pool/mozilla-nss
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=390

Browse Source
This commit is contained in:
Wolfgang Rosenauer 2022-07-26 20:46:30 +00:00 committed by Git OBS Bridge
parent e6797bdfe9
commit 36fe40e3e2
7 changed files with 1027 additions and 324 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
mozilla-nss.changes
View File

@ -24,10 +24,6 @@ Tue Jul 26 19:20:48 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
* bmo#1760998 - Avoid data race on primary password change.
* bmo#1769063 - Replace ppc64 dcbzl intrinisic.
* bmo#1771036 - Allow LDFLAGS override in makefile builds.
- FIPS patch updates
- removed obsolete patches
* nss-fips-tests-skip.patch
* nss-fips-tls-allow-md5-prf.patch
-------------------------------------------------------------------
Sat Jun 25 12:30:25 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>

4
mozilla-nss.spec
View File

@ -65,6 +65,7 @@ Patch19: nss-fips-cavs-dsa-fixes.patch
Patch20: nss-fips-cavs-rsa-fixes.patch
Patch21: nss-fips-approved-crypto-non-ec.patch
Patch22: nss-fips-zeroization.patch
Patch23: nss-fips-tls-allow-md5-prf.patch
Patch24: nss-fips-use-strong-random-pool.patch
Patch25: nss-fips-detect-fips-mode-fixes.patch
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
@ -73,6 +74,7 @@ Patch37: nss-fips-fix-missing-nspr.patch
Patch38: nss-fips-stricter-dh.patch
Patch40: nss-fips-180-3-csp-clearing.patch
Patch41: nss-fips-pbkdf-kat-compliance.patch
Patch42: nss-fips-tests-skip.patch
Patch44: nss-fips-tests-enable-fips.patch
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
@ -223,6 +225,7 @@ cd nss
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
@ -231,6 +234,7 @@ cd nss
%patch38 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch44 -p1
# additional CA certificates

3
nss-3.79.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:ebdf2d6a96613b6fe70ad579e9f983e0e94e0110171cfb2999db633d3394a514
size 84830113

329
nss-fips-approved-crypto-non-ec.patch
View File

@ -87,17 +87,62 @@ Index: nss/lib/freebl/arcfour.c
/* Architecture-dependent defines */
@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un
@@ -108,6 +109,7 @@ static const Stype Kinit[256] = {
RC4Context *
RC4_AllocateContext(void)
{
+ IN_FIPS_RETURN(NULL);
return PORT_ZNew(RC4Context);
}
@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const un
PRUint8 K[256];
PRUint8 *L;
+ IN_FIPS_RETURN(SECFailure);
+
/* verify the key length. */
PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const un
RC4Context *
RC4_CreateContext(const unsigned char *key, int len)
{
- RC4Context *cx = RC4_AllocateContext();
+ RC4Context *cx;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = RC4_AllocateContext();
if (cx) {
SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
if (rv != SECSuccess) {
@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *k
void
RC4_DestroyContext(RC4Context *cx, PRBool freeit)
{
+ IN_FIPS_RETURN();
if (freeit)
PORT_ZFree(cx, sizeof(*cx));
}
@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
+ IN_FIPS_RETURN(SECFailure);
+
PORT_Assert(maxOutputLen >= inputLen);
if (maxOutputLen < inputLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
+ IN_FIPS_RETURN(SECFailure);
+
PORT_Assert(maxOutputLen >= inputLen);
if (maxOutputLen < inputLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
Index: nss/lib/freebl/deprecated/seed.c
===================================================================
--- nss.orig/lib/freebl/deprecated/seed.c
@ -248,32 +293,56 @@ Index: nss/lib/freebl/md2.c
#define MD2_DIGEST_LEN 16
#define MD2_BUFSIZE 16
#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
@@ -66,7 +68,9 @@ SECStatus
@@ -66,7 +68,11 @@ SECStatus
MD2_Hash(unsigned char *dest, const char *src)
{
unsigned int len;
- MD2Context *cx = MD2_NewContext();
+ MD2Context *cx;
+
+ IN_FIPS_RETURN(SECFailure);
+
+ cx = MD2_NewContext();
if (!cx) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return SECFailure;
@@ -81,7 +85,9 @@ MD2_Hash(unsigned char *dest, const char
@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char
MD2Context *
MD2_NewContext(void)
{
- MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
+ MD2Context *cx;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return NULL;
@@ -226,6 +232,7 @@ MD2_End(MD2Context *cx, unsigned char *d
@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBoo
void
MD2_Begin(MD2Context *cx)
{
+ IN_FIPS_RETURN();
+
memset(cx, 0, sizeof(*cx));
cx->unusedBuffer = MD2_BUFSIZE;
}
@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigne
{
PRUint32 bytesToConsume;
+ IN_FIPS_RETURN();
+
/* Fill the remaining input buffer. */
if (cx->unusedBuffer != MD2_BUFSIZE) {
bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *d
unsigned int *digestLen, unsigned int maxDigestLen)
{
PRUint8 padStart;
+
+ IN_FIPS_RETURN();
+
if (maxDigestLen < MD2_BUFSIZE) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -291,18 +360,37 @@ Index: nss/lib/freebl/md5.c
#define MD5_HASH_LEN 16
#define MD5_BUFFER_SIZE 64
#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
@@ -215,7 +217,9 @@ MD5Context *
@@ -195,6 +197,7 @@ struct MD5ContextStr {
SECStatus
MD5_Hash(unsigned char *dest, const char *src)
{
+ IN_FIPS_RETURN(SECFailure);
return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const u
unsigned int len;
MD5Context cx;
+ IN_FIPS_RETURN(SECFailure);
+
MD5_Begin(&cx);
MD5_Update(&cx, src, src_length);
MD5_End(&cx, dest, &len, MD5_HASH_LEN);
@@ -215,7 +220,11 @@ MD5Context *
MD5_NewContext(void)
{
/* no need to ZAlloc, MD5_Begin will init the context */
- MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
+ MD5Context *cx;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return NULL;
@@ -226,7 +230,8 @@ MD5_NewContext(void)
@@ -226,7 +235,8 @@ MD5_NewContext(void)
void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
@ -312,6 +400,42 @@ Index: nss/lib/freebl/md5.c
if (freeit) {
PORT_Free(cx);
}
@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
void
MD5_Begin(MD5Context *cx)
{
+ IN_FIPS_RETURN();
+
cx->lsbInput = 0;
cx->msbInput = 0;
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigne
PRUint32 inBufIndex = cx->lsbInput & 63;
const PRUint32 *wBuf;
+ IN_FIPS_RETURN();
+
/* Add the number of input bytes to the 64-bit input counter. */
addto64(cx->msbInput, cx->lsbInput, inputLen);
if (inBufIndex) {
@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *d
PRUint32 lowInput, highInput;
PRUint32 inBufIndex = cx->lsbInput & 63;
+ IN_FIPS_RETURN();
+
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char
#endif
PRUint32 cv[4];
+ IN_FIPS_RETURN();
+
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
Index: nss/lib/freebl/nsslowhash.c
===================================================================
--- nss.orig/lib/freebl/nsslowhash.c
@ -324,18 +448,15 @@ Index: nss/lib/freebl/nsslowhash.c
struct NSSLOWInitContextStr {
int count;
@@ -92,6 +93,15 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
@@ -92,6 +93,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
{
NSSLOWHASHContext *context;
+#if 0
+ /* return with an error if unapproved hash is requested in FIPS mode */
+ /* This is now handled by the service level indicator */
+ if (!FIPS_hashAlgApproved(hashType)) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return NULL;
+ }
+#endif
+
if (post_failed) {
PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
@ -352,16 +473,13 @@ Index: nss/lib/freebl/rawhash.c
static void *
null_hash_new_context(void)
@@ -146,7 +147,11 @@ const SECHashObject SECRawHashObjects[]
@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[]
const SECHashObject *
HASH_GetRawHashObject(HASH_HashType hashType)
{
- if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
+ /* We rely on the service level indicator for algorithm approval now, so
+ * the FIPS check here has been commented out */
+
+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL
+ /* || (!FIPS_hashAlgApproved(hashType)) */) {
+ || (!FIPS_hashAlgApproved(hashType))) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
@ -369,24 +487,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -4806,6 +4806,8 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
goto loser;
}
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM, key);
+
/*
* handle the base object stuff
*/
@@ -4820,6 +4822,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
if (crv == CKR_OK) {
*phKey = key->handle;
}
+
loser:
PORT_Memset(buf, 0, sizeof buf);
sftk_FreeObject(key);
@@ -7495,7 +7498,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
@@ -7491,7 +7491,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
} else {
/* now allocate the hash contexts */
md5 = MD5_NewContext();
@ -408,10 +509,21 @@ Index: nss/lib/freebl/desblapi.c
#if defined(NSS_X86_OR_X64)
/* Intel X86 CPUs do unaligned loads and stores without complaint. */
#define COPY8B(to, from, ptr) \
@@ -145,12 +147,14 @@ DES_InitContext(DESContext *cx, const un
@@ -136,6 +138,8 @@ DES_EDE3CBCDe(DESContext *cx, BYTE *out,
DESContext *
DES_AllocateContext(void)
{
+ IN_FIPS_RETURN(NULL);
+
return PORT_ZNew(DESContext);
}
@@ -145,12 +149,16 @@ DES_InitContext(DESContext *cx, const un
unsigned int unused)
{
DESDirection opposite;
+
+ IN_FIPS_RETURN(SECFailure);
+
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -423,7 +535,7 @@ Index: nss/lib/freebl/desblapi.c
switch (mode) {
case NSS_DES: /* DES ECB */
DES_MakeSchedule(cx->ks0, key, cx->direction);
@@ -201,8 +205,11 @@ DES_InitContext(DESContext *cx, const un
@@ -201,8 +209,13 @@ DES_InitContext(DESContext *cx, const un
DESContext *
DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt)
{
@ -432,95 +544,43 @@ Index: nss/lib/freebl/desblapi.c
+ DESContext *cx;
+ SECStatus rv;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = PORT_ZNew(DESContext);
+ rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
@@ -225,7 +232,6 @@ SECStatus
@@ -214,6 +227,8 @@ DES_CreateContext(const BYTE *key, const
void
DES_DestroyContext(DESContext *cx, PRBool freeit)
{
+ IN_FIPS_RETURN();
+
if (cx) {
memset(cx, 0, sizeof *cx);
if (freeit)
@@ -225,6 +240,7 @@ SECStatus
DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
{
-
+ IN_FIPS_RETURN(SECFailure);
if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
cx->direction != DES_ENCRYPT) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -242,7 +248,6 @@ SECStatus
@@ -242,6 +258,7 @@ SECStatus
DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
{
-
+ IN_FIPS_RETURN(SECFailure);
if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
cx->direction != DES_DECRYPT) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
Index: nss/lib/softoken/fips_algorithms.h
===================================================================
--- nss.orig/lib/softoken/fips_algorithms.h
+++ nss/lib/softoken/fips_algorithms.h
@@ -57,7 +57,7 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
#define RSA_FB_STEP 1024
#define DSA_FB_KEY 2048, 4096 /* min, max */
#define DSA_FB_STEP 1024
-#define DH_FB_KEY 2048, 4096 /* min, max */
+#define DH_FB_KEY 2048, 8192 /* min, max */
#define DH_FB_STEP 1024
#define EC_FB_KEY 256, 521 /* min, max */
#define EC_FB_STEP 1 /* key limits handled by special operation */
@@ -65,7 +65,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
#define AES_FB_STEP 64
{ CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone },
{ CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
+#if 0
+ /* Non-approved */
{ CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone },
+#endif
/* -------------- RSA Multipart Signing Operations -------------------- */
{ CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
{ CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
@@ -76,9 +79,18 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
{ CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
/* ------------------------- DSA Operations --------------------------- */
+#if 0
{ CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
+#endif
+
+ /* Doesn't consider hash algo. Non-approved, but verification must be allowed
+ * since we use it for signature verification */
+ { CKM_DSA, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
+
+#if 0
{ CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
+#endif
+
{ CKM_DSA_SHA224, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
{ CKM_DSA_SHA256, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
{ CKM_DSA_SHA384, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
@@ -90,7 +102,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
/* -------------------- Elliptic Curve Operations --------------------- */
{ CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC },
{ CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC },
+#if 0
+ /* Doesn't consider hash algo. Non-approved */
{ CKM_ECDSA, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
+#endif
{ CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
{ CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
{ CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
@@ -100,8 +115,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+#if 0
+ /* Non-approved */
{ CKM_AES_MAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_MAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
+#endif
{ CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
@@ -111,8 +129,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
@@ -111,8 +111,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
@ -532,62 +592,3 @@ Index: nss/lib/softoken/fips_algorithms.h
/* ------------------------- Hashing Operations ----------------------- */
{ CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
{ CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
@@ -127,41 +148,44 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
{ CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
/* --------------------- Secret Key Operations ------------------------ */
- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
/* ---------------------- SSL/TLS operations ------------------------- */
{ CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_SHA256_KEY_DERIVATION, { 128, 256, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_SHA384_KEY_DERIVATION, { 192, 284, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SHA384_KEY_DERIVATION, { 192, 384, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_SHA512_KEY_DERIVATION, { 256, 512, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS_PRF_GENERAL, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
- { CKM_TLS_MAC, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
+ { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
/* sigh, is this algorithm really tested. ssl doesn't seem to have a
* way of turning the extension off */
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone },
/* ------------------------- HKDF Operations -------------------------- */
+#if 0
+ /* Only approved in the context of TLS 1.3 */
{ CKM_HKDF_DERIVE, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_HKDF_DATA, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone },
+#endif
/* ------------------ NIST 800-108 Key Derivations ------------------- */
- { CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
/* --------------------IPSEC ----------------------- */
- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE1_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
/* ------------------ PBE Key Derivations ------------------- */
- { CKM_PKCS5_PBKD2, { 1, 256, CKF_GEN }, 1, SFTKFIPSNone },
+ { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone },

722
nss-fips-constructor-self-tests.patch
View File

@ -1,7 +1,13 @@
diff --git a/cmd/chktest/chktest.c b/cmd/chktest/chktest.c
index a33d184..f09283a 100644
--- a/cmd/chktest/chktest.c
+++ b/cmd/chktest/chktest.c
commit d4f90dd0c5e15cfd9db416207d067cc3968b3a0c
Author: Hans Petter Jansson <hpj@cl.no>
Date: Sun Mar 15 21:54:30 2020 +0100
Patch 23: nss-fips-constructor-self-tests.patch
Index: nss/cmd/chktest/chktest.c
===================================================================
--- nss.orig/cmd/chktest/chktest.c
+++ nss/cmd/chktest/chktest.c
@@ -38,7 +38,7 @@ main(int argc, char **argv)
}
RNG_SystemInfoForRNG();
@ -11,10 +17,10 @@ index a33d184..f09283a 100644
printf("%s\n",
(good_result ? "SUCCESS" : "FAILURE"));
return (good_result) ? SECSuccess : SECFailure;
diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c
index ad8f3b8..a5b42d7 100644
--- a/cmd/shlibsign/shlibsign.c
+++ b/cmd/shlibsign/shlibsign.c
Index: nss/cmd/shlibsign/shlibsign.c
===================================================================
--- nss.orig/cmd/shlibsign/shlibsign.c
+++ nss/cmd/shlibsign/shlibsign.c
@@ -946,10 +946,12 @@ main(int argc, char **argv)
goto cleanup;
}
@ -32,10 +38,10 @@ index ad8f3b8..a5b42d7 100644
}
}
diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h
index 94fd802..45e1dd1 100644
--- a/lib/freebl/blapi.h
+++ b/lib/freebl/blapi.h
Index: nss/lib/freebl/blapi.h
===================================================================
--- nss.orig/lib/freebl/blapi.h
+++ nss/lib/freebl/blapi.h
@@ -1759,17 +1759,17 @@ extern void BL_Unload(void);
/**************************************************************************
* Verify a given Shared library signature *
@ -57,20 +63,403 @@ index 94fd802..45e1dd1 100644
/*********************************************************************/
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams,
*/
extern int EC_GetPointSize(const ECParams *params);
+/* Unconditionally run the integrity check. */
+extern void BL_FIPSRepeatIntegrityCheck(void);
Index: nss/lib/freebl/fips-selftest.inc
===================================================================
--- /dev/null
+++ nss/lib/freebl/fips-selftest.inc
@@ -0,0 +1,355 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test - common stuff.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
SEC_END_PROTOS
#endif /* _BLAPI_H_ */
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
index 23f665a..f080417 100644
--- a/lib/freebl/fipsfreebl.c
+++ b/lib/freebl/fipsfreebl.c
+#ifndef FIPS_INC
+#define FIPS_INC
+
+/* common functions used for FIPS selftests. Due to the modular design of NSS
+ * putting these into libfreebl would mean either amending the API represented
+ * by FREEBLVectorStr - which might cause problems with newer applications, or
+ * extending the API with another similar function set. Thus, to make things
+ * less complicated in the binaries, we mess up the source a bit. */
+
+#include <errno.h>
+#include <fcntl.h>
+#include <stdarg.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/stat.h>
+#include <unistd.h>
+#include <limits.h>
+
+#include <prtypes.h>
+#include <prerror.h>
+
+#include <prlink.h>
+
+#include "blapi.h"
+
+#define NSS_FORCE_FIPS_ENV "NSS_FIPS"
+#define FIPS_PROC_PATH "/proc/sys/crypto/fips_enabled"
+
+#define CHECKSUM_SUFFIX ".chk"
+
+typedef enum fips_check_status {
+ CHECK_UNCHECKED = -1,
+ CHECK_OK = 0,
+ CHECK_FAIL,
+ CHECK_FAIL_CRYPTO,
+ CHECK_MISSING
+} fips_check_status;
+
+/* initial value of FIPS state is -1 */
+static int fips_state = -1;
+
+static int fips_wanted = -1;
+
+static int fips_is_env = 0;
+static int fips_ignore_checksums = 0;
+
+/* debug messages are sent to stderr */
+static void
+debug(const char *fmt,...)
+{
+#if 0
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+ fputc('\n', stderr);
+#endif
+ return;
+}
+
+/* Fatal messages ending with abort(); this function never returns */
+static void __attribute__ ((__noreturn__))
+fatal(const char *fmt,...)
+{
+ va_list args;
+
+ va_start(args, fmt);
+ vfprintf(stderr, fmt, args);
+ va_end(args);
+ fputc('\n', stderr);
+ abort();
+}
+
+/* check whether FIPS moode is mandated by the kernel */
+static int
+fips_isWantedProc(void)
+{
+ int my_fips_wanted = 0;
+ int fips_fd;
+ char fips_sys = 0;
+
+ struct stat dummy;
+ if (-1 == stat(FIPS_PROC_PATH, &dummy)) {
+ switch (errno) {
+ case ENOENT:
+ case EACCES: /* Mozilla sandboxing returns EACCES instead of ENOENT */
+ case ENOTDIR:
+ break;
+ default:
+ fatal("Check for system-wide FIPS mode is required and %s cannot"
+ " be accessed for reason other than non-existence - aborting"
+ , FIPS_PROC_PATH);
+ break;
+ }
+ } else {
+ if (-1 == (fips_fd = open(FIPS_PROC_PATH, O_RDONLY))) {
+ fatal("Check for system-wide FIPS mode is required and %s cannot"
+ " be opened for reading - aborting"
+ , FIPS_PROC_PATH);
+ }
+ if (1 > read(fips_fd, &fips_sys, 1)) {
+ fatal("Check for system-wide FIPS mode is required and %s doesn't"
+ " return at least one character - aborting"
+ , FIPS_PROC_PATH);
+ }
+ close(fips_fd);
+ switch (fips_sys) {
+ case '0':
+ case '1':
+ my_fips_wanted = fips_sys - '0';
+ break;
+ default:
+ fatal("Bogus character %c found in %s - aborting"
+ , fips_sys, FIPS_PROC_PATH);
+ }
+ }
+ return my_fips_wanted;
+}
+
+/* "legacy" from lib/sysinit/nsssysinit.c */
+static PRBool
+getFIPSEnv(void)
+{
+ char *fipsEnv = getenv("NSS_FIPS");
+ if (!fipsEnv) {
+ return PR_FALSE;
+ }
+ if ((strcasecmp(fipsEnv,"fips") == 0) ||
+ (strcasecmp(fipsEnv,"true") == 0) ||
+ (strcasecmp(fipsEnv,"on") == 0) ||
+ (strcasecmp(fipsEnv,"1") == 0)) {
+ return PR_TRUE;
+ }
+ return PR_FALSE;
+}
+
+static PRBool
+getIgnoreChecksumsEnv(void)
+{
+ char *checksumEnv = getenv("NSS_IGNORE_CHECKSUMS");
+ if (!checksumEnv) {
+ return PR_FALSE;
+ }
+ if ((strcasecmp(checksumEnv,"true") == 0) ||
+ (strcasecmp(checksumEnv,"on") == 0) ||
+ (strcasecmp(checksumEnv,"1") == 0)) {
+ return PR_TRUE;
+ }
+ return PR_FALSE;
+}
+
+static int
+fips_isWantedEnv(void)
+{
+ return getFIPSEnv() ? 1 : 0;
+}
+
+static int
+fips_isWanted(void)
+{
+ int fips_requests = 0;
+#ifdef LINUX
+ fips_requests += fips_isWantedProc();
+#endif
+ if (fips_requests < 1)
+ {
+ fips_is_env = 1;
+ fips_ignore_checksums = getIgnoreChecksumsEnv();
+ }
+ fips_requests += fips_isWantedEnv();
+
+ return fips_requests;
+}
+
+static PRBool
+fips_check_signature_external (const char *full_lib_name, int *err)
+{
+ char *p0, *p1;
+ char *ld_path;
+ PRBool rv = PR_FALSE;
+
+ p0 = getenv ("LD_LIBRARY_PATH");
+ p0 = ld_path = strdup (p0 ? p0 : "");
+
+ for (p1 = strchr (p0, ':'); p1 && !rv; p1 = strchr (p0, ':'))
+ {
+ char *path;
+
+ *p1 = '\0';
+ path = malloc (strlen (p0) + strlen (full_lib_name) + 2);
+ strcpy (path, p0);
+ strcat (path, "/");
+ strcat (path, full_lib_name);
+
+ rv = BLAPI_SHVerifyFile (path, err);
+
+ free (path);
+ p0 = p1 + 1;
+ }
+
+ if (!rv)
+ {
+ char *path = malloc (strlen ("/usr/lib64/") + strlen (full_lib_name) + 1);
+ strcpy (path, "/usr/lib64/");
+ strcat (path, full_lib_name);
+ rv = BLAPI_SHVerifyFile (path, err);
+ }
+
+ free (ld_path);
+ return rv;
+}
+
+/* check integrity signatures (if present) */
+static fips_check_status
+fips_checkSignature(char *libName, PRFuncPtr addr)
+{
+ PRBool rv;
+ fips_check_status rv_check = CHECK_UNCHECKED;
+ int l = PATH_MAX;
+ int err = 0;
+ int err_NOENT = 0;
+ char full_lib_name[PATH_MAX+1];
+ full_lib_name[0] = '\0';
+
+ if (NULL == libName) {
+ err_NOENT = PR_FILE_NOT_FOUND_ERROR;
+ rv = BLAPI_VerifySelf(SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX, &err);
+ } else {
+ err_NOENT = PR_FILE_NOT_FOUND_ERROR;
+ strncat(full_lib_name, SHLIB_PREFIX, l);
+ l -= strlen(SHLIB_PREFIX);
+ strncat(full_lib_name, libName, l);
+ l -= strlen(libName);
+ strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l);
+ l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX);
+
+ if (NULL == addr)
+ rv = fips_check_signature_external (full_lib_name, &err);
+ else
+ rv = BLAPI_SHVerify(full_lib_name, addr, &err);
+ }
+
+ if (rv) {
+ rv_check = CHECK_OK;
+ } else {
+ if (err_NOENT == err) {
+ rv_check = CHECK_MISSING;
+ } else {
+ rv_check = CHECK_FAIL;
+ }
+ }
+
+ return rv_check;
+}
+
+/* decide what to do depending on the results of tests and system/required FIPS
+ * mode */
+static int
+fips_resolve(fips_check_status check, char *libName)
+{
+ int state;
+
+ if (fips_wanted) {
+ switch (check) {
+ case CHECK_OK:
+ debug("fips - %s: mandatory checksum ok"
+ , (libName) ? libName : "freebl");
+ break;
+ case CHECK_FAIL:
+ fatal("fips - %s: mandatory checksum failed - aborting"
+ , (libName) ? libName : "freebl");
+ break;
+ case CHECK_FAIL_CRYPTO:
+ fatal("fips - %s: mandatory crypto test failed - aborting"
+ , (libName) ? libName : "freebl");
+ break;
+ case CHECK_MISSING:
+ fatal("fips - %s: mandatory checksum data missing - aborting"
+ , (libName) ? libName : "freebl");
+ break;
+ default:
+ fatal("Fatal error: internal error at %s:%u"
+ , __FILE__, __LINE__);
+ break;
+ }
+ state = 1;
+ } else {
+ switch (check) {
+ case CHECK_OK:
+ debug("fips - %s: checksum ok"
+ , (libName) ? libName : "freebl");
+ break;
+ case CHECK_FAIL:
+#if 0
+ fatal("fips - %s: checksum failed - aborting"
+ , (libName) ? libName : "freebl");
+#else
+ debug("fips - %s: checksum failed - not in FIPS mode; continuing"
+ , (libName) ? libName : "freebl");
+#endif
+ break;
+ case CHECK_FAIL_CRYPTO:
+ fatal("fips - %s: crypto test failed - aborting"
+ , (libName) ? libName : "freebl");
+ break;
+ case CHECK_MISSING:
+ debug("fips - %s: mandatory checksum data missing, but not required in non FIPS mode; continuing non-FIPS"
+ , (libName) ? libName : "freebl");
+ break;
+ default:
+ fatal("Fatal error: internal error at %s:%u"
+ , __FILE__, __LINE__);
+ break;
+ }
+ state = 0;
+ }
+ return state;
+}
+
+/* generic selftest
+ * libName and addr are the name of shared object to check and a function
+ * contained therein; (NULL, NULL) performs selfcheck of freebl.
+ * crypto_check is callback that performs cryptographic algorithms checks; NULL
+ * for libraries that do not implement any cryptographic algorithms per se
+ */
+static int
+fips_initTest(char *libName, PRFuncPtr addr, fips_check_status cryptoCheck(void))
+{
+ fips_check_status check = CHECK_OK;
+
+ fips_wanted = fips_isWanted();
+
+ if (cryptoCheck) {
+ check = cryptoCheck();
+ debug("fips - %s: crypto check %s"
+ , (libName) ? libName : "freebl"
+ , (CHECK_OK == check) ? "ok" : "failed");
+ }
+
+ if (CHECK_OK == check) {
+ check = fips_checkSignature(libName, addr);
+ }
+
+ return fips_resolve(check, libName);
+}
+
+#endif
Index: nss/lib/freebl/fips.c
===================================================================
--- /dev/null
+++ nss/lib/freebl/fips.c
@@ -0,0 +1,7 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
Index: nss/lib/freebl/fips.h
===================================================================
--- /dev/null
+++ nss/lib/freebl/fips.h
@@ -0,0 +1,16 @@
+/*
+ * PKCS #11 FIPS Power-Up Self Test.
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef FIPS_H
+#define FIPS_H
+
+int FIPS_mode(void);
+int FIPS_mode_allow_tests(void);
+char* FIPS_rngDev(void);
+
+#endif
+
Index: nss/lib/freebl/fipsfreebl.c
===================================================================
--- nss.orig/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -21,6 +21,13 @@
#include "ec.h" /* Required for EC */
@ -85,7 +474,7 @@ index 23f665a..f080417 100644
/*
* different platforms have different ways of calling and initial entry point
* when the dll/.so is loaded. Most platforms support either a posix pragma
@@ -1963,9 +1970,8 @@ freebl_fips_RNG_PowerUpSelfTest(void)
@@ -1998,9 +2005,8 @@ freebl_fips_RNG_PowerUpSelfTest(void)
0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73,
0x10, 0x1f, 0x60, 0xd7
};
@ -96,7 +485,7 @@ index 23f665a..f080417 100644
/*******************************************/
/* Run the SP 800-90 Health tests */
@@ -1979,13 +1985,12 @@ freebl_fips_RNG_PowerUpSelfTest(void)
@@ -2014,13 +2020,12 @@ freebl_fips_RNG_PowerUpSelfTest(void)
/*******************************************/
/* Generate DSAX fow given Q. */
/*******************************************/
@ -111,7 +500,7 @@ index 23f665a..f080417 100644
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -1993,17 +1998,19 @@ freebl_fips_RNG_PowerUpSelfTest(void)
@@ -2028,17 +2033,19 @@ freebl_fips_RNG_PowerUpSelfTest(void)
return (SECSuccess);
}
@ -132,7 +521,7 @@ index 23f665a..f080417 100644
#define DO_FREEBL 1
#define DO_REST 2
@@ -2121,11 +2128,13 @@ static PRBool self_tests_ran = PR_FALSE;
@@ -2156,11 +2163,13 @@ static PRBool self_tests_ran = PR_FALSE;
static PRBool self_tests_freebl_success = PR_FALSE;
static PRBool self_tests_success = PR_FALSE;
@ -147,7 +536,7 @@ index 23f665a..f080417 100644
{
SECStatus rv;
/* if the freebl self tests didn't run, there is something wrong with
@@ -2138,7 +2147,7 @@ BL_POSTRan(PRBool freebl_only)
@@ -2173,7 +2182,7 @@ BL_POSTRan(PRBool freebl_only)
return PR_TRUE;
}
/* if we only care about the freebl tests, we are good */
@ -156,7 +545,7 @@ index 23f665a..f080417 100644
return PR_TRUE;
}
/* run the rest of the self tests */
@@ -2157,32 +2166,16 @@ BL_POSTRan(PRBool freebl_only)
@@ -2192,32 +2201,16 @@ BL_POSTRan(PRBool freebl_only)
return PR_TRUE;
}
@ -194,7 +583,7 @@ index 23f665a..f080417 100644
self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
if (!freebl_only) {
@@ -2194,20 +2187,55 @@ bl_startup_tests(void)
@@ -2229,20 +2222,55 @@ bl_startup_tests(void)
/* always run the post tests */
rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST);
if (rv != SECSuccess) {
@ -252,7 +641,7 @@ index 23f665a..f080417 100644
}
/*
@@ -2216,28 +2244,110 @@ bl_startup_tests(void)
@@ -2251,28 +2279,104 @@ bl_startup_tests(void)
* power on selftest failed.
*/
SECStatus
@ -285,12 +674,6 @@ index 23f665a..f080417 100644
return SECFailure;
}
+
+void
+BL_FIPSRepeatIntegrityCheck(void)
+{
+ fips_state = fips_initTest("freebl", NULL, NULL);
+}
+
+/* returns the FIPS mode we are running in or the one that we aspire to if the
+ * tests have not completed yet - which might happen during the crypto selftest
+ */
@ -373,44 +756,11 @@ index 23f665a..f080417 100644
+}
+
#endif
diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c
index ac3b862..8f3518b 100644
--- a/lib/freebl/ldvector.c
+++ b/lib/freebl/ldvector.c
@@ -376,9 +376,12 @@ static const struct FREEBLVectorStr vector =
/* End of version 3.024 */
ChaCha20_InitContext,
ChaCha20_CreateContext,
- ChaCha20_DestroyContext
+ ChaCha20_DestroyContext,
/* End of version 3.025 */
+
+ /* SUSE patch: Goes last */
+ BL_FIPSRepeatIntegrityCheck
};
const FREEBLVector*
diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c
index 692a883..deca671 100644
--- a/lib/freebl/loader.c
+++ b/lib/freebl/loader.c
@@ -95,6 +95,14 @@ BL_Init(void)
return (vector->p_BL_Init)();
}
+void
+BL_FIPSRepeatIntegrityCheck(void)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_BL_FIPSRepeatIntegrityCheck)();
+}
+
RSAPrivateKey *
RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
{
@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext *cx, unsigned char *output,
Index: nss/lib/freebl/loader.c
===================================================================
--- nss.orig/lib/freebl/loader.c
+++ nss/lib/freebl/loader.c
@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
}
PRBool
@ -424,7 +774,7 @@ index 692a883..deca671 100644
}
/*
@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncPtr addr)
@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
* in freebl_LoadDSO) to p_BLAPI_VerifySelf.
*/
PRBool
@ -439,7 +789,7 @@ index 692a883..deca671 100644
}
/* ============== New for 3.006 =============================== */
@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src)
@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
}
PRBool
@ -453,10 +803,10 @@ index 692a883..deca671 100644
}
/* === new for DSA-2 === */
diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h
index eb3046d..3bbc43a 100644
--- a/lib/freebl/loader.h
+++ b/lib/freebl/loader.h
Index: nss/lib/freebl/loader.h
===================================================================
--- nss.orig/lib/freebl/loader.h
+++ nss/lib/freebl/loader.h
@@ -299,8 +299,8 @@ struct FREEBLVectorStr {
/* Version 3.004 came to here */
@ -477,20 +827,10 @@ index eb3046d..3bbc43a 100644
/* Version 3.013 came to here */
@@ -834,6 +834,9 @@ struct FREEBLVectorStr {
/* Add new function pointers at the end of this struct and bump
* FREEBL_VERSION at the beginning of this file. */
+
+ /* SUSE patch: Goes last */
+ void (*p_BL_FIPSRepeatIntegrityCheck)(void);
};
typedef struct FREEBLVectorStr FREEBLVector;
diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn
index b6c5fb3..b8ba60b 100644
--- a/lib/freebl/manifest.mn
+++ b/lib/freebl/manifest.mn
Index: nss/lib/freebl/manifest.mn
===================================================================
--- nss.orig/lib/freebl/manifest.mn
+++ nss/lib/freebl/manifest.mn
@@ -97,6 +97,7 @@ PRIVATE_EXPORTS = \
ecl.h \
ecl-curve.h \
@ -499,7 +839,7 @@ index b6c5fb3..b8ba60b 100644
$(NULL)
MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
@@ -187,6 +188,7 @@ ALL_HDRS = \
@@ -186,6 +187,7 @@ ALL_HDRS = \
shsign.h \
vis_proto.h \
seed.h \
@ -507,10 +847,10 @@ index b6c5fb3..b8ba60b 100644
$(NULL)
diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c
index 0428bf6..f463352 100644
--- a/lib/freebl/shvfy.c
+++ b/lib/freebl/shvfy.c
Index: nss/lib/freebl/shvfy.c
===================================================================
--- nss.orig/lib/freebl/shvfy.c
+++ nss/lib/freebl/shvfy.c
@@ -22,6 +22,8 @@
#ifndef NSS_FIPS_DISABLED
@ -520,7 +860,7 @@ index 0428bf6..f463352 100644
/*
* Most modern version of Linux support a speed optimization scheme where an
* application called prelink modifies programs and shared libraries to quickly
@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int pid)
@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int
}
#endif
@ -578,7 +918,7 @@ index 0428bf6..f463352 100644
{
char *checkName = NULL;
PRFileDesc *checkFD = NULL;
@@ -341,7 +341,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
@@ -340,7 +340,7 @@ blapi_SHVerifyFile(const char *shName, P
#endif
PRBool result = PR_FALSE; /* if anything goes wrong,
@ -587,7 +927,7 @@ index 0428bf6..f463352 100644
unsigned char buf[4096];
unsigned char hashBuf[HASH_LENGTH_MAX];
@@ -368,14 +368,17 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
@@ -367,14 +367,17 @@ blapi_SHVerifyFile(const char *shName, P
/* open the check File */
checkFD = PR_Open(checkName, PR_RDONLY, 0);
if (checkFD == NULL) {
@ -608,7 +948,7 @@ index 0428bf6..f463352 100644
bytesRead = PR_Read(checkFD, buf, 12);
if (bytesRead != 12) {
goto loser;
@@ -416,7 +419,8 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
@@ -415,7 +418,8 @@ blapi_SHVerifyFile(const char *shName, P
if (rv != SECSuccess) {
goto loser;
}
@ -618,7 +958,7 @@ index 0428bf6..f463352 100644
rv = readItem(checkFD, &signature);
if (rv != SECSuccess) {
goto loser;
@@ -431,7 +435,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
@@ -430,7 +434,7 @@ blapi_SHVerifyFile(const char *shName, P
goto loser;
}
@ -627,7 +967,7 @@ index 0428bf6..f463352 100644
#ifdef FREEBL_USE_PRELINK
shFD = bl_OpenUnPrelink(shName, &pid);
#else
@@ -439,13 +443,13 @@ blapi_SHVerifyFile(const char *shName, PRBool self)
@@ -438,13 +442,13 @@ blapi_SHVerifyFile(const char *shName, P
#endif
if (shFD == NULL) {
#ifdef DEBUG_SHVERIFY
@ -644,7 +984,7 @@ index 0428bf6..f463352 100644
hashcx = hashObj->create();
if (hashcx == NULL) {
goto loser;
@@ -532,7 +536,7 @@ loser:
@@ -531,7 +535,7 @@ loser:
}
PRBool
@ -653,7 +993,7 @@ index 0428bf6..f463352 100644
{
if (name == NULL) {
/*
@@ -541,7 +545,7 @@ BLAPI_VerifySelf(const char *name)
@@ -540,7 +544,7 @@ BLAPI_VerifySelf(const char *name)
*/
return PR_TRUE;
}
@ -662,10 +1002,70 @@ index 0428bf6..f463352 100644
}
#else /* NSS_FIPS_DISABLED */
diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c
index aa4992c..ab3b693 100644
--- a/lib/softoken/fipstest.c
+++ b/lib/softoken/fipstest.c
Index: nss/lib/softoken/fips.c
===================================================================
--- /dev/null
+++ nss/lib/softoken/fips.c
@@ -0,0 +1,40 @@
+#include "../freebl/fips-selftest.inc"
+
+#include "fips.h"
+
+#include "softoken.h"
+
+#include <dlfcn.h>
+
+/* crypto algorithms selftest wrapper */
+static fips_check_status
+fips_checkCryptoSoftoken(void)
+{
+ if (CKR_OK == sftk_FIPSEntryOK()) {
+ return CHECK_OK;
+ } else {
+ return CHECK_FAIL_CRYPTO;
+ }
+
+ return CHECK_OK;
+}
+
+/* constructor - load-time selfchecks */
+static void __attribute__ ((constructor))
+fips_initTestSoftoken(void)
+{
+ fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken);
+
+ /* The legacy DB must be checked unconditionally in FIPS mode. As an exception,
+ * this can be turned off for the build-time tests using the env var
+ * NSS_IGNORE_CHECKSUMS. This is necessary because the files cannot be
+ * located before they're installed. It only works if FIPS mode is enabled
+ * via NSS_FIPS=1, not if it's set in /proc. */
+
+ if (fips_state && !(fips_is_env && fips_ignore_checksums))
+ {
+ fips_state = fips_initTest("nssdbm", (PRFuncPtr) NULL, NULL);
+ }
+
+ return;
+}
Index: nss/lib/softoken/fips.h
===================================================================
--- /dev/null
+++ nss/lib/softoken/fips.h
@@ -0,0 +1,10 @@
+#ifndef FIPS_H
+#define FIPS_H
+
+#include "softoken.h"
+
+CK_RV FIPS_cryptoSelftestSoftoken(void);
+CK_RV sftk_fipsPowerUpSelfTest(void);
+
+#endif
+
Index: nss/lib/softoken/fipstest.c
===================================================================
--- nss.orig/lib/softoken/fipstest.c
+++ nss/lib/softoken/fipstest.c
@@ -682,6 +682,327 @@ sftk_fips_HKDF_PowerUpSelfTest(void)
return (SECSuccess);
}
@ -1022,21 +1422,21 @@ index aa4992c..ab3b693 100644
+ /* check the DSA combined functions in softoken */
+ rv = sftk_fips_DSA_PowerUpSelfTest();
+ if (rv != SECSuccess) {
+ return;
+ }
return;
}
+
+ /* check the ECDSA combined functions in softoken */
+ rv = sftk_fips_ECDSA_PowerUpSelfTest();
+ if (rv != SECSuccess) {
return;
}
+ return;
+ }
+
+ /* Checksum is done by fips_initTestSoftoken() in fips.c */
+
rv = sftk_fips_IKE_PowerUpSelfTests();
if (rv != SECSuccess) {
return;
@@ -759,22 +1089,27 @@ sftk_startup_tests(void)
@@ -759,17 +1089,11 @@ sftk_startup_tests(void)
CK_RV
sftk_FIPSEntryOK()
{
@ -1056,26 +1456,50 @@ index aa4992c..ab3b693 100644
if (!sftk_self_tests_success) {
return CKR_DEVICE_ERROR;
}
return CKR_OK;
}
Index: nss/lib/softoken/legacydb/fips.c
===================================================================
--- /dev/null
+++ nss/lib/softoken/legacydb/fips.c
@@ -0,0 +1,25 @@
+#include "../../freebl/fips-selftest.inc"
+
+void fips_repeatTestSoftoken(void);
+#include "fips.h"
+
+void
+sftk_FIPSRepeatIntegrityCheck()
+/*** private per-module symbols ***/
+
+/* crypto algorithms selftest wrapper */
+static fips_check_status
+fips_checkCryptoDbm(void)
+{
+ /* These will abort if the checksum fails in FIPS mode */
+ BL_FIPSRepeatIntegrityCheck();
+ fips_repeatTestSoftoken();
+ /* no checks in dbm */
+ return CHECK_OK;
+}
+
#else
#include "pkcs11t.h"
CK_RV
diff --git a/lib/softoken/legacydb/lgfips.c b/lib/softoken/legacydb/lgfips.c
index b991dcf..efb7e52 100644
--- a/lib/softoken/legacydb/lgfips.c
+++ b/lib/softoken/legacydb/lgfips.c
+/* constructor - load-time selfchecks */
+static void __attribute__ ((constructor))
+fips_initTestDbm(void)
+{
+ fips_state = fips_initTest("nssdbm", (PRFuncPtr)fips_checkCryptoDbm, NULL);
+
+ return;
+}
+
+/*** public per-module symbols ***/
+
Index: nss/lib/softoken/legacydb/fips.h
===================================================================
--- /dev/null
+++ nss/lib/softoken/legacydb/fips.h
@@ -0,0 +1,5 @@
+#ifndef FIPS_H
+#define FIPS_H
+
+#endif
+
Index: nss/lib/softoken/legacydb/lgfips.c
===================================================================
--- nss.orig/lib/softoken/legacydb/lgfips.c
+++ nss/lib/softoken/legacydb/lgfips.c
@@ -90,7 +90,7 @@ lg_startup_tests(void)
/* no self tests required for the legacy db, only the integrity check */
@ -1085,10 +1509,10 @@ index b991dcf..efb7e52 100644
/* something is wrong with the library, fail without enabling
* the fips token */
return;
diff --git a/lib/softoken/legacydb/manifest.mn b/lib/softoken/legacydb/manifest.mn
index caac524..16c8847 100644
--- a/lib/softoken/legacydb/manifest.mn
+++ b/lib/softoken/legacydb/manifest.mn
Index: nss/lib/softoken/legacydb/manifest.mn
===================================================================
--- nss.orig/lib/softoken/legacydb/manifest.mn
+++ nss/lib/softoken/legacydb/manifest.mn
@@ -12,7 +12,7 @@ LIBRARY_NAME = nssdbm
LIBRARY_VERSION = 3
MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def
@ -1105,10 +1529,10 @@ index caac524..16c8847 100644
+ fips.c \
$(NULL)
diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn
index 34daf1c..c4c89fc 100644
--- a/lib/softoken/manifest.mn
+++ b/lib/softoken/manifest.mn
Index: nss/lib/softoken/manifest.mn
===================================================================
--- nss.orig/lib/softoken/manifest.mn
+++ nss/lib/softoken/manifest.mn
@@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \
softkver.h \
sdb.h \
@ -1125,17 +1549,3 @@ index 34daf1c..c4c89fc 100644
$(NULL)
ifndef NSS_DISABLE_DBM
diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h
index 30586fc..f6d4a4c 100644
--- a/lib/softoken/softoken.h
+++ b/lib/softoken/softoken.h
@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf,
/* make sure Power-up selftests have been run. */
extern CK_RV sftk_FIPSEntryOK(void);
+/* Unconditionally run the crypto self-tests. */
+extern PRBool sftk_FIPSRunTests();
+
/*
** make known fixed PKCS #11 key types to their sizes in bytes
*/

19
nss-fips-tests-skip.patch Normal file
View File

@ -0,0 +1,19 @@
Index: nss/tests/lowhash/lowhash.sh
===================================================================
--- nss.orig/tests/lowhash/lowhash.sh
+++ nss/tests/lowhash/lowhash.sh
@@ -61,11 +61,13 @@ lowhash_test()
! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then
echo "freebl lowhash not supported in this plaform."
