diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 8cce831..ae00f74 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,23 @@ +------------------------------------------------------------------- +Tue Feb 20 09:27:23 UTC 2024 - Wolfgang Rosenauer + +- update to NSS 3.97 + * bmo#1875506 - make Xyber768d00 opt-in by policy + * bmo#1871631 - add libssl support for xyber768d00 + * bmo#1871630 - add PK11_ConcatSymKeys + * bmo#1775046 - add Kyber and a PKCS#11 KEM interface to softoken + * bmo#1871152 - add a FreeBL API for Kyber + * bmo#1826451 - part 2: vendor github.com/pq-crystals/kyber/commit/e0d1c6ff + * bmo#1826451 - part 1: add a script for vendoring kyber from pq-crystals repo + * bmo#1835828 - Removing the calls to RSA Blind from loader.* + * bmo#1874111 - fix worker type for level3 mac tasks + * bmo#1835828 - RSA Blind implementation + * bmo#1869642 - Remove DSA selftests + * bmo#1873296 - read KWP testvectors from JSON + * bmo#1822450 - Backed out changeset dcb174139e4f + * bmo#1822450 - Fix CKM_PBE_SHA1_DES2_EDE_CBC derivation + * bmo#1871219 - Wrap CC shell commands in gyp expansions + ------------------------------------------------------------------- Sun Jan 21 09:02:29 UTC 2024 - Wolfgang Rosenauer diff --git a/mozilla-nss.spec b/mozilla-nss.spec index e834bc0..4a6958f 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -17,14 +17,14 @@ # -%global nss_softokn_fips_version 3.96 +%global nss_softokn_fips_version 3.97 %define NSPR_min_version 4.35 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb Name: mozilla-nss -Version: 3.96.1 +Version: 3.97 Release: 0 -%define underscore_version 3_96_1 +%define underscore_version 3_97 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries diff --git a/nss-3.96.1.tar.gz b/nss-3.96.1.tar.gz deleted file mode 100644 index 0045edf..0000000 --- a/nss-3.96.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:c51e89f6fbb06163f4302e368eeb672d748b52d583948bdb15ef1b069237a496 -size 76715092 diff --git a/nss-3.97.tar.gz b/nss-3.97.tar.gz new file mode 100644 index 0000000..e2ef9a3 --- /dev/null +++ b/nss-3.97.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:078efb8393f32e40b1fb4bf6930fff7f1aabed01287fcc5fe58aba736765fa0a +size 76664827 diff --git a/nss-fips-aes-keywrap-post.patch b/nss-fips-aes-keywrap-post.patch index fcd782b..3a00097 100644 --- a/nss-fips-aes-keywrap-post.patch +++ b/nss-fips-aes-keywrap-post.patch @@ -9,9 +9,9 @@ Author: Hans Petter Jansson AES Keywrap POST. -diff --git nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c -index ecbe9e0..3fec612 100644 ---- nss/lib/freebl/fipsfreebl.c +Index: nss/lib/freebl/fipsfreebl.c +=================================================================== +--- nss.orig/lib/freebl/fipsfreebl.c +++ nss/lib/freebl/fipsfreebl.c @@ -113,6 +113,9 @@ DllMain( #define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */ @@ -23,7 +23,7 @@ index ecbe9e0..3fec612 100644 /* FIPS preprocessor directives for message digests */ #define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */ -@@ -300,6 +303,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -292,6 +295,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_ static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" }; @@ -33,7 +33,7 @@ index ecbe9e0..3fec612 100644 /* AES Known Ciphertext (128-bit key). */ static const PRUint8 aes_ecb128_known_ciphertext[] = { 0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1, -@@ -370,6 +376,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -362,6 +368,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_ }; @@ -59,7 +59,7 @@ index ecbe9e0..3fec612 100644 const PRUint8 *aes_ecb_known_ciphertext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext; -@@ -382,11 +407,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -374,11 +399,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_ const PRUint8 *aes_cmac_known_ciphertext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext : aes_cmac256_known_ciphertext; @@ -75,10 +75,11 @@ index ecbe9e0..3fec612 100644 unsigned int aes_bytes_encrypted; unsigned int aes_bytes_decrypted; CK_NSS_GCM_PARAMS gcmParams; -@@ -613,6 +642,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -604,6 +633,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_ + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return (SECFailure); } - ++ + /********************************/ + /* AES Keywrap En/Decrypt Test. */ + /********************************/ @@ -124,7 +125,6 @@ index ecbe9e0..3fec612 100644 + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return (SECFailure); + } -+ + return (SECSuccess); } - diff --git a/nss-fips-approved-crypto-non-ec.patch b/nss-fips-approved-crypto-non-ec.patch index 31adbce..e72b112 100644 --- a/nss-fips-approved-crypto-non-ec.patch +++ b/nss-fips-approved-crypto-non-ec.patch @@ -369,7 +369,7 @@ Index: nss/lib/softoken/pkcs11c.c =================================================================== --- nss.orig/lib/softoken/pkcs11c.c +++ nss/lib/softoken/pkcs11c.c -@@ -4821,6 +4821,9 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi +@@ -4823,6 +4823,9 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi goto loser; } @@ -379,7 +379,7 @@ Index: nss/lib/softoken/pkcs11c.c /* * handle the base object stuff */ -@@ -4835,6 +4838,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi +@@ -4837,6 +4840,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi if (crv == CKR_OK) { *phKey = key->handle; } @@ -387,7 +387,7 @@ Index: nss/lib/softoken/pkcs11c.c loser: PORT_Memset(buf, 0, sizeof buf); sftk_FreeObject(key); -@@ -5751,11 +5755,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS +@@ -5808,11 +5812,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS * created and linked. */ crv = sftk_handleObject(publicKey, session); @@ -400,7 +400,7 @@ Index: nss/lib/softoken/pkcs11c.c return crv; } if (sftk_isTrue(privateKey, CKA_SENSITIVE)) { -@@ -5799,13 +5803,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS +@@ -5856,13 +5860,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS sftk_FreeObject(publicKey); NSC_DestroyObject(hSession, privateKey->handle); sftk_FreeObject(privateKey); @@ -420,7 +420,7 @@ Index: nss/lib/softoken/pkcs11c.c return CKR_OK; } -@@ -7510,7 +7520,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -7568,7 +7578,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession } else { /* now allocate the hash contexts */ md5 = MD5_NewContext(); @@ -429,7 +429,7 @@ Index: nss/lib/softoken/pkcs11c.c PORT_Memset(crsrdata, 0, sizeof crsrdata); crv = CKR_HOST_MEMORY; break; -@@ -7899,6 +7909,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -7957,6 +7967,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession PORT_Assert(i <= sizeof key_block); } @@ -737,7 +737,7 @@ Index: nss/lib/softoken/pkcs11.c =================================================================== --- nss.orig/lib/softoken/pkcs11.c +++ nss/lib/softoken/pkcs11.c -@@ -557,17 +557,17 @@ static const struct mechanismList mechan +@@ -570,17 +570,17 @@ static const struct mechanismList mechan { CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE }, { CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE }, { CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, diff --git a/nss-fips-combined-hash-sign-dsa-ecdsa.patch b/nss-fips-combined-hash-sign-dsa-ecdsa.patch index a205c25..729480b 100644 --- a/nss-fips-combined-hash-sign-dsa-ecdsa.patch +++ b/nss-fips-combined-hash-sign-dsa-ecdsa.patch @@ -68,7 +68,7 @@ Index: nss/lib/softoken/pkcs11c.c =================================================================== --- nss.orig/lib/softoken/pkcs11c.c +++ nss/lib/softoken/pkcs11c.c -@@ -2679,7 +2679,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig +@@ -2681,7 +2681,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig static SECStatus nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, @@ -77,7 +77,7 @@ Index: nss/lib/softoken/pkcs11c.c { SECItem signature, digest; SECStatus rv; -@@ -2697,6 +2697,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu +@@ -2699,6 +2699,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu return rv; } @@ -100,7 +100,7 @@ Index: nss/lib/softoken/pkcs11c.c static SECStatus nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, void *dataBuf, unsigned int dataLen) -@@ -2714,7 +2730,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig +@@ -2716,7 +2732,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig static SECStatus nsc_ECDSASignStub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, @@ -109,7 +109,7 @@ Index: nss/lib/softoken/pkcs11c.c { SECItem signature, digest; SECStatus rv; -@@ -2732,6 +2748,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu +@@ -2734,6 +2750,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu return rv; } @@ -132,7 +132,7 @@ Index: nss/lib/softoken/pkcs11c.c /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied -@@ -3612,6 +3644,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio +@@ -3614,6 +3646,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio info->hashOid = SEC_OID_##mmm; \ goto finish_rsa; @@ -155,7 +155,7 @@ Index: nss/lib/softoken/pkcs11c.c switch (pMechanism->mechanism) { INIT_RSA_VFY_MECH(MD5) INIT_RSA_VFY_MECH(MD2) -@@ -4848,6 +4896,73 @@ loser: +@@ -4850,6 +4898,73 @@ loser: #define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */ #define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */ @@ -229,7 +229,7 @@ Index: nss/lib/softoken/pkcs11c.c /* * FIPS 140-2 pairwise consistency check utilized to validate key pair. * -@@ -4901,8 +5016,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION +@@ -4903,8 +5018,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION /* Variables used for Signature/Verification functions. */ /* Must be at least 256 bits for DSA2 digest */ @@ -238,7 +238,7 @@ Index: nss/lib/softoken/pkcs11c.c CK_ULONG signature_length; if (keyType == CKK_RSA) { -@@ -5056,76 +5169,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION +@@ -5058,76 +5171,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION } } diff --git a/nss-fips-constructor-self-tests.patch b/nss-fips-constructor-self-tests.patch index 9de6923..0e3c60e 100644 --- a/nss-fips-constructor-self-tests.patch +++ b/nss-fips-constructor-self-tests.patch @@ -42,7 +42,7 @@ Index: nss/lib/freebl/blapi.h =================================================================== --- nss.orig/lib/freebl/blapi.h +++ nss/lib/freebl/blapi.h -@@ -1859,17 +1859,17 @@ extern void BL_Unload(void); +@@ -1860,17 +1860,17 @@ extern void BL_Unload(void); /************************************************************************** * Verify a given Shared library signature * **************************************************************************/ @@ -63,9 +63,9 @@ Index: nss/lib/freebl/blapi.h /*********************************************************************/ extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType); -@@ -1896,6 +1896,9 @@ extern int EC_GetPointSize(const ECParam +@@ -1921,6 +1921,9 @@ extern SECStatus Kyber_Encapsulate(Kyber */ - extern int EC_GetScalarSize(const ECParams *params); + extern SECStatus Kyber_Decapsulate(KyberParams params, const SECItem *privKey, const SECItem *ciphertext, SECItem *secret); +/* Unconditionally run the integrity check. */ +extern void BL_FIPSRepeatIntegrityCheck(void); @@ -484,33 +484,7 @@ Index: nss/lib/freebl/fipsfreebl.c /* * different platforms have different ways of calling and initial entry point * when the dll/.so is loaded. Most platforms support either a posix pragma -@@ -1998,9 +2005,8 @@ freebl_fips_RNG_PowerUpSelfTest(void) - 0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73, - 0x10, 0x1f, 0x60, 0xd7 - }; -- - SECStatus rng_status = SECSuccess; -- PRUint8 DSAX[FIPS_DSA_SUBPRIME_LENGTH]; -+ PRUint8 DSAX[DSA1_SUBPRIME_LEN]; - - /*******************************************/ - /* Run the SP 800-90 Health tests */ -@@ -2014,13 +2020,12 @@ freebl_fips_RNG_PowerUpSelfTest(void) - /*******************************************/ - /* Generate DSAX fow given Q. */ - /*******************************************/ -- - rng_status = FIPS186Change_ReduceModQForDSA(GENX, Q, DSAX); - - /* Verify DSAX to perform the RNG integrity check */ - if ((rng_status != SECSuccess) || - (PORT_Memcmp(DSAX, rng_known_DSAX, -- (FIPS_DSA_SUBPRIME_LENGTH)) != 0)) { -+ (DSA1_SUBPRIME_LEN)) != 0)) { - PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); - return SECFailure; - } -@@ -2028,17 +2033,19 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -1807,17 +1814,19 @@ freebl_fips_RNG_PowerUpSelfTest(void) return (SECSuccess); } @@ -531,7 +505,7 @@ Index: nss/lib/freebl/fipsfreebl.c #define DO_FREEBL 1 #define DO_REST 2 -@@ -2156,11 +2163,13 @@ static PRBool self_tests_ran = PR_FALSE; +@@ -1929,11 +1938,13 @@ static PRBool self_tests_ran = PR_FALSE; static PRBool self_tests_freebl_success = PR_FALSE; static PRBool self_tests_success = PR_FALSE; @@ -546,7 +520,7 @@ Index: nss/lib/freebl/fipsfreebl.c { SECStatus rv; /* if the freebl self tests didn't run, there is something wrong with -@@ -2173,7 +2182,7 @@ BL_POSTRan(PRBool freebl_only) +@@ -1946,7 +1957,7 @@ BL_POSTRan(PRBool freebl_only) return PR_TRUE; } /* if we only care about the freebl tests, we are good */ @@ -555,7 +529,7 @@ Index: nss/lib/freebl/fipsfreebl.c