pool/mozilla-nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- update to NSS 3.90

Browse Source 
* bmo#1623338 - ride along: remove a duplicated doc page
  * bmo#1623338 - remove a reference to IRC
  * bmo#1831983 - clang-format lib/freebl/stubs.c
  * bmo#1831983 - Add a constant time select function
  * bmo#1774657 - Updating an old dbm with lots of certs with keys to
                  sql results in a database that is slow to access.
  * bmo#1830973 - output early build errors by default
  * bmo#1804505 - Update the technical constraints for KamuSM
  * bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
  * bmo#1790763 - Enable default UBSan Checks
  * bmo#1786018 - Add explicit handling of zero length records
  * bmo#1829391 - Tidy up DTLS ACK Error Handling Path
  * bmo#1786018 - Refactor zero length record tests
  * bmo#1829112 - Fix compiler warning via correct assert
  * bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
  * bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths
                  larger than the output size of the hash function used,
                  or provide an indicator
  * bmo#1784163 - Fix reading raw negative numbers
  * bmo#1748237 - Repairing unreachable code in clang built with gyp
  * bmo#1783647 - Integrate Vale Curve25519
  * bmo#1799468 - Removing unused flags for Hacl*
  * bmo#1748237 - Adding a better error message
  * bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
  * bmo#1782980 - Fall back to the softokn when writing certificate trust
  * bmo#1806010 - FIPS-104-3 requires we restart post programmatically
  * bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
  * bmo#1818766 - Update ACVP dockerfile for compatibility with debian
                  package changes

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=418
This commit is contained in:
Wolfgang Rosenauer 2023-07-05 11:49:19 +00:00 committed by Git OBS Bridge
parent 9d5a7135d6
commit 846be6085c
19 changed files with 1032 additions and 595 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
baselibs.conf
View File

@ -10,7 +10,7 @@ libsoftokn3
+/usr/lib/libsoftokn3.chk
+/usr/lib/libnssdbm3.chk
libfreebl3
provides "libfreebl3-hmac-<targettype> = <version>-%release"
provides "libfreebl3-hmac-<targettype> = <version>-%release"
obsoletes "libfreebl3-hmac-<targettype> < <version>-%release"
+/lib/libfreebl3.chk
+/lib/libfreeblpriv3.chk

54
mozilla-nss.changes
View File

@ -1,3 +1,57 @@
-------------------------------------------------------------------
Tue Jul 4 08:20:31 UTC 2023 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to NSS 3.90
* bmo#1623338 - ride along: remove a duplicated doc page
* bmo#1623338 - remove a reference to IRC
* bmo#1831983 - clang-format lib/freebl/stubs.c
* bmo#1831983 - Add a constant time select function
* bmo#1774657 - Updating an old dbm with lots of certs with keys to
sql results in a database that is slow to access.
* bmo#1830973 - output early build errors by default
* bmo#1804505 - Update the technical constraints for KamuSM
* bmo#1822921 - Add BJCA Global Root CA1 and CA2 root certificates
* bmo#1790763 - Enable default UBSan Checks
* bmo#1786018 - Add explicit handling of zero length records
* bmo#1829391 - Tidy up DTLS ACK Error Handling Path
* bmo#1786018 - Refactor zero length record tests
* bmo#1829112 - Fix compiler warning via correct assert
* bmo#1755267 - run linux tests on nss-t/t-linux-xlarge-gcp
* bmo#1806496 - In FIPS mode, nss should reject RSASSA-PSS salt lengths
larger than the output size of the hash function used,
or provide an indicator
* bmo#1784163 - Fix reading raw negative numbers
* bmo#1748237 - Repairing unreachable code in clang built with gyp
* bmo#1783647 - Integrate Vale Curve25519
* bmo#1799468 - Removing unused flags for Hacl*
* bmo#1748237 - Adding a better error message
* bmo#1727555 - Update HACL* till 51a72a953a4ee6f91e63b2816ae5c4e62edf35d6
* bmo#1782980 - Fall back to the softokn when writing certificate trust
* bmo#1806010 - FIPS-104-3 requires we restart post programmatically
* bmo#1826650 - cmd/ecperf: fix dangling pointer warning on gcc 13
* bmo#1818766 - Update ACVP dockerfile for compatibility with debian
package changes
* bmo#1815796 - Add a CI task for tracking ECCKiila code status, update
whitespace in ECCKiila files
* bmo#1819958 - Removed deprecated sprintf function and replaced with snprintf
* bmo#1822076 - fix rst warnings in nss doc
* bmo#1821997 - Fix incorrect pygment style
* bmo#1821292 - Change GYP directive to apply across platforms
* Add libsmime3 abi-check exception for NSS_CMSSignerInfo_GetDigestAlgTag
- add nss-fix-bmo1836925.patch to fix build-errors
- Remove nss-fips-tls-allow-md5-prf.patch, since we no longer need
the workaround in FIPS mode (bsc#1200325)
- Remove nss-fips-tests-skip.patch. This is no longer needed since
we removed the code to short-circuit broken hashes and moved to
using the SLI
- Add nss-allow-slow-tests.patch, which allows a timed test to run
longer than 1s. This avoids turning slow builds into broken builds
- Add nss-fips-drbg-libjitter.patch to use libjitterentropy for
entropy. This is disabled until we can avoid the inline assembler
in the latter's header file that relies on GNU extensions
- Add nss-fips-pct-pubkeys.patch (bsc#1207209) for pairwise consistency
checks
-------------------------------------------------------------------
Fri Jun 9 10:41:35 UTC 2023 - Pedro Monreal <pmonreal@suse.com>

