diff --git a/baselibs.conf b/baselibs.conf index 7842a35..7ba5b92 100644 --- a/baselibs.conf +++ b/baselibs.conf @@ -1,5 +1,5 @@ mozilla-nss - requires "mozilla-nspr- >= 4.35" + requires "mozilla-nspr- >= 4.36" requires "libfreebl3-" requires "libsoftokn3-" requires "libnssckbi.so" @@ -10,7 +10,7 @@ libsoftokn3 +/usr/lib/libsoftokn3.chk +/usr/lib/libnssdbm3.chk libfreebl3 - provides "libfreebl3-hmac- = -%release" + provides "libfreebl3-hmac- = -%release" obsoletes "libfreebl3-hmac- < -%release" +/lib/libfreebl3.chk +/lib/libfreeblpriv3.chk diff --git a/bmo-1400603.patch b/bmo-1400603.patch deleted file mode 100644 index 9f50235..0000000 --- a/bmo-1400603.patch +++ /dev/null @@ -1,337 +0,0 @@ -From b2f3a6407d2d6ec89522410d7ac4c56d310c92b1 Mon Sep 17 00:00:00 2001 -From: Daiki Ueno -Date: Mon, 18 Sep 2017 11:24:00 +0200 -Subject: [PATCH] freebl: Reorganize AES-GCM source code based on hw/sw - implementation - -diff --git a/lib/freebl/gcm-hw.c b/lib/freebl/gcm-hw.c -new file mode 100644 ---- /dev/null -+++ b/lib/freebl/gcm-hw.c -@@ -0,0 +1,151 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#ifdef FREEBL_NO_DEPEND -+#include "stubs.h" -+#endif -+#include "gcm.h" -+#include "secerr.h" -+ -+#ifdef NSS_X86_OR_X64 -+#include /* clmul */ -+#endif -+ -+#define WRITE64(x, bytes) \ -+ (bytes)[0] = (x) >> 56; \ -+ (bytes)[1] = (x) >> 48; \ -+ (bytes)[2] = (x) >> 40; \ -+ (bytes)[3] = (x) >> 32; \ -+ (bytes)[4] = (x) >> 24; \ -+ (bytes)[5] = (x) >> 16; \ -+ (bytes)[6] = (x) >> 8; \ -+ (bytes)[7] = (x); -+ -+SECStatus -+gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf, -+ unsigned int maxout) -+{ -+#ifdef NSS_X86_OR_X64 -+ uint64_t tmp_out[2]; -+ _mm_storeu_si128((__m128i *)tmp_out, ghash->x); -+ PORT_Assert(maxout >= 16); -+ WRITE64(tmp_out[0], outbuf + 8); -+ WRITE64(tmp_out[1], outbuf); -+ return SECSuccess; -+#else -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+#endif /* NSS_X86_OR_X64 */ -+} -+ -+SECStatus -+gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf, -+ unsigned int count) -+{ -+#ifdef NSS_X86_OR_X64 -+ size_t i; -+ pre_align __m128i z_high post_align; -+ pre_align __m128i z_low post_align; -+ pre_align __m128i C post_align; -+ pre_align __m128i D post_align; -+ pre_align __m128i E post_align; -+ pre_align __m128i F post_align; -+ pre_align __m128i bin post_align; -+ pre_align __m128i Ci post_align; -+ pre_align __m128i tmp post_align; -+ -+ for (i = 0; i < count; i++, buf += 16) { -+ bin = _mm_set_epi16(((uint16_t)buf[0] << 8) | buf[1], -+ ((uint16_t)buf[2] << 8) | buf[3], -+ ((uint16_t)buf[4] << 8) | buf[5], -+ ((uint16_t)buf[6] << 8) | buf[7], -+ ((uint16_t)buf[8] << 8) | buf[9], -+ ((uint16_t)buf[10] << 8) | buf[11], -+ ((uint16_t)buf[12] << 8) | buf[13], -+ ((uint16_t)buf[14] << 8) | buf[15]); -+ Ci = _mm_xor_si128(bin, ghash->x); -+ -+ /* Do binary mult ghash->X = Ci * ghash->H. */ -+ C = _mm_clmulepi64_si128(Ci, ghash->h, 0x00); -+ D = _mm_clmulepi64_si128(Ci, ghash->h, 0x11); -+ E = _mm_clmulepi64_si128(Ci, ghash->h, 0x01); -+ F = _mm_clmulepi64_si128(Ci, ghash->h, 0x10); -+ tmp = _mm_xor_si128(E, F); -+ z_high = _mm_xor_si128(tmp, _mm_slli_si128(D, 8)); -+ z_high = _mm_unpackhi_epi64(z_high, D); -+ z_low = _mm_xor_si128(_mm_slli_si128(tmp, 8), C); -+ z_low = _mm_unpackhi_epi64(_mm_slli_si128(C, 8), z_low); -+ -+ /* Shift one to the