- update to NSS 3.66

* no releasenotes available yet
    https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.66_release_notes
- update to NSS 3.65
  * bmo#1709654 - Update for NetBSD configuration.
  * bmo#1709750 - Disable HPKE test when fuzzing.
  * bmo#1566124 - Optimize AES-GCM for ppc64le.
  * bmo#1699021 - Add AES-256-GCM to HPKE.
  * bmo#1698419 - ECH -10 updates.
  * bmo#1692930 - Update HPKE to final version.
  * bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
  * bmo#1703936 - New coverity/cpp scanner errors.
  * bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
  * bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
  * bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=361
This commit is contained in:
Wolfgang Rosenauer 2021-07-14 16:20:34 +00:00 committed by Git OBS Bridge
parent 2607747af9
commit 009bd2b01c
18 changed files with 399 additions and 686 deletions

View File

@ -1,7 +1,8 @@
diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk
--- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700
+++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700
@@ -174,6 +174,12 @@ endif
Index: nss/coreconf/Linux.mk
===================================================================
--- nss.orig/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -183,6 +183,12 @@ endif
endif
endif

View File

@ -1,5 +1,5 @@
mozilla-nss
requires "mozilla-nspr-<targettype> >= 4.30"
requires "mozilla-nspr-<targettype> >= 4.31"
requires "libfreebl3-<targettype>"
requires "libsoftokn3-<targettype>"
requires "libnssckbi.so"

View File

@ -1,8 +1,8 @@
diff --git a/tests/ssl/ssl.sh b/tests/ssl/ssl.sh
index c1730d8..5eee525 100755
--- a/tests/ssl/ssl.sh
+++ b/tests/ssl/ssl.sh
@@ -1449,6 +1449,7 @@ ssl_run_tests()
Index: nss/tests/ssl/ssl.sh
===================================================================
--- nss.orig/tests/ssl/ssl.sh
+++ nss/tests/ssl/ssl.sh
@@ -1683,6 +1683,7 @@ ssl_run_tests()
################################# main #################################

View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Sat Jul 10 08:50:18 UTC 2021 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to NSS 3.66
* no releasenotes available yet
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.66_release_notes
- update to NSS 3.65
* bmo#1709654 - Update for NetBSD configuration.
* bmo#1709750 - Disable HPKE test when fuzzing.
* bmo#1566124 - Optimize AES-GCM for ppc64le.
* bmo#1699021 - Add AES-256-GCM to HPKE.
* bmo#1698419 - ECH -10 updates.
* bmo#1692930 - Update HPKE to final version.
* bmo#1707130 - NSS should use modern algorithms in PKCS#12 files by default.
* bmo#1703936 - New coverity/cpp scanner errors.
* bmo#1697303 - NSS needs to update it's csp clearing to FIPS 180-3 standards.
* bmo#1702663 - Need to support RSA PSS with Hashing PKCS #11 Mechanisms.
* bmo#1705119 - Deadlock when using GCM and non-thread safe tokens.
- refreshed patches
- Firefox 90.0 requires NSS 3.66
-------------------------------------------------------------------
Thu May 27 17:24:41 UTC 2021 - Andreas Stieger <andreas.stieger@gmx.de>

View File

@ -17,14 +17,14 @@
#
%global nss_softokn_fips_version 3.64
%define NSPR_min_version 4.30
%global nss_softokn_fips_version 3.66
%define NSPR_min_version 4.31
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss
Version: 3.64
Version: 3.66
Release: 0
%define underscore_version 3_64
%define underscore_version 3_66
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d3175427172e9c3a6f1ebc74452cb791590f28191c6a1a443dbc0d87c9df1126
size 82173054

3
nss-3.66.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:89a79e3a756cf0ac9ba645f4d4c0fc58d4133134401fb0b6c8a74c420bb4cdc9
size 82401896