27
mozilla-nss.spec
View File

@ -17,14 +17,14 @@
#
%global nss_softokn_fips_version 3.89
%global nss_softokn_fips_version 3.90
%define NSPR_min_version 4.35
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss
Version: 3.89.1
Version: 3.90
Release: 0
%define underscore_version 3_89_1
%define underscore_version 3_90
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
@ -65,7 +65,6 @@ Patch19: nss-fips-cavs-dsa-fixes.patch
Patch20: nss-fips-cavs-rsa-fixes.patch
Patch21: nss-fips-approved-crypto-non-ec.patch
Patch22: nss-fips-zeroization.patch
Patch23: nss-fips-tls-allow-md5-prf.patch
Patch24: nss-fips-use-strong-random-pool.patch
Patch25: nss-fips-detect-fips-mode-fixes.patch
Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch
@ -74,8 +73,11 @@ Patch37: nss-fips-fix-missing-nspr.patch
Patch38: nss-fips-stricter-dh.patch
Patch40: nss-fips-180-3-csp-clearing.patch
Patch41: nss-fips-pbkdf-kat-compliance.patch
Patch42: nss-fips-tests-skip.patch
Patch44: nss-fips-tests-enable-fips.patch
Patch45: nss-fips-drbg-libjitter.patch
Patch46: nss-allow-slow-tests.patch
Patch47: nss-fips-pct-pubkeys.patch
Patch48: nss-fix-bmo1836925.patch
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
BuildRequires: gcc9-c++
@ -86,6 +88,12 @@ BuildRequires: pkgconfig
BuildRequires: pkgconfig(nspr) >= %{NSPR_min_version}
BuildRequires: pkgconfig(sqlite3)
BuildRequires: pkgconfig(zlib)
%if 0%{?sle_version} >= 150400
BuildRequires: jitterentropy-devel
# Libjitter needs to be present before AND after the install
Requires(pre): libjitterentropy3
Requires: libjitterentropy3
%endif
Requires: libfreebl3 >= %{nss_softokn_fips_version}
Requires: libsoftokn3 >= %{nss_softokn_fips_version}
Requires: mozilla-nspr >= %{NSPR_min_version}
@ -209,7 +217,6 @@ cd nss
%patch20 -p1
%patch21 -p1
%patch22 -p1
%patch23 -p1
%patch24 -p1
%patch25 -p1
%patch26 -p1
@ -218,8 +225,14 @@ cd nss
%patch38 -p1
%patch40 -p1
%patch41 -p1
%patch42 -p1
%patch44 -p1
# Libjitter only for SLE15 SP4+
%if 0%{?sle_version} >= 150400
%patch45 -p1
%endif
%patch46 -p1
%patch47 -p1
%patch48 -p1
# additional CA certificates
#cd security/nss/lib/ckfw/builtins

3
nss-3.89.1.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:3adaedb9e70c3c5f40603bf60a01e336190a6dbe01929d395f16b01fe84a0156
size 71624456

BIN
nss-3.90.tar.gz (Stored with Git LFS) Normal file
View File

Binary file not shown.

