pool/mozilla-nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1147963 from mozilla:Factory

Browse Source 
- update to NSS 3.97
  * bmo#1875506 - make Xyber768d00 opt-in by policy
  * bmo#1871631 - add libssl support for xyber768d00
  * bmo#1871630 - add PK11_ConcatSymKeys
  * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
  * bmo#1871152 - add a FreeBL API for Kyber
  * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
  * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
  * bmo#1835828 - Removing the calls to RSA Blind from loader.*
  * bmo#1874111 - fix worker type for level3 mac tasks
  * bmo#1835828 - RSA Blind implementation
  * bmo#1869642 - Remove DSA selftests
  * bmo#1873296 - read KWP testvectors from JSON
  * bmo#1822450 - Backed out changeset dcb174139e4f
  * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
  * bmo#1871219 - Wrap CC shell commands in gyp expansions

OBS-URL: https://build.opensuse.org/request/show/1147963
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=213
This commit is contained in:
Ana Guerrero 2024-02-21 16:54:55 +00:00 committed by Git OBS Bridge
commit 5bd20de299
12 changed files with 73 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
mozilla-nss.changes
View File

@ -1,3 +1,23 @@
-------------------------------------------------------------------
Tue Feb 20 09:27:23 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to NSS 3.97
* bmo#1875506 - make Xyber768d00 opt-in by policy
* bmo#1871631 - add libssl support for xyber768d00
* bmo#1871630 - add PK11_ConcatSymKeys
* bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken
* bmo#1871152 - add a FreeBL API for Kyber
* bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff
* bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo
* bmo#1835828 - Removing the calls to RSA Blind from loader.*
* bmo#1874111 - fix worker type for level3 mac tasks
* bmo#1835828 - RSA Blind implementation
* bmo#1869642 - Remove DSA selftests
* bmo#1873296 - read KWP testvectors from JSON
* bmo#1822450 - Backed out changeset dcb174139e4f
* bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation
* bmo#1871219 - Wrap CC shell commands in gyp expansions
-------------------------------------------------------------------
Sun Jan 21 09:02:29 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>

6
mozilla-nss.spec
View File

@ -17,14 +17,14 @@
#
%global nss_softokn_fips_version 3.96
%global nss_softokn_fips_version 3.97
%define NSPR_min_version 4.35
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss
Version: 3.96.1
Version: 3.97
Release: 0
%define underscore_version 3_96_1
%define underscore_version 3_97
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries

3
nss-3.96.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c51e89f6fbb06163f4302e368eeb672d748b52d583948bdb15ef1b069237a496
size 76715092

3
nss-3.97.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:078efb8393f32e40b1fb4bf6930fff7f1aabed01287fcc5fe58aba736765fa0a
size 76664827

20
nss-fips-aes-keywrap-post.patch
View File

@ -9,9 +9,9 @@ Author: Hans Petter Jansson <hpj@cl.no>
AES Keywrap POST.
diff --git nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c
index ecbe9e0..3fec612 100644
--- nss/lib/freebl/fipsfreebl.c
Index: nss/lib/freebl/fipsfreebl.c
===================================================================
--- nss.orig/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -113,6 +113,9 @@ DllMain(
#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
@ -23,7 +23,7 @@ index ecbe9e0..3fec612 100644
/* FIPS preprocessor directives for message digests */
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
@@ -300,6 +303,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
@@ -292,6 +295,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" };
@ -33,7 +33,7 @@ index ecbe9e0..3fec612 100644
/* AES Known Ciphertext (128-bit key). */
static const PRUint8 aes_ecb128_known_ciphertext[] = {
0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
@@ -370,6 +376,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
@@ -362,6 +368,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
};
@ -59,7 +59,7 @@ index ecbe9e0..3fec612 100644
const PRUint8 *aes_ecb_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext;
@@ -382,11 +407,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
@@ -374,11 +399,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
const PRUint8 *aes_cmac_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext : aes_cmac256_known_ciphertext;
@ -75,10 +75,11 @@ index ecbe9e0..3fec612 100644
unsigned int aes_bytes_encrypted;
unsigned int aes_bytes_decrypted;
CK_NSS_GCM_PARAMS gcmParams;
@@ -613,6 +642,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
@@ -604,6 +633,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return (SECFailure);
}
+
+ /********************************/
+ /* AES Keywrap En/Decrypt Test. */
+ /********************************/
@ -124,7 +125,6 @@ index ecbe9e0..3fec612 100644
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return (SECFailure);
+ }
+
return (SECSuccess);
}