View File

@ -6,9 +6,10 @@
# Parent 3f4d682c9a1e8b3d939c744ee249e23179db5191
imported patch nss-fips-approved-crypto-non-ec.patch
diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
--- a/lib/freebl/deprecated/alg2268.c
+++ b/lib/freebl/deprecated/alg2268.c
Index: nss/lib/freebl/deprecated/alg2268.c
===================================================================
--- nss.orig/lib/freebl/deprecated/alg2268.c
+++ nss/lib/freebl/deprecated/alg2268.c
@@ -16,6 +16,8 @@
#include <stddef.h> /* for ptrdiff_t */
#endif
@ -18,7 +19,7 @@ diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
/*
** RC2 symmetric block cypher
*/
@@ -119,6 +121,7 @@
@@ -119,6 +121,7 @@ static const PRUint8 S[256] = {
RC2Context *
RC2_AllocateContext(void)
{
@ -26,7 +27,7 @@ diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
return PORT_ZNew(RC2Context);
}
SECStatus
@@ -133,6 +136,8 @@
@@ -133,6 +136,8 @@ RC2_InitContext(RC2Context *cx, const un
#endif
PRUint8 tmpB;
@ -35,7 +36,7 @@ diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
if (!key || !cx || !len || len > (sizeof cx->B) ||
efLen8 > (sizeof cx->B)) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -204,7 +209,11 @@
@@ -204,7 +209,11 @@ RC2Context *
RC2_CreateContext(const unsigned char *key, unsigned int len,
const unsigned char *iv, int mode, unsigned efLen8)
{
@ -48,7 +49,7 @@ diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
if (cx) {
SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0);
if (rv != SECSuccess) {
@@ -456,7 +465,11 @@
@@ -456,7 +465,11 @@ RC2_Encrypt(RC2Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
@ -61,7 +62,7 @@ diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
if (inputLen) {
if (inputLen % RC2_BLOCK_SIZE) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
@@ -490,7 +503,11 @@
@@ -490,7 +503,11 @@ RC2_Decrypt(RC2Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
@ -74,9 +75,10 @@ diff --git a/lib/freebl/deprecated/alg2268.c b/lib/freebl/deprecated/alg2268.c
if (inputLen) {
if (inputLen % RC2_BLOCK_SIZE) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
--- a/lib/freebl/arcfour.c
+++ b/lib/freebl/arcfour.c
Index: nss/lib/freebl/arcfour.c
===================================================================
--- nss.orig/lib/freebl/arcfour.c
+++ nss/lib/freebl/arcfour.c
@@ -13,6 +13,7 @@
#include "prtypes.h"
@ -85,7 +87,7 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
/* Architecture-dependent defines */
@@ -108,6 +109,7 @@
@@ -108,6 +109,7 @@ static const Stype Kinit[256] = {
RC4Context *
RC4_AllocateContext(void)
{
@ -93,7 +95,7 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
return PORT_ZNew(RC4Context);
}
@@ -121,6 +123,8 @@
@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const un
PRUint8 K[256];
PRUint8 *L;
@ -102,7 +104,7 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
/* verify the key length. */
PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
@@ -162,7 +166,11 @@
@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const un
RC4Context *
RC4_CreateContext(const unsigned char *key, int len)
{
@ -115,7 +117,7 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
if (cx) {
SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
if (rv != SECSuccess) {
@@ -176,6 +184,7 @@
@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *k
void
RC4_DestroyContext(RC4Context *cx, PRBool freeit)
{
@ -123,7 +125,7 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
if (freeit)
PORT_ZFree(cx, sizeof(*cx));
}
@@ -548,6 +557,8 @@
@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
@ -132,7 +134,7 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
PORT_Assert(maxOutputLen >= inputLen);
if (maxOutputLen < inputLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -571,6 +582,8 @@
@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
@ -141,9 +143,10 @@ diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c
PORT_Assert(maxOutputLen >= inputLen);
if (maxOutputLen < inputLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
--- a/lib/freebl/deprecated/seed.c
+++ b/lib/freebl/deprecated/seed.c
Index: nss/lib/freebl/deprecated/seed.c
===================================================================
--- nss.orig/lib/freebl/deprecated/seed.c
+++ nss/lib/freebl/deprecated/seed.c
@@ -17,6 +17,8 @@
#include "seed.h"
#include "secerr.h"
@ -153,7 +156,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
static const seed_word SS[4][256] = {
{ 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0,
0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124,
@@ -301,6 +303,8 @@
@@ -301,6 +303,8 @@ SEED_set_key(const unsigned char rawkey[
seed_word K0, K1, K2, K3;
seed_word t0, t1;
@ -162,7 +165,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
char2word(rawkey, K0);
char2word(rawkey + 4, K1);
char2word(rawkey + 8, K2);
@@ -349,6 +353,8 @@
@@ -349,6 +353,8 @@ SEED_encrypt(const unsigned char s[SEED_
seed_word L0, L1, R0, R1;
seed_word t0, t1;
@ -171,7 +174,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
char2word(s, L0);
char2word(s + 4, L1);
char2word(s + 8, R0);
@@ -385,6 +391,8 @@
@@ -385,6 +391,8 @@ SEED_decrypt(const unsigned char s[SEED_
seed_word L0, L1, R0, R1;
seed_word t0, t1;
@ -180,7 +183,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
char2word(s, L0);
char2word(s + 4, L1);
char2word(s + 8, R0);
@@ -419,6 +427,8 @@
@@ -419,6 +427,8 @@ SEED_ecb_encrypt(const unsigned char *in
size_t inLen,
const SEED_KEY_SCHEDULE *ks, int enc)
{
@ -189,7 +192,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
if (enc) {
while (inLen > 0) {
SEED_encrypt(in, out, ks);
@@ -445,6 +455,8 @@
@@ -445,6 +455,8 @@ SEED_cbc_encrypt(const unsigned char *in
unsigned char tmp[SEED_BLOCK_SIZE];
const unsigned char *iv = ivec;
@ -198,7 +201,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
if (enc) {
while (len >= SEED_BLOCK_SIZE) {
for (n = 0; n < SEED_BLOCK_SIZE; ++n) {
@@ -528,6 +540,7 @@
@@ -528,6 +540,7 @@ SEED_cbc_encrypt(const unsigned char *in
SEEDContext *
SEED_AllocateContext(void)
{
@ -206,7 +209,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
return PORT_ZNew(SEEDContext);
}
@@ -536,6 +549,8 @@
@@ -536,6 +549,8 @@ SEED_InitContext(SEEDContext *cx, const
unsigned int keylen, const unsigned char *iv,
int mode, unsigned int encrypt, unsigned int unused)
{
@ -215,7 +218,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -567,10 +582,14 @@
@@ -567,10 +582,14 @@ SEEDContext *
SEED_CreateContext(const unsigned char *key, const unsigned char *iv,
int mode, PRBool encrypt)
{
@ -224,16 +227,16 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
- encrypt, 0);
+ SEEDContext *cx;
+ SECStatus rv;
+ IN_FIPS_RETURN(NULL);
+
+ IN_FIPS_RETURN(NULL);
+ cx = PORT_ZNew(SEEDContext);
+ rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode,
+ encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
cx = NULL;
@@ -595,6 +614,8 @@
@@ -595,6 +614,8 @@ SEED_Encrypt(SEEDContext *cx, unsigned c
unsigned int maxOutLen, const unsigned char *in,
unsigned int inLen)
{
@ -242,7 +245,7 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
@@ -635,6 +656,8 @@
@@ -635,6 +656,8 @@ SEED_Decrypt(SEEDContext *cx, unsigned c
unsigned int maxOutLen, const unsigned char *in,
unsigned int inLen)
{
@ -251,9 +254,10 @@ diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
diff --git a/lib/freebl/fips.h b/lib/freebl/fips.h
--- a/lib/freebl/fips.h
+++ b/lib/freebl/fips.h
Index: nss/lib/freebl/fips.h
===================================================================
--- nss.orig/lib/freebl/fips.h
+++ nss/lib/freebl/fips.h
@@ -8,8 +8,20 @@
#ifndef FIPS_H
#define FIPS_H
@ -275,9 +279,10 @@ diff --git a/lib/freebl/fips.h b/lib/freebl/fips.h
#endif
diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
--- a/lib/freebl/md2.c
+++ b/lib/freebl/md2.c
Index: nss/lib/freebl/md2.c
===================================================================
--- nss.orig/lib/freebl/md2.c
+++ nss/lib/freebl/md2.c
@@ -13,6 +13,8 @@
#include "blapi.h"
@ -287,7 +292,7 @@ diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
#define MD2_DIGEST_LEN 16
#define MD2_BUFSIZE 16
#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
@@ -66,7 +68,11 @@
@@ -66,7 +68,11 @@ SECStatus
MD2_Hash(unsigned char *dest, const char *src)
{
unsigned int len;
@ -300,7 +305,7 @@ diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
if (!cx) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return SECFailure;
@@ -81,7 +87,11 @@
@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char
MD2Context *
MD2_NewContext(void)
{
@ -313,7 +318,7 @@ diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return NULL;
@@ -99,6 +109,8 @@
@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBoo
void
MD2_Begin(MD2Context *cx)
{
@ -322,7 +327,7 @@ diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
memset(cx, 0, sizeof(*cx));
cx->unusedBuffer = MD2_BUFSIZE;
}
@@ -196,6 +208,8 @@
@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigne
{
PRUint32 bytesToConsume;
@ -331,7 +336,7 @@ diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
/* Fill the remaining input buffer. */
if (cx->unusedBuffer != MD2_BUFSIZE) {
bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
@@ -226,6 +240,9 @@
@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *d
unsigned int *digestLen, unsigned int maxDigestLen)
{
PRUint8 padStart;
@ -341,9 +346,10 @@ diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c
if (maxDigestLen < MD2_BUFSIZE) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
--- a/lib/freebl/md5.c
+++ b/lib/freebl/md5.c
Index: nss/lib/freebl/md5.c
===================================================================
--- nss.orig/lib/freebl/md5.c
+++ nss/lib/freebl/md5.c
@@ -15,6 +15,8 @@
#include "blapi.h"
#include "blapii.h"
@ -353,7 +359,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
#define MD5_HASH_LEN 16
#define MD5_BUFFER_SIZE 64
#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
@@ -195,6 +197,7 @@
@@ -195,6 +197,7 @@ struct MD5ContextStr {
SECStatus
MD5_Hash(unsigned char *dest, const char *src)
{
@ -361,7 +367,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
@@ -204,6 +207,8 @@
@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const u
unsigned int len;
MD5Context cx;
@ -370,7 +376,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
MD5_Begin(&cx);
MD5_Update(&cx, src, src_length);
MD5_End(&cx, dest, &len, MD5_HASH_LEN);
@@ -215,7 +220,11 @@
@@ -215,7 +220,11 @@ MD5Context *
MD5_NewContext(void)
{
/* no need to ZAlloc, MD5_Begin will init the context */
@ -383,7 +389,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return NULL;
@@ -226,7 +235,8 @@
@@ -226,7 +235,8 @@ MD5_NewContext(void)
void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
@ -393,7 +399,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
if (freeit) {
PORT_Free(cx);
}
@@ -235,6 +245,8 @@
@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
void
MD5_Begin(MD5Context *cx)
{
@ -402,7 +408,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
cx->lsbInput = 0;
cx->msbInput = 0;
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
@@ -425,6 +437,8 @@
@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigne
PRUint32 inBufIndex = cx->lsbInput & 63;
const PRUint32 *wBuf;
@ -411,7 +417,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
/* Add the number of input bytes to the 64-bit input counter. */
addto64(cx->msbInput, cx->lsbInput, inputLen);
if (inBufIndex) {
@@ -498,6 +512,8 @@
@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *d
PRUint32 lowInput, highInput;
PRUint32 inBufIndex = cx->lsbInput & 63;
@ -420,7 +426,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -546,6 +562,8 @@
@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char
#endif
PRUint32 cv[4];
@ -429,9 +435,10 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c
--- a/lib/freebl/nsslowhash.c
+++ b/lib/freebl/nsslowhash.c
Index: nss/lib/freebl/nsslowhash.c
===================================================================
--- nss.orig/lib/freebl/nsslowhash.c
+++ nss/lib/freebl/nsslowhash.c
@@ -12,6 +12,7 @@
#include "plhash.h"
#include "nsslowhash.h"
@ -440,7 +447,7 @@ diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c
struct NSSLOWInitContextStr {
int count;
@@ -92,6 +93,12 @@
@@ -92,6 +93,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
{
NSSLOWHASHContext *context;
@ -453,9 +460,10 @@ diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c
if (post_failed) {
PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
return NULL;
diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c
--- a/lib/freebl/rawhash.c
+++ b/lib/freebl/rawhash.c
Index: nss/lib/freebl/rawhash.c
===================================================================
--- nss.orig/lib/freebl/rawhash.c
+++ nss/lib/freebl/rawhash.c
@@ -10,6 +10,7 @@
#include "hasht.h"
#include "blapi.h" /* below the line */
@ -464,7 +472,7 @@ diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c
static void *
null_hash_new_context(void)
@@ -146,7 +147,8 @@
@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[]
const SECHashObject *
HASH_GetRawHashObject(HASH_HashType hashType)
{
@ -474,15 +482,16 @@ diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -7282,7 +7282,7 @@
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -7491,7 +7491,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
} else {
/* now allocate the hash contexts */
md5 = MD5_NewContext();
- if (md5 == NULL) {
+ if (md5 == NULL && !isTLS) {
PORT_Memset(crsrdata, 0, sizeof crsrdata);
crv = CKR_HOST_MEMORY;
break;
}