left (multiply by x) as gcm spec is stupid. */ -+ C = _mm_slli_si128(z_low, 8); -+ E = _mm_srli_epi64(C, 63); -+ D = _mm_slli_si128(z_high, 8); -+ F = _mm_srli_epi64(D, 63); -+ /* Carry over */ -+ C = _mm_srli_si128(z_low, 8); -+ D = _mm_srli_epi64(C, 63); -+ z_low = _mm_or_si128(_mm_slli_epi64(z_low, 1), E); -+ z_high = _mm_or_si128(_mm_or_si128(_mm_slli_epi64(z_high, 1), F), D); -+ -+ /* Reduce */ -+ C = _mm_slli_si128(z_low, 8); -+ /* D = z_low << 127 */ -+ D = _mm_slli_epi64(C, 63); -+ /* E = z_low << 126 */ -+ E = _mm_slli_epi64(C, 62); -+ /* F = z_low << 121 */ -+ F = _mm_slli_epi64(C, 57); -+ /* z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121); */ -+ z_low = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(z_low, D), E), F); -+ C = _mm_srli_si128(z_low, 8); -+ /* D = z_low >> 1 */ -+ D = _mm_slli_epi64(C, 63); -+ D = _mm_or_si128(_mm_srli_epi64(z_low, 1), D); -+ /* E = z_low >> 2 */ -+ E = _mm_slli_epi64(C, 62); -+ E = _mm_or_si128(_mm_srli_epi64(z_low, 2), E); -+ /* F = z_low >> 7 */ -+ F = _mm_slli_epi64(C, 57); -+ F = _mm_or_si128(_mm_srli_epi64(z_low, 7), F); -+ /* ghash->x ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7); */ -+ ghash->x = _mm_xor_si128(_mm_xor_si128( -+ _mm_xor_si128(_mm_xor_si128(z_high, z_low), D), E), -+ F); -+ } -+ return SECSuccess; -+#else -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+#endif /* NSS_X86_OR_X64 */ -+} -+ -+SECStatus -+gcm_HashInit_hw(gcmHashContext *ghash) -+{ -+#ifdef NSS_X86_OR_X64 -+ ghash->ghash_mul = gcm_HashMult_hw; -+ ghash->x = _mm_setzero_si128(); -+ /* MSVC requires __m64 to load epi64. */ -+ ghash->h = _mm_set_epi32(ghash->h_high >> 32, (uint32_t)ghash->h_high, -+ ghash->h_low >> 32, (uint32_t)ghash->h_low); -+ ghash->hw = PR_TRUE; -+ return SECSuccess; -+#else -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+#endif /* NSS_X86_OR_X64 */ -+} -+ -+SECStatus -+gcm_HashZeroX_hw(gcmHashContext *ghash) -+{ -+#ifdef NSS_X86_OR_X64 -+ ghash->x = _mm_setzero_si128(); -+ return SECSuccess; -+#else -+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); -+ return SECFailure; -+#endif /* NSS_X86_OR_X64 */ -+} -+ -diff --git a/lib/freebl/rijndael-hw.c b/lib/freebl/rijndael-hw.c -new file mode 100644 ---- /dev/null -+++ b/lib/freebl/rijndael-hw.c -@@ -0,0 +1,170 @@ -+/* This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#ifdef FREEBL_NO_DEPEND -+#include "stubs.h" -+#endif -+#include "rijndael.h" -+#include "secerr.h" -+ -+#ifdef NSS_X86_OR_X64 -+#include /* aes-ni */ -+#endif -+ -+#if defined(NSS_X86_OR_X64) -+#define EXPAND_KEY128(k, rcon, res) \ -+ tmp_key = _mm_aeskeygenassist_si128(k, rcon); \ -+ tmp_key = _mm_shuffle_epi32(tmp_key, 0xFF); \ -+ tmp = _mm_xor_si128(k, _mm_slli_si128(k, 4)); \ -+ tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \ -+ tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \ -+ res = _mm_xor_si128(tmp, tmp_key) -+ -+static void -+native_key_expansion128(AESContext *cx, const unsigned char *key) -+{ -+ __m128i *keySchedule = cx->keySchedule; -+ pre_align __m128i tmp_key post_align; -+ pre_align __m128i tmp post_align; -+ keySchedule[0] = _mm_loadu_si128((__m128i *)key); -+ EXPAND_KEY128(keySchedule[0], 0x01, keySchedule[1]); -+ EXPAND_KEY128(keySchedule[1], 0x02, keySchedule[2]); -+ EXPAND_KEY128(keySchedule[2], 0x04, keySchedule[3]); -+ EXPAND_KEY128(keySchedule[3], 0x08, keySchedule[4]); -+ EXPAND_KEY128(keySchedule[4], 0x10, keySchedule[5]); -+ EXPAND_KEY128(keySchedule[5], 0x20, keySchedule[6]); -+ EXPAND_KEY128(keySchedule[6], 0x40, keySchedule[7]); -+ EXPAND_KEY128(keySchedule[7], 0x80, keySchedule[8]); -+ EXPAND_KEY128(keySchedule[8], 0x1B, keySchedule[9]); -+ EXPAND_KEY128(keySchedule[9], 0x36, keySchedule[10]); -+} -+ -+#define EXPAND_KEY192_PART1(res, k0, kt, rcon) \ -+ tmp2 = _mm_slli_si128(k0, 4); \ -+ tmp1 = _mm_xor_si128(k0, tmp2); \ -+ tmp2 = _mm_slli_si128(tmp2, 4); \ -+ tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \ -+ tmp2 = _mm_aeskeygenassist_si128(kt, rcon); \ -+ res = _mm_xor_si128(tmp1, _mm_shuffle_epi32(tmp2, 0x55)) -+ -+#define EXPAND_KEY192_PART2(res, k1, k2) \ -+ tmp2 = _mm_xor_si128(k1, _mm_slli_si128(k1, 4)); \ -+ res = _mm_xor_si128(tmp2, _mm_shuffle_epi32(k2, 0xFF)) -+ -+#define EXPAND_KEY192(k0, res1, res2, res3, carry, rcon1, rcon2) \ -+ EXPAND_KEY192_PART1(tmp3, k0, res1, rcon1); \ -+ EXPAND_KEY192_PART2(carry, res1, tmp3); \ -+ res1 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(res1), \ -+ _mm_castsi128_pd(tmp3), 0)); \ -+ res2 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(tmp3), \ -+ _mm_castsi128_pd(carry), 1)); \ -+ EXPAND_KEY192_PART1(res3, tmp3, carry, rcon2) -+ -+static void -+native_key_expansion192(AESContext *cx, const unsigned char *key) -+{ -+ __m128i *keySchedule = cx->keySchedule; -+ pre_align __m128i tmp1 post_align; -+ pre_align __m128i tmp2 post_align; -+ pre_align __m128i tmp3 post_align; -+ pre_align __m128i carry post_align; -+ keySchedule[0] = _mm_loadu_si128((__m128i *)key); -+ keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16)); -+ EXPAND_KEY192(keySchedule[0], keySchedule[1], keySchedule[2], -+ keySchedule[3], carry, 0x1, 0x2); -+ EXPAND_KEY192_PART2(keySchedule[4], carry, keySchedule[3]); -+ EXPAND_KEY192(keySchedule[3], keySchedule[4], keySchedule[5], -+ keySchedule[6], carry, 0x4, 0x8); -+ EXPAND_KEY192_PART2(keySchedule[7], carry, keySchedule[6]); -+ EXPAND_KEY192(keySchedule[6], keySchedule[7], keySchedule[8], -+ keySchedule[9], carry, 0x10, 0x20); -+ EXPAND_KEY192_PART2(keySchedule[10], carry, keySchedule[9]); -+ EXPAND_KEY192(keySchedule[9], keySchedule[10], keySchedule[11], -+ keySchedule[12], carry, 0x40, 0x80); -+} -+ -+#define EXPAND_KEY256_PART(res, rconx, k1x, k2x, X) \ -+ tmp_key = _mm_shuffle_epi32(_mm_aeskeygenassist_si128(k2x, rconx), X); \ -+ tmp2 = _mm_slli_si128(k1x, 4); \ -+ tmp1 = _mm_xor_si128(k1x, tmp2); \ -+ tmp2 = _mm_slli_si128(tmp2, 4); \ -+ tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \ -+ res = _mm_xor_si128(tmp1, tmp_key); -+ -+#define EXPAND_KEY256(res1, res2, k1, k2, rcon) \ -+ EXPAND_KEY256_PART(res1, rcon, k1, k2, 0xFF); \ -+ EXPAND_KEY256_PART(res2, 0x00, k2, res1, 0xAA) -+ -+static void -+native_key_expansion256(AESContext *cx, const unsigned char *key) -+{ -+ __m128i *keySchedule = cx->keySchedule; -+ pre_align __m128i tmp_key post_align; -+ pre_align __m128i tmp1 post_align; -+ pre_align __m128i tmp2 post_align; -+ keySchedule[0] = _mm_loadu_si128((__m128i *)key); -+ keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16)); -+ EXPAND_KEY256(keySchedule[2], keySchedule[3], keySchedule[0], -+ keySchedule[1], 0x01); -+ EXPAND_KEY256(keySchedule[4], keySchedule[5], keySchedule[2], -+ keySchedule[3], 0x02); -+ EXPAND_KEY256(keySchedule[6], keySchedule[7], keySchedule[4], -+ keySchedule[5], 0x04); -+ EXPAND_KEY256(keySchedule[8], keySchedule[9], keySchedule[6], -+ keySchedule[7], 0x08); -+ EXPAND_KEY256(keySchedule[10], keySchedule[11], keySchedule[8], -+ keySchedule[9], 0x10); -+ EXPAND_KEY256(keySchedule[12], keySchedule[13], keySchedule[10], -+ keySchedule[11], 0x20); -+ EXPAND_KEY256_PART(keySchedule[14], 0x40, keySchedule[12], -+ keySchedule[13], 0xFF); -+} -+ -+#endif /* NSS_X86_OR_X64 */ -+ -+/* -+ * AES key expansion using aes-ni instructions. -+ */ -+void -+rijndael_native_key_expansion(AESContext *cx, const unsigned char *key, -+ unsigned int Nk) -+{ -+#ifdef NSS_X86_OR_X64 -+ switch (Nk) { -+ case 4: -+ native_key_expansion128(cx, key); -+ return; -+ case 6: -+ native_key_expansion192(cx, key); -+ return; -+ case 8: -+ native_key_expansion256(cx, key); -+ return; -+ default: -+ /* This shouldn't happen. */ -+ PORT_Assert(0); -+ } -+#else -+ PORT_Assert(0); -+#endif /* NSS_X86_OR_X64 */ -+} -+ -+void -+rijndael_native_encryptBlock(AESContext *cx, -+ unsigned char *output, -+ const unsigned char *input) -+{ -+#ifdef NSS_X86_OR_X64 -+ int i; -+ pre_align __m128i m post_align = _mm_loadu_si128((__m128i *)input); -+ m = _mm_xor_si128(m, cx->keySchedule[0]); -+ for (i = 1; i < cx->Nr; ++i) { -+ m = _mm_aesenc_si128(m, cx->keySchedule[i]); -+ } -+ m = _mm_aesenclast_si128(m, cx->keySchedule[cx->Nr]); -+ _mm_storeu_si128((__m128i *)output, m); -+#else -+ PORT_Assert(0); -+#endif /* NSS_X86_OR_X64 */ -+} diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 6adfe0c..72bf5a3 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Nov 26 15:07:49 UTC 2024 - Martin Sirringhaus + +- Remove upstreamed bmo-1400603.patch +- Added nss-bmo1930797.patch to fix failing tests in testsuite + +------------------------------------------------------------------- +Thu Nov 21 14:11:56 UTC 2024 - Wolfgang Rosenauer + +- update to NSS 3.106 + * bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36. + * bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File. + * bmo#1899402 - Correctly destroy bulkkey in error scenario. + * bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers. + * bmo#1923002 - Extract certificates with handshake collection script. + * bmo#1923006 - Specify len_control for fuzz targets. + * bmo#1923280 - Fix memory leak in dumpCertificatePEM. + * bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and + SECU_PrintCertificateBasicInfo. + * bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use. + * bmo#1921768 - allow null phKey in NSC_DeriveKey. + * bmo#1921801 - Only create seed corpus zip from existing corpus. + * bmo#1826035 - Use explicit allowlist for for KDF PRFS. + * bmo#1920138 - Increase optimization level for fuzz builds. + * bmo#1920470 - Remove incorrect assert. + * bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI. + * bmo#1920945 - Polish corpus collection for automation. + * bmo#1917572 - Detect new and unfuzzed SSL options. + * bmo#1804646 - PKCS12 fuzzing target. +- requires NSPR 4.36 + ------------------------------------------------------------------- Sat Oct 26 08:07:03 UTC 2024 - Wolfgang Rosenauer diff --git a/mozilla-nss.spec b/mozilla-nss.spec index f0e834a..99986eb 