I was trying to package up the hmaccalc application from Fedora so we can have it in Gentoo as well, and noticed that it was failing when it tried to engage FIPS mode.
Doing some backtracing, it seems FIPS isn't enabling at all on my system, as
the DeleteInternalModule call is returning INVALID_ARGS.
Testcase 1:
# d=/tmp/fips M="modutil -dbdir $d" ; mkdir -p $d ; $M -create -force
# $M -chkfips true ; $M -fips true -force ; $M -chkfips true
FIPS mode disabled.
security library: invalid arguments.
ERROR: Unable to switch FIPS modes.
FIPS mode disabled.
# $M -rawlist ; $M -list
name="NSS Internal PKCS #11 Module" parameters="configdir=/tmp/fips
certPrefix= keyPrefix= secmod=secmod.db flags=readOnly " NSS="trustOrder=75
cipherOrder=100
slotParams={0x00000001=[slotFlags=RSA,RC4,RC2,DES,DH,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,RANDOM
askpw=any timeout=30 ] } Flags=internal,critical"
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded
slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services
slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB
-----------------------------------------------------------
Testcase 2:
(see attached minimal C code, based on posts to the list and used in the
modutils source AND Mozilla).
Build params:
USE_64=1
NSPR_INCLUDE_DIR=`nspr-config --includedir`
NSPR_LIB_DIR=`nspr-config --libdir`
BUILD_OPT=1
NSS_USE_SYSTEM_SQLITE=1
NSDISTMODE=copy
NSS_ENABLE_ECC=1
XCFLAGS="${CFLAGS}"
FREEBL_NO_DEPEND=1
The only patches applied in Gentoo add some pkconfig bits,
--
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : robb...@gentoo.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
pgpold6im0x1N.pgp
Description: PGP signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
