Accepting request 1096951 from mozilla:Factory
- update to NSS 3.90 * bmo#1623338 - ride along: remove a duplicated doc page * bmo#1623338 - remove a reference to IRC * bmo#1831983 - clang-format lib/freebl/stubs.c * bmo#1831983 - Add a constant time select function * bmo#1774657 - Updating an old dbm with lots of certs with keys to sql results in a database that is slow to access. * bmo#1830973 - output early build errors by default * bmo#1804505 - Update the technical constraints for KamuSM * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates * bmo#1790763 - Enable default UBSan Checks * bmo#1786018 - Add explicit handling of zero length records * bmo#1829391 - Tidy up DTLS ACK Error Handling Path * bmo#1786018 - Refactor zero length record tests * bmo#1829112 - Fix compiler warning via correct assert * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths larger than the output size of the hash function used, or provide an indicator * bmo#1784163 - Fix reading raw negative numbers * bmo#1748237 - Repairing unreachable code in clang built with gyp * bmo#1783647 - Integrate Vale Curve25519 * bmo#1799468 - Removing unused flags for Hacl* * bmo#1748237 - Adding a better error message * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6 * bmo#1782980 - Fall back to the softokn when writing certificate trust * bmo#1806010 - FIPS-104-3 requires we restart post programmatically * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13 * bmo#1818766 - Update ACVP dockerfile for compatibility with debian package changes OBS-URL: https://build.opensuse.org/request/show/1096951 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=204
This commit is contained in:
commit
055490c69a
@ -1,3 +1,57 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 4 08:20:31 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
|
||||
|
||||
- update to NSS 3.90
|
||||
* bmo#1623338 - ride along: remove a duplicated doc page
|
||||
* bmo#1623338 - remove a reference to IRC
|
||||
* bmo#1831983 - clang-format lib/freebl/stubs.c
|
||||
* bmo#1831983 - Add a constant time select function
|
||||
* bmo#1774657 - Updating an old dbm with lots of certs with keys to
|
||||
sql results in a database that is slow to access.
|
||||
* bmo#1830973 - output early build errors by default
|
||||
* bmo#1804505 - Update the technical constraints for KamuSM
|
||||
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
|
||||
* bmo#1790763 - Enable default UBSan Checks
|
||||
* bmo#1786018 - Add explicit handling of zero length records
|
||||
* bmo#1829391 - Tidy up DTLS ACK Error Handling Path
|
||||
* bmo#1786018 - Refactor zero length record tests
|
||||
* bmo#1829112 - Fix compiler warning via correct assert
|
||||
* bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
|
||||
* bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths
|
||||
larger than the output size of the hash function used,
|
||||
or provide an indicator
|
||||
* bmo#1784163 - Fix reading raw negative numbers
|
||||
* bmo#1748237 - Repairing unreachable code in clang built with gyp
|
||||
* bmo#1783647 - Integrate Vale Curve25519
|
||||
* bmo#1799468 - Removing unused flags for Hacl*
|
||||
* bmo#1748237 - Adding a better error message
|
||||
* bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
|
||||
* bmo#1782980 - Fall back to the softokn when writing certificate trust
|
||||
* bmo#1806010 - FIPS-104-3 requires we restart post programmatically
|
||||
* bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
|
||||
* bmo#1818766 - Update ACVP dockerfile for compatibility with debian
|
||||
package changes
|
||||
* bmo#1815796 - Add a CI task for tracking ECCKiila code status, update
|
||||
whitespace in ECCKiila files
|
||||
* bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
|
||||
* bmo#1822076 - fix rst warnings in nss doc
|
||||
* bmo#1821997 - Fix incorrect pygment style
|
||||
* bmo#1821292 - Change GYP directive to apply across platforms
|
||||
* Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
|
||||
- add nss-fix-bmo1836925.patch to fix build-errors
|
||||
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
|
||||
the workaround in FIPS mode (bsc#1200325)
|
||||
- Remove nss-fips-tests-skip.patch. This is no longer needed since
|
||||
we removed the code to short-circuit broken hashes and moved to
|
||||
using the SLI
|
||||
- Add nss-allow-slow-tests.patch, which allows a timed test to run
|
||||
longer than 1s. This avoids turning slow builds into broken builds
|
||||
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
|
||||
entropy. This is disabled until we can avoid the inline assembler
|
||||
in the latter's header file that relies on GNU extensions
|
||||
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
|
||||
checks
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jun 9 10:41:35 UTC 2023 - Pedro Monreal <pmonreal@suse.com>
|
||||
|
||||
|
@ -17,14 +17,14 @@
|
||||
#
|
||||
|
||||
|
||||
%global nss_softokn_fips_version 3.89
|
||||
%global nss_softokn_fips_version 3.90
|
||||
%define NSPR_min_version 4.35
|
||||
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
|
||||
%define nssdbdir %{_sysconfdir}/pki/nssdb
|
||||
Name: mozilla-nss
|
||||
Version: 3.89.1
|
||||
Version: 3.90
|
||||
Release: 0
|
||||
%define underscore_version 3_89_1
|
||||
%define underscore_version 3_90
|
||||
Summary: Network Security Services
|
||||
License: MPL-2.0
|
||||
Group: System/Libraries
|
||||
@ -65,7 +65,6 @@ Patch19: nss-fips-cavs-dsa-fixes.patch
|
||||
Patch20: nss-fips-cavs-rsa-fixes.patch
|
||||
Patch21: nss-fips-approved-crypto-non-ec.patch
|
||||
Patch22: nss-fips-zeroization.patch
|
||||
Patch23: nss-fips-tls-allow-md5-prf.patch
|
||||
Patch24: nss-fips-use-strong-random-pool.patch
|
||||
Patch25: nss-fips-detect-fips-mode-fixes.patch
|
||||
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
|
||||
@ -74,8 +73,11 @@ Patch37: nss-fips-fix-missing-nspr.patch
|
||||
Patch38: nss-fips-stricter-dh.patch
|
||||
Patch40: nss-fips-180-3-csp-clearing.patch
|
||||
Patch41: nss-fips-pbkdf-kat-compliance.patch
|
||||
Patch42: nss-fips-tests-skip.patch
|
||||
Patch44: nss-fips-tests-enable-fips.patch
|
||||
Patch45: nss-fips-drbg-libjitter.patch
|
||||
Patch46: nss-allow-slow-tests.patch
|
||||
Patch47: nss-fips-pct-pubkeys.patch
|
||||
Patch48: nss-fix-bmo1836925.patch
|
||||
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
|
||||
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
|
||||
BuildRequires: gcc9-c++
|
||||
@ -86,6 +88,12 @@ BuildRequires: pkgconfig
|
||||
BuildRequires: pkgconfig(nspr) >= %{NSPR_min_version}
|
||||
BuildRequires: pkgconfig(sqlite3)
|
||||
BuildRequires: pkgconfig(zlib)
|
||||
%if 0%{?sle_version} >= 150400
|
||||
BuildRequires: jitterentropy-devel
|
||||
# Libjitter needs to be present before AND after the install
|
||||
Requires(pre): libjitterentropy3
|
||||
Requires: libjitterentropy3
|
||||
%endif
|
||||
Requires: libfreebl3 >= %{nss_softokn_fips_version}
|
||||
Requires: libsoftokn3 >= %{nss_softokn_fips_version}
|
||||
Requires: mozilla-nspr >= %{NSPR_min_version}
|
||||
@ -209,7 +217,6 @@ cd nss
|
||||
%patch20 -p1
|
||||
%patch21 -p1
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
@ -218,8 +225,14 @@ cd nss
|
||||
%patch38 -p1
|
||||
%patch40 -p1
|
||||
%patch41 -p1
|
||||
%patch42 -p1
|
||||
%patch44 -p1
|
||||
# Libjitter only for SLE15 SP4+
|
||||
%if 0%{?sle_version} >= 150400
|
||||
%patch45 -p1
|
||||
%endif
|
||||
%patch46 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1
|
||||
|
||||
# additional CA certificates
|
||||
#cd security/nss/lib/ckfw/builtins
|
||||
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:3adaedb9e70c3c5f40603bf60a01e336190a6dbe01929d395f16b01fe84a0156
|
||||
size 71624456
|
BIN
nss-3.90.tar.gz
(Stored with Git LFS)
Normal file
BIN
nss-3.90.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
28
nss-allow-slow-tests.patch
Normal file
28
nss-allow-slow-tests.patch
Normal file
@ -0,0 +1,28 @@
|
||||
Index: nss/tests/sdr/sdr.sh
|
||||
===================================================================
|
||||
--- nss.orig/tests/sdr/sdr.sh
|
||||
+++ nss/tests/sdr/sdr.sh
|
||||
@@ -146,7 +146,8 @@ sdr_main()
|
||||
RARRAY=($dtime)
|
||||
TIMEARRAY=(${RARRAY[1]//./ })
|
||||
echo "${TIMEARRAY[0]} seconds"
|
||||
- html_msg ${TIMEARRAY[0]} 0 "pwdecrypt no time regression"
|
||||
+ # Suse 2022-10-04: Need more time for slow build servers
|
||||
+ html_msg $(( ${TIMEARRAY[0]} >= 5 )) 0 "pwdecrypt no time regression"
|
||||
export NSS_MAX_MP_PBE_ITERATION_COUNT=$OLD_MAX_PBE_ITERATIONS
|
||||
}
|
||||
|
||||
Index: nss/tests/dbtests/dbtests.sh
|
||||
===================================================================
|
||||
--- nss.orig/tests/dbtests/dbtests.sh
|
||||
+++ nss/tests/dbtests/dbtests.sh
|
||||
@@ -366,7 +366,8 @@ dbtest_main()
|
||||
RARRAY=($dtime)
|
||||
TIMEARRAY=(${RARRAY[1]//./ })
|
||||
echo "${TIMEARRAY[0]} seconds"
|
||||
- test ${TIMEARRAY[0]} -lt 2
|
||||
+ # Was 2, but that is too small for OBS-workers.
|
||||
+ test ${TIMEARRAY[0]} -lt 6
|
||||
ret=$?