View File

@ -6,9 +6,10 @@
# Parent 60c5e5d73ce1177fa66d8fd6cf49d9b371ca9be4
imported patch nss-fips-cavs-general.patch
diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
--- a/cmd/fipstest/fipstest.c
+++ b/cmd/fipstest/fipstest.c
Index: nss/cmd/fipstest/fipstest.c
===================================================================
--- nss.orig/cmd/fipstest/fipstest.c
+++ nss/cmd/fipstest/fipstest.c
@@ -5,6 +5,7 @@
#include <stdio.h>
#include <stdlib.h>
@ -27,7 +28,7 @@ diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
#define __PASTE(x, y) x##y
#undef CK_PKCS11_FUNCTION_INFO
#undef CK_NEED_ARG_LIST
@@ -55,6 +59,10 @@
@@ -55,6 +59,10 @@ EC_CopyParams(PLArenaPool *arena, ECPara
#define RSA_MAX_TEST_EXPONENT_BYTES 8
#define PQG_TEST_SEED_BYTES 20
@ -38,7 +39,7 @@ diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
SECStatus
hex_to_byteval(const char *c2, unsigned char *byteval)
{
@@ -168,6 +176,62 @@
@@ -168,6 +176,62 @@ from_hex_str(unsigned char *buf, unsigne
return PR_TRUE;
}
@ -101,7 +102,7 @@ diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
SECStatus
tdea_encrypt_buf(
int mode,
@@ -8930,41 +8994,6 @@
@@ -8930,41 +8994,6 @@ out:
}
}
@ -143,7 +144,7 @@ diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
void
kas_ffc_test(char *reqfn, int do_validity)
{
@@ -9387,12 +9416,34 @@
@@ -9387,12 +9416,34 @@ out:
free_param_specs (pspecs);
}
@ -178,9 +179,10 @@ diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c
RNG_RNGInit();
SECOID_Init();
diff --git a/lib/freebl/freebl.def b/lib/freebl/freebl.def
--- a/lib/freebl/freebl.def
+++ b/lib/freebl/freebl.def
Index: nss/lib/freebl/freebl.def
===================================================================
--- nss.orig/lib/freebl/freebl.def
+++ nss/lib/freebl/freebl.def
@@ -21,6 +21,7 @@
LIBRARY freebl3 ;-
EXPORTS ;-
@ -189,9 +191,10 @@ diff --git a/lib/freebl/freebl.def b/lib/freebl/freebl.def
;+ local:
;+ *;
;+};
diff --git a/lib/freebl/freebl_hash.def b/lib/freebl/freebl_hash.def
--- a/lib/freebl/freebl_hash.def
+++ b/lib/freebl/freebl_hash.def
Index: nss/lib/freebl/freebl_hash.def
===================================================================
--- nss.orig/lib/freebl/freebl_hash.def
+++ nss/lib/freebl/freebl_hash.def
@@ -21,6 +21,7 @@
LIBRARY freebl3 ;-
EXPORTS ;-
@ -200,9 +203,10 @@ diff --git a/lib/freebl/freebl_hash.def b/lib/freebl/freebl_hash.def
;+ local:
;+ *;
;+};
diff --git a/lib/freebl/freebl_hash_vector.def b/lib/freebl/freebl_hash_vector.def
--- a/lib/freebl/freebl_hash_vector.def
+++ b/lib/freebl/freebl_hash_vector.def
Index: nss/lib/freebl/freebl_hash_vector.def
===================================================================
--- nss.orig/lib/freebl/freebl_hash_vector.def
+++ nss/lib/freebl/freebl_hash_vector.def
@@ -21,6 +21,7 @@
LIBRARY freebl3 ;-
EXPORTS ;-
@ -211,10 +215,11 @@ diff --git a/lib/freebl/freebl_hash_vector.def b/lib/freebl/freebl_hash_vector.d
;+ local:
;+ *;
;+};
diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
--- a/lib/freebl/pqg.c
+++ b/lib/freebl/pqg.c
@@ -1231,7 +1231,8 @@
Index: nss/lib/freebl/pqg.c
===================================================================
--- nss.orig/lib/freebl/pqg.c
+++ nss/lib/freebl/pqg.c
@@ -1242,7 +1242,8 @@ cleanup:
**/
static SECStatus
pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type,
@ -224,7 +229,7 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
{
unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/
@@ -1239,7 +1240,6 @@
@@ -1250,7 +1251,6 @@ pqg_ParamGen(unsigned int L, unsigned in
unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */
unsigned int maxCount;
@ -232,7 +237,7 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */
PLArenaPool *arena = NULL;
PQGParams *params = NULL;
@@ -1290,7 +1290,8 @@
@@ -1301,7 +1301,8 @@ pqg_ParamGen(unsigned int L, unsigned in
/* fill in P Q, */
SECITEM_TO_MPINT((*pParams)->prime, &P);
SECITEM_TO_MPINT((*pParams)->subPrime, &Q);
@ -242,7 +247,7 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed,
(*pVfy)->h.data[0], &G));
MPINT_TO_SECITEM(&G, &(*pParams)->base, (*pParams)->arena);
@@ -1330,7 +1331,8 @@
@@ -1341,7 +1342,8 @@ pqg_ParamGen(unsigned int L, unsigned in
/* Select Hash and Compute lengths. */
/* getFirstHash gives us the smallest acceptable hash for this key
* strength */
@ -252,7 +257,7 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE;
/* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */
@@ -1532,6 +1534,10 @@
@@ -1543,6 +1545,10 @@ generate_G:
verify->counter = counter;
*pParams = params;
*pVfy = verify;
@ -262,8 +267,8 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
+
cleanup:
if (pseed.data) {
PORT_Free(pseed.data);
@@ -1576,7 +1582,7 @@
SECITEM_ZfreeItem(&pseed, PR_FALSE);
@@ -1587,7 +1593,7 @@ PQG_ParamGen(unsigned int j, PQGParams *
L = 512 + (j * 64); /* bits in P */
seedBytes = L / 8;
return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
@ -272,7 +277,7 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
}
SECStatus
@@ -1591,7 +1597,7 @@
@@ -1602,7 +1608,7 @@ PQG_ParamGenSeedLen(unsigned int j, unsi
}
L = 512 + (j * 64); /* bits in P */
return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes,
@ -281,7 +286,7 @@ diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c
}
SECStatus
@@ -1609,7 +1615,26 @@
@@ -1620,7 +1626,26 @@ PQG_ParamGenV2(unsigned int L, unsigned
/* error code already set */
return SECFailure;
}

View File

@ -12,10 +12,10 @@ power-on self tests.
lib/softoken/softoken.h | 10 ++
4 files changed, 169 insertions(+), 70 deletions(-)
diff --git a/cmd/lib/pk11table.c b/cmd/lib/pk11table.c
index f7a45fa..d302436 100644
--- a/cmd/lib/pk11table.c
+++ b/cmd/lib/pk11table.c
Index: nss/cmd/lib/pk11table.c
===================================================================
--- nss.orig/cmd/lib/pk11table.c
+++ nss/cmd/lib/pk11table.c
@@ -273,6 +273,10 @@ const Constant _consts[] = {
mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
mkEntry(CKM_DSA, Mechanism),
@ -38,11 +38,11 @@ index f7a45fa..d302436 100644
mkEntry(CKM_ECDH1_DERIVE, Mechanism),
mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism),
mkEntry(CKM_ECMQV_DERIVE, Mechanism),
diff --git a/lib/pk11wrap/pk11mech.c b/lib/pk11wrap/pk11mech.c
index d94d59a..ac280f0 100644
--- a/lib/pk11wrap/pk11mech.c
+++ b/lib/pk11wrap/pk11mech.c
@@ -376,6 +376,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
Index: nss/lib/pk11wrap/pk11mech.c
===================================================================
--- nss.orig/lib/pk11wrap/pk11mech.c
+++ nss/lib/pk11wrap/pk11mech.c
@@ -376,6 +376,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
return CKK_RSA;
case CKM_DSA:
case CKM_DSA_SHA1:
@ -53,7 +53,7 @@ index d94d59a..ac280f0 100644
case CKM_DSA_KEY_PAIR_GEN:
return CKK_DSA;
case CKM_DH_PKCS_DERIVE:
@@ -386,6 +390,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len)
@@ -386,6 +390,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
return CKK_KEA;
case CKM_ECDSA:
case CKM_ECDSA_SHA1:
@ -64,11 +64,11 @@ index d94d59a..ac280f0 100644
case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */
case CKM_ECDH1_DERIVE:
return CKK_EC; /* CKK_ECDSA is deprecated */
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
index 08f94bc..ec6b205 100644
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -2606,7 +2606,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen,
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -2675,7 +2675,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@ -77,7 +77,7 @@ index 08f94bc..ec6b205 100644
{
SECItem signature, digest;
SECStatus rv;
@@ -2624,6 +2624,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
@@ -2693,6 +2693,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
return rv;
}
@ -100,7 +100,7 @@ index 08f94bc..ec6b205 100644
static SECStatus
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
void *dataBuf, unsigned int dataLen)
@@ -2641,7 +2657,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
@@ -2710,7 +2726,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
static SECStatus
nsc_ECDSASignStub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@ -109,7 +109,7 @@ index 08f94bc..ec6b205 100644
{
SECItem signature, digest;
SECStatus rv;
@@ -2659,6 +2675,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf,
@@ -2728,6 +2744,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
return rv;
}
@ -132,7 +132,7 @@ index 08f94bc..ec6b205 100644
/* NSC_SignInit setups up the signing operations. There are three basic
* types of signing:
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
@@ -3511,6 +3543,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
@@ -3597,6 +3629,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
info->hashOid = SEC_OID_##mmm; \
goto finish_rsa;
@ -155,51 +155,7 @@ index 08f94bc..ec6b205 100644
switch (pMechanism->mechanism) {
INIT_RSA_VFY_MECH(MD5)
INIT_RSA_VFY_MECH(MD2)
@@ -3575,13 +3623,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
context->destroy = (SFTKDestroy)sftk_Space;
context->verify = (SFTKVerify)sftk_RSACheckSignPSS;
break;
- case CKM_DSA_SHA1:
- context->multi = PR_TRUE;
- crv = sftk_doSubSHA1(context);
- if (crv != CKR_OK)
- break;
- /* fall through */
+
+ INIT_DSA_VFY_MECH(SHA1)
+ INIT_DSA_VFY_MECH(SHA224)
+ INIT_DSA_VFY_MECH(SHA256)
+ INIT_DSA_VFY_MECH(SHA384)
+ INIT_DSA_VFY_MECH(SHA512)
+
case CKM_DSA:
+ finish_dsa:
if (key_type != CKK_DSA) {
crv = CKR_KEY_TYPE_INCONSISTENT;
break;
@@ -3594,13 +3644,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession,
context->verify = (SFTKVerify)nsc_DSA_Verify_Stub;
context->destroy = sftk_Null;
break;
- case CKM_ECDSA_SHA1:
- context->multi = PR_TRUE;
- crv = sftk_doSubSHA1(context);
- if (crv != CKR_OK)
- break;
- /* fall through */
+
+ INIT_ECDSA_VFY_MECH(SHA1)
+ INIT_ECDSA_VFY_MECH(SHA224)
+ INIT_ECDSA_VFY_MECH(SHA256)
+ INIT_ECDSA_VFY_MECH(SHA384)
+ INIT_ECDSA_VFY_MECH(SHA512)
+
case CKM_ECDSA:
+ finish_ecdsa:
if (key_type != CKK_EC) {
crv = CKR_KEY_TYPE_INCONSISTENT;
break;
@@ -4733,6 +4785,73 @@ loser:
@@ -4825,6 +4873,73 @@ loser:
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
@ -273,7 +229,7 @@ index 08f94bc..ec6b205 100644
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -4780,8 +4899,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
@@ -4878,8 +4993,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
/* Variables used for Signature/Verification functions. */
/* Must be at least 256 bits for DSA2 digest */
@ -282,7 +238,7 @@ index 08f94bc..ec6b205 100644
CK_ULONG signature_length;
if (keyType == CKK_RSA) {
@@ -4935,76 +5052,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession,
@@ -5033,76 +5146,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}
@ -369,11 +325,11 @@ index 08f94bc..ec6b205 100644
if (crv != CKR_OK) {
return crv;
}
diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h
index 30586fc..d5aaffa 100644
--- a/lib/softoken/softoken.h
+++ b/lib/softoken/softoken.h
@@ -35,6 +35,16 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key,
Index: nss/lib/softoken/softoken.h
===================================================================
--- nss.orig/lib/softoken/softoken.h
+++ nss/lib/softoken/softoken.h
@@ -35,6 +35,16 @@ RSA_HashCheckSign(SECOidTag hashOid, NSS
const unsigned char *sig, unsigned int sigLen,
const unsigned char *hash, unsigned int hashLen);
@ -390,6 +346,3 @@ index 30586fc..d5aaffa 100644
/*
** Prepare a buffer for padded CBC encryption, growing to the appropriate
** boundary, filling with the appropriate padding.
--
2.26.2