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -17,15 +17,15 @@ # -%global nss_softokn_fips_version 3.105 -%define NSPR_min_version 4.35 +%global nss_softokn_fips_version 3.106 +%define NSPR_min_version 4.36 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb %global crypto_policies_version 20210218 Name: mozilla-nss -Version: 3.105 +Version: 3.106 Release: 0 -%define underscore_version 3_105 +%define underscore_version 3_106 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -50,8 +50,8 @@ Patch2: system-nspr.patch Patch3: nss-no-rpath.patch Patch4: add-relro-linker-option.patch Patch5: malloc.patch -Patch6: bmo-1400603.patch Patch7: nss-sqlitename.patch +Patch8: nss-bmo1930797.patch Patch9: nss-fips-use-getrandom.patch Patch10: nss-fips-dsa-kat.patch Patch11: nss-fips-pairwise-consistency-check.patch @@ -210,8 +210,8 @@ cd nss %if 0%{?suse_version} > 1110 %patch -P 5 -p1 %endif -%patch -P 6 -p1 %patch -P 7 -p1 +%patch -P 8 -p1 # FIPS patches %patch -P 9 -p1 %patch -P 10 -p1 diff --git a/nss-3.105.tar.gz b/nss-3.105.tar.gz deleted file mode 100644 index c488ecb..0000000 --- a/nss-3.105.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8e8e4c8c88ca5c828b207cfaf66c6188e7f96c97cc18946d3db7da4c0d395619 -size 76620664 diff --git a/nss-3.106.tar.gz b/nss-3.106.tar.gz new file mode 100644 index 0000000..8091e55 --- /dev/null +++ b/nss-3.106.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:026b744e1e0784b890c3846ac9506472a92138c1f4d41dec581949574c585c38 +size 76621626 diff --git a/nss-bmo1930797.patch b/nss-bmo1930797.patch new file mode 100644 index 0000000..e8f84c5 --- /dev/null +++ b/nss-bmo1930797.patch @@ -0,0 +1,341 @@ +# HG changeset patch +# User Robert Relyea +# Date 1731716524 28800 +# Node ID 03e207e378dd37a87e172febb58012472611a78f +# Parent fe06bec77d445965548ee6f9d803bf8d035863c7 +Bug 1930797 pkcs12 fixes from RHEL need to be picked up. + +1. add ignore integrity option to pk12util +2. update pk12util manpage + a. with new ignore integrity option. + b. with the correct current defaults for pk12util. +3. don't include a fake iv in the param portion of the pbmac1. +4. restore the ability to decode md5 mac'ed pkcs12 files. +5. restore tests for bad pkcs12 encodings + +Differential Revision: https://phabricator.services.mozilla.com/D229394 + +Index: nss/cmd/pk12util/pk12util.c +=================================================================== +--- nss.orig/cmd/pk12util/pk12util.c ++++ nss/cmd/pk12util/pk12util.c +@@ -32,12 +32,12 @@ static void + Usage() + { + #define FPS PR_fprintf(PR_STDERR, +- FPS "Usage: %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n", ++ FPS "Usage: %s -i importfile [-I] [-d certdir] [-P dbprefix] [-h tokenname]\n", + progName); + FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); + FPS "\t\t [-v]\n"); + +- FPS "Usage: %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname]\n", ++ FPS "Usage: %s -l listfile [-I] [-d certdir] [-P dbprefix] [-h tokenname]\n", + progName); + FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n"); + FPS "\t\t [-v]\n"); +@@ -351,7 +351,8 @@ P12U_InitSlot(PK11SlotInfo *slot, secuPW + */ + SEC_PKCS12DecoderContext * + p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot, +- secuPWData *slotPw, secuPWData *p12FilePw) ++ secuPWData *slotPw, secuPWData *p12FilePw, ++ PRBool ignoreIntegrity) + { + SEC_PKCS12DecoderContext *p12dcx = NULL; + p12uContext *p12cxt = NULL; +@@ -458,7 +459,10 @@ p12U_ReadPKCS12File(SECItem *uniPwp, cha + /* rv has been set at this point */ + + done: +- if (rv != SECSuccess) { ++ /* if we are ignoring Integrity and we failed because we couldn't ++ * verify the integrity code, go ahead and succeed */ ++ if (rv != SECSuccess && !