14
nss-fips-approved-crypto-non-ec.patch
View File

@ -369,7 +369,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -4821,6 +4821,9 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
@@ -4823,6 +4823,9 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
goto loser;
}
@ -379,7 +379,7 @@ Index: nss/lib/softoken/pkcs11c.c
/*
* handle the base object stuff
*/
@@ -4835,6 +4838,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
@@ -4837,6 +4840,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
if (crv == CKR_OK) {
*phKey = key->handle;
}
@ -387,7 +387,7 @@ Index: nss/lib/softoken/pkcs11c.c
loser:
PORT_Memset(buf, 0, sizeof buf);
sftk_FreeObject(key);
@@ -5751,11 +5755,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -5808,11 +5812,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
* created and linked.
*/
crv = sftk_handleObject(publicKey, session);
@ -400,7 +400,7 @@ Index: nss/lib/softoken/pkcs11c.c
return crv;
}
if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
@@ -5799,13 +5803,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -5856,13 +5860,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
sftk_FreeObject(publicKey);
NSC_DestroyObject(hSession, privateKey->handle);
sftk_FreeObject(privateKey);
@ -420,7 +420,7 @@ Index: nss/lib/softoken/pkcs11c.c
return CKR_OK;
}
@@ -7510,7 +7520,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
@@ -7568,7 +7578,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
} else {
/* now allocate the hash contexts */
md5 = MD5_NewContext();
@ -429,7 +429,7 @@ Index: nss/lib/softoken/pkcs11c.c
PORT_Memset(crsrdata, 0, sizeof crsrdata);
crv = CKR_HOST_MEMORY;
break;
@@ -7899,6 +7909,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
@@ -7957,6 +7967,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
PORT_Assert(i <= sizeof key_block);
}
@ -737,7 +737,7 @@ Index: nss/lib/softoken/pkcs11.c
===================================================================
--- nss.orig/lib/softoken/pkcs11.c
+++ nss/lib/softoken/pkcs11.c
@@ -557,17 +557,17 @@ static const struct mechanismList mechan
@@ -570,17 +570,17 @@ static const struct mechanismList mechan
{ CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,

16
nss-fips-combined-hash-sign-dsa-ecdsa.patch
View File

@ -68,7 +68,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -2679,7 +2679,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
@@ -2681,7 +2681,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@ -77,7 +77,7 @@ Index: nss/lib/softoken/pkcs11c.c
{
SECItem signature, digest;
SECStatus rv;
@@ -2697,6 +2697,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
@@ -2699,6 +2699,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
return rv;
}
@ -100,7 +100,7 @@ Index: nss/lib/softoken/pkcs11c.c
static SECStatus
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
void *dataBuf, unsigned int dataLen)
@@ -2714,7 +2730,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
@@ -2716,7 +2732,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
static SECStatus
nsc_ECDSASignStub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@ -109,7 +109,7 @@ Index: nss/lib/softoken/pkcs11c.c
{
SECItem signature, digest;
SECStatus rv;
@@ -2732,6 +2748,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
@@ -2734,6 +2750,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
return rv;
}
@ -132,7 +132,7 @@ Index: nss/lib/softoken/pkcs11c.c
/* NSC_SignInit setups up the signing operations. There are three basic
* types of signing:
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
@@ -3612,6 +3644,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
@@ -3614,6 +3646,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
info->hashOid = SEC_OID_##mmm; \
goto finish_rsa;
@ -155,7 +155,7 @@ Index: nss/lib/softoken/pkcs11c.c
switch (pMechanism->mechanism) {
INIT_RSA_VFY_MECH(MD5)
INIT_RSA_VFY_MECH(MD2)
@@ -4848,6 +4896,73 @@ loser:
@@ -4850,6 +4898,73 @@ loser:
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
@ -229,7 +229,7 @@ Index: nss/lib/softoken/pkcs11c.c
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -4901,8 +5016,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -4903,8 +5018,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
/* Variables used for Signature/Verification functions. */
/* Must be at least 256 bits for DSA2 digest */
@ -238,7 +238,7 @@ Index: nss/lib/softoken/pkcs11c.c
CK_ULONG signature_length;
if (keyType == CKK_RSA) {
@@ -5056,76 +5169,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -5058,76 +5171,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}

60
nss-fips-constructor-self-tests.patch
View File

@ -42,7 +42,7 @@ Index: nss/lib/freebl/blapi.h
===================================================================
--- nss.orig/lib/freebl/blapi.h
+++ nss/lib/freebl/blapi.h
@@ -1859,17 +1859,17 @@ extern void BL_Unload(void);
@@ -1860,17 +1860,17 @@ extern void BL_Unload(void);
/**************************************************************************
* Verify a given Shared library signature *
**************************************************************************/
@ -63,9 +63,9 @@ Index: nss/lib/freebl/blapi.h
/*********************************************************************/
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
@@ -1896,6 +1896,9 @@ extern int EC_GetPointSize(const ECParam
@@ -1921,6 +1921,9 @@ extern SECStatus Kyber_Encapsulate(Kyber
*/
extern int EC_GetScalarSize(const ECParams *params);
extern SECStatus Kyber_Decapsulate(KyberParams params, const SECItem *privKey, const SECItem *ciphertext, SECItem *secret);
+/* Unconditionally run the integrity check. */
+extern void BL_FIPSRepeatIntegrityCheck(void);
@ -484,33 +484,7 @@ Index: nss/lib/freebl/fipsfreebl.c
/*
* different platforms have different ways of calling and initial entry point
* when the dll/.so is loaded. Most platforms support either a posix pragma
@@ -1998,9 +2005,8 @@ freebl_fips_RNG_PowerUpSelfTest(void)
0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73,
0x10, 0x1f, 0x60, 0xd7
};
-
SECStatus rng_status = SECSuccess;
- PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH];
+ PRUint8 DSAX[DSA1_SUBPRIME_LEN];
/*******************************************/
/* Run the SP 800-90 Health tests */
@@ -2014,13 +2020,12 @@ freebl_fips_RNG_PowerUpSelfTest(void)
/*******************************************/
/* Generate DSAX fow given Q. */
/*******************************************/
-
rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX);
/* Verify DSAX to perform the RNG integrity check */
if ((rng_status != SECSuccess) ||
(PORT_Memcmp(DSAX, rng_known_DSAX,
- (FIPS_DSA_SUBPRIME_LENGTH)) != 0)) {
+ (DSA1_SUBPRIME_LEN)) != 0)) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
return SECFailure;
}
@@ -2028,17 +2033,19 @@ freebl_fips_RNG_PowerUpSelfTest(void)
@@ -1807,17 +1814,19 @@ freebl_fips_RNG_PowerUpSelfTest(void)
return (SECSuccess);
}
@ -531,7 +505,7 @@ Index: nss/lib/freebl/fipsfreebl.c
#define DO_FREEBL 1
#define DO_REST 2
@@ -2156,11 +2163,13 @@ static PRBool self_tests_ran = PR_FALSE;
@@ -1929,11 +1938,13 @@ static PRBool self_tests_ran = PR_FALSE;
static PRBool self_tests_freebl_success = PR_FALSE;
static PRBool self_tests_success = PR_FALSE;
@ -546,7 +520,7 @@ Index: nss/lib/freebl/fipsfreebl.c
{
SECStatus rv;
/* if the freebl self tests didn't run, there is something wrong with
@@ -2173,7 +2182,7 @@ BL_POSTRan(PRBool freebl_only)
@@ -1946,7 +1957,7 @@ BL_POSTRan(PRBool freebl_only)
return PR_TRUE;
}
/* if we only care about the freebl tests, we are good */
@ -555,7 +529,7 @@ Index: nss/lib/freebl/fipsfreebl.c
return PR_TRUE;
}
/* run the rest of the self tests */
@@ -2192,32 +2201,16 @@ BL_POSTRan(PRBool freebl_only)
@@ -1965,32 +1976,16 @@ BL_POSTRan(PRBool freebl_only)
return PR_TRUE;
}
@ -593,7 +567,7 @@ Index: nss/lib/freebl/fipsfreebl.c
self_tests_freebl_ran = PR_TRUE; /* we are running the tests */
if (!freebl_only) {
@@ -2229,20 +2222,55 @@ bl_startup_tests(void)
@@ -2002,20 +1997,55 @@ bl_startup_tests(void)
/* always run the post tests */
rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST);
if (rv != SECSuccess) {
@ -651,7 +625,7 @@ Index: nss/lib/freebl/fipsfreebl.c
}
/*
@@ -2251,19 +2279,12 @@ bl_startup_tests(void)
@@ -2024,19 +2054,12 @@ bl_startup_tests(void)
* power on selftest failed.
*/
SECStatus
@ -673,7 +647,7 @@ Index: nss/lib/freebl/fipsfreebl.c
if (rerun) {
/* reset the flags */
self_tests_freebl_ran = PR_FALSE;
@@ -2277,10 +2298,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo
@@ -2050,10 +2073,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo
return SECSuccess;
}
/* standalone freebl can initialize */
@ -865,7 +839,7 @@ Index: nss/lib/freebl/loader.h
/* Version 3.013 came to here */
@@ -912,6 +912,9 @@ struct FREEBLVectorStr {
@@ -920,6 +920,9 @@ struct FREEBLVectorStr {
/* Add new function pointers at the end of this struct and bump
* FREEBL_VERSION at the beginning of this file. */
@ -879,7 +853,7 @@ Index: nss/lib/freebl/manifest.mn
===================================================================
--- nss.orig/lib/freebl/manifest.mn
+++ nss/lib/freebl/manifest.mn
@@ -97,6 +97,7 @@ PRIVATE_EXPORTS = \
@@ -102,6 +102,7 @@ PRIVATE_EXPORTS = \
ecl.h \
ecl-curve.h \
eclt.h \
@ -887,7 +861,7 @@ Index: nss/lib/freebl/manifest.mn
$(NULL)
MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
@@ -189,6 +190,7 @@ ALL_HDRS = \
@@ -197,6 +198,7 @@ ALL_HDRS = \
shsign.h \
vis_proto.h \
seed.h \
@ -1628,7 +1602,7 @@ Index: nss/lib/softoken/manifest.mn
$(NULL)
PRIVATE_EXPORTS = \
@@ -55,6 +56,7 @@ CSRCS = \
@@ -56,6 +57,7 @@ CSRCS = \
softkver.c \
tlsprf.c \
jpakesftk.c \
@ -1654,10 +1628,10 @@ Index: nss/lib/freebl/ldvector.c
===================================================================
--- nss.orig/lib/freebl/ldvector.c
+++ nss/lib/freebl/ldvector.c
@@ -432,6 +432,8 @@ static const struct FREEBLVectorStr vect
SHAKE_256_Hash,
@@ -438,6 +438,8 @@ static const struct FREEBLVectorStr vect
Kyber_Decapsulate,
/* End of version 3.026 */
/* End of version 3.027 */
+ /* SUSE patch: Goes last */
+ BL_FIPSRepeatIntegrityCheck
};

184
nss-fips-dsa-kat.patch
View File

@ -24,187 +24,3 @@ Index: nss/lib/freebl/dsa.c
SECStatus
DSA_SignDigestWithSeed(DSAPrivateKey *key,
SECItem *signature,
Index: nss/lib/freebl/fipsfreebl.c
===================================================================
--- nss.orig/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -127,11 +127,11 @@ DllMain(
/* FIPS preprocessor directives for DSA. */
#define FIPS_DSA_TYPE siBuffer
-#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */
-#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */
-#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */
-#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */
-#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */
+#define FIPS_DSA_DIGEST_LENGTH 28 /* 224-bits */
+#define FIPS_DSA_SUBPRIME_LENGTH 28 /* 224-bits */
+#define FIPS_DSA_SIGNATURE_LENGTH 56 /* 448-bits */
+#define FIPS_DSA_PRIME_LENGTH 256 /* 2048-bits */
+#define FIPS_DSA_BASE_LENGTH 256 /* 2048-bits */
/* FIPS preprocessor directives for RNG. */
#define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */
@@ -1669,70 +1669,105 @@ freebl_fips_EC_PowerUpSelfTest()
static SECStatus
freebl_fips_DSA_PowerUpSelfTest(void)
{
- /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */
+ /* DSA Known P (2048-bits), Q (224-bits), and G (2048-bits) Values. */
static const PRUint8 dsa_P[] = {
- 0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28,
- 0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63,
- 0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0,
- 0x6d, 0xd2, 0x67, 0x6b, 0x37, 0x81, 0x83, 0x0c,
- 0xfe, 0x3a, 0x8a, 0xfd, 0xa0, 0x3b, 0x08, 0x91,
- 0x1c, 0xcb, 0xb5, 0x63, 0xb0, 0x1c, 0x70, 0xd0,
- 0xae, 0xe1, 0x60, 0x2e, 0x12, 0xeb, 0x54, 0xc7,
- 0xcf, 0xc6, 0xcc, 0xae, 0x97, 0x52, 0x32, 0x63,
- 0xd3, 0xeb, 0x55, 0xea, 0x2f, 0x4c, 0xd5, 0xd7,
- 0x3f, 0xda, 0xec, 0x49, 0x27, 0x0b, 0x14, 0x56,
- 0xc5, 0x09, 0xbe, 0x4d, 0x09, 0x15, 0x75, 0x2b,
- 0xa3, 0x42, 0x0d, 0x03, 0x71, 0xdf, 0x0f, 0xf4,
- 0x0e, 0xe9, 0x0c, 0x46, 0x93, 0x3d, 0x3f, 0xa6,
- 0x6c, 0xdb, 0xca, 0xe5, 0xac, 0x96, 0xc8, 0x64,
- 0x5c, 0xec, 0x4b, 0x35, 0x65, 0xfc, 0xfb, 0x5a,
- 0x1b, 0x04, 0x1b, 0xa1, 0x0e, 0xfd, 0x88, 0x15
+ 0xfe, 0x9f, 0xba, 0xff, 0x39, 0xa6, 0x00, 0x77,
+ 0x93, 0xfe, 0xa4, 0x58, 0x17, 0xf8, 0x37, 0x54,
+ 0x76, 0x39, 0x18, 0xcb, 0xbe, 0xca, 0x62, 0x8b,
+ 0x85, 0xbc, 0x60, 0x23, 0xf4, 0x7a, 0xb5, 0x75,
+ 0x31, 0xf4, 0x82, 0x83, 0x63, 0xc2, 0xdb, 0x8e,
+ 0x50, 0x67, 0xd6, 0xd9, 0xae, 0xa0, 0xd6, 0x13,
+ 0xc2, 0x35, 0x5b, 0x76, 0xf1, 0x00, 0x9c, 0x37,
+ 0xcb, 0x46, 0x3f, 0x6e, 0xef, 0xca, 0xff, 0xcc,
+ 0x1e, 0x15, 0xa1, 0x96, 0x70, 0x4c, 0xc9, 0x4d,
+ 0x7e, 0xde, 0x00, 0x1e, 0x76, 0x68, 0x35, 0x1c,
+ 0x31, 0x25, 0x37, 0x91, 0x98, 0x64, 0x40, 0x4c,
+ 0xf1, 0xc3, 0x0e, 0xf7, 0xf3, 0x16, 0x17, 0x79,
+ 0x7a, 0xa3, 0x11, 0x9a, 0xba, 0x72, 0x67, 0xe9,
+ 0x70, 0xd0, 0x16, 0x6a, 0x1a, 0x53, 0x4e, 0x1b,
+ 0xca, 0xb2, 0x79, 0xd8, 0x8c, 0x60, 0x53, 0xdb,
+ 0x48, 0x1c, 0x00, 0x2e, 0xd3, 0x29, 0x35, 0x14,
+ 0x6d, 0xd6, 0x23, 0x7c, 0x1c, 0xf3, 0x0d, 0x6a,
+ 0x7e, 0xb7, 0x09, 0x7d, 0xf2, 0x06, 0x29, 0x1c,
+ 0x1a, 0xdf, 0xd9, 0xe6, 0xb9, 0x2e, 0xd6, 0xb8,
+ 0xbf, 0xc5, 0xcd, 0xe7, 0xf4, 0xf9, 0x91, 0x38,
+ 0x2f, 0x61, 0xf9, 0xfe, 0xce, 0x16, 0x85, 0xc8,
+ 0xb7, 0xdd, 0x54, 0xe0, 0xa1, 0x54, 0x4f, 0xb3,
+ 0xdb, 0x72, 0xf3, 0xb9, 0xaa, 0xfe, 0x7b, 0xdd,
+ 0x5e, 0x59, 0x44, 0x6c, 0x4a, 0xfe, 0x67, 0x9b,
+ 0xcf, 0x78, 0x05, 0xd4, 0xc8, 0x98, 0xb3, 0x60,
+ 0x46, 0x44, 0x4e, 0x0b, 0xec, 0x19, 0x6c, 0xda,
+ 0xd6, 0x40, 0x3c, 0xd9, 0x96, 0xc8, 0x4a, 0x3b,
+ 0xc9, 0xb5, 0x52, 0x89, 0x2e, 0x68, 0xb9, 0xa0,
+ 0xd3, 0xbc, 0xa8, 0xd7, 0x6a, 0x7d, 0xe1, 0xf4,
+ 0x8c, 0x68, 0x3e, 0xc1, 0x5a, 0xac, 0x46, 0x6d,
+ 0xad, 0xe3, 0x89, 0x7f, 0x92, 0xa6, 0x29, 0xb2,
+ 0xc3, 0x3b, 0x20, 0x5f, 0x71, 0x00, 0x27, 0x87
};
static const PRUint8 dsa_Q[] = {
- 0xad, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e,
- 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6,
- 0x91, 0x99, 0x8b, 0xcf
+ 0xbc, 0xc9, 0xda, 0xca, 0xf9, 0x6b, 0xfa, 0x7e,
+ 0xbd, 0x9b, 0xfb, 0x48, 0x35, 0x1e, 0xe5, 0x8c,
+ 0x64, 0x46, 0xc7, 0x04, 0xb2, 0x44, 0x70, 0x9b,
+ 0x0a, 0x3f, 0x03, 0x01
};
static const PRUint8 dsa_G[] = {
- 0x78, 0x6e, 0xa9, 0xd8, 0xcd, 0x4a, 0x85, 0xa4,
- 0x45, 0xb6, 0x6e, 0x5d, 0x21, 0x50, 0x61, 0xf6,
- 0x5f, 0xdf, 0x5c, 0x7a, 0xde, 0x0d, 0x19, 0xd3,
- 0xc1, 0x3b, 0x14, 0xcc, 0x8e, 0xed, 0xdb, 0x17,
- 0xb6, 0xca, 0xba, 0x86, 0xa9, 0xea, 0x51, 0x2d,
- 0xc1, 0xa9, 0x16, 0xda, 0xf8, 0x7b, 0x59, 0x8a,
- 0xdf, 0xcb, 0xa4, 0x67, 0x00, 0x44, 0xea, 0x24,
- 0x73, 0xe5, 0xcb, 0x4b, 0xaf, 0x2a, 0x31, 0x25,
- 0x22, 0x28, 0x3f, 0x16, 0x10, 0x82, 0xf7, 0xeb,
- 0x94, 0x0d, 0xdd, 0x09, 0x22, 0x14, 0x08, 0x79,
- 0xba, 0x11, 0x0b, 0xf1, 0xff, 0x2d, 0x67, 0xac,
- 0xeb, 0xb6, 0x55, 0x51, 0x69, 0x97, 0xa7, 0x25,
- 0x6b, 0x9c, 0xa0, 0x9b, 0xd5, 0x08, 0x9b, 0x27,
- 0x42, 0x1c, 0x7a, 0x69, 0x57, 0xe6, 0x2e, 0xed,
- 0xa9, 0x5b, 0x25, 0xe8, 0x1f, 0xd2, 0xed, 0x1f,
- 0xdf, 0xe7, 0x80, 0x17, 0xba, 0x0d, 0x4d, 0x38
+ 0x5d, 0x23, 0xd1, 0xc5, 0x2e, 0x7e, 0x22, 0x3b,
+ 0x98, 0x03, 0xc3, 0xc0, 0x9d, 0xbe, 0x8f, 0x68,
+ 0x6b, 0xd0, 0xbf, 0x72, 0x20, 0x89, 0x5c, 0x8f,
+ 0x4c, 0x8e, 0x66, 0xfe, 0x8e, 0xfc, 0x02, 0x21,
+ 0xf3, 0xea, 0xc5, 0x23, 0x96, 0x9b, 0xa4, 0x2e,
+ 0xac, 0x35, 0x9f, 0x70, 0x90, 0x79, 0xd9, 0x42,
+ 0xfa, 0x0e, 0x4c, 0x1f, 0x55, 0xcf, 0x8b, 0xb5,
+ 0x98, 0x71, 0xfa, 0xf1, 0xbc, 0xfd, 0xc7, 0x2b,
+ 0x5a, 0xa6, 0x53, 0x86, 0xf1, 0xa3, 0xd5, 0xbc,
+ 0xad, 0x08, 0x80, 0x23, 0x40, 0xea, 0xc9, 0x2f,
+ 0x58, 0xfb, 0xa9, 0xda, 0x8d, 0xc5, 0xfa, 0x46,
+ 0x0a, 0x0a, 0xe8, 0x03, 0xef, 0x04, 0x53, 0x09,
+ 0xc4, 0x7f, 0x69, 0x59, 0x68, 0xb5, 0x52, 0x91,
+ 0x3d, 0xe1, 0xbc, 0xa0, 0x6b, 0x41, 0xec, 0x07,
+ 0x0b, 0xf5, 0xf5, 0x62, 0xf5, 0xeb, 0xb7, 0x7e,
+ 0xc5, 0x32, 0x3d, 0x1e, 0x03, 0xda, 0x75, 0x24,
+ 0xb6, 0xe5, 0xb9, 0xfd, 0x36, 0x3d, 0xa4, 0xbf,
+ 0xc4, 0xee, 0x3b, 0xb5, 0x14, 0x85, 0x5c, 0x2d,
+ 0x80, 0xb2, 0x55, 0xb6, 0x70, 0x21, 0xf2, 0x94,
+ 0x63, 0xa5, 0xc2, 0x6f, 0xee, 0x34, 0x81, 0xae,
+ 0xc6, 0x0f, 0xf3, 0xef, 0xb4, 0xde, 0xa5, 0x58,
+ 0x6f, 0x57, 0xc1, 0x51, 0x0a, 0xe4, 0x4e, 0xf0,
+ 0xed, 0xee, 0x42, 0xdc, 0xff, 0x4b, 0x14, 0xa3,
+ 0xcc, 0x6e, 0xa8, 0x0c, 0x29, 0x81, 0xdb, 0xce,
+ 0x78, 0x4d, 0x43, 0xe0, 0xe1, 0x60, 0xc8, 0x3e,
+ 0x54, 0x00, 0x29, 0x20, 0x25, 0x40, 0x22, 0xac,
+ 0xfa, 0x75, 0xb1, 0x4e, 0xcc, 0x61, 0x54, 0x27,
+ 0x2c, 0x95, 0xaf, 0x4c, 0x02, 0xa7, 0x55, 0xbd,
+ 0xed, 0xe2, 0x25, 0xfc, 0xba, 0xd2, 0x5b, 0xd7,
+ 0x33, 0xa1, 0xe9, 0xb4, 0x7f, 0x7e, 0xfe, 0xbb,
+ 0xfa, 0x54, 0xce, 0x3c, 0xbc, 0xd1, 0x03, 0x50,
+ 0x9d, 0xa9, 0x38, 0x9a, 0xf8, 0x67, 0xb1, 0xa3
};
- /* DSA Known Random Values (known random key block is 160-bits) */
- /* and (known random signature block is 160-bits). */
+ /* DSA Known Random Values (known random key block is 224-bits) */
+ /* and (known random signature block is 224-bits). */
static const PRUint8 dsa_known_random_key_block[] = {
- "Mozilla Rules World!"
+ "Mozilla Rules World! Always."
};
static const PRUint8 dsa_known_random_signature_block[] = {
- "Random DSA Signature"
+ "Random DSA Signature, Longer"
};
- /* DSA Known Digest (160-bits) */
- static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" };
+ /* DSA Known Digest (224-bits) */
+ static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest, Longer" };
- /* DSA Known Signature (320-bits). */
+ /* DSA Known Signature (448-bits). */
static const PRUint8 dsa_known_signature[] = {
- 0x25, 0x7c, 0x3a, 0x79, 0x32, 0x45, 0xb7, 0x32,
- 0x70, 0xca, 0x62, 0x63, 0x2b, 0xf6, 0x29, 0x2c,
- 0x22, 0x2a, 0x03, 0xce, 0x48, 0x15, 0x11, 0x72,
- 0x7b, 0x7e, 0xf5, 0x7a, 0xf3, 0x10, 0x3b, 0xde,
- 0x34, 0xc1, 0x9e, 0xd7, 0x27, 0x9e, 0x77, 0x38
+ 0x27, 0x04, 0xff, 0xd5, 0x2d, 0x80, 0x32, 0xea,
+ 0xac, 0xb5, 0x8b, 0x47, 0x17, 0xb1, 0x80, 0xed,
+ 0xd6, 0x0f, 0x72, 0x75, 0xe5, 0xba, 0x08, 0xc9,
+ 0x29, 0xc8, 0xc7, 0x75, 0x84, 0x60, 0x5a, 0xe9,
+ 0x55, 0xa4, 0x1c, 0xf0, 0xe3, 0xce, 0x4c, 0x8e,
+ 0x83, 0x3e, 0x7a, 0x77, 0x56, 0x7f, 0x83, 0xad,
+ 0x68, 0x36, 0x13, 0xa9, 0xd6, 0x08, 0x1f, 0x19
};
/* DSA variables. */
@@ -1774,7 +1809,7 @@ freebl_fips_DSA_PowerUpSelfTest(void)
dsa_signature_item.len = sizeof dsa_computed_signature;
dsa_digest_item.data = (unsigned char *)dsa_known_digest;
- dsa_digest_item.len = SHA1_LENGTH;
+ dsa_digest_item.len = SHA224_LENGTH;
/* Perform DSA signature process. */
dsa_status = DSA_SignDigestWithSeed(dsa_private_key,

4
nss-fips-pairwise-consistency-check.patch
View File

@ -14,7 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -4841,8 +4841,8 @@ loser:
@@ -4843,8 +4843,8 @@ loser:
return crv;
}
@ -25,7 +25,7 @@ Index: nss/lib/softoken/pkcs11c.c
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
@@ -5790,6 +5790,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -5847,6 +5847,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}

4
nss-fips-pct-pubkeys.patch
View File

@ -13,7 +13,7 @@ Index: nss/lib/softoken/pkcs11c.c
#include "seccomon.h"
#include "secitem.h"
#include "secport.h"
@@ -4963,6 +4964,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
@@ -4965,6 +4966,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
return crv;
}
@ -102,7 +102,7 @@ Index: nss/lib/softoken/pkcs11c.c
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -5309,6 +5392,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -5311,6 +5394,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}

2
nss-fips-zeroization.patch
View File

@ -107,7 +107,7 @@ Index: nss/lib/freebl/ec.c
===================================================================
--- nss.orig/lib/freebl/ec.c
+++ nss/lib/freebl/ec.c
@@ -1049,7 +1049,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, con
@@ -1121,7 +1121,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, con
mp_int n;
SECItem pointC = { siBuffer, NULL, 0 };
int slen; /* length in bytes of a half signature (r or s) */