else
- TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+ TESTS_FIPS_0="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+ TESTS_FIPS_1="SHA224 SHA256 SHA384 SHA512"
OLD_MODE=`echo ${NSS_FIPS}`
for fips_mode in 0 1; do
echo "lowhashtest with fips mode=${fips_mode}"
export NSS_FIPS=${fips_mode}
+ eval TESTS=\${TESTS_FIPS_${fips_mode}}
for TEST in ${TESTS}
do
echo "lowhashtest ${TEST}"

270
nss-fips-tls-allow-md5-prf.patch Normal file
View File

@ -0,0 +1,270 @@
# HG changeset patch
# User Hans Petter Jansson <hpj@cl.no>
# Date 1574240734 -3600
# Wed Nov 20 10:05:34 2019 +0100
# Node ID 0efca22bbafd7575b20461f255c46157c9321822
# Parent 3a2cb65dc157344cdad19e8e16e9c33e36f82d96
[PATCH] 30
From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001
---
nss/lib/freebl/md5.c | 67 ++++++++++++++++++++++++++------------
nss/lib/freebl/rawhash.c | 37 +++++++++++++++++++++
nss/lib/freebl/tlsprfalg.c | 5 ++-
nss/lib/softoken/pkcs11c.c | 4 +--
4 files changed, 90 insertions(+), 23 deletions(-)
Index: nss/lib/freebl/md5.c
===================================================================
--- nss.orig/lib/freebl/md5.c
+++ nss/lib/freebl/md5.c
@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const u
}
MD5Context *
-MD5_NewContext(void)
+MD5_NewContext_NonFIPS(void)
{
/* no need to ZAlloc, MD5_Begin will init the context */
MD5Context *cx;
- IN_FIPS_RETURN(NULL);
-
cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
@@ -232,6 +230,13 @@ MD5_NewContext(void)
return cx;
}
+MD5Context *
+MD5_NewContext(void)
+{
+ IN_FIPS_RETURN(NULL);
+ return MD5_NewContext_NonFIPS();
+}
+
void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
}
void
-MD5_Begin(MD5Context *cx)
+MD5_Begin_NonFIPS(MD5Context *cx)
{
- IN_FIPS_RETURN();
-
cx->lsbInput = 0;
cx->msbInput = 0;
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx)
cx->cv[3] = CV0_4;
}
+void
+MD5_Begin(MD5Context *cx)
+{
+ IN_FIPS_RETURN();
+ MD5_Begin_NonFIPS(cx);
+}
+
#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
#if defined(SOLARIS) || defined(HPUX)
@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUin
}
void
-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
{
PRUint32 bytesToConsume;
PRUint32 inBufIndex = cx->lsbInput & 63;
const PRUint32 *wBuf;
- IN_FIPS_RETURN();
-
/* Add the number of input bytes to the 64-bit input counter. */
addto64(cx->msbInput, cx->lsbInput, inputLen);
if (inBufIndex) {
@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigne
memcpy(cx->inBuf, input, inputLen);
}
+void
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+ IN_FIPS_RETURN();
+ MD5_Update_NonFIPS(cx, input, inputLen);
+}
+
static const unsigned char padbytes[] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -503,8 +518,8 @@ static const unsigned char padbytes[] =
};
void
-MD5_End(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
#ifndef IS_LITTLE_ENDIAN
PRUint32 tmp;
@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *d
PRUint32 lowInput, highInput;
PRUint32 inBufIndex = cx->lsbInput & 63;
- IN_FIPS_RETURN();
-
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *d
lowInput <<= 3;
if (inBufIndex < MD5_END_BUFFER) {
- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+ MD5_Update_NonFIPS(cx, padbytes, MD5_END_BUFFER - inBufIndex);
} else {
- MD5_Update(cx, padbytes,
- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+ MD5_Update_NonFIPS(cx, padbytes,
+ MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
}
/* Store the number of bytes input (before padding) in final 64 bits. */
@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *d
}
void
-MD5_EndRaw(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+MD5_End(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
+{
+ IN_FIPS_RETURN();
+ MD5_End_NonFIPS(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
#ifndef IS_LITTLE_ENDIAN
PRUint32 tmp;
#endif
PRUint32 cv[4];
- IN_FIPS_RETURN();
-
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char
*digestLen = MD5_HASH_LEN;
}
+void
+MD5_EndRaw(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
+{
+ IN_FIPS_RETURN();
+ MD5_EndRaw_NonFIPS(cx, digest, digestLen, maxDigestLen);
+}
+
unsigned int
MD5_FlattenSize(MD5Context *cx)
{
Index: nss/lib/freebl/rawhash.c
===================================================================
--- nss.orig/lib/freebl/rawhash.c
+++ nss/lib/freebl/rawhash.c
@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hash
}
return &SECRawHashObjects[hashType];
}
+
+/* Defined in md5.c */
+
+MD5Context *MD5_NewContext_NonFIPS(void);
+void MD5_Begin_NonFIPS(MD5Context *cx);
+void MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen);
+void MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+void MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+
+static const SECHashObject SECRawHashObjectMD5NonFIPS = {
+ MD5_LENGTH,
+ (void *(*)(void))MD5_NewContext_NonFIPS,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))MD5_DestroyContext,
+ (void (*)(void *))MD5_Begin_NonFIPS,
+ (void (*)(void *, const unsigned char *, unsigned int))MD5_Update_NonFIPS,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End_NonFIPS,
+ MD5_BLOCK_LENGTH,
+ HASH_AlgMD5,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw_NonFIPS
+};
+
+const SECHashObject *
+HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType)
+{
+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ if (hashType == HASH_AlgMD5)
+ return &SECRawHashObjectMD5NonFIPS;
+
+ return &SECRawHashObjects[hashType];
+}
Index: nss/lib/freebl/tlsprfalg.c
===================================================================
--- nss.orig/lib/freebl/tlsprfalg.c
+++ nss/lib/freebl/tlsprfalg.c
@@ -12,6 +12,9 @@
#include "hasht.h"
#include "alghmac.h"
+/* To get valid MD5 object in FIPS mode */
+const SECHashObject *HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType);
+
#define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX
/* TLS P_hash function */
@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const
SECStatus status;
HMACContext *cx;
SECStatus rv = SECFailure;
- const SECHashObject *hashObj = HASH_GetRawHashObject(hashType);
+ const SECHashObject *hashObj = HASH_GetRawHashObjectNonFIPS(hashType);
PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
PORT_Assert((seed != NULL) && (seed->data != NULL));
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -7158,7 +7158,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
SFTKAttribute *att2 = NULL;
unsigned char *buf;
SHA1Context *sha;
- MD5Context *md5;
+ MD5Context *md5 = NULL;
MD2Context *md2;
CK_ULONG macSize;
CK_ULONG tmpKeySize;
@@ -7698,7 +7698,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
}
sftk_FreeAttribute(att2);
md5 = MD5_NewContext();
- if (md5 == NULL) {
+ if (md5 == NULL && !isTLS) {
crv = CKR_HOST_MEMORY;
break;
}