(ignoreIntegrity && ++ (pk12uErrno == PK12UERR_DECODEVERIFY))) { + if (p12dcx != NULL) { + SEC_PKCS12DecoderFinish(p12dcx); + p12dcx = NULL; +@@ -490,7 +494,8 @@ done: + */ + PRIntn + P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot, +- secuPWData *slotPw, secuPWData *p12FilePw) ++ secuPWData *slotPw, secuPWData *p12FilePw, ++ PRBool ignoreIntegrity) + { + SEC_PKCS12DecoderContext *p12dcx = NULL; + SECItem uniPwitem = { 0 }; +@@ -509,7 +514,8 @@ P12U_ImportPKCS12Object(char *in_file, P + do { + trypw = PR_FALSE; /* normally we do this once */ + rv = SECFailure; +- p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw); ++ p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, ++ p12FilePw, ignoreIntegrity); + + if (p12dcx == NULL) { + goto loser; +@@ -777,14 +783,16 @@ loser: + + PRIntn + P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot, +- secuPWData *slotPw, secuPWData *p12FilePw) ++ secuPWData *slotPw, secuPWData *p12FilePw, ++ PRBool ignoreIntegrity) + { + SEC_PKCS12DecoderContext *p12dcx = NULL; + SECItem uniPwitem = { 0 }; + SECStatus rv = SECFailure; + const SEC_PKCS12DecoderItem *dip; + +- p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw); ++ p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw, ++ ignoreIntegrity); + /* did the blob authenticate properly? */ + if (p12dcx == NULL) { + SECU_PrintError(progName, "PKCS12 decode not verified"); +@@ -997,7 +1005,8 @@ enum { + opt_CertCipher, + opt_KeyLength, + opt_CertKeyLength, +- opt_Mac ++ opt_Mac, ++ opt_IgnoreIntegrity + }; + + static secuCommandFlag pk12util_options[] = { +@@ -1018,7 +1027,8 @@ static secuCommandFlag pk12util_options[ + { /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE }, + { /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" }, + { /* opt_CertKeyLength */ 0, PR_TRUE, 0, PR_FALSE, "cert_key_len" }, +- { /* opt_Mac */ 'M', PR_TRUE, 0, PR_FALSE, PR_FALSE } ++ { /* opt_Mac */ 'M', PR_TRUE, 0, PR_FALSE }, ++ { /* opt_IgnoreIntegrity */ 'I', PR_FALSE, 0, PR_FALSE } + }; + + int +@@ -1039,6 +1049,7 @@ main(int argc, char **argv) + int certKeyLen = 0; + secuCommand pk12util; + PRInt32 forceUnicode; ++ PRBool ignoreIntegrity = PR_FALSE; + + #ifdef _CRTDBG_MAP_ALLOC + _CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF); +@@ -1113,6 +1124,9 @@ main(int argc, char **argv) + if (pk12util.options[opt_Raw].activated) { + dumpRawFile = PR_TRUE; + } ++ if (pk12util.options[opt_IgnoreIntegrity].activated) { ++ ignoreIntegrity = PR_TRUE; ++ } + if (pk12util.options[opt_KeyLength].activated) { + keyLen = atoi(pk12util.options[opt_KeyLength].arg); + } +@@ -1183,7 +1197,8 @@ main(int argc, char **argv) + } + + if (pk12util.options[opt_Import].activated) { +- P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw); ++ P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw, ++ ignoreIntegrity); + + } else if (pk12util.options[opt_Export].activated) { + P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg, +@@ -1191,7 +1206,8 @@ main(int argc, char **argv) + hash, &slotPw, &p12FilePw); + + } else if (pk12util.options[opt_List].activated) { +- P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw); ++ P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw, ++ ignoreIntegrity); + + } else { + Usage(); +Index: nss/doc/pk12util.xml +=================================================================== +--- nss.orig/doc/pk12util.xml ++++ nss/doc/pk12util.xml +@@ -38,6 +38,7 @@ + -P dbprefix + -r + -v ++ -I + --cert-key-len certKeyLength + -k slotPasswordFile|-K slotPassword + -w p12filePasswordFile|-W p12filePassword +@@ -147,6 +148,11 @@ + + + ++ -I ++ Ignore integrity check results on importing and listing. ++ ++ ++ + -w p12filePasswordFile + Specify the text file containing the pkcs #12 file password. + +@@ -317,7 +323,7 @@ Certificate Friendly Name: Thawte Fre + + + Password Encryption +- PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify "NONE" as the argument of the option. ++ PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify "NONE" as the argument of the option. + The private key is always protected with strong encryption by default. + Several types of ciphers are supported. + +@@ -327,6 +333,7 @@ Certificate Friendly Name: Thawte Fre + + + PBES2 with AES-CBC-Pad as underlying encryption scheme ("AES-128-CBC", "AES-192-CBC", and "AES-256-CBC") ++ PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme ("CAMELLIA-128-CBC", "CAMELLIA-192-CBC", and "CAMELLIA-256-CBC") + + + +Index: nss/lib/pk11wrap/pk11mech.c +=================================================================== +--- nss.orig/lib/pk11wrap/pk11mech.c ++++ nss/lib/pk11wrap/pk11mech.c +@@ -1719,10 +1719,19 @@ PK11_ParamToAlgid(SECOidTag algTag, SECI + case CKM_JUNIPER_CBC128: + case CKM_JUNIPER_COUNTER: + case CKM_JUNIPER_SHUFFLE: +- newParams = SEC_ASN1EncodeItem(NULL, NULL, param, +- SEC_ASN1_GET(SEC_OctetStringTemplate)); +- if (newParams == NULL) +- break; ++ if (param && param->len > 0) { ++ newParams = SEC_ASN1EncodeItem(NULL, NULL, param, ++ SEC_ASN1_GET(SEC_OctetStringTemplate)); ++ if (newParams == NULL) ++ break; ++ } else { ++ /* if no parameters have been supplied, then use NULL params ++ * The SECOID_SetAlgorithmID encoder will encode that as no ++ * params (since params are optional) or with an explicit NULL ++ * (for some historical cases where explicit NULL is expected). ++ */ ++ newParams = NULL; ++ } + rv = SECSuccess; + break; + } +Index: nss/lib/pk11wrap/pk11pbe.c +=================================================================== +--- nss.orig/lib/pk11wrap/pk11pbe.c ++++ nss/lib/pk11wrap/pk11pbe.c +@@ -770,9 +770,10 @@ sec_pkcs5CreateAlgorithmID(SECOidTag alg + algorithm = sec_pkcs5v2_get_pbe(cipherAlgorithm); + } + ++ SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm); ++ + /* set the PKCS5v2 specific parameters */ + if (keyLength == 0) { +- SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm); + if (hashAlg != SEC_OID_UNKNOWN) { + keyLength = HASH_ResultLenByOidTag(hashAlg); + } else { +@@ -787,18 +788,25 @@ sec_pkcs5CreateAlgorithmID(SECOidTag alg + prfAlg = SEC_OID_HMAC_SHA1; + } + +- /* build the PKCS5v2 cipher algorithm id */ +- cipherParams = pk11_GenerateNewParamWithKeyLen( +- PK11_AlgtagToMechanism(cipherAlgorithm), keyLength); +- if (!cipherParams) { +- goto