View File

@ -4,15 +4,11 @@ Date: Sun Mar 15 21:54:30 2020 +0100
Patch 23: nss-fips-constructor-self-tests.patch
diff --git a/cmd/chktest/chktest.c b/cmd/chktest/chktest.c
--- a/cmd/chktest/chktest.c
+++ b/cmd/chktest/chktest.c
@@ -33,13 +33,13 @@ main(int argc, char **argv)
}
rv = BL_Init();
if (rv != SECSuccess) {
SECU_PrintPRandOSError("");
return -1;
Index: nss/cmd/chktest/chktest.c
===================================================================
--- nss.orig/cmd/chktest/chktest.c
+++ nss/cmd/chktest/chktest.c
@@ -38,7 +38,7 @@ main(int argc, char **argv)
}
RNG_SystemInfoForRNG();
@ -21,16 +17,11 @@ diff --git a/cmd/chktest/chktest.c b/cmd/chktest/chktest.c
printf("%s\n",
(good_result ? "SUCCESS" : "FAILURE"));
return (good_result) ? SECSuccess : SECFailure;
}
diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
@@ -941,20 +941,22 @@ main(int argc, char **argv)
if (keySize && (mechInfo.ulMaxKeySize < keySize)) {
PR_fprintf(PR_STDERR,
"token doesn't support DSA2 (Max key size=%d)\n",
mechInfo.ulMaxKeySize);
Index: nss/cmd/shlibsign/shlibsign.c
===================================================================
--- nss.orig/cmd/shlibsign/shlibsign.c
+++ nss/cmd/shlibsign/shlibsign.c
@@ -946,10 +946,12 @@ main(int argc, char **argv)
goto cleanup;
}
@ -47,20 +38,11 @@ diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c
}
}
/* DSA key init */
if (keySize == 1024) {
dsaPubKeyTemplate[0].type = CKA_PRIME;
dsaPubKeyTemplate[0].pValue = (CK_VOID_PTR)&prime;
dsaPubKeyTemplate[0].ulValueLen = sizeof(prime);
diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
--- a/lib/freebl/blapi.h
+++ b/lib/freebl/blapi.h
@@ -1734,27 +1734,27 @@ extern void PQG_DestroyVerify(PQGVerify
extern void BL_Cleanup(void);
/* unload freebl shared library from memory */
extern void BL_Unload(void);
Index: nss/lib/freebl/blapi.h
===================================================================
--- nss.orig/lib/freebl/blapi.h
+++ nss/lib/freebl/blapi.h
@@ -1759,17 +1759,17 @@ extern void BL_Unload(void);
/**************************************************************************
* Verify a given Shared library signature *
**************************************************************************/
@ -81,15 +63,10 @@ diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
/*********************************************************************/
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
extern void BL_SetForkState(PRBool forked);
/*
** pepare an ECParam structure from DEREncoded params
diff --git a/lib/freebl/fips-selftest.inc b/lib/freebl/fips-selftest.inc
new file mode 100644
Index: nss/lib/freebl/fips-selftest.inc
===================================================================
--- /dev/null
+++ b/lib/freebl/fips-selftest.inc
+++ nss/lib/freebl/fips-selftest.inc
@@ -0,0 +1,293 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test - common stuff.
@ -384,10 +361,10 @@ new file mode 100644
+}
+
+#endif
diff --git a/lib/freebl/fips.c b/lib/freebl/fips.c
new file mode 100644
Index: nss/lib/freebl/fips.c
===================================================================
--- /dev/null
+++ b/lib/freebl/fips.c
+++ nss/lib/freebl/fips.c
@@ -0,0 +1,7 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
@ -396,10 +373,10 @@ new file mode 100644
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
diff --git a/lib/freebl/fips.h b/lib/freebl/fips.h
new file mode 100644
Index: nss/lib/freebl/fips.h
===================================================================
--- /dev/null
+++ b/lib/freebl/fips.h
+++ nss/lib/freebl/fips.h
@@ -0,0 +1,15 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
@ -416,15 +393,11 @@ new file mode 100644
+
+#endif
+
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
--- a/lib/freebl/fipsfreebl.c
+++ b/lib/freebl/fipsfreebl.c
@@ -16,16 +16,23 @@
#include "secerr.h"
#include "prtypes.h"
#include "secitem.h"
#include "pkcs11t.h"
#include "cmac.h"
Index: nss/lib/freebl/fipsfreebl.c
===================================================================
--- nss.orig/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -21,6 +21,13 @@
#include "ec.h" /* Required for EC */
@ -438,17 +411,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
/*
* different platforms have different ways of calling and initial entry point
* when the dll/.so is loaded. Most platforms support either a posix pragma
* or the GCC attribute. Some platforms suppor a pre-defined name, and some
* platforms have a link line way of invoking this function.
*/
/* The pragma */
@@ -1993,57 +2000,57 @@ freebl_fips_RNG_PowerUpSelfTest(void)
0x3f, 0xf7, 0x0c, 0xcd, 0xa6, 0xca, 0xbf, 0xce,
0x84, 0x0e, 0xb6, 0xf1, 0x0d, 0xbe, 0xa9, 0xa3
};
static const PRUint8 rng_known_DSAX[] = {
0x7a, 0x86, 0xf1, 0x7f, 0xbd, 0x4e, 0x6e, 0xd9,
@@ -1998,9 +2005,8 @@ freebl_fips_RNG_PowerUpSelfTest(void)
0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73,
0x10, 0x1f, 0x60, 0xd7
};
@ -459,13 +422,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
/*******************************************/
/* Run the SP 800-90 Health tests */
/*******************************************/
rng_status = PRNGTEST_RunHealthTests();
if (rng_status != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -2014,13 +2020,12 @@ freebl_fips_RNG_PowerUpSelfTest(void)
/*******************************************/
/* Generate DSAX fow given Q. */
/*******************************************/
@ -480,7 +437,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -2028,17 +2033,19 @@ freebl_fips_RNG_PowerUpSelfTest(void)
return (SECSuccess);
}
@ -501,17 +458,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
#define DO_FREEBL 1
#define DO_REST 2
static SECStatus
freebl_fipsPowerUpSelfTest(unsigned int tests)
{
SECStatus rv;
@@ -2151,34 +2158,36 @@ freebl_fipsPowerUpSelfTest(unsigned int
* to prevent the softoken function pointer table from operating until the
* libraries are loaded and we try to use them.
*/
static PRBool self_tests_freebl_ran = PR_FALSE;
static PRBool self_tests_ran = PR_FALSE;
@@ -2156,11 +2163,13 @@ static PRBool self_tests_ran = PR_FALSE;
static PRBool self_tests_freebl_success = PR_FALSE;
static PRBool self_tests_success = PR_FALSE;
@ -526,12 +473,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
{
SECStatus rv;
/* if the freebl self tests didn't run, there is something wrong with
* our on load tests */
if (!self_tests_freebl_ran) {
return PR_FALSE;
}
/* if all the self tests have run, we are good */
if (self_tests_ran) {
@@ -2173,7 +2182,7 @@ BL_POSTRan(PRBool freebl_only)
return PR_TRUE;
}
/* if we only care about the freebl tests, we are good */
@ -540,34 +482,27 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
return PR_TRUE;
}
/* run the rest of the self tests */
/* We could get there if freebl was loaded without the rest of the support
* libraries, but now we want to use more than just a standalone freebl.
* This requires the other libraries to be loaded.
* If they are now loaded, Try to run the rest of the selftests,
* otherwise fail (disabling access to these algorithms) */
@@ -2187,92 +2196,174 @@ BL_POSTRan(PRBool freebl_only)
RNG_RNGInit(); /* required by RSA */
rv = freebl_fipsPowerUpSelfTest(DO_REST);
if (rv == SECSuccess) {
self_tests_success = PR_TRUE;
}
@@ -2192,32 +2201,16 @@ BL_POSTRan(PRBool freebl_only)
return PR_TRUE;
}
+#if 0
#include "blname.c"
-
+#endif
-/*
- * This function is called at dll load time, the code tha makes this
- * happen is platform specific on defined above.
- */
-static void
-bl_startup_tests(void)
-{
+/* crypto algorithms selftest wrapper */
+static fips_check_status
+fips_checkCryptoFreebl(void)
{
- const char *libraryName;
- PRBool freebl_only = PR_FALSE;
- SECStatus rv;
+#endif
SECStatus rv;
- PORT_Assert(self_tests_freebl_ran == PR_FALSE);
- PORT_Assert(self_tests_success == PR_FALSE);
@ -581,20 +516,11 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
- freebl_only = PR_TRUE;
- }
-#endif
+/* crypto algorithms selftest wrapper */
+static fips_check_status
+fips_checkCryptoFreebl(void)
+{
+ SECStatus rv;
-
self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
if (!freebl_only) {
self_tests_ran = PR_TRUE; /* we're running all the tests */
BL_Init(); /* needs to be called before RSA can be used */
RNG_RNGInit();
}
@@ -2229,20 +2222,55 @@ bl_startup_tests(void)
/* always run the post tests */
rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST);
if (rv != SECSuccess) {
@ -652,8 +578,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
}
/*
* this is called from the freebl init entry points that controll access to
* all other freebl functions. This prevents freebl from operating if our
@@ -2251,28 +2279,91 @@ bl_startup_tests(void)
* power on selftest failed.
*/
SECStatus
@ -755,15 +680,11 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
+}
+
#endif
diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -1208,36 +1208,36 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return SECFailure;
return vector->p_AESKeyWrap_DecryptKWP(cx, output, outputLen, maxOutputLen,
input, inputLen);
Index: nss/lib/freebl/loader.c
===================================================================
--- nss.orig/lib/freebl/loader.c
+++ nss/lib/freebl/loader.c
@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
}
PRBool
@ -777,9 +698,7 @@ diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
}
/*
* The Caller is expected to pass NULL as the name, which will
* trigger the p_BLAPI_VerifySelf() to return 'TRUE'. Pass the real
* name of the shared library we loaded (the static libraryName set
@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
* in freebl_LoadDSO) to p_BLAPI_VerifySelf.
*/
PRBool
@ -794,17 +713,7 @@ diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
}
/* ============== New for 3.006 =============================== */
SECStatus
EC_NewKey(ECParams *params, ECPrivateKey **privKey)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
@@ -1831,21 +1831,21 @@ void
SHA224_Clone(SHA224Context *dest, SHA224Context *src)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
return;
(vector->p_SHA224_Clone)(dest, src);
@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
}
PRBool
@ -818,20 +727,11 @@ diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
}
/* === new for DSA-2 === */
SECStatus
PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes,
PQGParams **pParams, PQGVerify **pVfy)
{
if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
--- a/lib/freebl/loader.h
+++ b/lib/freebl/loader.h
@@ -294,18 +294,18 @@ struct FREEBLVectorStr {
SECStatus (*p_AESKeyWrap_Decrypt)(AESKeyWrapContext *cx,
unsigned char *output,
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen);
Index: nss/lib/freebl/loader.h
===================================================================
--- nss.orig/lib/freebl/loader.h
+++ nss/lib/freebl/loader.h
@@ -299,8 +299,8 @@ struct FREEBLVectorStr {
/* Version 3.004 came to here */
@ -842,17 +742,7 @@ diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
/* Version 3.005 came to here */
SECStatus (*p_EC_NewKey)(ECParams *params,
ECPrivateKey **privKey);
SECStatus (*p_EC_NewKeyFromSeed)(ECParams *params,
ECPrivateKey **privKey,
@@ -551,17 +551,17 @@ struct FREEBLVectorStr {
SECStatus (*p_SHA224_HashBuf)(unsigned char *dest, const unsigned char *src,
PRUint32 src_length);
SECStatus (*p_SHA224_Hash)(unsigned char *dest, const char *src);
void (*p_SHA224_TraceState)(SHA224Context *cx);
unsigned int (*p_SHA224_FlattenSize)(SHA224Context *cx);
@@ -556,7 +556,7 @@ struct FREEBLVectorStr {
SECStatus (*p_SHA224_Flatten)(SHA224Context *cx, unsigned char *space);
SHA224Context *(*p_SHA224_Resurrect)(unsigned char *space, void *arg);
void (*p_SHA224_Clone)(SHA224Context *dest, SHA224Context *src);
@ -861,20 +751,11 @@ diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
/* Version 3.013 came to here */
SECStatus (*p_PQG_ParamGenV2)(unsigned int L, unsigned int N,
unsigned int seedBytes,
PQGParams **pParams, PQGVerify **pVfy);
SECStatus (*p_PRNGTEST_RunHealthTests)(void);
diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn
--- a/lib/freebl/manifest.mn
+++ b/lib/freebl/manifest.mn
@@ -92,16 +92,17 @@ PRIVATE_EXPORTS = \
chacha20poly1305.h \
hmacct.h \
secmpi.h \
secrng.h \
ec.h \
Index: nss/lib/freebl/manifest.mn
===================================================================
--- nss.orig/lib/freebl/manifest.mn
+++ nss/lib/freebl/manifest.mn
@@ -97,6 +97,7 @@ PRIVATE_EXPORTS = \
ecl.h \
ecl-curve.h \
eclt.h \
@ -882,17 +763,7 @@ diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn
$(NULL)
MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
MPI_SRCS = mpprime.c mpmontg.c mplogic.c mpi.c mp_gf2m.c
ECL_HDRS = ecl-exp.h ecl.h ecp.h ecl-priv.h
ECL_SRCS = ecl.c ecl_mult.c ecl_gf.c \
@@ -181,16 +182,17 @@ ALL_HDRS = \
rijndael.h \
camellia.h \
secmpi.h \
sha_fast.h \
sha256.h \
@@ -186,6 +187,7 @@ ALL_HDRS = \
shsign.h \
vis_proto.h \
seed.h \
@ -900,20 +771,11 @@ diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn
$(NULL)
ifdef AES_GEN_VAL
DEFINES += -DRIJNDAEL_GENERATE_VALUES
else
ifdef AES_GEN_VAL_M
DEFINES += -DRIJNDAEL_GENERATE_VALUES_MACRO
diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
--- a/lib/freebl/shvfy.c
+++ b/lib/freebl/shvfy.c
@@ -16,16 +16,18 @@
#include "stdio.h"
#include "prmem.h"
#include "hasht.h"
#include "pqg.h"
#include "blapii.h"
Index: nss/lib/freebl/shvfy.c
===================================================================
--- nss.orig/lib/freebl/shvfy.c
+++ nss/lib/freebl/shvfy.c
@@ -22,6 +22,8 @@
#ifndef NSS_FIPS_DISABLED
@ -922,17 +784,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
/*
* Most modern version of Linux support a speed optimization scheme where an
* application called prelink modifies programs and shared libraries to quickly
* load if they fit into an already designed address space. In short, prelink
* scans the list of programs and libraries on your system, assigns them a
* predefined space in the the address space, then provides the fixups to the
* library.
@@ -225,18 +227,16 @@ bl_CloseUnPrelink(PRFileDesc *file, int
PR_Close(file);
/* reap the child */
if (pid) {
waitpid(pid, NULL, 0);
}
@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int
}
#endif
@ -941,17 +793,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
static char *
mkCheckFileName(const char *libName)
{
int ln_len = PORT_Strlen(libName);
int index = ln_len + 1 - sizeof("." SHLIB_SUFFIX);
char *output = PORT_Alloc(ln_len + sizeof(SGN_SUFFIX));
if (!output) {
PORT_SetError(SEC_ERROR_NO_MEMORY);
@@ -281,52 +281,52 @@ readItem(PRFileDesc *fd, SECItem *item)
PORT_Free(item->data);
item->data = NULL;
item->len = 0;
return SECFailure;
}
@@ -287,19 +287,19 @@ readItem(PRFileDesc *fd, SECItem *item)
return SECSuccess;
}
@ -975,10 +817,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
loser:
if (shName != NULL) {
PR_Free(shName);
}
return result;
@@ -310,19 +310,19 @@ loser:
}
PRBool
@ -1003,17 +842,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
{
char *checkName = NULL;
PRFileDesc *checkFD = NULL;
PRFileDesc *shFD = NULL;
void *hashcx = NULL;
const SECHashObject *hashObj = NULL;
SECItem signature = { 0, NULL, 0 };
SECItem hash;
@@ -334,17 +334,17 @@ blapi_SHVerifyFile(const char *shName, P
SECStatus rv;
DSAPublicKey key;
int count;
#ifdef FREEBL_USE_PRELINK
int pid = 0;
@@ -340,7 +340,7 @@ blapi_SHVerifyFile(const char *shName, P
#endif
PRBool result = PR_FALSE; /* if anything goes wrong,
@ -1022,17 +851,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
unsigned char buf[4096];
unsigned char hashBuf[HASH_LENGTH_MAX];
PORT_Memset(&key, 0, sizeof(key));
hash.data = hashBuf;
hash.len = sizeof(hashBuf);
/* If our integrity check was never ran or failed, fail any other
@@ -361,24 +361,27 @@ blapi_SHVerifyFile(const char *shName, P
checkName = mkCheckFileName(shName);
if (!checkName) {
goto loser;
}
@@ -367,14 +367,17 @@ blapi_SHVerifyFile(const char *shName, P
/* open the check File */
checkFD = PR_Open(checkName, PR_RDONLY, 0);
if (checkFD == NULL) {
@ -1053,17 +872,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
bytesRead = PR_Read(checkFD, buf, 12);
if (bytesRead != 12) {
goto loser;
}
if ((buf[0] != NSS_SIGN_CHK_MAGIC1) || (buf[1] != NSS_SIGN_CHK_MAGIC2)) {
goto loser;
}
if ((buf[2] != NSS_SIGN_CHK_MAJOR_VERSION) ||
@@ -409,46 +412,47 @@ blapi_SHVerifyFile(const char *shName, P
rv = readItem(checkFD, &key.params.base);
if (rv != SECSuccess) {
goto loser;
}
rv = readItem(checkFD, &key.publicValue);
@@ -415,7 +418,8 @@ blapi_SHVerifyFile(const char *shName, P
if (rv != SECSuccess) {
goto loser;
}
@ -1073,14 +882,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
rv = readItem(checkFD, &signature);
