Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.6304
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.6304
<patchinfo incident="6304"> <issue id="1055271" tracker="bnc">FIPS: [TRACKERBUG] Mozilla NSS code review changes needed</issue> <issue id="1074009" tracker="bnc">Cinder tempest failures in cloud-mkcloud7-job-4nodes-linuxbridge-x86_64</issue> <issue id="1049673" tracker="bnc">FIPS: mozilla-nss: implementation of additional algorithms in test harness</issue> <issue id="1043853" tracker="bnc">FIPS: mozilla-nss: use getrandom system call for DRBG seeding</issue> <category>recommended</category> <rating>moderate</rating> <packager>hpjansson</packager> <description>This update for mozilla-nss provides the following fixes: - Change DRBG to use the getrandom() kernel interface instead of /dev/urandom (bsc#1043853). - Add patches for strengthening and FIPS compliance (bsc#1055271, bsc#1049673): * Use getrandom() instead of /dev/random and /dev/urandom where available. * Remove continuous DRBG test. This is no longer required for FIPS compliance. * Add DSA known answer POST. * Add ECDSA known answer POST. * Use FIPS compliant hash length in pairwise consistency check. * Make RSA key generation parameters more strict in order to meet FIPS criteria. * Add DH and ECDH known answer POSTs. * Add KDF135 CAVS test. * Add keywrapping CAVS test. * Add KAS FFC CAVS test. * Add KAS ECC CAVS test. * Restrict number of bytes generated per GCM IV for FIPS compliance. * Add helpers required by new CAVS tests. * Add fixes to make DSA CAVS tests pass. * Add fixes to make RSA CAVS tests pass. * Add constructor POSTs. * Disable weak ciphers in FIPS mode. * Prevent wraparounds in CTR mode. * Clear various sensitive parameters from memory when no longer in use. * Allow TLS 1.0 PRF to work in FIPS mode, even though it relies on MD5, which is otherwise banned. * Use strong random pool (/dev/random or getrandom() with GRND_RANDOM instead of their more dilute counterparts) in FIPS mode. - We allow AESNI by default now. This can be disabled at runtime by defining NSS_DISABLE_HW_AES in the environment. - Export NSS_FORCE_FIPS=1 for build, since this is needed now to prevent NSS from passing -DNSS_NO_INIT_SUPPORT, which disables on-load FIPS POSTs. </description> <summary>Recommended update for mozilla-nss</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor