pool/mozilla-nss
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1226642 from mozilla:Factory

Browse Source 
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite 

- update to NSS 3.106
  * bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
  * bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
  * bmo#1899402 - Correctly destroy bulkkey in error scenario.
  * bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
  * bmo#1923002 - Extract certificates with handshake collection script.
  * bmo#1923006 - Specify len_control for fuzz targets.
  * bmo#1923280 - Fix memory leak in dumpCertificatePEM.
  * bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
                  SECU_PrintCertificateBasicInfo.
  * bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
  * bmo#1921768 - allow null phKey in NSC_DeriveKey.
  * bmo#1921801 - Only create seed corpus zip from existing corpus.
  * bmo#1826035 - Use explicit allowlist for for KDF PRFS.
  * bmo#1920138 - Increase optimization level for fuzz builds.
  * bmo#1920470 - Remove incorrect assert.
  * bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
  * bmo#1920945 - Polish corpus collection for automation.
  * bmo#1917572 - Detect new and unfuzzed SSL options.
  * bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36

OBS-URL: https://build.opensuse.org/request/show/1226642
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=224
This commit is contained in:
Ana Guerrero 2024-11-27 21:05:43 +00:00 committed by Git OBS Bridge
commit 6ac2ba3813
7 changed files with 383 additions and 348 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
baselibs.conf
View File

@ -1,5 +1,5 @@
mozilla-nss mozilla-nss
requires "mozilla-nspr-<targettype> >= 4.35" requires "mozilla-nspr-<targettype> >= 4.36"
requires "libfreebl3-<targettype>" requires "libfreebl3-<targettype>"
requires "libsoftokn3-<targettype>" requires "libsoftokn3-<targettype>"
requires "libnssckbi.so" requires "libnssckbi.so"
@ -10,7 +10,7 @@ libsoftokn3
+/usr/lib/libsoftokn3.chk +/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk +/usr/lib/libnssdbm3.chk
libfreebl3 libfreebl3
provides "libfreebl3-hmac-<targettype> = <version>-%release" provides "libfreebl3-hmac-<targettype> = <version>-%release"
obsoletes "libfreebl3-hmac-<targettype> < <version>-%release" obsoletes "libfreebl3-hmac-<targettype> < <version>-%release"
+/lib/libfreebl3.chk +/lib/libfreebl3.chk
+/lib/libfreeblpriv3.chk +/lib/libfreeblpriv3.chk

337
bmo-1400603.patch
View File

@ -1,337 +0,0 @@
From b2f3a6407d2d6ec89522410d7ac4c56d310c92b1 Mon Sep 17 00:00:00 2001
From: Daiki Ueno <dueno@redhat.com>
Date: Mon, 18 Sep 2017 11:24:00 +0200
Subject: [PATCH] freebl: Reorganize AES-GCM source code based on hw/sw
implementation
diff --git a/lib/freebl/gcm-hw.c b/lib/freebl/gcm-hw.c
new file mode 100644
--- /dev/null
+++ b/lib/freebl/gcm-hw.c
@@ -0,0 +1,151 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "gcm.h"
+#include "secerr.h"
+
+#ifdef NSS_X86_OR_X64
+#include <wmmintrin.h> /* clmul */
+#endif
+
+#define WRITE64(x, bytes) \
+ (bytes)[0] = (x) >> 56; \
+ (bytes)[1] = (x) >> 48; \
+ (bytes)[2] = (x) >> 40; \
+ (bytes)[3] = (x) >> 32; \
+ (bytes)[4] = (x) >> 24; \
+ (bytes)[5] = (x) >> 16; \
+ (bytes)[6] = (x) >> 8; \
+ (bytes)[7] = (x);
+
+SECStatus
+gcm_HashWrite_hw(gcmHashContext *ghash, unsigned char *outbuf,
+ unsigned int maxout)
+{
+#ifdef NSS_X86_OR_X64
+ uint64_t tmp_out[2];
+ _mm_storeu_si128((__m128i *)tmp_out, ghash->x);
+ PORT_Assert(maxout >= 16);
+ WRITE64(tmp_out[0], outbuf + 8);
+ WRITE64(tmp_out[1], outbuf);
+ return SECSuccess;
+#else
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+}
+
+SECStatus
+gcm_HashMult_hw(gcmHashContext *ghash, const unsigned char *buf,
+ unsigned int count)
+{
+#ifdef NSS_X86_OR_X64
+ size_t i;
+ pre_align __m128i z_high post_align;
+ pre_align __m128i z_low post_align;
+ pre_align __m128i C post_align;
+ pre_align __m128i D post_align;
+ pre_align __m128i E post_align;
+ pre_align __m128i F post_align;
+ pre_align __m128i bin post_align;
+ pre_align __m128i Ci post_align;
+ pre_align __m128i tmp post_align;
+
+ for (i = 0; i < count; i++, buf += 16) {
+ bin = _mm_set_epi16(((uint16_t)buf[0] << 8) | buf[1],
+ ((uint16_t)buf[2] << 8) | buf[3],
+ ((uint16_t)buf[4] << 8) | buf[5],
+ ((uint16_t)buf[6] << 8) | buf[7],
+ ((uint16_t)buf[8] << 8) | buf[9],
+ ((uint16_t)buf[10] << 8) | buf[11],
+ ((uint16_t)buf[12] << 8) | buf[13],
+ ((uint16_t)buf[14] << 8) | buf[15]);
+ Ci = _mm_xor_si128(bin, ghash->x);
+
+ /* Do binary mult ghash->X = Ci * ghash->H. */
+ C = _mm_clmulepi64_si128(Ci, ghash->h, 0x00);
+ D = _mm_clmulepi64_si128(Ci, ghash->h, 0x11);
+ E = _mm_clmulepi64_si128(Ci, ghash->h, 0x01);
+ F = _mm_clmulepi64_si128(Ci, ghash->h, 0x10);
+ tmp = _mm_xor_si128(E, F);
+ z_high = _mm_xor_si128(tmp, _mm_slli_si128(D, 8));
+ z_high = _mm_unpackhi_epi64(z_high, D);
+ z_low = _mm_xor_si128(_mm_slli_si128(tmp, 8), C);
+ z_low = _mm_unpackhi_epi64(_mm_slli_si128(C, 8), z_low);
+
+ /* Shift one to the left (multiply by x) as gcm spec is stupid. */
+ C = _mm_slli_si128(z_low, 8);
+ E = _mm_srli_epi64(C, 63);
+ D = _mm_slli_si128(z_high, 8);
+ F = _mm_srli_epi64(D, 63);
+ /* Carry over */
+ C = _mm_srli_si128(z_low, 8);
+ D = _mm_srli_epi64(C, 63);
+ z_low = _mm_or_si128(_mm_slli_epi64(z_low, 1), E);
+ z_high = _mm_or_si128(_mm_or_si128(_mm_slli_epi64(z_high, 1), F), D);
+
+ /* Reduce */
+ C = _mm_slli_si128(z_low, 8);
+ /* D = z_low << 127 */
+ D = _mm_slli_epi64(C, 63);
+ /* E = z_low << 126 */
+ E = _mm_slli_epi64(C, 62);
+ /* F = z_low << 121 */
+ F = _mm_slli_epi64(C, 57);
+ /* z_low ^= (z_low << 127) ^ (z_low << 126) ^ (z_low << 121); */
+ z_low = _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(z_low, D), E), F);
+ C = _mm_srli_si128(z_low, 8);
+ /* D = z_low >> 1 */
+ D = _mm_slli_epi64(C, 63);
+ D = _mm_or_si128(_mm_srli_epi64(z_low, 1), D);
+ /* E = z_low >> 2 */
+ E = _mm_slli_epi64(C, 62);
+ E = _mm_or_si128(_mm_srli_epi64(z_low, 2), E);
+ /* F = z_low >> 7 */
+ F = _mm_slli_epi64(C, 57);
+ F = _mm_or_si128(_mm_srli_epi64(z_low, 7), F);
+ /* ghash->x ^= z_low ^ (z_low >> 1) ^ (z_low >> 2) ^ (z_low >> 7); */
+ ghash->x = _mm_xor_si128(_mm_xor_si128(
+ _mm_xor_si128(_mm_xor_si128(z_high, z_low), D), E),
+ F);
+ }
+ return SECSuccess;
+#else
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+}
+
+SECStatus
+gcm_HashInit_hw(gcmHashContext *ghash)
+{
+#ifdef NSS_X86_OR_X64
+ ghash->ghash_mul = gcm_HashMult_hw;
+ ghash->x = _mm_setzero_si128();
+ /* MSVC requires __m64 to load epi64. */
+ ghash->h = _mm_set_epi32(ghash->h_high >> 32, (uint32_t)ghash->h_high,
+ ghash->h_low >> 32, (uint32_t)ghash->h_low);
+ ghash->hw = PR_TRUE;
+ return SECSuccess;
+#else
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+}
+
+SECStatus
+gcm_HashZeroX_hw(gcmHashContext *ghash)
+{
+#ifdef NSS_X86_OR_X64
+ ghash->x = _mm_setzero_si128();
+ return SECSuccess;
+#else
+ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
+ return SECFailure;
+#endif /* NSS_X86_OR_X64 */
+}
+
diff --git a/lib/freebl/rijndael-hw.c b/lib/freebl/rijndael-hw.c
new file mode 100644
--- /dev/null
+++ b/lib/freebl/rijndael-hw.c
@@ -0,0 +1,170 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifdef FREEBL_NO_DEPEND
+#include "stubs.h"
+#endif
+#include "rijndael.h"
+#include "secerr.h"
+
+#ifdef NSS_X86_OR_X64
+#include <wmmintrin.h> /* aes-ni */
+#endif
+
+#if defined(NSS_X86_OR_X64)
+#define EXPAND_KEY128(k, rcon, res) \
+ tmp_key = _mm_aeskeygenassist_si128(k, rcon); \
+ tmp_key = _mm_shuffle_epi32(tmp_key, 0xFF); \
+ tmp = _mm_xor_si128(k, _mm_slli_si128(k, 4)); \
+ tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \
+ tmp = _mm_xor_si128(tmp, _mm_slli_si128(tmp, 4)); \
+ res = _mm_xor_si128(tmp, tmp_key)
+
+static void
+native_key_expansion128(AESContext *cx, const unsigned char *key)
+{
+ __m128i *keySchedule = cx->keySchedule;
+ pre_align __m128i tmp_key post_align;
+ pre_align __m128i tmp post_align;
+ keySchedule[0] = _mm_loadu_si128((__m128i *)key);
+ EXPAND_KEY128(keySchedule[0], 0x01, keySchedule[1]);
+ EXPAND_KEY128(keySchedule[1], 0x02, keySchedule[2]);
+ EXPAND_KEY128(keySchedule[2], 0x04, keySchedule[3]);
+ EXPAND_KEY128(keySchedule[3], 0x08, keySchedule[4]);
+ EXPAND_KEY128(keySchedule[4], 0x10, keySchedule[5]);
+ EXPAND_KEY128(keySchedule[5], 0x20, keySchedule[6]);
+ EXPAND_KEY128(keySchedule[6], 0x40, keySchedule[7]);
+ EXPAND_KEY128(keySchedule[7], 0x80, keySchedule[8]);
+ EXPAND_KEY128(keySchedule[8], 0x1B, keySchedule[9]);
+ EXPAND_KEY128(keySchedule[9], 0x36, keySchedule[10]);
+}
+
+#define EXPAND_KEY192_PART1(res, k0, kt, rcon) \
+ tmp2 = _mm_slli_si128(k0, 4); \
+ tmp1 = _mm_xor_si128(k0, tmp2); \
+ tmp2 = _mm_slli_si128(tmp2, 4); \
+ tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \
+ tmp2 = _mm_aeskeygenassist_si128(kt, rcon); \
+ res = _mm_xor_si128(tmp1, _mm_shuffle_epi32(tmp2, 0x55))
+
+#define EXPAND_KEY192_PART2(res, k1, k2) \
+ tmp2 = _mm_xor_si128(k1, _mm_slli_si128(k1, 4)); \
+ res = _mm_xor_si128(tmp2, _mm_shuffle_epi32(k2, 0xFF))
+
+#define EXPAND_KEY192(k0, res1, res2, res3, carry, rcon1, rcon2) \
+ EXPAND_KEY192_PART1(tmp3, k0, res1, rcon1); \
+ EXPAND_KEY192_PART2(carry, res1, tmp3); \
+ res1 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(res1), \
+ _mm_castsi128_pd(tmp3), 0)); \
+ res2 = _mm_castpd_si128(_mm_shuffle_pd(_mm_castsi128_pd(tmp3), \
+ _mm_castsi128_pd(carry), 1)); \
+ EXPAND_KEY192_PART1(res3, tmp3, carry, rcon2)
+
+static void
+native_key_expansion192(AESContext *cx, const unsigned char *key)
+{
+ __m128i *keySchedule = cx->keySchedule;
+ pre_align __m128i tmp1 post_align;
+ pre_align __m128i tmp2 post_align;
+ pre_align __m128i tmp3 post_align;
+ pre_align __m128i carry post_align;
+ keySchedule[0] = _mm_loadu_si128((__m128i *)key);
+ keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
+ EXPAND_KEY192(keySchedule[0], keySchedule[1], keySchedule[2],
+ keySchedule[3], carry, 0x1, 0x2);
+ EXPAND_KEY192_PART2(keySchedule[4], carry, keySchedule[3]);
+ EXPAND_KEY192(keySchedule[3], keySchedule[4], keySchedule[5],
+ keySchedule[6], carry, 0x4, 0x8);
+ EXPAND_KEY192_PART2(keySchedule[7], carry, keySchedule[6]);
+ EXPAND_KEY192(keySchedule[6], keySchedule[7], keySchedule[8],
+ keySchedule[9], carry, 0x10, 0x20);
+ EXPAND_KEY192_PART2(keySchedule[10], carry, keySchedule[9]);
+ EXPAND_KEY192(keySchedule[9], keySchedule[10], keySchedule[11],
+ keySchedule[12], carry, 0x40, 0x80);
+}
+
+#define EXPAND_KEY256_PART(res, rconx, k1x, k2x, X) \
+ tmp_key = _mm_shuffle_epi32(_mm_aeskeygenassist_si128(k2x, rconx), X); \
+ tmp2 = _mm_slli_si128(k1x, 4); \
+ tmp1 = _mm_xor_si128(k1x, tmp2); \
+ tmp2 = _mm_slli_si128(tmp2, 4); \
+ tmp1 = _mm_xor_si128(_mm_xor_si128(tmp1, tmp2), _mm_slli_si128(tmp2, 4)); \
+ res = _mm_xor_si128(tmp1, tmp_key);
+
+#define EXPAND_KEY256(res1, res2, k1, k2, rcon) \
+ EXPAND_KEY256_PART(res1, rcon, k1, k2, 0xFF); \
+ EXPAND_KEY256_PART(res2, 0x00, k2, res1, 0xAA)
+
+static void
+native_key_expansion256(AESContext *cx, const unsigned char *key)
+{
+ __m128i *keySchedule = cx->keySchedule;
+ pre_align __m128i tmp_key post_align;
+ pre_align __m128i tmp1 post_align;
+ pre_align __m128i tmp2 post_align;
+ keySchedule[0] = _mm_loadu_si128((__m128i *)key);
+ keySchedule[1] = _mm_loadu_si128((__m128i *)(key + 16));
+ EXPAND_KEY256(keySchedule[2], keySchedule[3], keySchedule[0],
+ keySchedule[1], 0x01);
+ EXPAND_KEY256(keySchedule[4], keySchedule[5], keySchedule[2],
+ keySchedule[3], 0x02);
+ EXPAND_KEY256(keySchedule[6], keySchedule[7], keySchedule[4],
+ keySchedule[5], 0x04);
+ EXPAND_KEY256(keySchedule[8], keySchedule[9], keySchedule[6],
+ keySchedule[7], 0x08);
+ EXPAND_KEY256(keySchedule[10], keySchedule[11], keySchedule[8],
+ keySchedule[9], 0x10);
+ EXPAND_KEY256(keySchedule[12], keySchedule[13], keySchedule[10],
+ keySchedule[11], 0x20);
+ EXPAND_KEY256_PART(keySchedule[14], 0x40, keySchedule[12],
+ keySchedule[13], 0xFF);
+}
+
+#endif /* NSS_X86_OR_X64 */
+
+/*
+ * AES key expansion using aes-ni instructions.
+ */
+void
+rijndael_native_key_expansion(AESContext *cx, const unsigned char *key,
+ unsigned int Nk)
+{
+#ifdef NSS_X86_OR_X64
+ switch (Nk) {
+ case 4:
+ native_key_expansion128(cx, key);
+ return;
+ case 6:
+ native_key_expansion192(cx, key);
+ return;
+ case 8:
+ native_key_expansion256(cx, key);
+ return;
+ default:
+ /* This shouldn't happen. */
+ PORT_Assert(0);
+ }
+#else
+ PORT_Assert(0);
+#endif /* NSS_X86_OR_X64 */
+}
+
+void
+rijndael_native_encryptBlock(AESContext *cx,
+ unsigned char *output,
+ const unsigned char *input)
+{
+#ifdef NSS_X86_OR_X64
+ int i;
+ pre_align __m128i m post_align = _mm_loadu_si128((__m128i *)input);
+ m = _mm_xor_si128(m, cx->keySchedule[0]);
+ for (i = 1; i < cx->Nr; ++i) {
+ m = _mm_aesenc_si128(m, cx->keySchedule[i]);
+ }
+ m = _mm_aesenclast_si128(m, cx->keySchedule[cx->Nr]);
+ _mm_storeu_si128((__m128i *)output, m);
+#else
+ PORT_Assert(0);
+#endif /* NSS_X86_OR_X64 */
+}

31
mozilla-nss.changes
View File

@ -1,3 +1,34 @@
-------------------------------------------------------------------
Tue Nov 26 15:07:49 UTC 2024 - Martin Sirringhaus <martin.sirringhaus@suse.com>
- Remove upstreamed bmo-1400603.patch
- Added nss-bmo1930797.patch to fix failing tests in testsuite
-------------------------------------------------------------------
Thu Nov 21 14:11:56 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to NSS 3.106
* bmo#1925975 - NSS 3.106 should be distributed with NSPR 4.36.
* bmo#1923767 - pk12util: improve error handling in p12U_ReadPKCS12File.
* bmo#1899402 - Correctly destroy bulkkey in error scenario.
* bmo#1919997 - PKCS7 fuzz target, r=djackson,nss-reviewers.
* bmo#1923002 - Extract certificates with handshake collection script.
* bmo#1923006 - Specify len_control for fuzz targets.
* bmo#1923280 - Fix memory leak in dumpCertificatePEM.
* bmo#1102981 - Fix UBSan errors for SECU_PrintCertificate and
SECU_PrintCertificateBasicInfo.
* bmo#1921528 - add new error codes to mozilla::pkix for Firefox to use.
* bmo#1921768 - allow null phKey in NSC_DeriveKey.
* bmo#1921801 - Only create seed corpus zip from existing corpus.
* bmo#1826035 - Use explicit allowlist for for KDF PRFS.
* bmo#1920138 - Increase optimization level for fuzz builds.
* bmo#1920470 - Remove incorrect assert.
* bmo#1914870 - Use libFuzzer options from fuzz/options/\*.options in CI.
* bmo#1920945 - Polish corpus collection for automation.
* bmo#1917572 - Detect new and unfuzzed SSL options.
* bmo#1804646 - PKCS12 fuzzing target.
- requires NSPR 4.36
------------------------------------------------------------------- -------------------------------------------------------------------
Sat Oct 26 08:07:03 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org> Sat Oct 26 08:07:03 UTC 2024 - Wolfgang Rosenauer <wr@rosenauer.org>

12
mozilla-nss.spec
View File

@ -17,15 +17,15 @@
# #
%global nss_softokn_fips_version 3.105 %global nss_softokn_fips_version 3.106
%define NSPR_min_version 4.35 %define NSPR_min_version 4.36
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb %define nssdbdir %{_sysconfdir}/pki/nssdb
%global crypto_policies_version 20210218 %global crypto_policies_version 20210218
Name: mozilla-nss Name: mozilla-nss
Version: 3.105 Version: 3.106
Release: 0 Release: 0
%define underscore_version 3_105 %define underscore_version 3_106
Summary: Network Security Services Summary: Network Security Services
License: MPL-2.0 License: MPL-2.0
Group: System/Libraries Group: System/Libraries
@ -50,8 +50,8 @@ Patch2: system-nspr.patch
Patch3: nss-no-rpath.patch Patch3: nss-no-rpath.patch
Patch4: add-relro-linker-option.patch Patch4: add-relro-linker-option.patch
Patch5: malloc.patch Patch5: malloc.patch
Patch6: bmo-1400603.patch
Patch7: nss-sqlitename.patch Patch7: nss-sqlitename.patch
Patch8: nss-bmo1930797.patch
Patch9: nss-fips-use-getrandom.patch Patch9: nss-fips-use-getrandom.patch
Patch10: nss-fips-dsa-kat.patch Patch10: nss-fips-dsa-kat.patch
Patch11: nss-fips-pairwise-consistency-check.patch Patch11: nss-fips-pairwise-consistency-check.patch
@ -210,8 +210,8 @@ cd nss
%if 0%{?suse_version} > 1110 %if 0%{?suse_version} > 1110
%patch -P 5 -p1 %patch -P 5 -p1
%endif %endif
%patch -P 6 -p1
%patch -P 7 -p1 %patch -P 7 -p1
%patch -P 8 -p1
# FIPS patches # FIPS patches
%patch -P 9 -p1 %patch -P 9 -p1
%patch -P 10 -p1 %patch -P 10 -p1

3
nss-3.105.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:8e8e4c8c88ca5c828b207cfaf66c6188e7f96c97cc18946d3db7da4c0d395619
size 76620664

3
nss-3.106.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:026b744e1e0784b890c3846ac9506472a92138c1f4d41dec581949574c585c38
size 76621626

341
nss-bmo1930797.patch Normal file
View File

@ -0,0 +1,341 @@
# HG changeset patch
# User Robert Relyea <rrelyea@redhat.com>
# Date 1731716524 28800
# Node ID 03e207e378dd37a87e172febb58012472611a78f
# Parent fe06bec77d445965548ee6f9d803bf8d035863c7
Bug 1930797 pkcs12 fixes from RHEL need to be picked up.
1. add ignore integrity option to pk12util
2. update pk12util manpage
a. with new ignore integrity option.
b. with the correct current defaults for pk12util.
3. don't include a fake iv in the param portion of the pbmac1.
4. restore the ability to decode md5 mac'ed pkcs12 files.
5. restore tests for bad pkcs12 encodings
Differential Revision: https://phabricator.services.mozilla.com/D229394
Index: nss/cmd/pk12util/pk12util.c
===================================================================
--- nss.orig/cmd/pk12util/pk12util.c
+++ nss/cmd/pk12util/pk12util.c
@@ -32,12 +32,12 @@ static void
Usage()
{
#define FPS PR_fprintf(PR_STDERR,
- FPS "Usage: %s -i importfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
+ FPS "Usage: %s -i importfile [-I] [-d certdir] [-P dbprefix] [-h tokenname]\n",
progName);
FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
FPS "\t\t [-v]\n");
- FPS "Usage: %s -l listfile [-d certdir] [-P dbprefix] [-h tokenname]\n",
+ FPS "Usage: %s -l listfile [-I] [-d certdir] [-P dbprefix] [-h tokenname]\n",
progName);
FPS "\t\t [-k slotpwfile | -K slotpw] [-w p12filepwfile | -W p12filepw]\n");
FPS "\t\t [-v]\n");
@@ -351,7 +351,8 @@ P12U_InitSlot(PK11SlotInfo *slot, secuPW
*/
SEC_PKCS12DecoderContext *
p12U_ReadPKCS12File(SECItem *uniPwp, char *in_file, PK11SlotInfo *slot,
- secuPWData *slotPw, secuPWData *p12FilePw)
+ secuPWData *slotPw, secuPWData *p12FilePw,
+ PRBool ignoreIntegrity)
{
SEC_PKCS12DecoderContext *p12dcx = NULL;
p12uContext *p12cxt = NULL;
@@ -458,7 +459,10 @@ p12U_ReadPKCS12File(SECItem *uniPwp, cha
/* rv has been set at this point */
done:
- if (rv != SECSuccess) {
+ /* if we are ignoring Integrity and we failed because we couldn't
+ * verify the integrity code, go ahead and succeed */
+ if (rv != SECSuccess && !(ignoreIntegrity &&
+ (pk12uErrno == PK12UERR_DECODEVERIFY))) {
if (p12dcx != NULL) {
SEC_PKCS12DecoderFinish(p12dcx);
p12dcx = NULL;
@@ -490,7 +494,8 @@ done:
*/
PRIntn
P12U_ImportPKCS12Object(char *in_file, PK11SlotInfo *slot,
- secuPWData *slotPw, secuPWData *p12FilePw)
+ secuPWData *slotPw, secuPWData *p12FilePw,
+ PRBool ignoreIntegrity)
{
SEC_PKCS12DecoderContext *p12dcx = NULL;
SECItem uniPwitem = { 0 };
@@ -509,7 +514,8 @@ P12U_ImportPKCS12Object(char *in_file, P
do {
trypw = PR_FALSE; /* normally we do this once */
rv = SECFailure;
- p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
+ p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw,
+ p12FilePw, ignoreIntegrity);
if (p12dcx == NULL) {
goto loser;
@@ -777,14 +783,16 @@ loser:
PRIntn
P12U_ListPKCS12File(char *in_file, PK11SlotInfo *slot,
- secuPWData *slotPw, secuPWData *p12FilePw)
+ secuPWData *slotPw, secuPWData *p12FilePw,
+ PRBool ignoreIntegrity)
{
SEC_PKCS12DecoderContext *p12dcx = NULL;
SECItem uniPwitem = { 0 };
SECStatus rv = SECFailure;
const SEC_PKCS12DecoderItem *dip;
- p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw);
+ p12dcx = p12U_ReadPKCS12File(&uniPwitem, in_file, slot, slotPw, p12FilePw,
+ ignoreIntegrity);
/* did the blob authenticate properly? */
if (p12dcx == NULL) {
SECU_PrintError(progName, "PKCS12 decode not verified");
@@ -997,7 +1005,8 @@ enum {
opt_CertCipher,
opt_KeyLength,
opt_CertKeyLength,
- opt_Mac
+ opt_Mac,
+ opt_IgnoreIntegrity
};
static secuCommandFlag pk12util_options[] = {
@@ -1018,7 +1027,8 @@ static secuCommandFlag pk12util_options[
{ /* opt_CertCipher */ 'C', PR_TRUE, 0, PR_FALSE },
{ /* opt_KeyLength */ 'm', PR_TRUE, 0, PR_FALSE, "key_len" },
{ /* opt_CertKeyLength */ 0, PR_TRUE, 0, PR_FALSE, "cert_key_len" },
- { /* opt_Mac */ 'M', PR_TRUE, 0, PR_FALSE, PR_FALSE }
+ { /* opt_Mac */ 'M', PR_TRUE, 0, PR_FALSE },
+ { /* opt_IgnoreIntegrity */ 'I', PR_FALSE, 0, PR_FALSE }
};
int
@@ -1039,6 +1049,7 @@ main(int argc, char **argv)
int certKeyLen = 0;
secuCommand pk12util;
PRInt32 forceUnicode;
+ PRBool ignoreIntegrity = PR_FALSE;
#ifdef _CRTDBG_MAP_ALLOC
_CrtSetDbgFlag(_CRTDBG_ALLOC_MEM_DF | _CRTDBG_LEAK_CHECK_DF);
@@ -1113,6 +1124,9 @@ main(int argc, char **argv)
if (pk12util.options[opt_Raw].activated) {
dumpRawFile = PR_TRUE;
}
+ if (pk12util.options[opt_IgnoreIntegrity].activated) {
+ ignoreIntegrity = PR_TRUE;
+ }
if (pk12util.options[opt_KeyLength].activated) {
