File _patchinfo of Package patchinfo.14401

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.14401

<patchinfo incident="14401">
  <packager>hpjansson</packager>
  <rating>moderate</rating>
  <issue tracker="bnc" id="1155360">FIPS: mozilla-nss: RSA/ECDSA/DSA: pairwise consistency test sftk_PairwiseConsistencyCheck</issue>
  <issue tracker="bnc" id="1155350">FIPS: mozilla-nss: PQG TLS verification</issue>
  <issue tracker="bnc" id="1155357">FIPS: mozilla-nss: RSA/DSA/ECDSA are missing hashing operation</issue>
  <issue tracker="bnc" id="1166880">FIPS: mozilla-nss: RSA keygen segfault</issue>
  <category>recommended</category>
  <summary>Recommended update for mozilla-nss</summary>
  <description>This update for mozilla-nss fixes the following issues:

Added various fixes related to FIPS certification:

* Use getrandom() to obtain entropy where possible.
* Make DSA KAT FIPS compliant.
* Use FIPS compliant hash when validating keypair.
* Enforce FIPS requirements on RSA key generation.
* Miscellaneous fixes to CAVS tests.
* Enforce FIPS limits on how much data can be processed without rekeying.
* Run self tests on library initialization in FIPS mode.
* Disable non-compliant algorithms in FIPS mode (hashes and the SEED cipher).
* Clear various temporary variables after use.
* Allow MD5 to be used in TLS PRF.
* Preferentially gather entropy from /dev/random over /dev/urandom.
* Allow enabling FIPS mode consistently with NSS_FIPS environment variable.
* Fix argument parsing bug in lowhashtest.
</description>
</patchinfo>

Places

File _patchinfo of Package patchinfo.14401

Places