if (rv != SECSuccess) {
goto loser;
}
/* done with the check file */
PR_Close(checkFD);
checkFD = NULL;
hashObj = HASH_GetRawHashObject(PQG_GetHashType(&key.params));
if (hashObj == NULL) {
@@ -430,7 +434,7 @@ blapi_SHVerifyFile(const char *shName, P
goto loser;
}
@ -1089,7 +891,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
#ifdef FREEBL_USE_PRELINK
shFD = bl_OpenUnPrelink(shName, &pid);
#else
shFD = PR_Open(shName, PR_RDONLY, 0);
@@ -438,13 +442,13 @@ blapi_SHVerifyFile(const char *shName, P
#endif
if (shFD == NULL) {
#ifdef DEBUG_SHVERIFY
@ -1106,17 +908,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
hashcx = hashObj->create();
if (hashcx == NULL) {
goto loser;
}
hashObj->begin(hashcx);
count = 0;
while ((bytesRead = PR_Read(shFD, buf, sizeof(buf))) > 0) {
@@ -523,26 +527,26 @@ loser:
if (key.publicValue.data != NULL) {
PORT_Free(key.publicValue.data);
}
return result;
@@ -531,7 +535,7 @@ loser:
}
PRBool
@ -1125,8 +917,7 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
{
if (name == NULL) {
/*
* If name is NULL, freebl is statically linked into softoken.
* softoken will call BLAPI_SHVerify next to verify itself.
@@ -540,7 +544,7 @@ BLAPI_VerifySelf(const char *name)
*/
return PR_TRUE;
}
@ -1135,15 +926,10 @@ diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
}
#else /* NSS_FIPS_DISABLED */
PRBool
BLAPI_SHVerifyFile(const char *shName)
{
return PR_FALSE;
diff --git a/lib/softoken/fips.c b/lib/softoken/fips.c
new file mode 100644
Index: nss/lib/softoken/fips.c
===================================================================
--- /dev/null
+++ b/lib/softoken/fips.c
+++ nss/lib/softoken/fips.c
@@ -0,0 +1,33 @@
+#include "../freebl/fips-selftest.inc"
+
@ -1178,10 +964,10 @@ new file mode 100644
+
+ return;
+}
diff --git a/lib/softoken/fips.h b/lib/softoken/fips.h
new file mode 100644
Index: nss/lib/softoken/fips.h
===================================================================
--- /dev/null
+++ b/lib/softoken/fips.h
+++ nss/lib/softoken/fips.h
@@ -0,0 +1,10 @@
+#ifndef FIPS_H
+#define FIPS_H
@ -1193,15 +979,11 @@ new file mode 100644
+
+#endif
+
diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
--- a/lib/softoken/fipstest.c
+++ b/lib/softoken/fipstest.c
@@ -677,39 +677,360 @@ sftk_fips_HKDF_PowerUpSelfTest(void)
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return (SECFailure);
}
#endif
Index: nss/lib/softoken/fipstest.c
===================================================================
--- nss.orig/lib/softoken/fipstest.c
+++ nss/lib/softoken/fipstest.c
@@ -682,6 +682,327 @@ sftk_fips_HKDF_PowerUpSelfTest(void)
return (SECSuccess);
}
@ -1529,11 +1311,7 @@ diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
static PRBool sftk_self_tests_ran = PR_FALSE;
static PRBool sftk_self_tests_success = PR_FALSE;
/*
* This function is called at dll load time, the code tha makes this
* happen is platform specific on defined above.
*/
static void
@@ -693,7 +1014,6 @@ static void
sftk_startup_tests(void)
{
SECStatus rv;
@ -1541,11 +1319,7 @@ diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
PORT_Assert(!sftk_self_tests_ran);
PORT_Assert(!sftk_self_tests_success);
sftk_self_tests_ran = PR_TRUE;
sftk_self_tests_success = PR_FALSE; /* just in case */
/* need to initiallize the oid library before the RSA tests */
rv = SECOID_Init();
@@ -705,6 +1025,7 @@ sftk_startup_tests(void)
if (rv != SECSuccess) {
return;
}
@ -1553,17 +1327,7 @@ diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
/* make sure freebl is initialized, or our RSA check
* may fail. This is normally done at freebl load time, but it's
* possible we may have shut freebl down without unloading it. */
rv = BL_Init();
if (rv != SECSuccess) {
return;
}
@@ -717,22 +1038,31 @@ sftk_startup_tests(void)
if (rv != SECSuccess) {
return;
}
/* check the RSA combined functions in softoken */
rv = sftk_fips_RSA_PowerUpSelfTest();
@@ -722,12 +1043,21 @@ sftk_startup_tests(void)
if (rv != SECSuccess) {
return;
}
@ -1589,17 +1353,7 @@ diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
rv = sftk_fips_IKE_PowerUpSelfTests();
if (rv != SECSuccess) {
return;
}
rv = sftk_fips_SP800_108_PowerUpSelfTests();
if (rv != SECSuccess) {
return;
@@ -754,27 +1084,21 @@ sftk_startup_tests(void)
/*
* this is called from nsc_Common_Initizialize entry points that gates access
* to * all other pkcs11 functions. This prevents softoken operation if our
* power on selftest failed.
*/
@@ -759,17 +1089,11 @@ sftk_startup_tests(void)
CK_RV
sftk_FIPSEntryOK()
{
@ -1619,15 +1373,10 @@ diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
if (!sftk_self_tests_success) {
return CKR_DEVICE_ERROR;
}
return CKR_OK;
}
#else
#include "pkcs11t.h"
CK_RV
diff --git a/lib/softoken/legacydb/fips.c b/lib/softoken/legacydb/fips.c
new file mode 100644
Index: nss/lib/softoken/legacydb/fips.c
===================================================================
--- /dev/null
+++ b/lib/softoken/legacydb/fips.c
+++ nss/lib/softoken/legacydb/fips.c
@@ -0,0 +1,25 @@
+#include "../../freebl/fips-selftest.inc"
+
@ -1654,25 +1403,21 @@ new file mode 100644
+
+/*** public per-module symbols ***/
+
diff --git a/lib/softoken/legacydb/fips.h b/lib/softoken/legacydb/fips.h
new file mode 100644
Index: nss/lib/softoken/legacydb/fips.h
===================================================================
--- /dev/null
+++ b/lib/softoken/legacydb/fips.h
+++ nss/lib/softoken/legacydb/fips.h
@@ -0,0 +1,5 @@
+#ifndef FIPS_H
+#define FIPS_H
+
+#endif
+
diff --git a/lib/softoken/legacydb/lgfips.c b/lib/softoken/legacydb/lgfips.c
--- a/lib/softoken/legacydb/lgfips.c
+++ b/lib/softoken/legacydb/lgfips.c
@@ -85,17 +85,17 @@ lg_startup_tests(void)
PORT_Assert(!lg_self_tests_ran);
PORT_Assert(!lg_self_tests_success);
lg_self_tests_ran = PR_TRUE;
lg_self_tests_success = PR_FALSE; /* just in case */
Index: nss/lib/softoken/legacydb/lgfips.c
===================================================================
--- nss.orig/lib/softoken/legacydb/lgfips.c
+++ nss/lib/softoken/legacydb/lgfips.c
@@ -90,7 +90,7 @@ lg_startup_tests(void)
/* no self tests required for the legacy db, only the integrity check */
/* check the integrity of our shared library */
@ -1681,20 +1426,11 @@ diff --git a/lib/softoken/legacydb/lgfips.c b/lib/softoken/legacydb/lgfips.c
/* something is wrong with the library, fail without enabling
* the fips token */
return;
}
/* FIPS product has been installed and is functioning, allow
* the module to operate in fips mode */
lg_self_tests_success = PR_TRUE;
}
diff --git a/lib/softoken/legacydb/manifest.mn b/lib/softoken/legacydb/manifest.mn
--- a/lib/softoken/legacydb/manifest.mn
+++ b/lib/softoken/legacydb/manifest.mn
@@ -7,26 +7,27 @@ CORE_DEPTH = ../../..
MODULE = nss
REQUIRES = dbm
LIBRARY_NAME = nssdbm
Index: nss/lib/softoken/legacydb/manifest.mn
===================================================================
--- nss.orig/lib/softoken/legacydb/manifest.mn
+++ nss/lib/softoken/legacydb/manifest.mn
@@ -12,7 +12,7 @@ LIBRARY_NAME = nssdbm
LIBRARY_VERSION = 3
MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def
@ -1703,30 +1439,18 @@ diff --git a/lib/softoken/legacydb/manifest.mn b/lib/softoken/legacydb/manifest.
CSRCS = \
dbmshim.c \
keydb.c \
lgattr.c \
lgcreate.c \
lgdestroy.c \
lgfind.c \
lgfips.c \
lginit.c \
lgutil.c \
lowcert.c \
@@ -28,5 +28,6 @@ CSRCS = \
lowkey.c \
pcertdb.c \
pk11db.c \
+ fips.c \
$(NULL)
diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn
--- a/lib/softoken/manifest.mn
+++ b/lib/softoken/manifest.mn
@@ -26,16 +26,17 @@ EXPORTS = \
PRIVATE_EXPORTS = \
pkcs11ni.h \
softoken.h \
softoknt.h \
Index: nss/lib/softoken/manifest.mn
===================================================================
--- nss.orig/lib/softoken/manifest.mn
+++ nss/lib/softoken/manifest.mn
@@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \
softkver.h \
sdb.h \
sftkdbt.h \
@ -1734,17 +1458,7 @@ diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn
$(NULL)
CSRCS = \
fipsaudt.c \
fipstest.c \
fipstokn.c \
kbkdf.c \
lowkey.c \
@@ -50,16 +51,17 @@ CSRCS = \
sftkhmac.c \
sftkike.c \
sftkmessage.c \
sftkpars.c \
sftkpwd.c \
@@ -55,6 +56,7 @@ CSRCS = \
softkver.c \
tlsprf.c \
jpakesftk.c \
@ -1752,8 +1466,3 @@ diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn
$(NULL)
ifndef NSS_DISABLE_DBM
PRIVATE_EXPORTS += lgglue.h
CSRCS += lgglue.c
endif
ifdef SQLITE_UNSAFE_THREADS