return PR_TRUE; } /* run the rest of the self tests */ -@@ -2192,32 +2201,16 @@ BL_POSTRan(PRBool freebl_only) +@@ -1965,32 +1976,16 @@ BL_POSTRan(PRBool freebl_only) return PR_TRUE; } @@ -593,7 +567,7 @@ Index: nss/lib/freebl/fipsfreebl.c self_tests_freebl_ran = PR_TRUE; /* we are running the tests */ if (!freebl_only) { -@@ -2229,20 +2222,55 @@ bl_startup_tests(void) +@@ -2002,20 +1997,55 @@ bl_startup_tests(void) /* always run the post tests */ rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST); if (rv != SECSuccess) { @@ -651,7 +625,7 @@ Index: nss/lib/freebl/fipsfreebl.c } /* -@@ -2251,19 +2279,12 @@ bl_startup_tests(void) +@@ -2024,19 +2054,12 @@ bl_startup_tests(void) * power on selftest failed. */ SECStatus @@ -673,7 +647,7 @@ Index: nss/lib/freebl/fipsfreebl.c if (rerun) { /* reset the flags */ self_tests_freebl_ran = PR_FALSE; -@@ -2277,10 +2298,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo +@@ -2050,10 +2073,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo return SECSuccess; } /* standalone freebl can initialize */ @@ -865,7 +839,7 @@ Index: nss/lib/freebl/loader.h /* Version 3.013 came to here */ -@@ -912,6 +912,9 @@ struct FREEBLVectorStr { +@@ -920,6 +920,9 @@ struct FREEBLVectorStr { /* Add new function pointers at the end of this struct and bump * FREEBL_VERSION at the beginning of this file. */ @@ -879,7 +853,7 @@ Index: nss/lib/freebl/manifest.mn =================================================================== --- nss.orig/lib/freebl/manifest.mn +++ nss/lib/freebl/manifest.mn -@@ -97,6 +97,7 @@ PRIVATE_EXPORTS = \ +@@ -102,6 +102,7 @@ PRIVATE_EXPORTS = \ ecl.h \ ecl-curve.h \ eclt.h \ @@ -887,7 +861,7 @@ Index: nss/lib/freebl/manifest.mn $(NULL) MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h -@@ -189,6 +190,7 @@ ALL_HDRS = \ +@@ -197,6 +198,7 @@ ALL_HDRS = \ shsign.h \ vis_proto.h \ seed.h \ @@ -1628,7 +1602,7 @@ Index: nss/lib/softoken/manifest.mn $(NULL) PRIVATE_EXPORTS = \ -@@ -55,6 +56,7 @@ CSRCS = \ +@@ -56,6 +57,7 @@ CSRCS = \ softkver.c \ tlsprf.c \ jpakesftk.c \ @@ -1654,10 +1628,10 @@ Index: nss/lib/freebl/ldvector.c =================================================================== --- nss.orig/lib/freebl/ldvector.c +++ nss/lib/freebl/ldvector.c -@@ -432,6 +432,8 @@ static const struct FREEBLVectorStr vect - SHAKE_256_Hash, +@@ -438,6 +438,8 @@ static const struct FREEBLVectorStr vect + Kyber_Decapsulate, - /* End of version 3.026 */ + /* End of version 3.027 */ + /* SUSE patch: Goes last */ + BL_FIPSRepeatIntegrityCheck }; diff --git a/nss-fips-dsa-kat.patch b/nss-fips-dsa-kat.patch index 90029e0..e0841fc 100644 --- a/nss-fips-dsa-kat.patch +++ b/nss-fips-dsa-kat.patch @@ -24,187 +24,3 @@ Index: nss/lib/freebl/dsa.c SECStatus DSA_SignDigestWithSeed(DSAPrivateKey *key, SECItem *signature, -Index: nss/lib/freebl/fipsfreebl.c -=================================================================== ---- nss.orig/lib/freebl/fipsfreebl.c -+++ nss/lib/freebl/fipsfreebl.c -@@ -127,11 +127,11 @@ DllMain( - - /* FIPS preprocessor directives for DSA. */ - #define FIPS_DSA_TYPE siBuffer --#define FIPS_DSA_DIGEST_LENGTH 20 /* 160-bits */ --#define FIPS_DSA_SUBPRIME_LENGTH 20 /* 160-bits */ --#define FIPS_DSA_SIGNATURE_LENGTH 40 /* 320-bits */ --#define FIPS_DSA_PRIME_LENGTH 128 /* 1024-bits */ --#define FIPS_DSA_BASE_LENGTH 