keyLen = atoi(pk12util.options[opt_KeyLength].arg);
}
@@ -1183,7 +1197,8 @@ main(int argc, char **argv)
}
if (pk12util.options[opt_Import].activated) {
- P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw);
+ P12U_ImportPKCS12Object(import_file, slot, &slotPw, &p12FilePw,
+ ignoreIntegrity);
} else if (pk12util.options[opt_Export].activated) {
P12U_ExportPKCS12Object(pk12util.options[opt_Nickname].arg,
@@ -1191,7 +1206,8 @@ main(int argc, char **argv)
hash, &slotPw, &p12FilePw);
} else if (pk12util.options[opt_List].activated) {
- P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw);
+ P12U_ListPKCS12File(import_file, slot, &slotPw, &p12FilePw,
+ ignoreIntegrity);
} else {
Usage();
Index: nss/doc/pk12util.xml
===================================================================
--- nss.orig/doc/pk12util.xml
+++ nss/doc/pk12util.xml
@@ -38,6 +38,7 @@
<arg>-P dbprefix</arg>
<arg>-r</arg>
<arg>-v</arg>
+ <arg>-I</arg>
<arg>--cert-key-len certKeyLength</arg>
<arg>-k slotPasswordFile|-K slotPassword</arg>
<arg>-w p12filePasswordFile|-W p12filePassword</arg>
@@ -147,6 +148,11 @@
</varlistentry>
<varlistentry>
+ <term>-I </term>
+ <listitem><para>Ignore integrity check results on importing and listing.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term>-w p12filePasswordFile</term>
<listitem><para>Specify the text file containing the pkcs #12 file password.</para></listitem>
</varlistentry>
@@ -317,7 +323,7 @@ Certificate Friendly Name: Thawte Fre
<refsection id="encryption">
<title>Password Encryption</title>
- <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using PKCS #12 SHA-1 and 3-key triple DES for private key encryption. When not in FIPS mode, PKCS #12 SHA-1 and 40-bit RC4 is used for certificate encryption. When in FIPS mode, there is no certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
+ <para>PKCS #12 provides for not only the protection of the private keys but also the certificate and meta-data associated with the keys. Password-based encryption is used to protect private keys on export to a PKCS #12 file and, optionally, the associated certificates. If no algorithm is specified, the tool defaults to using AES-256-CBC for private key encryption and AES-128-CBC for certificate encryption. If certificate encryption is not wanted, specify <userinput>"NONE"</userinput> as the argument of the <option>-C</option> option.</para>
<para>The private key is always protected with strong encryption by default.</para>
<para>Several types of ciphers are supported.</para>
<variablelist>
@@ -327,6 +333,7 @@ Certificate Friendly Name: Thawte Fre
<listitem>
<itemizedlist>
<listitem><para>PBES2 with AES-CBC-Pad as underlying encryption scheme (<userinput>"AES-128-CBC"</userinput>, <userinput>"AES-192-CBC"</userinput>, and <userinput>"AES-256-CBC"</userinput>)</para></listitem>
+ <listitem><para>PBES2 with CAMELLIA-CBC-Pad as underlying encryption scheme (<userinput>"CAMELLIA-128-CBC"</userinput>, <userinput>"CAMELLIA-192-CBC"</userinput>, and <userinput>"CAMELLIA-256-CBC"</userinput>)</para></listitem>
</itemizedlist>
</listitem>
</varlistentry>
Index: nss/lib/pk11wrap/pk11mech.c
===================================================================
--- nss.orig/lib/pk11wrap/pk11mech.c
+++ nss/lib/pk11wrap/pk11mech.c
@@ -1719,10 +1719,19 @@ PK11_ParamToAlgid(SECOidTag algTag, SECI
case CKM_JUNIPER_CBC128:
case CKM_JUNIPER_COUNTER:
case CKM_JUNIPER_SHUFFLE:
- newParams = SEC_ASN1EncodeItem(NULL, NULL, param,
- SEC_ASN1_GET(SEC_OctetStringTemplate));
- if (newParams == NULL)
- break;
+ if (param && param->len > 0) {
+ newParams = SEC_ASN1EncodeItem(NULL, NULL, param,
+ SEC_ASN1_GET(SEC_OctetStringTemplate));
+ if (newParams == NULL)
+ break;
+ } else {
+ /* if no parameters have been supplied, then use NULL params
+ * The SECOID_SetAlgorithmID encoder will encode that as no
+ * params (since params are optional) or with an explicit NULL
+ * (for some historical cases where explicit NULL is expected).
+ */
+ newParams = NULL;
+ }
rv = SECSuccess;
break;
}
Index: nss/lib/pk11wrap/pk11pbe.c
===================================================================
--- nss.orig/lib/pk11wrap/pk11pbe.c
+++ nss/lib/pk11wrap/pk11pbe.c
@@ -770,9 +770,10 @@ sec_pkcs5CreateAlgorithmID(SECOidTag alg
algorithm = sec_pkcs5v2_get_pbe(cipherAlgorithm);
}
+ SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm);
+
/* set the PKCS5v2 specific parameters */
if (keyLength == 0) {
- SECOidTag hashAlg = HASH_GetHashOidTagByHMACOidTag(cipherAlgorithm);
if (hashAlg != SEC_OID_UNKNOWN) {
keyLength = HASH_ResultLenByOidTag(hashAlg);
} else {
@@ -787,18 +788,25 @@ sec_pkcs5CreateAlgorithmID(SECOidTag alg
prfAlg = SEC_OID_HMAC_SHA1;
}
- /* build the PKCS5v2 cipher algorithm id */
- cipherParams = pk11_GenerateNewParamWithKeyLen(
- PK11_AlgtagToMechanism(cipherAlgorithm), keyLength);
- if (!cipherParams) {
- goto loser;
+ /* build the PKCS5v2 cipher algorithm id, if cipher
+ * is an HMAC, the cipherParams should be NULL */
+ if (hashAlg == SEC_OID_UNKNOWN) {
+ cipherParams = pk11_GenerateNewParamWithKeyLen(
+ PK11_AlgtagToMechanism(cipherAlgorithm), keyLength);
+ if (!cipherParams) {
+ goto loser;
+ }
+ } else {
+ cipherParams = NULL;
}
PORT_Memset(&pbeV2_param, 0, sizeof(pbeV2_param));
rv = PK11_ParamToAlgid(cipherAlgorithm, cipherParams,
poolp, &pbeV2_param.cipherAlgId);
- SECITEM_FreeItem(cipherParams, PR_TRUE);
+ if (cipherParams) {
+ SECITEM_FreeItem(cipherParams, PR_TRUE);
+ }
if (rv != SECSuccess) {
goto loser;
}
Index: nss/lib/pkcs12/p12local.c
===================================================================
--- nss.orig/lib/pkcs12/p12local.c
+++ nss/lib/pkcs12/p12local.c
@@ -102,7 +102,7 @@ sec_pkcs12_integrity_key(PK11SlotInfo *s
*hmacMech = PK11_AlgtagToMechanism(hmacAlg);
/* pkcs12v2 hmac uses UTF8 rather than unicode */
if (!sec_pkcs12_convert_item_to_unicode(NULL, &utf8Pw, pwitem,
- PR_TRUE, PR_FALSE, PR_FALSE)) {
+ PR_FALSE, PR_FALSE, PR_FALSE)) {
return NULL;
}
symKey = PK11_PBEKeyGen(slot, prfAlgid, &utf8Pw, PR_FALSE, pwarg);
Index: nss/lib/util/nsshash.c
===================================================================
--- nss.orig/lib/util/nsshash.c
+++ nss/lib/util/nsshash.c
@@ -107,6 +107,9 @@ HASH_GetHashOidTagByHMACOidTag(SECOidTag
switch (hmacOid) {
/* no oid exists for HMAC_MD2 */
/* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_HMAC_MD5:
+ hashOid = SEC_OID_MD5;
+ break;
case SEC_OID_HMAC_SHA1:
hashOid = SEC_OID_SHA1;
break;
@@ -150,6 +153,9 @@ HASH_GetHMACOidTagByHashOidTag(SECOidTag
switch (hashOid) {
/* no oid exists for HMAC_MD2 */
/* NSS does not define a oid for HMAC_MD4 */
+ case SEC_OID_MD5:
+ hmacOid = SEC_OID_HMAC_MD5;
+ break;
case SEC_OID_SHA1:
hmacOid = SEC_OID_HMAC_SHA1;
break;
Index: nss/tests/tools/tools.sh
===================================================================
--- nss.orig/tests/tools/tools.sh
+++ nss/tests/tools/tools.sh
@@ -541,21 +541,21 @@ tools_p12_import_pbmac1_samples()
html_msg $ret 0 "Importing private key pbmac1 hmac-sha-512 from PKCS#12 file"
check_tmpfile
- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-iter.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
ret=$?
html_msg $ret 19 "Fail to list private key with bad iterator"
check_tmpfile
- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-bad-salt.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
ret=$?
echo "Fail to list private key with bad salt val=$ret"
html_msg $ret 19 "Fail to import private key with bad salt"
check_tmpfile
- echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234'"
- ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' 2>&1
+ echo "${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I"
+ ${BINDIR}/pk12util -l ${TOOLSDIR}/data/pbmac1-invalid-no-length.p12 -d ${P_R_COPYDIR} -k ${R_PWFILE} -W '1234' -I 2>&1
ret=$?
echo "Fail to import private key with no length val=$ret"
html_msg $ret 19 "Fail to import private key with no length"