#50528 PBKDF2 hashing does not work in FIPS mode
Opened 3 months ago by mhonek. Modified 3 months ago

Issue Description

When NSS is run in FIPS mode (either Level 1 - the internal token is FIPS, or Level 2 - the NSS database is set to FIPS mode), it is not possible to extract the produced hash using PK11_ExtractKeyValue().

Package Version and Platform


Steps to reproduce

  1. Run in FIPS mode.
  2. Trigger the pbkdf2_sha256_hash function, e.g. by trying to bind with a password that's stored with PBKDF2.
  3. The code trips over PK11_ExtractKeyValue call.

Actual results

The function fails.

Expected results

The hash (i.e. key value) is correctly extracted.

Login to comment on this ticket.