loser; ++ /* build the PKCS5v2 cipher algorithm id, if cipher ++ * is an HMAC, the cipherParams should be NULL */ ++ if (hashAlg == SEC_OID_UNKNOWN) { ++ cipherParams = pk11_GenerateNewParamWithKeyLen( ++ PK11_AlgtagToMechanism(cipherAlgorithm), keyLength); ++ if (!cipherParams) { ++ goto loser; ++ } ++ } else { ++ cipherParams = NULL; + } + + PORT_Memset(&pbeV2_param, 0, sizeof(pbeV2_param)); + + rv = PK11_ParamToAlgid(cipherAlgorithm, cipherParams, + poolp, &pbeV2_param.cipherAlgId); +- SECITEM_FreeItem(cipherParams, PR_TRUE); ++ if (cipherParams) { ++ SECITEM_FreeItem(cipherParams, PR_TRUE); ++ } + if (rv != SECSuccess) { + goto loser; + } +Index: nss/lib/pkcs12/p12local.c +=================================================================== +--- nss.orig/lib/pkcs12/p12local.c ++++ nss/lib/pkcs12/p12local.c +@@ -102,7 +102,7 @@ sec_pkcs12_integrity_key(PK11SlotInfo *s + *hmacMech = PK11_AlgtagToMechanism(hmacAlg); + /* pkcs12v2 hmac uses UTF8 rather than unicode */ + if (!sec_pkcs12_convert_item_to_unicode(NULL, &utf8Pw, pwitem, +- PR_TRUE, PR_FALSE, PR_FALSE)) { ++ PR_FALSE, PR_FALSE, PR_FALSE)) { + return NULL; + } + symKey = PK11_PBEKeyGen(slot, prfAlgid, &utf8Pw, PR_FALSE, pwarg); +Index: nss/lib/util/nsshash.c +=================================================================== +--- nss.orig/lib/util/nsshash.c ++++ nss/lib/util/nsshash.c +@@ -107,6 +107,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag + switch (hmacOid) { + /* no oid exists for HMAC_MD2 */ + /* NSS does not define a oid for HMAC_MD4 */ ++ case SEC_OID_HMAC_MD5: ++ hashOid = SEC_OID_MD5; ++ break; + case SEC_OID_HMAC_SHA1: + hashOid = SEC_OID_SHA1; + break; +@@ -150,6 +153,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag + switch (hashOid) { + /* no oid exists for HMAC_MD2 */ + /* NSS does not define a oid for HMAC_MD4 */ ++ case SEC_OID_MD5: ++ hmacOid = SEC_OID_HMAC_MD5; ++ break; + case SEC_OID_SHA1: + hmacOid = SEC_OID_HMAC_SHA1; + break; +Index: nss/tests/tools/tools.sh +=================================================================== +--- nss.orig/tests/tools/tools.sh ++++ nss/tests/tools/tools.sh +@@ -541,21 +541,21 @@ tools_p12_import_pbmac1_samples() + html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file" + check_tmpfile + +- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'" +- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1 ++ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I" ++ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1 + ret=$? + html_msg $ret 19 "Fail to list private key with bad iterator" + check_tmpfile + +- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'" +- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1 ++ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I" ++ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1 + ret=$? + echo "Fail to list private key with bad salt val=$ret" + html_msg $ret 19 "Fail to import private key with bad salt" + check_tmpfile + +- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'" +- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1 ++ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I" ++ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1 + ret=$? + echo "Fail to import private key with no length val=$ret" + html_msg $ret 19 "Fail to import private key with no length"