View File

@ -11,10 +11,11 @@ From b88701933a284ba8640df66b954c04d36ee592c9 Mon Sep 17 00:00:00 2001
nss/lib/freebl/fipsfreebl.c | 143 +++++++++++++++++++++++++++-----------------
2 files changed, 90 insertions(+), 55 deletions(-)
diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c
--- a/lib/freebl/dsa.c
+++ b/lib/freebl/dsa.c
@@ -533,7 +533,7 @@
Index: nss/lib/freebl/dsa.c
===================================================================
--- nss.orig/lib/freebl/dsa.c
+++ nss/lib/freebl/dsa.c
@@ -536,7 +536,7 @@ DSA_SignDigest(DSAPrivateKey *key, SECIt
return rv;
}
@ -23,10 +24,11 @@ diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c
SECStatus
DSA_SignDigestWithSeed(DSAPrivateKey *key,
SECItem *signature,
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
--- a/lib/freebl/fipsfreebl.c
+++ b/lib/freebl/fipsfreebl.c
@@ -124,11 +124,11 @@
Index: nss/lib/freebl/fipsfreebl.c
===================================================================
--- nss.orig/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -126,11 +126,11 @@ BOOL WINAPI DllMain(
/* FIPS preprocessor directives for DSA. */
#define FIPS_DSA_TYPE siBuffer
@ -43,7 +45,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
/* FIPS preprocessor directives for RNG. */
#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
@@ -1445,70 +1445,105 @@
@@ -1669,70 +1669,105 @@ freebl_fips_EC_PowerUpSelfTest()
static SECStatus
freebl_fips_DSA_PowerUpSelfTest(void)
{
@ -197,7 +199,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
};
/* DSA variables. */
@@ -1550,7 +1585,7 @@
@@ -1774,7 +1809,7 @@ freebl_fips_DSA_PowerUpSelfTest(void)
dsa_signature_item.len = sizeof dsa_computed_signature;
dsa_digest_item.data = (unsigned char *)dsa_known_digest;

View File

@ -10,10 +10,11 @@ From 41dd171b242b0cb550d12760da110db7e2c21daf Mon Sep 17 00:00:00 2001
nss/lib/freebl/gcm.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff -r f5cf5d16deb6 -r 5396ffb26887 lib/freebl/gcm.c
--- a/lib/freebl/gcm.c Wed Nov 20 08:23:35 2019 +0100
+++ b/lib/freebl/gcm.c Wed Nov 20 08:25:39 2019 +0100
@@ -532,8 +532,14 @@
Index: nss/lib/freebl/gcm.c
===================================================================
--- nss.orig/lib/freebl/gcm.c
+++ nss/lib/freebl/gcm.c
@@ -532,8 +532,14 @@ struct GCMContextStr {
unsigned char tagKey[MAX_BLOCK_SIZE];
PRBool ctr_context_init;
gcmIVContext gcm_iv;
@ -28,7 +29,7 @@ diff -r f5cf5d16deb6 -r 5396ffb26887 lib/freebl/gcm.c
SECStatus gcm_InitCounter(GCMContext *gcm, const unsigned char *iv,
unsigned int ivLen, unsigned int tagBits,
const unsigned char *aad, unsigned int aadLen);
@@ -669,6 +675,8 @@
@@ -673,6 +679,8 @@ gcm_InitCounter(GCMContext *gcm, const u
goto loser;
}
@ -37,7 +38,7 @@ diff -r f5cf5d16deb6 -r 5396ffb26887 lib/freebl/gcm.c
/* finally mix in the AAD data */
rv = gcmHash_Reset(ghash, aad, aadLen);
if (rv != SECSuccess) {
@@ -766,6 +774,13 @@
@@ -774,6 +782,13 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
return SECFailure;
}
@ -51,7 +52,7 @@ diff -r f5cf5d16deb6 -r 5396ffb26887 lib/freebl/gcm.c
tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE;
if (UINT_MAX - inlen < tagBytes) {
PORT_SetError(SEC_ERROR_INPUT_LEN);
@@ -794,6 +809,7 @@
@@ -802,6 +817,7 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig
*outlen = 0;
return SECFailure;
};

View File

@ -10,10 +10,11 @@ From 2a162c34b7aad7399f33069cd9930fd92714861c Mon Sep 17 00:00:00 2001
nss/lib/softoken/pkcs11c.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -4730,8 +4730,8 @@
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -4822,8 +4822,8 @@ loser:
return crv;
}
@ -24,7 +25,7 @@ diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
@@ -5591,6 +5591,7 @@
@@ -5771,6 +5771,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}

View File

@ -13,10 +13,11 @@ From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001
nss/lib/softoken/pkcs11c.c | 4 +--
4 files changed, 90 insertions(+), 23 deletions(-)
diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
--- a/lib/freebl/md5.c
+++ b/lib/freebl/md5.c
@@ -217,13 +217,11 @@
Index: nss/lib/freebl/md5.c
===================================================================
--- nss.orig/lib/freebl/md5.c
+++ nss/lib/freebl/md5.c
@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const u
}
MD5Context *
@ -31,7 +32,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
@@ -232,6 +230,13 @@
@@ -232,6 +230,13 @@ MD5_NewContext(void)
return cx;
}
@ -45,7 +46,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
@@ -243,10 +248,8 @@
@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
}
void
@ -57,7 +58,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
cx->lsbInput = 0;
cx->msbInput = 0;
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
@@ -256,6 +259,13 @@
@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx)
cx->cv[3] = CV0_4;
}
@ -71,7 +72,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
#if defined(SOLARIS) || defined(HPUX)
@@ -431,14 +441,12 @@
@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUin
}
void
@ -87,7 +88,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
/* Add the number of input bytes to the 64-bit input counter. */
addto64(cx->msbInput, cx->lsbInput, inputLen);
if (inBufIndex) {
@@ -487,6 +495,13 @@
@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigne
memcpy(cx->inBuf, input, inputLen);
}
@ -101,7 +102,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
static const unsigned char padbytes[] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -503,8 +518,8 @@
@@ -503,8 +518,8 @@ static const unsigned char padbytes[] =
};
void
@ -112,7 +113,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
{
#ifndef IS_LITTLE_ENDIAN
PRUint32 tmp;
@@ -512,8 +527,6 @@
@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *d
PRUint32 lowInput, highInput;
PRUint32 inBufIndex = cx->lsbInput & 63;
@ -121,7 +122,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -525,10 +538,10 @@
@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *d
lowInput <<= 3;
if (inBufIndex < MD5_END_BUFFER) {
@ -135,7 +136,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
}
/* Store the number of bytes input (before padding) in final 64 bits. */
@@ -554,16 +567,22 @@
@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *d
}
void
@ -162,7 +163,7 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -581,6 +600,14 @@
@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char
*digestLen = MD5_HASH_LEN;
}
@ -177,10 +178,11 @@ diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c
unsigned int
MD5_FlattenSize(MD5Context *cx)
{
diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c
--- a/lib/freebl/rawhash.c
+++ b/lib/freebl/rawhash.c
@@ -154,3 +154,40 @@
Index: nss/lib/freebl/rawhash.c
===================================================================
--- nss.orig/lib/freebl/rawhash.c
+++ nss/lib/freebl/rawhash.c
@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hash
}
return &SECRawHashObjects[hashType];
}
@ -221,9 +223,10 @@ diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c
+
+ return &SECRawHashObjects[hashType];
+}
diff --git a/lib/freebl/tlsprfalg.c b/lib/freebl/tlsprfalg.c
--- a/lib/freebl/tlsprfalg.c
+++ b/lib/freebl/tlsprfalg.c
Index: nss/lib/freebl/tlsprfalg.c
===================================================================
--- nss.orig/lib/freebl/tlsprfalg.c
+++ nss/lib/freebl/tlsprfalg.c
@@ -12,6 +12,9 @@
#include "hasht.h"
#include "alghmac.h"
@ -234,7 +237,7 @@ diff --git a/lib/freebl/tlsprfalg.c b/lib/freebl/tlsprfalg.c
#define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX
/* TLS P_hash function */
@@ -27,7 +30,7 @@
@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const
SECStatus status;
HMACContext *cx;
SECStatus rv = SECFailure;
@ -243,10 +246,11 @@ diff --git a/lib/freebl/tlsprfalg.c b/lib/freebl/tlsprfalg.c
PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
PORT_Assert((seed != NULL) && (seed->data != NULL));
diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
--- a/lib/softoken/pkcs11c.c
+++ b/lib/softoken/pkcs11c.c
@@ -6953,7 +6953,7 @@
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -7158,7 +7158,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
SFTKAttribute *att2 = NULL;
unsigned char *buf;
SHA1Context *sha;
@ -255,7 +259,7 @@ diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c
MD2Context *md2;
CK_ULONG macSize;
CK_ULONG tmpKeySize;
@@ -7484,7 +7484,7 @@
@@ -7698,7 +7698,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
}
sftk_FreeAttribute(att2);
md5 = MD5_NewContext();