128 /* 1024-bits */ -+#define FIPS_DSA_DIGEST_LENGTH 28 /* 224-bits */ -+#define FIPS_DSA_SUBPRIME_LENGTH 28 /* 224-bits */ -+#define FIPS_DSA_SIGNATURE_LENGTH 56 /* 448-bits */ -+#define FIPS_DSA_PRIME_LENGTH 256 /* 2048-bits */ -+#define FIPS_DSA_BASE_LENGTH 256 /* 2048-bits */ - - /* FIPS preprocessor directives for RNG. */ - #define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */ -@@ -1669,70 +1669,105 @@ freebl_fips_EC_PowerUpSelfTest() - static SECStatus - freebl_fips_DSA_PowerUpSelfTest(void) - { -- /* DSA Known P (1024-bits), Q (160-bits), and G (1024-bits) Values. */ -+ /* DSA Known P (2048-bits), Q (224-bits), and G (2048-bits) Values. */ - static const PRUint8 dsa_P[] = { -- 0x80, 0xb0, 0xd1, 0x9d, 0x6e, 0xa4, 0xf3, 0x28, -- 0x9f, 0x24, 0xa9, 0x8a, 0x49, 0xd0, 0x0c, 0x63, -- 0xe8, 0x59, 0x04, 0xf9, 0x89, 0x4a, 0x5e, 0xc0, -- 0x6d, 0xd2, 0x67, 0x6b, 0x37, 0x81, 0x83, 0x0c, -- 0xfe, 0x3a, 0x8a, 0xfd, 0xa0, 0x3b, 0x08, 0x91, -- 0x1c, 0xcb, 0xb5, 0x63, 0xb0, 0x1c, 0x70, 0xd0, -- 0xae, 0xe1, 0x60, 0x2e, 0x12, 0xeb, 0x54, 0xc7, -- 0xcf, 0xc6, 0xcc, 0xae, 0x97, 0x52, 0x32, 0x63, -- 0xd3, 0xeb, 0x55, 0xea, 0x2f, 0x4c, 0xd5, 0xd7, -- 0x3f, 0xda, 0xec, 0x49, 0x27, 0x0b, 0x14, 0x56, -- 0xc5, 0x09, 0xbe, 0x4d, 0x09, 0x15, 0x75, 0x2b, -- 0xa3, 0x42, 0x0d, 0x03, 0x71, 0xdf, 0x0f, 0xf4, -- 0x0e, 0xe9, 0x0c, 0x46, 0x93, 0x3d, 0x3f, 0xa6, -- 0x6c, 0xdb, 0xca, 0xe5, 0xac, 0x96, 0xc8, 0x64, -- 0x5c, 0xec, 0x4b, 0x35, 0x65, 0xfc, 0xfb, 0x5a, -- 0x1b, 0x04, 0x1b, 0xa1, 0x0e, 0xfd, 0x88, 0x15 -+ 0xfe, 0x9f, 0xba, 0xff, 0x39, 0xa6, 0x00, 0x77, -+ 0x93, 0xfe, 0xa4, 0x58, 0x17, 0xf8, 0x37, 0x54, -+ 0x76, 0x39, 0x18, 0xcb, 0xbe, 0xca, 0x62, 0x8b, -+ 0x85, 0xbc, 0x60, 0x23, 0xf4, 0x7a, 0xb5, 0x75, -+ 0x31, 0xf4, 0x82, 0x83, 0x63, 0xc2, 0xdb, 0x8e, -+ 0x50, 0x67, 0xd6, 0xd9, 0xae, 0xa0, 0xd6, 0x13, -+ 0xc2, 0x35, 0x5b, 0x76, 0xf1, 0x00, 0x9c, 0x37, -+ 0xcb, 0x46, 0x3f, 0x6e, 0xef, 0xca, 0xff, 0xcc, -+ 0x1e, 0x15, 0xa1, 0x96, 0x70, 0x4c, 0xc9, 0x4d, -+ 0x7e, 0xde, 0x00, 0x1e, 0x76, 0x68, 0x35, 0x1c, -+ 0x31, 0x25, 0x37, 0x91, 0x98, 0x64, 0x40, 0x4c, -+ 0xf1, 0xc3, 0x0e, 0xf7, 0xf3, 0x16, 0x17, 0x79, -+ 0x7a, 0xa3, 0x11, 0x9a, 0xba, 0x72, 0x67, 0xe9, -+ 0x70, 0xd0, 0x16, 0x6a, 0x1a, 0x53, 0x4e, 0x1b, -+ 0xca, 0xb2, 0x79, 0xd8, 0x8c, 0x60, 0x53, 0xdb, -+ 0x48, 0x1c, 0x00, 0x2e, 0xd3, 0x29, 0x35, 0x14, -+ 0x6d, 0xd6, 0x23, 0x7c, 0x1c, 0xf3, 0x0d, 0x6a, -+ 0x7e, 0xb7, 0x09, 0x7d, 0xf2, 0x06, 0x29, 0x1c, -+ 0x1a, 0xdf, 0xd9, 0xe6, 0xb9, 0x2e, 0xd6, 0xb8, -+ 0xbf, 0xc5, 0xcd, 0xe7, 0xf4, 0xf9, 0x91, 0x38, -+ 0x2f, 0x61, 0xf9, 0xfe, 0xce, 0x16, 0x85, 0xc8, -+ 0xb7, 0xdd, 0x54, 0xe0, 0xa1, 0x54, 0x4f, 0xb3, -+ 0xdb, 0x72, 0xf3, 0xb9, 0xaa, 0xfe, 0x7b, 0xdd, -+ 0x5e, 0x59, 0x44, 0x6c, 0x4a, 0xfe, 0x67, 0x9b, -+ 0xcf, 0x78, 0x05, 0xd4, 0xc8, 0x98, 0xb3, 0x60, -+ 0x46, 0x44, 0x4e, 0x0b, 0xec, 0x19, 0x6c, 0xda, -+ 0xd6, 0x40, 0x3c, 0xd9, 0x96, 0xc8, 0x4a, 0x3b, -+ 0xc9, 0xb5, 0x52, 0x89, 0x2e, 0x68, 0xb9, 0xa0, -+ 0xd3, 0xbc, 0xa8, 0xd7, 0x6a, 0x7d, 0xe1, 0xf4, -+ 0x8c, 0x68, 0x3e, 0xc1, 0x5a, 0xac, 0x46, 0x6d, -+ 0xad, 0xe3, 0x89, 0x7f, 0x92, 0xa6, 0x29, 0xb2, -+ 0xc3, 0x3b, 0x20, 0x5f, 0x71, 0x00, 0x27, 0x87 - }; - - static const PRUint8 dsa_Q[] = { -- 0xad, 0x22, 0x59, 0xdf, 0xe5, 0xec, 0x4c, 0x6e, -- 0xf9, 0x43, 0xf0, 0x4b, 0x2d, 0x50, 0x51, 0xc6, -- 0x91, 0x99, 0x8b, 0xcf -+ 0xbc, 0xc9, 