|
||||
html_msg ${ret} 0 "certutil dump keys with explicit default trust flags"
|
||||
fi
|
@ -16,7 +16,7 @@ Index: nss/lib/softoken/sftkdb.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/sftkdb.c
|
||||
+++ nss/lib/softoken/sftkdb.c
|
||||
@@ -1506,7 +1506,7 @@ loser:
|
||||
@@ -1538,7 +1538,7 @@ loser:
|
||||
PORT_ZFree(data, dataSize);
|
||||
}
|
||||
if (arena) {
|
||||
|
@ -87,62 +87,17 @@ Index: nss/lib/freebl/arcfour.c
|
||||
|
||||
/* Architecture-dependent defines */
|
||||
|
||||
@@ -108,6 +109,7 @@ static const Stype Kinit[256] = {
|
||||
RC4Context *
|
||||
RC4_AllocateContext(void)
|
||||
{
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
return PORT_ZNew(RC4Context);
|
||||
}
|
||||
|
||||
@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const un
|
||||
PRUint8 K[256];
|
||||
PRUint8 *L;
|
||||
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
+
|
||||
/* verify the key length. */
|
||||
PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
|
||||
if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
|
||||
@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const un
|
||||
@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un
|
||||
RC4Context *
|
||||
RC4_CreateContext(const unsigned char *key, int len)
|
||||
{
|
||||
- RC4Context *cx = RC4_AllocateContext();
|
||||
+ RC4Context *cx;
|
||||
+
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
+
|
||||
+ cx = RC4_AllocateContext();
|
||||
if (cx) {
|
||||
SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
|
||||
if (rv != SECSuccess) {
|
||||
@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *k
|
||||
void
|
||||
RC4_DestroyContext(RC4Context *cx, PRBool freeit)
|
||||
{
|
||||
+ IN_FIPS_RETURN();
|
||||
if (freeit)
|
||||
PORT_ZFree(cx, sizeof(*cx));
|
||||
}
|
||||
@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned cha
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen)
|
||||
{
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
+
|
||||
PORT_Assert(maxOutputLen >= inputLen);
|
||||
if (maxOutputLen < inputLen) {
|
||||
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
||||
@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned cha
|
||||
unsigned int *outputLen, unsigned int maxOutputLen,
|
||||
const unsigned char *input, unsigned int inputLen)
|
||||
{
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
+
|
||||
PORT_Assert(maxOutputLen >= inputLen);
|
||||
if (maxOutputLen < inputLen) {
|
||||
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
|
||||
Index: nss/lib/freebl/deprecated/seed.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/deprecated/seed.c
|
||||
@ -293,56 +248,32 @@ Index: nss/lib/freebl/md2.c
|
||||
#define MD2_DIGEST_LEN 16
|
||||
#define MD2_BUFSIZE 16
|
||||
#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
|
||||
@@ -66,7 +68,11 @@ SECStatus
|
||||
@@ -66,7 +68,9 @@ SECStatus
|
||||
MD2_Hash(unsigned char *dest, const char *src)
|
||||
{
|
||||
unsigned int len;
|
||||
- MD2Context *cx = MD2_NewContext();
|
||||
+ MD2Context *cx;
|
||||
+
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
+
|
||||
+ cx = MD2_NewContext();
|
||||
if (!cx) {
|
||||
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
|
||||
return SECFailure;
|
||||
@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char
|
||||
@@ -81,7 +85,9 @@ MD2_Hash(unsigned char *dest, const char
|
||||
MD2Context *
|
||||
MD2_NewContext(void)
|
||||
{
|
||||
- MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
|
||||
+ MD2Context *cx;
|
||||
+
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
+
|
||||
+ cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
|
||||
if (cx == NULL) {
|
||||
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
|
||||
return NULL;
|
||||
@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBoo
|
||||
void
|
||||
MD2_Begin(MD2Context *cx)
|
||||
{
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
memset(cx, 0, sizeof(*cx));
|
||||
cx->unusedBuffer = MD2_BUFSIZE;
|
||||
}
|
||||
@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigne
|
||||
{
|
||||
PRUint32 bytesToConsume;
|
||||
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
/* Fill the remaining input buffer. */
|
||||
if (cx->unusedBuffer != MD2_BUFSIZE) {
|
||||
bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
|
||||
@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *d
|
||||
@@ -226,6 +232,7 @@ MD2_End(MD2Context *cx, unsigned char *d
|
||||
unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
{
|
||||
PRUint8 padStart;
|
||||
+
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
if (maxDigestLen < MD2_BUFSIZE) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
@ -360,37 +291,18 @@ Index: nss/lib/freebl/md5.c
|
||||
#define MD5_HASH_LEN 16
|
||||
#define MD5_BUFFER_SIZE 64
|
||||
#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
|
||||
@@ -195,6 +197,7 @@ struct MD5ContextStr {
|
||||
SECStatus
|
||||
MD5_Hash(unsigned char *dest, const char *src)
|
||||
{
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
|
||||
}
|
||||
|
||||
@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const u
|
||||
unsigned int len;
|
||||
MD5Context cx;
|
||||
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
+
|
||||
MD5_Begin(&cx);
|
||||
MD5_Update(&cx, src, src_length);
|
||||
MD5_End(&cx, dest, &len, MD5_HASH_LEN);
|
||||
@@ -215,7 +220,11 @@ MD5Context *
|
||||
@@ -215,7 +217,9 @@ MD5Context *
|
||||
MD5_NewContext(void)
|
||||
{
|
||||
/* no need to ZAlloc, MD5_Begin will init the context */
|
||||
- MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
|
||||
+ MD5Context *cx;
|
||||
+
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
+
|
||||
+ cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
|
||||
if (cx == NULL) {
|
||||
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
|
||||
return NULL;
|
||||
@@ -226,7 +235,8 @@ MD5_NewContext(void)
|
||||
@@ -226,7 +230,8 @@ MD5_NewContext(void)
|
||||
void
|
||||
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
|
||||
{
|
||||
@ -400,42 +312,6 @@ Index: nss/lib/freebl/md5.c
|
||||
if (freeit) {
|
||||
PORT_Free(cx);
|
||||
}
|
||||
@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
|
||||
void
|
||||
MD5_Begin(MD5Context *cx)
|
||||
{
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
cx->lsbInput = 0;
|
||||
cx->msbInput = 0;
|
||||
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
|
||||
@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigne
|
||||
PRUint32 inBufIndex = cx->lsbInput & 63;
|
||||
const PRUint32 *wBuf;
|
||||
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
/* Add the number of input bytes to the 64-bit input counter. */
|
||||
addto64(cx->msbInput, cx->lsbInput, inputLen);
|
||||
if (inBufIndex) {
|
||||
@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *d
|
||||
PRUint32 lowInput, highInput;
|
||||
PRUint32 inBufIndex = cx->lsbInput & 63;
|
||||
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
if (maxDigestLen < MD5_HASH_LEN) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return;
|
||||
@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char
|
||||
#endif
|
||||
PRUint32 cv[4];
|
||||
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
if (maxDigestLen < MD5_HASH_LEN) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return;
|
||||
Index: nss/lib/freebl/nsslowhash.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/nsslowhash.c
|
||||
@ -448,15 +324,18 @@ Index: nss/lib/freebl/nsslowhash.c
|
||||
|
||||
struct NSSLOWInitContextStr {
|
||||
int count;
|
||||
@@ -99,6 +100,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
|
||||
@@ -99,6 +100,15 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
|
||||
{
|
||||
NSSLOWHASHContext *context;
|
||||
|
||||
+#if 0
|
||||
+ /* return with an error if unapproved hash is requested in FIPS mode */
|
||||
+ /* This is now handled by the service level indicator */
|
||||
+ if (!FIPS_hashAlgApproved(hashType)) {
|
||||
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+#endif
|
||||
+
|
||||
if (post_failed) {
|
||||
PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
|
||||
@ -473,13 +352,16 @@ Index: nss/lib/freebl/rawhash.c
|
||||
|
||||
static void *
|
||||
null_hash_new_context(void)
|
||||
@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[]
|
||||
@@ -146,7 +147,11 @@ const SECHashObject SECRawHashObjects[]
|
||||
const SECHashObject *
|
||||
HASH_GetRawHashObject(HASH_HashType hashType)
|
||||
{
|
||||
- if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
|
||||
+ /* We rely on the service level indicator for algorithm approval now, so
|
||||
+ * the FIPS check here has been commented out */
|
||||
+
|
||||
+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL
|
||||
+ || (!FIPS_hashAlgApproved(hashType))) {
|
||||
+ /* || (!FIPS_hashAlgApproved(hashType)) */) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return NULL;
|
||||
}
|
||||
@ -487,7 +369,58 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -7495,7 +7495,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
@@ -4780,6 +4780,9 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
||||
goto loser;
|
||||
}
|
||||
|
||||
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM, key);
|
||||
+ session->lastOpWasFIPS = key->isFIPS;
|
||||
+
|
||||
/*
|
||||
* handle the base object stuff
|
||||
*/
|
||||
@@ -4794,6 +4797,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
||||
if (crv == CKR_OK) {
|
||||
*phKey = key->handle;
|
||||
}
|
||||
+
|
||||
loser:
|
||||
PORT_Memset(buf, 0, sizeof buf);
|
||||
sftk_FreeObject(key);
|
||||
@@ -5710,11 +5714,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
* created and linked.
|
||||
*/
|
||||
crv = sftk_handleObject(publicKey, session);
|
||||
- sftk_FreeSession(session);
|
||||
if (crv != CKR_OK) {
|
||||
sftk_FreeObject(publicKey);
|
||||
NSC_DestroyObject(hSession, privateKey->handle);
|
||||
sftk_FreeObject(privateKey);
|
||||
+ sftk_FreeSession(session);
|
||||
return crv;
|
||||
}
|
||||
if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
|
||||
@@ -5758,13 +5762,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
sftk_FreeObject(publicKey);
|
||||
NSC_DestroyObject(hSession, privateKey->handle);
|
||||
sftk_FreeObject(privateKey);
|
||||
+ sftk_FreeSession(session);
|
||||
return crv;
|
||||
}
|
||||
|
||||
+ publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey);
|
||||
+ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey);
|
||||
+ session->lastOpWasFIPS = privateKey->isFIPS;
|
||||
+
|
||||
*phPrivateKey = privateKey->handle;
|
||||
*phPublicKey = publicKey->handle;
|
||||
sftk_FreeObject(publicKey);
|
||||
sftk_FreeObject(privateKey);
|
||||
+ sftk_FreeSession(session);
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -7469,7 +7479,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
} else {
|
||||
/* now allocate the hash contexts */
|
||||
md5 = MD5_NewContext();
|
||||
@ -496,6 +429,14 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
PORT_Memset(crsrdata, 0, sizeof crsrdata);
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
@@ -7858,6 +7868,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
PORT_Assert(i <= sizeof key_block);
|
||||
}
|
||||
|
||||
+ session->lastOpWasFIPS = key->isFIPS;
|
||||
crv = CKR_OK;
|
||||
|
||||
if (0) {
|
||||
Index: nss/lib/freebl/desblapi.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/desblapi.c
|
||||
@ -509,21 +450,10 @@ Index: nss/lib/freebl/desblapi.c
|
||||
#if defined(NSS_X86_OR_X64)
|
||||
/* Intel X86 CPUs do unaligned loads and stores without complaint. */
|
||||
#define COPY8B(to, from, ptr) \
|
||||
@@ -136,6 +138,8 @@ DES_EDE3CBCDe(DESContext *cx, BYTE *out,
|
||||
DESContext *
|
||||
DES_AllocateContext(void)
|
||||
{
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
+
|
||||
return PORT_ZNew(DESContext);
|
||||
}
|
||||
|
||||
@@ -145,12 +149,16 @@ DES_InitContext(DESContext *cx, const un
|
||||
@@ -145,12 +147,14 @@ DES_InitContext(DESContext *cx, const un
|
||||
unsigned int unused)
|
||||
{
|
||||
DESDirection opposite;
|
||||
+
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
+
|
||||
if (!cx) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
@ -535,7 +465,7 @@ Index: nss/lib/freebl/desblapi.c
|
||||
switch (mode) {
|
||||
case NSS_DES: /* DES ECB */
|
||||
DES_MakeSchedule(cx->ks0, key, cx->direction);
|
||||
@@ -201,8 +209,13 @@ DES_InitContext(DESContext *cx, const un
|
||||
@@ -201,8 +205,11 @@ DES_InitContext(DESContext *cx, const un
|
||||
DESContext *
|
||||
DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt)
|
||||
{
|
||||
@ -544,43 +474,114 @@ Index: nss/lib/freebl/desblapi.c
|
||||
+ DESContext *cx;
|
||||
+ SECStatus rv;
|
||||
+
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
+
|
||||
+ cx = PORT_ZNew(DESContext);
|
||||
+ rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
|
||||
|
||||
if (rv != SECSuccess) {
|
||||
PORT_ZFree(cx, sizeof *cx);
|
||||
@@ -214,6 +227,8 @@ DES_CreateContext(const BYTE *key, const
|
||||
void
|
||||
DES_DestroyContext(DESContext *cx, PRBool freeit)
|
||||
{
|
||||
+ IN_FIPS_RETURN();
|
||||
+
|
||||
if (cx) {
|
||||
memset(cx, 0, sizeof *cx);
|
||||
if (freeit)
|
||||
@@ -225,6 +240,7 @@ SECStatus
|
||||
@@ -225,7 +232,6 @@ SECStatus
|
||||
DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
|
||||
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
|
||||
{
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
|
||||
-
|
||||
if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
|
||||
cx->direction != DES_ENCRYPT) {
|
||||
@@ -242,6 +258,7 @@ SECStatus
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
@@ -242,7 +248,6 @@ SECStatus
|
||||
DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
|
||||
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
|
||||
{
|
||||
+ IN_FIPS_RETURN(SECFailure);
|
||||
|
||||
-
|
||||
if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
|
||||
cx->direction != DES_DECRYPT) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
Index: nss/lib/softoken/fips_algorithms.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/fips_algorithms.h
|
||||
+++ nss/lib/softoken/fips_algorithms.h
|
||||
@@ -111,8 +111,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
@@ -58,18 +58,35 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
#define RSA_FB_STEP 1
|
||||
#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */
|
||||
#define RSA_LEGACY_FB_STEP 256
|
||||
-#define DSA_FB_KEY 2048, 4096 /* min, max */
|
||||
+#define DSA_FB_KEY 2048, 3072 /* min, max */
|
||||
#define DSA_FB_STEP 1024
|
||||
-#define DH_FB_KEY 2048, 4096 /* min, max */
|
||||
+#define DH_FB_KEY 2048, 8192 /* min, max */
|
||||
#define DH_FB_STEP 1024
|
||||
#define EC_FB_KEY 256, 521 /* min, max */
|
||||
#define EC_FB_STEP 1 /* key limits handled by special operation */
|
||||
-#define AES_FB_KEY 128, 256
|
||||
+#define AES_FB_KEY 128, 512
|
||||
#define AES_FB_STEP 64
|
||||
{ CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone },
|
||||
+#if 0
|
||||
{ CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
|
||||
+ /* Non-approved */
|
||||
{ CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
|
||||
+#endif
|
||||
+
|
||||
+ { CKM_SHA_1_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA224_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA256_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA384_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA512_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA512_224_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA512_256_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+
|
||||
+ { CKM_SHA3_224_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA3_256_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA3_384_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_SHA3_512_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+
|
||||
/* -------------- RSA Multipart Signing Operations -------------------- */
|
||||
{ CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
|
||||
@@ -88,13 +105,12 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
{ CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
|
||||
{ CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
|
||||
/* ------------------------- DSA Operations --------------------------- */
|
||||
- { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
- { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
- { CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
- { CKM_DSA_SHA224, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
- { CKM_DSA_SHA256, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
- { CKM_DSA_SHA384, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
- { CKM_DSA_SHA512, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
+
|
||||
+ { CKM_DSA_SHA224, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_DSA_SHA256, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_DSA_SHA384, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
+ { CKM_DSA_SHA512, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
|
||||
+
|
||||
/* -------------------- Diffie Hellman Operations --------------------- */
|
||||
/* no diffie hellman yet */
|
||||
{ CKM_DH_PKCS_KEY_PAIR_GEN, { DH_FB_KEY, CKF_KPG }, DH_FB_STEP, SFTKFIPSDH },
|
||||
@@ -102,7 +118,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
/* -------------------- Elliptic Curve Operations --------------------- */
|
||||
{ CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC },
|
||||
{ CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC },
|
||||
+#if 0
|
||||
+ /* Doesn't consider hash algo. Non-approved */
|
||||
{ CKM_ECDSA, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||
+#endif
|
||||
{ CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||
{ CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||
{ CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
|
||||
@@ -112,8 +131,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
{ CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+#if 0
|
||||
+ /* Non-approved */
|
||||
{ CKM_AES_MAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_MAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
+#endif
|
||||
{ CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||
@@ -123,8 +145,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
{ CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||
{ CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
|
||||
@ -592,3 +593,170 @@ Index: nss/lib/softoken/fips_algorithms.h
|
||||
/* ------------------------- Hashing Operations ----------------------- */
|
||||
{ CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
|
||||
{ CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
@@ -139,41 +164,56 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
{ CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
{ CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
/* --------------------- Secret Key Operations ------------------------ */
|
||||
- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 512, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
/* ---------------------- SSL/TLS operations ------------------------- */
|
||||
{ CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_SHA256_KEY_DERIVATION, { 128, 256, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_SHA384_KEY_DERIVATION, { 192, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_SHA512_KEY_DERIVATION, { 256, 512, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_TLS_PRF_GENERAL, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
- { CKM_TLS_MAC, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
+ { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
+
|
||||
+ { CKM_NSS_TLS_PRF_GENERAL_SHA256, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
+ { CKM_TLS_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, { 128, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_TLS_MASTER_KEY_DERIVE_DH, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_TLS_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, { 128, 384, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+
|
||||
+ { CKM_SSL3_PRE_MASTER_KEY_GEN, { 128, 512, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
+ { CKM_TLS_PRE_MASTER_KEY_GEN, { 128, 512, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
+
|
||||
/* sigh, is this algorithm really tested. ssl doesn't seem to have a
|
||||
* way of turning the extension off */
|
||||
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone },
|
||||
|
||||
/* ------------------------- HKDF Operations -------------------------- */
|
||||
+#if 0
|
||||
+ /* Only approved in the context of TLS 1.3 */
|
||||
{ CKM_HKDF_DERIVE, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_HKDF_DATA, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
{ CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
{ CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone },
|
||||
+#endif
|
||||
/* ------------------ NIST 800-108 Key Derivations ------------------- */
|
||||
- { CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
/* --------------------IPSEC ----------------------- */
|
||||
- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
- { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_IKE_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_IKE1_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
|
||||
/* ------------------ PBE Key Derivations ------------------- */
|
||||
- { CKM_PKCS5_PBKD2, { 1, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
+ { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
{ CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
{ CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
{ CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
Index: nss/lib/softoken/pkcs11u.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11u.c
|
||||
+++ nss/lib/softoken/pkcs11u.c
|
||||
@@ -2242,6 +2242,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
|
||||
case CKA_NSS_MESSAGE | CKA_VERIFY:
|
||||
flags = CKF_MESSAGE_VERIFY;
|
||||
break;
|
||||
+ case CKA_KEY_GEN_MECHANISM:
|
||||
+ flags = CKF_GENERATE;
|
||||
+ break;
|
||||
+ case CKA_KEY_PAIR_GEN_MECHANISM:
|
||||
+ flags = CKF_GENERATE_KEY_PAIR;
|
||||
+ break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -2462,18 +2468,35 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
|
||||
if (!sftk_isFIPS(slot->slotID)) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
- if (source && !source->isFIPS) {
|
||||
- return PR_FALSE;
|
||||
- }
|
||||
if (mech == NULL) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
-
|
||||
/* now get the calculated values */
|
||||
opFlags = sftk_AttributeToFlags(op);
|
||||
if (opFlags == 0) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
+ if (source && !source->isFIPS
|
||||
+ && !((mech->mechanism == CKM_DSA_SHA224
|
||||
+ || mech->mechanism == CKM_DSA_SHA256
|
||||
+ || mech->mechanism == CKM_DSA_SHA384
|
||||
+ || mech->mechanism == CKM_DSA_SHA512))) {
|
||||
+ return PR_FALSE;
|
||||
+ }
|
||||
+
|
||||
+ if (mech->mechanism == CKM_PKCS5_PBKD2) {
|
||||
+ CK_PKCS5_PBKD2_PARAMS *pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *) mech->pParameter;
|
||||
+
|
||||
+ if (!pbkd2_params
|
||||
+ || !pbkd2_params->ulPasswordLen
|
||||
+ || *pbkd2_params->ulPasswordLen < 20
|
||||
+ || pbkd2_params->saltSource != CKZ_SALT_SPECIFIED
|
||||
+ || pbkd2_params->ulSaltSourceDataLen < 128 / 8
|
||||
+ || pbkd2_params->iterations < 1000) {
|
||||
+ return PR_FALSE;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
keyLength = sftk_getKeyLength(source);
|
||||
|
||||
/* check against our algorithm array */
|
||||
Index: nss/lib/util/pkcs11t.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/util/pkcs11t.h
|
||||
+++ nss/lib/util/pkcs11t.h
|
||||
@@ -576,6 +576,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
|
||||
|
||||
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
|
||||
#define CKA_KEY_GEN_MECHANISM 0x00000166UL
|
||||
+#define CKA_KEY_PAIR_GEN_MECHANISM 0x00000167UL
|
||||
|
||||
#define CKA_MODIFIABLE 0x00000170UL
|
||||
|
||||
Index: nss/lib/softoken/pkcs11.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11.c
|
||||
+++ nss/lib/softoken/pkcs11.c
|
||||
@@ -534,17 +534,17 @@ static const struct mechanismList mechan
|
||||
{ CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
|
||||
- { 48, 48, CKF_DERIVE },
|
||||
+ { 16, 48, CKF_DERIVE },
|
||||
PR_FALSE },
|
||||
- { CKM_TLS_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
|
||||
- { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
|
||||
+ { CKM_TLS_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
+ { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256,
|
||||
- { 8, 128, CKF_DERIVE },
|
||||
+ { 48, 48, CKF_DERIVE },
|
||||
PR_FALSE },
|
||||
{ CKM_TLS_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_TLS12_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
|
||||
- { 48, 48, CKF_DERIVE },
|
||||
+ { 16, 48, CKF_DERIVE },
|
||||
PR_FALSE },
|
||||
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
|
||||
{ 48, 128, CKF_DERIVE },
|
||||
|
@ -68,7 +68,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -2679,7 +2679,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
|
||||
@@ -2653,7 +2653,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
|
||||
static SECStatus
|
||||
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
|
||||
unsigned int *sigLen, unsigned int maxSigLen,
|
||||
@ -77,7 +77,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
{
|
||||
SECItem signature, digest;
|
||||
SECStatus rv;
|
||||
@@ -2697,6 +2697,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
|
||||
@@ -2671,6 +2671,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -100,7 +100,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
static SECStatus
|
||||
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
|
||||
void *dataBuf, unsigned int dataLen)
|
||||
@@ -2714,7 +2730,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
|
||||
@@ -2688,7 +2704,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
|
||||
static SECStatus
|
||||
nsc_ECDSASignStub(void *ctx, void *sigBuf,
|
||||
unsigned int *sigLen, unsigned int maxSigLen,
|
||||
@ -109,7 +109,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
{
|
||||
SECItem signature, digest;
|
||||
SECStatus rv;
|
||||
@@ -2732,6 +2748,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
|
||||
@@ -2706,6 +2722,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
|
||||
return rv;
|
||||
}
|
||||
|
||||
@ -132,7 +132,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
/* NSC_SignInit setups up the signing operations. There are three basic
|
||||
* types of signing:
|
||||
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
|
||||
@@ -3601,6 +3633,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
|
||||
@@ -3575,6 +3607,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
|
||||
info->hashOid = SEC_OID_##mmm; \
|
||||
goto finish_rsa;
|
||||
|
||||
@ -155,7 +155,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
switch (pMechanism->mechanism) {
|
||||
INIT_RSA_VFY_MECH(MD5)
|
||||
INIT_RSA_VFY_MECH(MD2)
|
||||
@@ -4829,6 +4877,73 @@ loser:
|
||||
@@ -4807,6 +4855,73 @@ loser:
|
||||
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
|
||||
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
|
||||
|
||||
@ -229,7 +229,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
/*
|
||||
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
|
||||
*
|
||||
@@ -4882,8 +4997,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
@@ -4860,8 +4975,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
|
||||
/* Variables used for Signature/Verification functions. */
|
||||
/* Must be at least 256 bits for DSA2 digest */
|
||||
@ -238,7 +238,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
CK_ULONG signature_length;
|
||||
|
||||
if (keyType == CKK_RSA) {
|
||||
@@ -5037,76 +5150,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
@@ -5015,76 +5128,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -63,6 +63,16 @@ Index: nss/lib/freebl/blapi.h
|
||||
|
||||
/*********************************************************************/
|
||||
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
|
||||
@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPo
|
||||
*/
|
||||
extern int EC_GetPointSize(const ECParams *params);
|
||||
|
||||
+/* Unconditionally run the integrity check. */
|
||||
+extern void BL_FIPSRepeatIntegrityCheck(void);
|
||||
+
|
||||
SEC_END_PROTOS
|
||||
|
||||
#endif /* _BLAPI_H_ */
|
||||
Index: nss/lib/freebl/fips-selftest.inc
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
@ -149,7 +159,7 @@ Index: nss/lib/freebl/fips-selftest.inc
|
||||
+ abort();
|
||||
+}
|
||||
+
|
||||
+/* check whether FIPS moode is mandated by the kernel */
|
||||
+/* check whether FIPS mode is mandated by the kernel */
|
||||
+static int
|
||||
+fips_isWantedProc(void)
|
||||
+{
|
||||
@ -247,7 +257,7 @@ Index: nss/lib/freebl/fips-selftest.inc
|
||||
+ }
|
||||
+ fips_requests += fips_isWantedEnv();
|
||||
+
|
||||
+ return fips_requests;
|
||||
+ return fips_requests < 1 ? 0 : 1;
|
||||
+}
|
||||
+
|
||||
+static PRBool
|
||||
@ -641,12 +651,12 @@ Index: nss/lib/freebl/fipsfreebl.c
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -2251,28 +2279,104 @@ bl_startup_tests(void)
|
||||
@@ -2251,19 +2279,12 @@ bl_startup_tests(void)
|
||||
* power on selftest failed.
|
||||
*/
|
||||
SECStatus
|
||||
-BL_FIPSEntryOK(PRBool freebl_only)
|
||||
+BL_FIPSEntryOK(PRBool my_freebl_only)
|
||||
-BL_FIPSEntryOK(PRBool freebl_only, PRBool rerun)
|
||||
+BL_FIPSEntryOK(PRBool my_freebl_only, PRBool rerun)
|
||||
{
|
||||
-#ifdef NSS_NO_INIT_SUPPORT
|
||||
- /* this should only be set on platforms that can't handle one of the INIT
|
||||
@ -660,9 +670,10 @@ Index: nss/lib/freebl/fipsfreebl.c
|
||||
bl_startup_tests();
|
||||
}
|
||||
-#endif
|
||||
+
|
||||
/* if the general self tests succeeded, we're done */
|
||||
if (self_tests_success) {
|
||||
if (rerun) {
|
||||
/* reset the flags */
|
||||
self_tests_freebl_ran = PR_FALSE;
|
||||
@@ -2277,10 +2298,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo
|
||||
return SECSuccess;
|
||||
}
|
||||
/* standalone freebl can initialize */
|
||||
@ -674,6 +685,17 @@ Index: nss/lib/freebl/fipsfreebl.c
|
||||
return SECFailure;
|
||||
}
|
||||
+
|
||||
+void
|
||||
+BL_FIPSRepeatIntegrityCheck(void)
|
||||
+{
|
||||
+ fips_state = fips_initTest("freebl", NULL, NULL);
|
||||
+
|
||||
+ if (!fips_state)
|
||||
+ {
|
||||
+ fatal ("fips - freebl: Integrity test re-run failed - aborting.");
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+/* returns the FIPS mode we are running in or the one that we aspire to if the
|
||||
+ * tests have not completed yet - which might happen during the crypto selftest
|
||||
+ */
|
||||
@ -756,11 +778,27 @@ Index: nss/lib/freebl/fipsfreebl.c
|
||||
+}
|
||||
+
|
||||
#endif
|
||||
+
|
||||
Index: nss/lib/freebl/loader.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/loader.c
|
||||
+++ nss/lib/freebl/loader.c
|
||||
@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
|
||||
@@ -95,6 +95,14 @@ BL_Init(void)
|
||||
return (vector->p_BL_Init)();
|
||||
}
|
||||
|
||||
+void
|
||||
+BL_FIPSRepeatIntegrityCheck(void)
|
||||
+{
|
||||
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
|
||||
+ return;
|
||||
+ (vector->p_BL_FIPSRepeatIntegrityCheck)();
|
||||
+}
|
||||
+
|
||||
RSAPrivateKey *
|
||||
RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
{
|
||||
@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
|
||||
}
|
||||
|
||||
PRBool
|
||||
@ -774,7 +812,7 @@ Index: nss/lib/freebl/loader.c
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
|
||||
@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
|
||||
* in freebl_LoadDSO) to p_BLAPI_VerifySelf.
|
||||
*/
|
||||
PRBool
|
||||
@ -789,7 +827,7 @@ Index: nss/lib/freebl/loader.c
|
||||
}
|
||||
|
||||
/* ============== New for 3.006 =============================== */
|
||||
@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
|
||||
@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
|
||||
}
|
||||
|
||||
PRBool
|
||||
@ -827,6 +865,16 @@ Index: nss/lib/freebl/loader.h
|
||||
|
||||
/* Version 3.013 came to here */
|
||||
|
||||
@@ -834,6 +834,9 @@ struct FREEBLVectorStr {
|
||||
|
||||
/* Add new function pointers at the end of this struct and bump
|
||||
* FREEBL_VERSION at the beginning of this file. */
|
||||
+
|
||||
+ /* SUSE patch: Goes last */
|
||||
+ void (*p_BL_FIPSRepeatIntegrityCheck)(void);
|
||||
};
|
||||
|
||||
typedef struct FREEBLVectorStr FREEBLVector;
|
||||
Index: nss/lib/freebl/manifest.mn
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/manifest.mn
|
||||
@ -873,12 +921,12 @@ Index: nss/lib/freebl/shvfy.c
|
||||
return SECSuccess;
|
||||
}
|
||||
|
||||
-static PRBool blapi_SHVerifyFile(const char *shName, PRBool self);
|
||||
+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, int *err);
|
||||
-static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun);
|
||||
+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun, int *err);
|
||||
|
||||
static PRBool
|
||||
-blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self)
|
||||
+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, int *err)
|
||||
-blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun)
|
||||
+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun, int *err)
|
||||
{
|
||||
PRBool result = PR_FALSE; /* if anything goes wrong,
|
||||
- * the signature does not verify */
|
||||
@ -888,100 +936,119 @@ Index: nss/lib/freebl/shvfy.c
|
||||
if (!shName) {
|
||||
goto loser;
|
||||
}
|
||||
- result = blapi_SHVerifyFile(shName, self);
|
||||
+ result = blapi_SHVerifyFile(shName, self, err);
|
||||
- result = blapi_SHVerifyFile(shName, self, rerun);
|
||||
+ result = blapi_SHVerifyFile(shName, self, rerun, err);
|
||||
|
||||
loser:
|
||||
if (shName != NULL) {
|
||||
@@ -311,15 +311,15 @@ loser:
|
||||
@@ -311,25 +311,25 @@ loser:
|
||||
}
|
||||
|
||||
PRBool
|
||||
-BLAPI_SHVerify(const char *name, PRFuncPtr addr)
|
||||
+BLAPI_SHVerify(const char *name, PRFuncPtr addr, int *err)
|
||||
{
|
||||
- return blapi_SHVerify(name, addr, PR_FALSE);
|
||||
+ return blapi_SHVerify(name, addr, PR_FALSE, err);
|
||||
PRBool rerun = PR_FALSE;
|
||||
if (name && *name == BLAPI_FIPS_RERUN_FLAG) {
|
||||
name++;
|
||||
rerun = PR_TRUE;
|
||||
}
|
||||
- return blapi_SHVerify(name, addr, PR_FALSE, rerun);
|
||||
+ return blapi_SHVerify(name, addr, PR_FALSE, rerun, err);
|
||||
}
|
||||
|
||||
PRBool
|
||||
-BLAPI_SHVerifyFile(const char *shName)
|
||||
+BLAPI_SHVerifyFile(const char *shName, int *err)
|
||||
{
|
||||
- return blapi_SHVerifyFile(shName, PR_FALSE);
|
||||
+ return blapi_SHVerifyFile(shName, PR_FALSE, err);
|
||||
PRBool rerun = PR_FALSE;
|
||||
if (shName && *shName == BLAPI_FIPS_RERUN_FLAG) {
|
||||
shName++;
|
||||
rerun = PR_TRUE;
|
||||
}
|
||||
- return blapi_SHVerifyFile(shName, PR_FALSE, rerun);
|
||||
+ return blapi_SHVerifyFile(shName, PR_FALSE, rerun, err);
|
||||
}
|
||||
|
||||
#ifndef NSS_STRICT_INTEGRITY
|
||||
@@ -421,7 +421,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
@@ -432,7 +432,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
}
|
||||
|
||||
static PRBool
|
||||
-blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun)
|
||||
+blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun, int *err)
|
||||
{
|
||||
char *checkName = NULL;
|
||||
PRFileDesc *checkFD = NULL;
|
||||
@@ -446,7 +446,7 @@ blapi_SHVerifyFile(const char *shName, P
|
||||
int pid = 0;
|
||||
#endif
|
||||
PRBool result = PR_FALSE; /* if anything goes wrong,
|
||||
- * the signature does not verify */
|
||||
+ * the signature does not verify */
|
||||
NSSSignChkHeader header;
|
||||
#ifndef NSS_STRICT_INTEGRITY
|
||||
DSAPublicKey key;
|
||||
@@ -473,14 +473,17 @@ blapi_SHVerifyFile(const char *shName, P
|
||||
/* open the check File */
|
||||
checkFD = PR_Open(checkName, PR_RDONLY, 0);
|
||||
if (checkFD == NULL) {
|
||||
+ if (err) {
|
||||
+ *err = PORT_GetError();
|
||||
+ }
|
||||
#ifdef DEBUG_SHVERIFY
|
||||
- fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
|
||||
- checkName, (int)PR_GetError(), (int)PR_GetOSError());
|
||||
+ fprintf(stderr, "Failed to open the check file %s: (%d)\n",
|
||||
+ checkName, (int)PORT_GetError());
|
||||
#endif /* DEBUG_SHVERIFY */
|
||||
goto loser;
|
||||
}
|
||||
|
||||
static PRBool
|
||||
- blapi_SHVerifyFile(const char *shName, PRBool self)
|
||||
+ blapi_SHVerifyFile(const char *shName, PRBool self, int *err)
|
||||
{
|
||||
char *checkName = NULL;
|
||||
PRFileDesc *checkFD = NULL;
|
||||
@@ -462,14 +462,17 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
/* open the check File */
|
||||
checkFD = PR_Open(checkName, PR_RDONLY, 0);
|
||||
if (checkFD == NULL) {
|
||||
+ if (err) {
|
||||
+ *err = PORT_GetError();
|
||||
+ }
|
||||
#ifdef DEBUG_SHVERIFY
|
||||
- fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
|
||||
- checkName, (int)PR_GetError(), (int)PR_GetOSError());
|
||||
+ fprintf(stderr, "Failed to open the check file %s: (%d)\n",
|
||||
+ checkName, (int)PR_GetError());
|
||||
#endif /* DEBUG_SHVERIFY */
|
||||
goto loser;
|
||||
}
|
||||
|
||||
- /* read and Verify the headerthe header */
|
||||
+ /* read and Verify the header */
|
||||
bytesRead = PR_Read(checkFD, &header, sizeof(header));
|
||||
if (bytesRead != sizeof(header)) {
|
||||
goto loser;
|
||||
@@ -550,7 +553,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
goto loser;
|
||||
}
|
||||
- /* read and Verify the headerthe header */
|
||||
+ /* read and Verify the header */
|
||||
bytesRead = PR_Read(checkFD, &header, sizeof(header));
|
||||
if (bytesRead != sizeof(header)) {
|
||||
goto loser;
|
||||
@@ -561,7 +564,7 @@ blapi_SHVerifyFile(const char *shName, P
|
||||
goto loser;
|
||||
}
|
||||
|
||||
-/* open our library file */
|
||||
+ /* open our library file */
|
||||
#ifdef FREEBL_USE_PRELINK
|
||||
shFD = bl_OpenUnPrelink(shName, &pid);
|
||||
shFD = bl_OpenUnPrelink(shName, &pid);
|
||||
#else
|
||||
@@ -558,8 +561,8 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
@@ -569,8 +572,8 @@ blapi_SHVerifyFile(const char *shName, P
|
||||
#endif
|
||||
if (shFD == NULL) {
|
||||
if (shFD == NULL) {
|
||||
#ifdef DEBUG_SHVERIFY
|
||||
- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
|
||||
- shName, (int)PR_GetError(), (int)PR_GetOSError());
|
||||
+ fprintf(stderr, "Failed to open the library file %s: (%d)\n",
|
||||
+ shName, (int)PR_GetError());
|
||||
- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
|
||||
- shName, (int)PR_GetError(), (int)PR_GetOSError());
|
||||
+ fprintf(stderr, "Failed to open the library file %s: (%d)\n",
|
||||
+ shName, (int)PORT_GetError());
|
||||
#endif /* DEBUG_SHVERIFY */
|
||||
goto loser;
|
||||
}
|
||||
@@ -620,7 +623,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
goto loser;
|
||||
}
|
||||
@@ -631,7 +634,7 @@ loser:
|
||||
}
|
||||
|
||||
PRBool
|
||||
- BLAPI_VerifySelf(const char *name)
|
||||
+ BLAPI_VerifySelf(const char *name, int *err)
|
||||
{
|
||||
if (name == NULL) {
|
||||
/*
|
||||
@@ -629,7 +632,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
|
||||
*/
|
||||
return PR_TRUE;
|
||||
}
|
||||
- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
|
||||
+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, err);
|
||||
PRBool
|
||||
-BLAPI_VerifySelf(const char *name)
|
||||
+BLAPI_VerifySelf(const char *name, int *err)
|
||||
{
|
||||
if (name == NULL) {
|
||||
/*
|
||||
@@ -640,7 +643,7 @@ BLAPI_VerifySelf(const char *name)
|
||||
*/
|
||||
return PR_TRUE;
|
||||
}
|
||||
- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE);
|
||||
+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE, err);
|
||||
}
|
||||
|
||||
#else /* NSS_FIPS_DISABLED */
|
||||
@@ -645,7 +648,7 @@ BLAPI_SHVerify(const char *name, PRFuncP
|
||||
@@ -656,7 +659,7 @@ BLAPI_SHVerify(const char *name, PRFuncP
|
||||
return PR_FALSE;
|
||||
}
|
||||
PRBool
|
||||
@ -994,7 +1061,7 @@ Index: nss/lib/softoken/fips.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ nss/lib/softoken/fips.c
|
||||
@@ -0,0 +1,40 @@
|
||||
@@ -0,0 +1,50 @@
|
||||
+#include "../freebl/fips-selftest.inc"
|
||||
+
|
||||
+#include "fips.h"
|
||||
@ -1007,7 +1074,7 @@ Index: nss/lib/softoken/fips.c
|
||||
+static fips_check_status
|
||||
+fips_checkCryptoSoftoken(void)
|
||||
+{
|
||||
+ if (CKR_OK == sftk_FIPSEntryOK()) {
|
||||
+ if (CKR_OK == sftk_FIPSEntryOK(PR_FALSE)) {
|
||||
+ return CHECK_OK;
|
||||
+ } else {
|
||||
+ return CHECK_FAIL_CRYPTO;
|
||||
@ -1035,18 +1102,33 @@ Index: nss/lib/softoken/fips.c
|
||||
+
|
||||
+ return;
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+fips_repeatTestSoftoken(void)
|
||||
+{
|
||||
+ fips_initTestSoftoken();
|
||||
+ if (!fips_state)
|
||||
+ {
|
||||
+ fatal ("fips - softokn: Integrity test re-run failed - aborting.");
|
||||
+ }
|
||||
+}
|
||||
Index: nss/lib/softoken/fips.h
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ nss/lib/softoken/fips.h
|
||||
@@ -0,0 +1,10 @@
|
||||
@@ -0,0 +1,15 @@
|
||||
+#ifndef FIPS_H
|
||||
+#define FIPS_H
|
||||
+
|
||||
+#include "prtypes.h"
|
||||
+#include "softoken.h"
|
||||
+
|
||||
+CK_RV FIPS_cryptoSelftestSoftoken(void);
|
||||
+SEC_BEGIN_PROTOS
|
||||
+
|
||||
+CK_RV sftk_fipsPowerUpSelfTest(void);
|
||||
+extern void sftk_FIPSRepeatIntegrityCheck(void);
|
||||
+
|
||||
+SEC_END_PROTOS
|
||||
+
|
||||
+#endif
|
||||
+
|
||||
@ -1382,15 +1464,15 @@ Index: nss/lib/softoken/fipstest.c
|
||||
static PRBool sftk_self_tests_ran = PR_FALSE;
|
||||
static PRBool sftk_self_tests_success = PR_FALSE;
|
||||
|
||||
@@ -694,7 +1015,6 @@ static void
|
||||
sftk_startup_tests(void)
|
||||
@@ -694,7 +1015,6 @@ void
|
||||
sftk_startup_tests_with_rerun(PRBool rerun)
|
||||
{
|
||||
SECStatus rv;
|
||||
- const char *libraryName = SOFTOKEN_LIB_NAME;
|
||||
- const char *libraryName = rerun ? BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME : SOFTOKEN_LIB_NAME;
|
||||
|
||||
PORT_Assert(!sftk_self_tests_ran);
|
||||
PORT_Assert(!sftk_self_tests_success);
|
||||
@@ -706,6 +1026,7 @@ sftk_startup_tests(void)
|
||||
@@ -706,6 +1026,7 @@ sftk_startup_tests_with_rerun(PRBool rer
|
||||
if (rv != SECSuccess) {
|
||||
return;
|
||||
}
|
||||
@ -1398,7 +1480,7 @@ Index: nss/lib/softoken/fipstest.c
|
||||
/* make sure freebl is initialized, or our RSA check
|
||||
* may fail. This is normally done at freebl load time, but it's
|
||||
* possible we may have shut freebl down without unloading it. */
|
||||
@@ -723,12 +1044,21 @@ sftk_startup_tests(void)
|
||||
@@ -723,12 +1044,21 @@ sftk_startup_tests_with_rerun(PRBool rer
|
||||
if (rv != SECSuccess) {
|
||||
return;
|
||||
}
|
||||
@ -1424,9 +1506,9 @@ Index: nss/lib/softoken/fipstest.c
|
||||
rv = sftk_fips_IKE_PowerUpSelfTests();
|
||||
if (rv != SECSuccess) {
|
||||
return;
|
||||
@@ -760,17 +1090,11 @@ sftk_startup_tests(void)
|
||||
@@ -766,17 +1096,10 @@ sftk_startup_tests(void)
|
||||
CK_RV
|
||||
sftk_FIPSEntryOK()
|
||||
sftk_FIPSEntryOK(PRBool rerun)
|
||||
{
|
||||
-#ifdef NSS_NO_INIT_SUPPORT
|
||||
- /* this should only be set on platforms that can't handle one of the INIT
|
||||
@ -1440,10 +1522,27 @@ Index: nss/lib/softoken/fipstest.c
|
||||
sftk_startup_tests();
|
||||
}
|
||||
-#endif
|
||||
+
|
||||
if (!sftk_self_tests_success) {
|
||||
return CKR_DEVICE_ERROR;
|
||||
if (rerun) {
|
||||
sftk_self_tests_ran = PR_FALSE;
|
||||
sftk_self_tests_success = PR_FALSE;
|
||||
@@ -787,6 +1110,17 @@ sftk_FIPSEntryOK(PRBool rerun)
|
||||
}
|
||||
return CKR_OK;
|
||||
}
|
||||
+
|
||||
+void fips_repeatTestSoftoken(void);
|
||||
+
|
||||
+void
|
||||
+sftk_FIPSRepeatIntegrityCheck()
|
||||
+{
|
||||
+ /* These will abort if the checksum fails in FIPS mode */
|
||||
+ BL_FIPSRepeatIntegrityCheck();
|
||||
+ fips_repeatTestSoftoken();
|
||||
+}
|
||||
+
|
||||
#else
|
||||
#include "pkcs11t.h"
|
||||
CK_RV
|
||||
Index: nss/lib/softoken/legacydb/fips.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
@ -1521,14 +1620,14 @@ Index: nss/lib/softoken/manifest.mn
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/manifest.mn
|
||||
+++ nss/lib/softoken/manifest.mn
|
||||
@@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \
|
||||
softkver.h \
|
||||
sdb.h \
|
||||
sftkdbt.h \
|
||||
@@ -22,6 +22,7 @@ endif
|
||||
EXPORTS = \
|
||||
lowkeyi.h \
|
||||
lowkeyti.h \
|
||||
+ fips.h \
|
||||
$(NULL)
|
||||
|
||||
CSRCS = \
|
||||
PRIVATE_EXPORTS = \
|
||||
@@ -55,6 +56,7 @@ CSRCS = \
|
||||
softkver.c \
|
||||
tlsprf.c \
|
||||
@ -1537,3 +1636,47 @@ Index: nss/lib/softoken/manifest.mn
|
||||
$(NULL)
|
||||
|
||||
ifndef NSS_DISABLE_DBM
|
||||
Index: nss/lib/softoken/softoken.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/softoken.h
|
||||
+++ nss/lib/softoken/softoken.h
|
||||
@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLAr
|
||||
/* make sure Power-up selftests have been run. */
|
||||
extern CK_RV sftk_FIPSEntryOK(PRBool rerun);
|
||||
|
||||
+/* Unconditionally run the crypto self-tests. */
|
||||
+extern PRBool sftk_FIPSRunTests();
|
||||
+
|
||||
/*
|
||||
** make known fixed PKCS #11 key types to their sizes in bytes
|
||||
*/
|
||||
Index: nss/lib/freebl/ldvector.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/ldvector.c
|
||||
+++ nss/lib/freebl/ldvector.c
|
||||
@@ -375,9 +375,12 @@ static const struct FREEBLVectorStr vect
|
||||
/* End of version 3.024 */
|
||||
ChaCha20_InitContext,
|
||||
ChaCha20_CreateContext,
|
||||
- ChaCha20_DestroyContext
|
||||
+ ChaCha20_DestroyContext,
|
||||
|
||||
/* End of version 3.025 */
|
||||
+
|
||||
+ /* SUSE patch: Goes last */
|
||||
+ BL_FIPSRepeatIntegrityCheck
|
||||
};
|
||||
|
||||
const FREEBLVector*
|
||||
Index: nss/lib/softoken/softokn.def
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/softokn.def
|
||||
+++ nss/lib/softoken/softokn.def
|
||||
@@ -34,6 +34,7 @@ NSC_GetInterfaceList;
|
||||
C_GetInterface;
|
||||
FC_GetInterface;
|
||||
NSC_GetInterface;
|
||||
+sftk_FIPSRepeatIntegrityCheck;
|
||||
;+ local:
|
||||
;+ *;
|
||||
;+};
|
||||
|
@ -12,7 +12,7 @@ Index: nss/lib/freebl/nsslowhash.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/nsslowhash.c
|
||||
+++ nss/lib/freebl/nsslowhash.c
|
||||
@@ -2,6 +2,9 @@
|
||||
@@ -2,9 +2,13 @@
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
@ -22,7 +22,11 @@ Index: nss/lib/freebl/nsslowhash.c
|
||||
#ifdef FREEBL_NO_DEPEND
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
@@ -25,6 +28,23 @@ struct NSSLOWHASHContextStr {
|
||||
+
|
||||
#include "prtypes.h"
|
||||
#include "prenv.h"
|
||||
#include "secerr.h"
|
||||
@@ -25,6 +29,23 @@ struct NSSLOWHASHContextStr {
|
||||
};
|
||||
|
||||
#ifndef NSS_FIPS_DISABLED
|
||||
@ -46,7 +50,7 @@ Index: nss/lib/freebl/nsslowhash.c
|
||||
static int
|
||||
nsslow_GetFIPSEnabled(void)
|
||||
{
|
||||
@@ -52,6 +72,7 @@ nsslow_GetFIPSEnabled(void)
|
||||
@@ -52,6 +73,7 @@ nsslow_GetFIPSEnabled(void)
|
||||
#endif /* LINUX */
|
||||
return 1;
|
||||
}
|
||||
@ -54,13 +58,13 @@ Index: nss/lib/freebl/nsslowhash.c
|
||||
#endif /* NSS_FIPS_DISABLED */
|
||||
|
||||
static NSSLOWInitContext dummyContext = { 0 };
|
||||
@@ -67,7 +88,7 @@ NSSLOW_Init(void)
|
||||
@@ -67,7 +89,7 @@ NSSLOW_Init(void)
|
||||
#ifndef NSS_FIPS_DISABLED
|
||||
/* make sure the FIPS product is installed if we are trying to
|
||||
* go into FIPS mode */
|
||||
- if (nsslow_GetFIPSEnabled()) {
|
||||
+ if (nsslow_GetFIPSEnabled() || getFIPSEnv()) {
|
||||
if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
|
||||
if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
|
||||
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
|
||||
post_failed = PR_TRUE;
|
||||
Index: nss/lib/sysinit/nsssysinit.c
|
||||
|
111
nss-fips-drbg-libjitter.patch
Normal file
111
nss-fips-drbg-libjitter.patch
Normal file
@ -0,0 +1,111 @@
|
||||
Index: nss/coreconf/Linux.mk
|
||||
===================================================================
|
||||
--- nss.orig/coreconf/Linux.mk
|
||||
+++ nss/coreconf/Linux.mk
|
||||
@@ -136,7 +136,7 @@ OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLA
|
||||
ifeq ($(KERNEL),Linux)
|
||||
OS_CFLAGS += -DLINUX -Dlinux
|
||||
endif
|
||||
-OS_LIBS = $(OS_PTHREAD) -ldl -lc
|
||||
+OS_LIBS = $(OS_PTHREAD) -ldl -lc -ljitterentropy
|
||||
|
||||
ifeq ($(OS_TARGET),Android)
|
||||
OS_LIBS += -llog
|
||||
Index: nss/lib/freebl/drbg.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/drbg.c
|
||||
+++ nss/lib/freebl/drbg.c
|
||||
@@ -6,6 +6,8 @@
|
||||
#include "stubs.h"
|
||||
#endif
|
||||
|
||||
+#include <jitterentropy.h>
|
||||
+
|
||||
#include <unistd.h>
|
||||
|
||||
#include "prerror.h"
|
||||
@@ -107,6 +109,45 @@ typedef struct RNGContextStr RNGContext;
|
||||
static RNGContext *globalrng = NULL;
|
||||
static RNGContext theGlobalRng;
|
||||
|
||||
+/* Jitterentropy */
|
||||
+#define JITTER_FLAGS JENT_FORCE_FIPS
|
||||
+static struct rand_data *jitter;
|
||||
+
|
||||
+static ssize_t
|
||||
+FIPS_jent_get_entropy (void *dest, ssize_t len)
|
||||
+{
|
||||
+ int result = -1;
|
||||
+
|
||||
+ /* Ensure that the jitterentropy generator is initialized */
|
||||
+
|
||||
+ if (!jitter)
|
||||
+ {
|
||||
+ if (jent_entropy_init_ex (1, JITTER_FLAGS))
|
||||
+ goto out;
|
||||
+
|
||||
+ jitter = jent_entropy_collector_alloc (1, JITTER_FLAGS);
|
||||
+ if (!jitter)
|
||||
+ goto out;
|
||||
+ }
|
||||
+
|
||||
+ /* Get some entropy */
|
||||
+
|
||||
+ result = jent_read_entropy_safe (&jitter, dest, len);
|
||||
+
|
||||
+out:
|
||||
+ return result;
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+FIPS_jent_deinit (void)
|
||||
+{
|
||||
+ if (jitter)
|
||||
+ {
|
||||
+ jent_entropy_collector_free (jitter);
|
||||
+ jitter = NULL;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* The next several functions are derived from the NIST SP 800-90
|
||||
* spec. In these functions, an attempt was made to use names consistent
|
||||
@@ -180,7 +221,7 @@ static PRCallOnceType coRNGInitEntropy;
|
||||
static PRStatus
|
||||
prng_initEntropy(void)
|
||||
{
|
||||
- size_t length;
|
||||
+ ssize_t length;
|
||||
PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
|
||||
SHA256Context ctx;
|
||||
|
||||
@@ -203,8 +244,8 @@ prng_initEntropy(void)
|
||||
/* For FIPS 140-2 4.9.2 continuous random number generator test,
|
||||
* fetch the initial entropy from the system RNG and keep it for
|
||||
* later comparison. */
|
||||
- length = RNG_SystemRNG(block, sizeof(block));
|
||||
- if (length == 0) {
|
||||
+ length = FIPS_jent_get_entropy(block, sizeof(block));
|
||||
+ if (length < 1) {
|
||||
coRNGInitEntropy.status = PR_FAILURE;
|
||||
__sync_synchronize ();
|
||||
coRNGInitEntropy.initialized = 1;
|
||||
@@ -244,8 +285,8 @@ prng_getEntropy(PRUint8 *buffer, size_t
|
||||
* iteratively fetch fixed sized blocks from the system and
|
||||
* compare consecutive blocks. */
|
||||
while (total < requestLength) {
|
||||
- size_t length = RNG_SystemRNG(block, sizeof(block));
|
||||
- if (length == 0) {
|
||||
+ ssize_t length = FIPS_jent_get_entropy(block, sizeof(block));
|
||||
+ if (length < 1) {
|
||||
rv = SECFailure; /* error is already set */
|
||||
goto out;
|
||||
}
|
||||
@@ -792,6 +833,7 @@ RNG_RNGShutdown(void)
|
||||
/* clear */
|
||||
prng_freeRNGContext(globalrng);
|
||||
globalrng = NULL;
|
||||
+ FIPS_jent_deinit ();
|
||||
/* reset the callonce struct to allow a new call to RNG_RNGInit() */
|
||||
coRNGInit = pristineCallOnce;
|
||||
}
|
@ -14,7 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -4826,8 +4826,8 @@ loser:
|
||||
@@ -4800,8 +4800,8 @@ loser:
|
||||
return crv;
|
||||
}
|
||||
|
||||
@ -25,7 +25,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
|
||||
/*
|
||||
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
|
||||
@@ -5775,6 +5775,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
@@ -5749,6 +5749,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
(PRUint32)crv);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
|
||||
}
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff --git nss/lib/softoken/lowpbe.c b/nss/lib/softoken/lowpbe.c
|
||||
index fae9e18..1c55642 100644
|
||||
--- nss/lib/softoken/lowpbe.c
|
||||
Index: nss/lib/softoken/lowpbe.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/lowpbe.c
|
||||
+++ nss/lib/softoken/lowpbe.c
|
||||
@@ -1756,7 +1756,7 @@ loser:
|
||||
return ret_algid;
|
||||
@ -11,7 +11,7 @@ index fae9e18..1c55642 100644
|
||||
SECStatus
|
||||
sftk_fips_pbkdf_PowerUpSelfTests(void)
|
||||
{
|
||||
@@ -1766,16 +1766,21 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
|
||||
@@ -1766,16 +1766,22 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
|
||||
unsigned char iteration_count = 5;
|
||||
unsigned char keyLen = 64;
|
||||
char *inKeyData = TEST_KEY;
|
||||
@ -22,6 +22,7 @@ index fae9e18..1c55642 100644
|
||||
+ 0x48, 0x99, 0xF4, 0x6D, 0xB7, 0x48, 0xE3, 0x3B,
|
||||
+ 0x91, 0xBF, 0x65, 0xA9, 0x26, 0x83, 0xE8, 0x22
|
||||
+ };
|
||||
+
|
||||
static const unsigned char pbkdf_known_answer[] = {
|
||||
- 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29,
|
||||
- 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c,
|
||||
@ -42,7 +43,7 @@ index fae9e18..1c55642 100644
|
||||
};
|
||||
|
||||
sftk_PBELockInit();
|
||||
@@ -1804,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
|
||||
@@ -1804,11 +1810,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
|
||||
* for NSSPKCS5_PBKDF2 */
|
||||
pbe_params.iter = iteration_count;
|
||||
pbe_params.keyLen = keyLen;
|
||||
|
135
nss-fips-pct-pubkeys.patch
Normal file
135
nss-fips-pct-pubkeys.patch
Normal file
@ -0,0 +1,135 @@
|
||||
# HG changeset patch
|
||||
# Parent 5786c2bb5c229b530e95e435ee0cf51314359e7b
|
||||
|
||||
Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -17,6 +17,7 @@
|
||||
* In this implementation, session objects are only visible to the session
|
||||
* that created or generated them.
|
||||
*/
|
||||
+#include "lowkeyti.h"
|
||||
#include "seccomon.h"
|
||||
#include "secitem.h"
|
||||
#include "secport.h"
|
||||
@@ -4922,6 +4923,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
|
||||
return crv;
|
||||
}
|
||||
|
||||
+/* This function regenerates a public key from a private key
|
||||
+ * (not simply returning the saved public key) and compares it
|
||||
+ * to the given publicKey
|
||||
+ */
|
||||
+static CK_RV
|
||||
+regeneratePublicKeyFromPrivateKeyAndCompare(NSSLOWKEYPrivateKey *currPrivKey,
|
||||
+ NSSLOWKEYPublicKey *currPubKey)
|
||||
+{
|
||||
+ NSSLOWKEYPublicKey *pubk;
|
||||
+ SECItem publicValue;
|
||||
+ PLArenaPool *arena;
|
||||
+
|
||||
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
|
||||
+ if (arena == NULL) {
|
||||
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
|
||||
+ return CKR_HOST_MEMORY;
|
||||
+ }
|
||||
+
|
||||
+ switch (currPrivKey->keyType) {
|
||||
+ case NSSLOWKEYDHKey:
|
||||
+ pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
|
||||
+ sizeof(NSSLOWKEYPublicKey));
|
||||
+ if (pubk != NULL) {
|
||||
+ SECStatus rv;
|
||||
+
|
||||
+ pubk->arena = arena;
|
||||
+ pubk->keyType = currPrivKey->keyType;
|
||||
+
|
||||
+ // Regenerate the publicValue
|
||||
+ rv = DH_Derive(&currPrivKey->u.dh.base, &currPrivKey->u.dh.prime,
|
||||
+ &currPrivKey->u.dh.privateValue, &publicValue, 0);
|
||||
+ if (rv != SECSuccess) {
|
||||
+ break;
|
||||
+ }
|
||||
+ rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
|
||||
+ &publicValue);
|
||||
+ SECITEM_ZfreeItem(&publicValue, PR_FALSE);
|
||||
+ if (rv != SECSuccess) {
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ if (SECITEM_CompareItem(&pubk->u.dh.publicValue, &currPubKey->u.dh.publicValue) != SECEqual) {
|
||||
+ nsslowkey_DestroyPublicKey(pubk);
|
||||
+ return CKR_GENERAL_ERROR;
|
||||
+ }
|
||||
+ nsslowkey_DestroyPublicKey(pubk);
|
||||
+ return CKR_OK;
|
||||
+ }
|
||||
+ break;
|
||||
+ case NSSLOWKEYECKey:
|
||||
+ {
|
||||
+ ECPrivateKey *privk = NULL;
|
||||
+ SECStatus rv;
|
||||
+
|
||||
+ /* The "seed" is an octet stream corresponding to our private key.
|
||||
+ * The new public key is derived from this + the parameters and
|
||||
+ * stored in the new private key's publicValue. */
|
||||
+ rv = EC_NewKeyFromSeed (&currPrivKey->u.ec.ecParams,
|
||||
+ &privk,
|
||||
+ currPrivKey->u.ec.privateValue.data,
|
||||
+ currPrivKey->u.ec.privateValue.len);
|
||||
+ if (rv != SECSuccess)
|
||||
+ break;
|
||||
+
|
||||
+ /* Verify that the passed-in public value is equal to the one derived */
|
||||
+ if (SECITEM_CompareItem (&privk->publicValue, &currPubKey->u.ec.publicValue) != SECEqual) {
|
||||
+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
|
||||
+ return CKR_GENERAL_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
|
||||
+ return CKR_OK;
|
||||
+ }
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ PORT_FreeArena(arena, PR_TRUE);
|
||||
+ return CKR_GENERAL_ERROR;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
|
||||
*
|
||||
@@ -5268,6 +5351,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
}
|
||||
}
|
||||
|
||||
+ // Regenerate the publicKey from the privateKey and compare it to the
|
||||
+ // original publicKey
|
||||
+ if (keyType == CKK_DH || keyType == CKK_EC) {
|
||||
+ NSSLOWKEYPrivateKey *currPrivKey = sftk_GetPrivKey(privateKey, CKK_DH, &crv);
|
||||
+ if (crv != CKR_OK) {
|
||||
+ return crv;
|
||||
+ }
|
||||
+ if (!currPrivKey) {
|
||||
+ return CKR_DEVICE_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ NSSLOWKEYPublicKey *currPubKey = sftk_GetPubKey(publicKey, CKK_DH, &crv);
|
||||
+ if (crv != CKR_OK) {
|
||||
+ return crv;
|
||||
+ }
|
||||
+ if (!currPubKey) {
|
||||
+ return CKR_DEVICE_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ crv = regeneratePublicKeyFromPrivateKeyAndCompare(currPrivKey, currPubKey);
|
||||
+ if (crv != CKR_OK) {
|
||||
+ return crv;
|
||||
+ }
|
||||
+ }
|
||||
return CKR_OK;
|
||||
}
|
||||
|
@ -8,10 +8,10 @@ commit 4b8c0eac6b092717157b4141c82b4d76ccdc91b3
|
||||
Author: Hans Petter Jansson <hpj@cl.no>
|
||||
Patch 16: nss-fips-rsa-keygen-strictness.patch
|
||||
|
||||
diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c
|
||||
index b757150..41d08b1 100644
|
||||
--- a/lib/freebl/mpi/mpprime.c
|
||||
+++ b/lib/freebl/mpi/mpprime.c
|
||||
Index: nss/lib/freebl/mpi/mpprime.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/mpi/mpprime.c
|
||||
+++ nss/lib/freebl/mpi/mpprime.c
|
||||
@@ -14,6 +14,8 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
@ -21,7 +21,7 @@ index b757150..41d08b1 100644
|
||||
#define SMALL_TABLE 0 /* determines size of hard-wired prime table */
|
||||
|
||||
#define RANDOM() rand()
|
||||
@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start, mp_size nBits, mp_size strong, mpp_rand
|
||||
@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start,
|
||||
} else
|
||||
num_tests = 50;
|
||||
|
||||
@ -47,10 +47,10 @@ index b757150..41d08b1 100644
|
||||
if (strong)
|
||||
--nBits;
|
||||
MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1));
|
||||
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
|
||||
index 2b8a3bf..8d40d11 100644
|
||||
--- a/lib/freebl/rsa.c
|
||||
+++ b/lib/freebl/rsa.c
|
||||
Index: nss/lib/freebl/rsa.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/rsa.c
|
||||
+++ nss/lib/freebl/rsa.c
|
||||
@@ -16,11 +16,13 @@
|
||||
#include "prinit.h"
|
||||
#include "blapi.h"
|
||||
@ -65,7 +65,7 @@ index 2b8a3bf..8d40d11 100644
|
||||
|
||||
/* The minimal required randomness is 64 bits */
|
||||
/* EXP_BLINDING_RANDOMNESS_LEN is the length of the randomness in mp_digits */
|
||||
@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, const mp_int *q,
|
||||
@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, c
|
||||
err = mp_invmod(d, &phi, e);
|
||||
} else {
|
||||
err = mp_invmod(e, &phi, d);
|
||||
@ -92,7 +92,7 @@ index 2b8a3bf..8d40d11 100644
|
||||
if (err != MP_OKAY) {
|
||||
if (err == MP_UNDEF) {
|
||||
PORT_SetError(SEC_ERROR_NEED_RANDOM);
|
||||
@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
mp_int q = { 0, 0, 0, NULL };
|
||||
mp_int e = { 0, 0, 0, NULL };
|
||||
mp_int d = { 0, 0, 0, NULL };
|
||||
@ -106,7 +106,7 @@ index 2b8a3bf..8d40d11 100644
|
||||
int prerr = 0;
|
||||
RSAPrivateKey *key = NULL;
|
||||
PLArenaPool *arena = NULL;
|
||||
@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
goto cleanup;
|
||||
}
|
||||
@ -151,7 +151,7 @@ index 2b8a3bf..8d40d11 100644
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
key->arena = arena;
|
||||
/* length of primes p and q (in bytes) */
|
||||
primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
|
||||
@ -165,7 +165,7 @@ index 2b8a3bf..8d40d11 100644
|
||||
/* 3. Set the version number (PKCS1 v1.5 says it should be zero) */
|
||||
SECITEM_AllocItem(arena, &key->version, 1);
|
||||
key->version.data[0] = 0;
|
||||
@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
|
||||
@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
PORT_SetError(0);
|
||||
CHECK_SEC_OK(generate_prime(&p, primeLen));
|
||||
CHECK_SEC_OK(generate_prime(&q, primeLen));
|
||||
|
@ -1,19 +0,0 @@
|
||||
Index: nss/tests/lowhash/lowhash.sh
|
||||
===================================================================
|
||||
--- nss.orig/tests/lowhash/lowhash.sh
|
||||
+++ nss/tests/lowhash/lowhash.sh
|
||||
@@ -61,11 +61,13 @@ lowhash_test()
|
||||
! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then
|
||||
echo "freebl lowhash not supported in this plaform."
|
||||
else
|
||||
- TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
|
||||
+ TESTS_FIPS_0="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
|
||||
+ TESTS_FIPS_1="SHA224 SHA256 SHA384 SHA512"
|
||||
OLD_MODE=`echo ${NSS_FIPS}`
|
||||
for fips_mode in 0 1; do
|
||||
echo "lowhashtest with fips mode=${fips_mode}"
|
||||
export NSS_FIPS=${fips_mode}
|
||||
+ eval TESTS=\${TESTS_FIPS_${fips_mode}}
|
||||
for TEST in ${TESTS}
|
||||
do
|
||||
echo "lowhashtest ${TEST}"
|
@ -1,270 +0,0 @@
|
||||
# HG changeset patch
|
||||
# User Hans Petter Jansson <hpj@cl.no>
|
||||
# Date 1574240734 -3600
|
||||
# Wed Nov 20 10:05:34 2019 +0100
|
||||
# Node ID 0efca22bbafd7575b20461f255c46157c9321822
|
||||
# Parent 3a2cb65dc157344cdad19e8e16e9c33e36f82d96
|
||||
[PATCH] 30
|
||||
From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001
|
||||
---
|
||||
nss/lib/freebl/md5.c | 67 ++++++++++++++++++++++++++------------
|
||||
nss/lib/freebl/rawhash.c | 37 +++++++++++++++++++++
|
||||
nss/lib/freebl/tlsprfalg.c | 5 ++-
|
||||
nss/lib/softoken/pkcs11c.c | 4 +--
|
||||
4 files changed, 90 insertions(+), 23 deletions(-)
|
||||
|
||||
Index: nss/lib/freebl/md5.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/md5.c
|
||||
+++ nss/lib/freebl/md5.c
|
||||
@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const u
|
||||
}
|
||||
|
||||
MD5Context *
|
||||
-MD5_NewContext(void)
|
||||
+MD5_NewContext_NonFIPS(void)
|
||||
{
|
||||
/* no need to ZAlloc, MD5_Begin will init the context */
|
||||
MD5Context *cx;
|
||||
|
||||
- IN_FIPS_RETURN(NULL);
|
||||
-
|
||||
cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
|
||||
if (cx == NULL) {
|
||||
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
|
||||
@@ -232,6 +230,13 @@ MD5_NewContext(void)
|
||||
return cx;
|
||||
}
|
||||
|
||||
+MD5Context *
|
||||
+MD5_NewContext(void)
|
||||
+{
|
||||
+ IN_FIPS_RETURN(NULL);
|
||||
+ return MD5_NewContext_NonFIPS();
|
||||
+}
|
||||
+
|
||||
void
|
||||
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
|
||||
{
|
||||
@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
|
||||
}
|
||||
|
||||
void
|
||||
-MD5_Begin(MD5Context *cx)
|
||||
+MD5_Begin_NonFIPS(MD5Context *cx)
|
||||
{
|
||||
- IN_FIPS_RETURN();
|
||||
-
|
||||
cx->lsbInput = 0;
|
||||
cx->msbInput = 0;
|
||||
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
|
||||
@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx)
|
||||
cx->cv[3] = CV0_4;
|
||||
}
|
||||
|
||||
+void
|
||||
+MD5_Begin(MD5Context *cx)
|
||||
+{
|
||||
+ IN_FIPS_RETURN();
|
||||
+ MD5_Begin_NonFIPS(cx);
|
||||
+}
|
||||
+
|
||||
#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
|
||||
|
||||
#if defined(SOLARIS) || defined(HPUX)
|
||||
@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUin
|
||||
}
|
||||
|
||||
void
|
||||
-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
|
||||
+MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
|
||||
{
|
||||
PRUint32 bytesToConsume;
|
||||
PRUint32 inBufIndex = cx->lsbInput & 63;
|
||||
const PRUint32 *wBuf;
|
||||
|
||||
- IN_FIPS_RETURN();
|
||||
-
|
||||
/* Add the number of input bytes to the 64-bit input counter. */
|
||||
addto64(cx->msbInput, cx->lsbInput, inputLen);
|
||||
if (inBufIndex) {
|
||||
@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigne
|
||||
memcpy(cx->inBuf, input, inputLen);
|
||||
}
|
||||
|
||||
+void
|
||||
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
|
||||
+{
|
||||
+ IN_FIPS_RETURN();
|
||||
+ MD5_Update_NonFIPS(cx, input, inputLen);
|
||||
+}
|
||||
+
|
||||
static const unsigned char padbytes[] = {
|
||||
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
@@ -503,8 +518,8 @@ static const unsigned char padbytes[] =
|
||||
};
|
||||
|
||||
void
|
||||
-MD5_End(MD5Context *cx, unsigned char *digest,
|
||||
- unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
+MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest,
|
||||
+ unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
{
|
||||
#ifndef IS_LITTLE_ENDIAN
|
||||
PRUint32 tmp;
|
||||
@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *d
|
||||
PRUint32 lowInput, highInput;
|
||||
PRUint32 inBufIndex = cx->lsbInput & 63;
|
||||
|
||||
- IN_FIPS_RETURN();
|
||||
-
|
||||
if (maxDigestLen < MD5_HASH_LEN) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return;
|
||||
@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *d
|
||||
lowInput <<= 3;
|
||||
|
||||
if (inBufIndex < MD5_END_BUFFER) {
|
||||
- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
|
||||
+ MD5_Update_NonFIPS(cx, padbytes, MD5_END_BUFFER - inBufIndex);
|
||||
} else {
|
||||
- MD5_Update(cx, padbytes,
|
||||
- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
|
||||
+ MD5_Update_NonFIPS(cx, padbytes,
|
||||
+ MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
|
||||
}
|
||||
|
||||
/* Store the number of bytes input (before padding) in final 64 bits. */
|
||||
@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *d
|
||||
}
|
||||
|
||||
void
|
||||
-MD5_EndRaw(MD5Context *cx, unsigned char *digest,
|
||||
- unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
+MD5_End(MD5Context *cx, unsigned char *digest,
|
||||
+ unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
+{
|
||||
+ IN_FIPS_RETURN();
|
||||
+ MD5_End_NonFIPS(cx, digest, digestLen, maxDigestLen);
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest,
|
||||
+ unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
{
|
||||
#ifndef IS_LITTLE_ENDIAN
|
||||
PRUint32 tmp;
|
||||
#endif
|
||||
PRUint32 cv[4];
|
||||
|
||||
- IN_FIPS_RETURN();
|
||||
-
|
||||
if (maxDigestLen < MD5_HASH_LEN) {
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
return;
|
||||
@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char
|
||||
*digestLen = MD5_HASH_LEN;
|
||||
}
|
||||
|
||||
+void
|
||||
+MD5_EndRaw(MD5Context *cx, unsigned char *digest,
|
||||
+ unsigned int *digestLen, unsigned int maxDigestLen)
|
||||
+{
|
||||
+ IN_FIPS_RETURN();
|
||||
+ MD5_EndRaw_NonFIPS(cx, digest, digestLen, maxDigestLen);
|
||||
+}
|
||||
+
|
||||
unsigned int
|
||||
MD5_FlattenSize(MD5Context *cx)
|
||||
{
|
||||
Index: nss/lib/freebl/rawhash.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/rawhash.c
|
||||
+++ nss/lib/freebl/rawhash.c
|
||||
@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hash
|
||||
}
|
||||
return &SECRawHashObjects[hashType];
|
||||
}
|
||||
+
|
||||
+/* Defined in md5.c */
|
||||
+
|
||||
+MD5Context *MD5_NewContext_NonFIPS(void);
|
||||
+void MD5_Begin_NonFIPS(MD5Context *cx);
|
||||
+void MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen);
|
||||
+void MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest,
|
||||
+ unsigned int *digestLen, unsigned int maxDigestLen);
|
||||
+void MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest,
|
||||
+ unsigned int *digestLen, unsigned int maxDigestLen);
|
||||
+
|
||||
+static const SECHashObject SECRawHashObjectMD5NonFIPS = {
|
||||
+ MD5_LENGTH,
|
||||
+ (void *(*)(void))MD5_NewContext_NonFIPS,
|
||||
+ (void *(*)(void *))null_hash_clone_context,
|
||||
+ (void (*)(void *, PRBool))MD5_DestroyContext,
|
||||
+ (void (*)(void *))MD5_Begin_NonFIPS,
|
||||
+ (void (*)(void *, const unsigned char *, unsigned int))MD5_Update_NonFIPS,
|
||||
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End_NonFIPS,
|
||||
+ MD5_BLOCK_LENGTH,
|
||||
+ HASH_AlgMD5,
|
||||
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw_NonFIPS
|
||||
+};
|
||||
+
|
||||
+const SECHashObject *
|
||||
+HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType)
|
||||
+{
|
||||
+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
|
||||
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (hashType == HASH_AlgMD5)
|
||||
+ return &SECRawHashObjectMD5NonFIPS;
|
||||
+
|
||||
+ return &SECRawHashObjects[hashType];
|
||||
+}
|
||||
Index: nss/lib/freebl/tlsprfalg.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/tlsprfalg.c
|
||||
+++ nss/lib/freebl/tlsprfalg.c
|
||||
@@ -12,6 +12,9 @@
|
||||
#include "hasht.h"
|
||||
#include "alghmac.h"
|
||||
|
||||
+/* To get valid MD5 object in FIPS mode */
|
||||
+const SECHashObject *HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType);
|
||||
+
|
||||
#define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX
|
||||
|
||||
/* TLS P_hash function */
|
||||
@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const
|
||||
SECStatus status;
|
||||
HMACContext *cx;
|
||||
SECStatus rv = SECFailure;
|
||||
- const SECHashObject *hashObj = HASH_GetRawHashObject(hashType);
|
||||
+ const SECHashObject *hashObj = HASH_GetRawHashObjectNonFIPS(hashType);
|
||||
|
||||
PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
|
||||
PORT_Assert((seed != NULL) && (seed->data != NULL));
|
||||
Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -7162,7 +7162,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
SFTKAttribute *att2 = NULL;
|
||||
unsigned char *buf;
|
||||
SHA1Context *sha;
|
||||
- MD5Context *md5;
|
||||
+ MD5Context *md5 = NULL;
|
||||
MD2Context *md2;
|
||||
CK_ULONG macSize;
|
||||
CK_ULONG tmpKeySize;
|
||||
@@ -7702,7 +7702,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
}
|
||||
sftk_FreeAttribute(att2);
|
||||
md5 = MD5_NewContext();
|
||||
- if (md5 == NULL) {
|
||||
+ if (md5 == NULL && !isTLS) {
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
}
|
69
nss-fix-bmo1836925.patch
Normal file
69
nss-fix-bmo1836925.patch
Normal file
@ -0,0 +1,69 @@
|
||||
Index: nss/lib/freebl/Makefile
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/Makefile
|
||||
+++ nss/lib/freebl/Makefile
|
||||
@@ -568,7 +568,6 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null
|
||||
HAVE_INT128_SUPPORT = 1
|
||||
DEFINES += -DHAVE_INT128_SUPPORT
|
||||
else ifeq (1,$(CC_IS_GCC))
|
||||
- SUPPORTS_VALE_CURVE25519 = 1
|
||||
ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
|
||||
HAVE_INT128_SUPPORT = 1
|
||||
DEFINES += -DHAVE_INT128_SUPPORT
|
||||
@@ -593,11 +592,6 @@ ifndef HAVE_INT128_SUPPORT
|
||||
DEFINES += -DKRML_VERIFIED_UINT128
|
||||
endif
|
||||
|
||||
-ifdef SUPPORTS_VALE_CURVE25519
|
||||
- VERIFIED_SRCS += Hacl_Curve25519_64.c
|
||||
- DEFINES += -DHACL_CAN_COMPILE_INLINE_ASM
|
||||
-endif
|
||||
-
|
||||
ifndef NSS_DISABLE_CHACHAPOLY
|
||||
ifeq ($(CPU_ARCH),x86_64)
|
||||
ifndef NSS_DISABLE_AVX2
|
||||
Index: nss/lib/freebl/freebl.gyp
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/freebl.gyp
|
||||
+++ nss/lib/freebl/freebl.gyp
|
||||
@@ -866,12 +866,6 @@
|
||||
}],
|
||||
],
|
||||
}],
|
||||
- [ 'supports_vale_curve25519==1', {
|
||||
- 'defines': [
|
||||
- # The Makefile does version-tests on GCC, but we're not doing that here.
|
||||
- 'HACL_CAN_COMPILE_INLINE_ASM',
|
||||
- ],
|
||||
- }],
|
||||
[ 'OS=="linux" or OS=="android"', {
|
||||
'conditions': [
|
||||
[ 'target_arch=="x64"', {
|
||||
@@ -934,11 +928,6 @@
|
||||
'variables': {
|
||||
'module': 'nss',
|
||||
'conditions': [
|
||||
- [ 'target_arch=="x64" and cc_is_gcc==1', {
|
||||
- 'supports_vale_curve25519%': 1,
|
||||
- }, {
|
||||
- 'supports_vale_curve25519%': 0,
|
||||
- }],
|
||||
[ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
|
||||
'have_int128_support%': 1,
|
||||
}, {
|
||||
Index: nss/lib/freebl/freebl_base.gypi
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/freebl_base.gypi
|
||||
+++ nss/lib/freebl/freebl_base.gypi
|
||||
@@ -151,11 +151,6 @@
|
||||
'ecl/curve25519_32.c',
|
||||
],
|
||||
}],
|
||||
- ['supports_vale_curve25519==1', {
|
||||
- 'sources': [
|
||||
- 'verified/Hacl_Curve25519_64.c',
|
||||
- ],
|
||||
- }],
|
||||
['(target_arch!="ppc64" and target_arch!="ppc64le") or disable_altivec==1', {
|
||||
'sources': [
|
||||
# Gyp does not support per-file cflags, so working around like this.
|
Loading…
Reference in New Issue
Block a user