View File

@ -8,10 +8,11 @@ commit c2a88344b616c75b1873fb163491d7362a4c3e5b
Author: Hans Petter Jansson <hpj@cl.no>
11
diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk
--- a/coreconf/Linux.mk
+++ b/coreconf/Linux.mk
@@ -184,6 +184,18 @@
Index: nss/coreconf/Linux.mk
===================================================================
--- nss.orig/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -189,6 +189,18 @@ DSO_LDOPTS+=-Wl,-z,relro
LDFLAGS += -Wl,-z,relro
endif
@ -30,9 +31,10 @@ diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk
USE_SYSTEM_ZLIB = 1
ZLIB_LIBS = -lz
diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
--- a/lib/freebl/unix_rand.c
+++ b/lib/freebl/unix_rand.c
Index: nss/lib/freebl/unix_rand.c
===================================================================
--- nss.orig/lib/freebl/unix_rand.c
+++ nss/lib/freebl/unix_rand.c
@@ -13,6 +13,10 @@
#include <sys/wait.h>
#include <sys/stat.h>
@ -88,7 +90,7 @@ diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
size_t RNG_FileUpdate(const char *fileName, size_t limit);
/*
@@ -862,6 +903,26 @@
@@ -862,6 +903,26 @@ ReadFileOK(char *dir, char *file)
size_t
RNG_SystemRNG(void *dest, size_t maxLen)
{
@ -115,7 +117,7 @@ diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c
FILE *file;
int fd;
int bytes;
@@ -895,4 +956,5 @@
@@ -895,4 +956,5 @@ RNG_SystemRNG(void *dest, size_t maxLen)
fileBytes = 0;
}
return fileBytes;

View File

@ -14,10 +14,11 @@ From 76da775313bd40a1353a9d2f6cc43ebe1a287574 Mon Sep 17 00:00:00 2001
nss/lib/freebl/gcm.c | 45 +++++++++++++++++++++++++++++++++----
5 files changed, 58 insertions(+), 12 deletions(-)
diff --git a/lib/freebl/aeskeywrap.c b/lib/freebl/aeskeywrap.c
--- a/lib/freebl/aeskeywrap.c
+++ b/lib/freebl/aeskeywrap.c
@@ -102,6 +102,7 @@
Index: nss/lib/freebl/aeskeywrap.c
===================================================================
--- nss.orig/lib/freebl/aeskeywrap.c
+++ nss/lib/freebl/aeskeywrap.c
@@ -102,6 +102,7 @@ AESKeyWrap_DestroyContext(AESKeyWrapCont
{
if (cx) {
AES_DestroyContext(&cx->aescx, PR_FALSE);
@ -25,10 +26,11 @@ diff --git a/lib/freebl/aeskeywrap.c b/lib/freebl/aeskeywrap.c
/* memset(cx, 0, sizeof *cx); */
if (freeit) {
PORT_Free(cx->mem);
diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
--- a/lib/freebl/cts.c
+++ b/lib/freebl/cts.c
@@ -37,6 +37,7 @@
Index: nss/lib/freebl/cts.c
===================================================================
--- nss.orig/lib/freebl/cts.c
+++ nss/lib/freebl/cts.c
@@ -37,6 +37,7 @@ CTS_CreateContext(void *context, freeblC
void
CTS_DestroyContext(CTSContext *cts, PRBool freeit)
{
@ -36,7 +38,7 @@ diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
if (freeit) {
PORT_Free(cts);
}
@@ -135,7 +136,7 @@
@@ -135,7 +136,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsig
PORT_Memset(lastBlock + inlen, 0, blocksize - inlen);
rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock,
blocksize, blocksize);
@ -45,7 +47,7 @@ diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
if (rv == SECSuccess) {
*outlen = written + blocksize;
} else {
@@ -230,13 +231,15 @@
@@ -230,13 +231,15 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf,
fullblocks, blocksize);
if (rv != SECSuccess) {
@ -63,7 +65,7 @@ diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
}
outbuf += fullblocks;
@@ -280,9 +283,9 @@
@@ -280,9 +283,9 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock,
blocksize, blocksize);
if (rv != SECSuccess) {
@ -75,7 +77,7 @@ diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
}
/* make up for the out of order CBC decryption */
XOR_BLOCK(Pn, Cn_2, blocksize);
@@ -297,7 +300,8 @@
@@ -297,7 +300,8 @@ CTS_DecryptUpdate(CTSContext *cts, unsig
/* clear last block. At this point last block contains Pn xor Cn_1 xor
* Cn_2, both of with an attacker would know, so we need to clear this
* buffer out */
@ -86,10 +88,11 @@ diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c
- return SECSuccess;
+ return rv;
}
diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
--- a/lib/freebl/dh.c
+++ b/lib/freebl/dh.c
@@ -192,6 +192,10 @@
Index: nss/lib/freebl/dh.c
===================================================================
--- nss.orig/lib/freebl/dh.c
+++ nss/lib/freebl/dh.c
@@ -193,6 +193,10 @@ cleanup:
rv = SECFailure;
}
if (rv) {
@ -100,10 +103,11 @@ diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c
*privKey = NULL;
PORT_FreeArena(arena, PR_TRUE);
}
diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c
--- a/lib/freebl/ec.c
+++ b/lib/freebl/ec.c
@@ -958,7 +958,7 @@
Index: nss/lib/freebl/ec.c
===================================================================
--- nss.orig/lib/freebl/ec.c
+++ nss/lib/freebl/ec.c
@@ -943,7 +943,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, con
ECParams *ecParams = NULL;
SECItem pointC = { siBuffer, NULL, 0 };
int slen; /* length in bytes of a half signature (r or s) */
@ -112,10 +116,11 @@ diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c
unsigned olen; /* length in bytes of the base point order */
unsigned obits; /* length in bits of the base point order */
diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
--- a/lib/freebl/gcm.c
+++ b/lib/freebl/gcm.c
@@ -162,6 +162,9 @@
Index: nss/lib/freebl/gcm.c
===================================================================
--- nss.orig/lib/freebl/gcm.c
+++ nss/lib/freebl/gcm.c
@@ -162,6 +162,9 @@ bmul(uint64_t x, uint64_t y, uint64_t *r
*r_high = (uint64_t)(r >> 64);
*r_low = (uint64_t)r;
@ -125,7 +130,7 @@ diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
}
SECStatus
@@ -200,6 +203,12 @@
@@ -200,6 +203,12 @@ gcm_HashMult_sftw(gcmHashContext *ghash,
}
ghash->x_low = ci_low;
ghash->x_high = ci_high;
@ -138,7 +143,7 @@ diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
return SECSuccess;
}
#else
@@ -239,6 +248,10 @@
@@ -239,6 +248,10 @@ bmul32(uint32_t x, uint32_t y, uint32_t
z = z0 | z1 | z2 | z3;
*r_high = (uint32_t)(z >> 32);
*r_low = (uint32_t)z;
@ -149,7 +154,7 @@ diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
}
SECStatus
@@ -324,6 +337,20 @@
@@ -324,6 +337,20 @@ gcm_HashMult_sftw32(gcmHashContext *ghas
ghash->x_high = z_high_h;
ghash->x_low = z_high_l;
}
@ -170,7 +175,7 @@ diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
return SECSuccess;
}
#endif /* HAVE_INT128_SUPPORT */
@@ -859,11 +886,13 @@
@@ -867,11 +894,13 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig
/* verify the block */
rv = gcmHash_Update(gcm->ghash_context, inbuf, inlen);
if (rv != SECSuccess) {
@ -186,7 +191,7 @@ diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c
}
/* Don't decrypt if we can't authenticate the encrypted data!
* This assumes that if tagBits is not a multiple of 8, intag will
@@ -871,10 +900,18 @@
@@ -879,10 +908,18 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig
if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) {
/* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */
PORT_SetError(SEC_ERROR_BAD_DATA);

View File

@ -1,8 +1,8 @@
diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk
index 956f0e4..b3a352a 100644
--- a/coreconf/Linux.mk
+++ b/coreconf/Linux.mk
@@ -108,11 +108,7 @@ LIBC_TAG = _glibc
Index: nss/coreconf/Linux.mk
===================================================================
--- nss.orig/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -113,11 +113,7 @@ LIBC_TAG = _glibc
endif
ifdef BUILD_OPT