0xda, 0xca, 0xf9, 0x6b, 0xfa, 0x7e, -+ 0xbd, 0x9b, 0xfb, 0x48, 0x35, 0x1e, 0xe5, 0x8c, -+ 0x64, 0x46, 0xc7, 0x04, 0xb2, 0x44, 0x70, 0x9b, -+ 0x0a, 0x3f, 0x03, 0x01 - }; - - static const PRUint8 dsa_G[] = { -- 0x78, 0x6e, 0xa9, 0xd8, 0xcd, 0x4a, 0x85, 0xa4, -- 0x45, 0xb6, 0x6e, 0x5d, 0x21, 0x50, 0x61, 0xf6, -- 0x5f, 0xdf, 0x5c, 0x7a, 0xde, 0x0d, 0x19, 0xd3, -- 0xc1, 0x3b, 0x14, 0xcc, 0x8e, 0xed, 0xdb, 0x17, -- 0xb6, 0xca, 0xba, 0x86, 0xa9, 0xea, 0x51, 0x2d, -- 0xc1, 0xa9, 0x16, 0xda, 0xf8, 0x7b, 0x59, 0x8a, -- 0xdf, 0xcb, 0xa4, 0x67, 0x00, 0x44, 0xea, 0x24, -- 0x73, 0xe5, 0xcb, 0x4b, 0xaf, 0x2a, 0x31, 0x25, -- 0x22, 0x28, 0x3f, 0x16, 0x10, 0x82, 0xf7, 0xeb, -- 0x94, 0x0d, 0xdd, 0x09, 0x22, 0x14, 0x08, 0x79, -- 0xba, 0x11, 0x0b, 0xf1, 0xff, 0x2d, 0x67, 0xac, -- 0xeb, 0xb6, 0x55, 0x51, 0x69, 0x97, 0xa7, 0x25, -- 0x6b, 0x9c, 0xa0, 0x9b, 0xd5, 0x08, 0x9b, 0x27, -- 0x42, 0x1c, 0x7a, 0x69, 0x57, 0xe6, 0x2e, 0xed, -- 0xa9, 0x5b, 0x25, 0xe8, 0x1f, 0xd2, 0xed, 0x1f, -- 0xdf, 0xe7, 0x80, 0x17, 0xba, 0x0d, 0x4d, 0x38 -+ 0x5d, 0x23, 0xd1, 0xc5, 0x2e, 0x7e, 0x22, 0x3b, -+ 0x98, 0x03, 0xc3, 0xc0, 0x9d, 0xbe, 0x8f, 0x68, -+ 0x6b, 0xd0, 0xbf, 0x72, 0x20, 0x89, 0x5c, 0x8f, -+ 0x4c, 0x8e, 0x66, 0xfe, 0x8e, 0xfc, 0x02, 0x21, -+ 0xf3, 0xea, 0xc5, 0x23, 0x96, 0x9b, 0xa4, 0x2e, -+ 0xac, 0x35, 0x9f, 0x70, 0x90, 0x79, 0xd9, 0x42, -+ 0xfa, 0x0e, 0x4c, 0x1f, 0x55, 0xcf, 0x8b, 0xb5, -+ 0x98, 0x71, 0xfa, 0xf1, 0xbc, 0xfd, 0xc7, 0x2b, -+ 0x5a, 0xa6, 0x53, 0x86, 0xf1, 0xa3, 0xd5, 0xbc, -+ 0xad, 0x08, 0x80, 0x23, 0x40, 0xea, 0xc9, 0x2f, -+ 0x58, 0xfb, 0xa9, 0xda, 0x8d, 0xc5, 0xfa, 0x46, -+ 0x0a, 0x0a, 0xe8, 0x03, 0xef, 0x04, 0x53, 0x09, -+ 0xc4, 0x7f, 0x69, 0x59, 0x68, 0xb5, 0x52, 0x91, -+ 0x3d, 0xe1, 0xbc, 0xa0, 0x6b, 0x41, 0xec, 0x07, -+ 0x0b, 0xf5, 0xf5, 0x62, 0xf5, 0xeb, 0xb7, 0x7e, -+ 0xc5, 0x32, 0x3d, 0x1e, 0x03, 0xda, 0x75, 0x24, -+ 0xb6, 0xe5, 0xb9, 0xfd, 0x36, 0x3d, 0xa4, 0xbf, -+ 0xc4, 0xee, 0x3b, 0xb5, 0x14, 0x85, 0x5c, 0x2d, -+ 0x80, 0xb2, 0x55, 0xb6, 0x70, 0x21, 0xf2, 0x94, -+ 0x63, 0xa5, 0xc2, 0x6f, 0xee, 0x34, 0x81, 0xae, -+ 0xc6, 0x0f, 0xf3, 0xef, 0xb4, 0xde, 0xa5, 0x58, -+ 0x6f, 0x57, 0xc1, 0x51, 0x0a, 0xe4, 0x4e, 0xf0, -+ 0xed, 0xee, 0x42, 0xdc, 0xff, 0x4b, 0x14, 0xa3, -+ 0xcc, 0x6e, 0xa8, 0x0c, 0x29, 0x81, 0xdb, 0xce, -+ 0x78, 0x4d, 0x43, 0xe0, 0xe1, 0x60, 0xc8, 0x3e, -+ 0x54, 0x00, 0x29, 0x20, 0x25, 0x40, 0x22, 0xac, -+ 0xfa, 0x75, 0xb1, 0x4e, 0xcc, 0x61, 0x54, 0x27, -+ 0x2c, 0x95, 0xaf, 0x4c, 0x02, 0xa7, 0x55, 0xbd, -+ 0xed, 0xe2, 0x25, 0xfc, 0xba, 0xd2, 0x5b, 0xd7, -+ 0x33, 0xa1, 0xe9, 0xb4, 0x7f, 0x7e, 0xfe, 0xbb, -+ 0xfa, 0x54, 0xce, 0x3c, 0xbc, 0xd1, 0x03, 0x50, -+ 0x9d, 0xa9, 0x38, 0x9a, 0xf8, 0x67, 0xb1, 0xa3 - }; - -- /* DSA Known Random Values (known random key block is 160-bits) */ -- /* and (known random signature block is 160-bits). */ -+ /* DSA Known Random Values (known random key block is 224-bits) */ -+ /* and (known random signature block is 224-bits). */ - static const PRUint8 dsa_known_random_key_block[] = { -- "Mozilla Rules World!" -+ "Mozilla Rules World! Always." - }; - static const PRUint8 dsa_known_random_signature_block[] = { -- "Random DSA Signature" -+ "Random DSA Signature, Longer" - }; - -- /* DSA Known Digest (160-bits) */ -- static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest" }; -+ /* DSA Known Digest (224-bits) */ -+ static const PRUint8 