#50528 PBKDF2 hashing does not work in FIPS mode
Opened 11 months ago by mhonek. Modified 4 months ago

Issue Description

When NSS is run in FIPS mode (either Level 1 - the internal token is FIPS, or Level 2 - the NSS database is set to FIPS mode), it is not possible to extract the produced hash using PK11_ExtractKeyValue().

Package Version and Platform


Steps to reproduce

  1. Run in FIPS mode.
  2. Trigger the pbkdf2_sha256_hash function, e.g. by trying to bind with a password that's stored with PBKDF2.
  3. The code trips over PK11_ExtractKeyValue call.

Actual results

The function fails.

Expected results

The hash (i.e. key value) is correctly extracted.

Metadata Update from @mhonek:
- Custom field origin adjusted to None
- Custom field reviewstatus adjusted to None
- Issue set to the milestone: 1.4.3 (was: 1.4.2)

4 months ago

Login to comment on this ticket.