 2015-03-05 03:27 EST (History)
9 users (show)

See Also:
Fixed In Version: nss-softokn-3.16.2-3.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 993441
Last Closed: 2015-03-05 03:27:29 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:0364 normal SHIPPED_LIVE nss, nss-softokn, nss-util, and nspr bug fix and enhancement update 2015-03-05 07:51:43 EST

  None (edit)
Comment 2 Eric Paris 2013-09-04 10:33:51 EDT
This bug should also be used to make sure that a -fips subpackage is created along with the fixes to the self-test.
Comment 3 Tomas Mraz 2013-12-04 10:35:56 EST
Actually the -fips subpackage will not be created. The FIPS mode initialization should be based on this table:

                     | /etc/system-fips | no /etc/system-fips
kernel fips flag     |       enforce    |    no test/no fips
no kernel fips flag  |       test       |    no test

test = verify checksums only
enforce = verify checksums & abort in case of failure
Comment 6 Bob Relyea 2014-09-26 18:51:05 EDT
fixed in nss-softokn-3.16.2-3.el7
Comment 10 errata-xmlrpc 2015-03-05 03:27:29 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.