dsa_known_digest[] = { "DSA Signature Digest, Longer" }; - -- /* DSA Known Signature (320-bits). */ -+ /* DSA Known Signature (448-bits). */ - static const PRUint8 dsa_known_signature[] = { -- 0x25, 0x7c, 0x3a, 0x79, 0x32, 0x45, 0xb7, 0x32, -- 0x70, 0xca, 0x62, 0x63, 0x2b, 0xf6, 0x29, 0x2c, -- 0x22, 0x2a, 0x03, 0xce, 0x48, 0x15, 0x11, 0x72, -- 0x7b, 0x7e, 0xf5, 0x7a, 0xf3, 0x10, 0x3b, 0xde, -- 0x34, 0xc1, 0x9e, 0xd7, 0x27, 0x9e, 0x77, 0x38 -+ 0x27, 0x04, 0xff, 0xd5, 0x2d, 0x80, 0x32, 0xea, -+ 0xac, 0xb5, 0x8b, 0x47, 0x17, 0xb1, 0x80, 0xed, -+ 0xd6, 0x0f, 0x72, 0x75, 0xe5, 0xba, 0x08, 0xc9, -+ 0x29, 0xc8, 0xc7, 0x75, 0x84, 0x60, 0x5a, 0xe9, -+ 0x55, 0xa4, 0x1c, 0xf0, 0xe3, 0xce, 0x4c, 0x8e, -+ 0x83, 0x3e, 0x7a, 0x77, 0x56, 0x7f, 0x83, 0xad, -+ 0x68, 0x36, 0x13, 0xa9, 0xd6, 0x08, 0x1f, 0x19 - }; - - /* DSA variables. */ -@@ -1774,7 +1809,7 @@ freebl_fips_DSA_PowerUpSelfTest(void) - dsa_signature_item.len = sizeof dsa_computed_signature; - - dsa_digest_item.data = (unsigned char *)dsa_known_digest; -- dsa_digest_item.len = SHA1_LENGTH; -+ dsa_digest_item.len = SHA224_LENGTH; - - /* Perform DSA signature process. */ - dsa_status = DSA_SignDigestWithSeed(dsa_private_key, diff --git a/nss-fips-pairwise-consistency-check.patch b/nss-fips-pairwise-consistency-check.patch index c68c9dd..e746eb5 100644 --- a/nss-fips-pairwise-consistency-check.patch +++ b/nss-fips-pairwise-consistency-check.patch @@ -14,7 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c =================================================================== --- nss.orig/lib/softoken/pkcs11c.c +++ nss/lib/softoken/pkcs11c.c -@@ -4841,8 +4841,8 @@ loser: +@@ -4843,8 +4843,8 @@ loser: return crv; } @@ -25,7 +25,7 @@ Index: nss/lib/softoken/pkcs11c.c /* * FIPS 140-2 pairwise consistency check utilized to validate key pair. -@@ -5790,6 +5790,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS +@@ -5847,6 +5847,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS (PRUint32)crv); sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg); } diff --git a/nss-fips-pct-pubkeys.patch b/nss-fips-pct-pubkeys.patch index cab50e2..c89a693 100644 --- a/nss-fips-pct-pubkeys.patch +++ b/nss-fips-pct-pubkeys.patch @@ -13,7 +13,7 @@ Index: nss/lib/softoken/pkcs11c.c #include "seccomon.h" #include "secitem.h" #include "secport.h" -@@ -4963,6 +4964,88 @@ pairwise_signverify_mech (CK_SESSION_HAN +@@ -4965,6 +4966,88 @@ pairwise_signverify_mech (CK_SESSION_HAN return crv; } @@ -102,7 +102,7 @@ Index: nss/lib/softoken/pkcs11c.c /* * FIPS 140-2 pairwise consistency check utilized to validate key pair. * -@@ -5309,6 +5392,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION +@@ -5311,6 +5394,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION } } diff --git a/nss-fips-zeroization.patch b/nss-fips-zeroization.patch index 9421495..a630d99 100644 --- a/nss-fips-zeroization.patch +++ b/nss-fips-zeroization.patch @@ -107,7 +107,7 @@ Index: nss/lib/freebl/ec.c =================================================================== --- nss.orig/lib/freebl/ec.c +++ nss/lib/freebl/ec.c -@@ -1049,7 +1049,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, con +@@ -1121,7 +1121,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, con mp_int n; SECItem pointC = { siBuffer, NULL, 0 }; int slen; /* length in bytes of a half signature (r or s) */