28
nss-allow-slow-tests.patch Normal file
View File

@ -0,0 +1,28 @@
Index: nss/tests/sdr/sdr.sh
===================================================================
--- nss.orig/tests/sdr/sdr.sh
+++ nss/tests/sdr/sdr.sh
@@ -146,7 +146,8 @@ sdr_main()
RARRAY=($dtime)
TIMEARRAY=(${RARRAY[1]//./ })
echo "${TIMEARRAY[0]} seconds"
- html_msg ${TIMEARRAY[0]} 0 "pwdecrypt no time regression"
+ # Suse 2022-10-04: Need more time for slow build servers
+ html_msg $(( ${TIMEARRAY[0]} >= 5 )) 0 "pwdecrypt no time regression"
export NSS_MAX_MP_PBE_ITERATION_COUNT=$OLD_MAX_PBE_ITERATIONS
}
Index: nss/tests/dbtests/dbtests.sh
===================================================================
--- nss.orig/tests/dbtests/dbtests.sh
+++ nss/tests/dbtests/dbtests.sh
@@ -366,7 +366,8 @@ dbtest_main()
RARRAY=($dtime)
TIMEARRAY=(${RARRAY[1]//./ })
echo "${TIMEARRAY[0]} seconds"
- test ${TIMEARRAY[0]} -lt 2
+ # Was 2, but that is too small for OBS-workers.
+ test ${TIMEARRAY[0]} -lt 6
ret=$?
html_msg ${ret} 0 "certutil dump keys with explicit default trust flags"
fi

2
nss-fips-180-3-csp-clearing.patch
View File

@ -16,7 +16,7 @@ Index: nss/lib/softoken/sftkdb.c
===================================================================
--- nss.orig/lib/softoken/sftkdb.c
+++ nss/lib/softoken/sftkdb.c
@@ -1506,7 +1506,7 @@ loser:
@@ -1538,7 +1538,7 @@ loser:
PORT_ZFree(data, dataSize);
}
if (arena) {

498
nss-fips-approved-crypto-non-ec.patch
View File

@ -87,62 +87,17 @@ Index: nss/lib/freebl/arcfour.c
/* Architecture-dependent defines */
@@ -108,6 +109,7 @@ static const Stype Kinit[256] = {
RC4Context *
RC4_AllocateContext(void)
{
+ IN_FIPS_RETURN(NULL);
return PORT_ZNew(RC4Context);
}
@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const un
PRUint8 K[256];
PRUint8 *L;
+ IN_FIPS_RETURN(SECFailure);
+
/* verify the key length. */
PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE);
if (len == 0 || len >= ARCFOUR_STATE_SIZE) {
@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const un
@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un
RC4Context *
RC4_CreateContext(const unsigned char *key, int len)
{
- RC4Context *cx = RC4_AllocateContext();
+ RC4Context *cx;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = RC4_AllocateContext();
if (cx) {
SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0);
if (rv != SECSuccess) {
@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *k
void
RC4_DestroyContext(RC4Context *cx, PRBool freeit)
{
+ IN_FIPS_RETURN();
if (freeit)
PORT_ZFree(cx, sizeof(*cx));
}
@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
+ IN_FIPS_RETURN(SECFailure);
+
PORT_Assert(maxOutputLen >= inputLen);
if (maxOutputLen < inputLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned cha
unsigned int *outputLen, unsigned int maxOutputLen,
const unsigned char *input, unsigned int inputLen)
{
+ IN_FIPS_RETURN(SECFailure);
+
PORT_Assert(maxOutputLen >= inputLen);
if (maxOutputLen < inputLen) {
PORT_SetError(SEC_ERROR_OUTPUT_LEN);
Index: nss/lib/freebl/deprecated/seed.c
===================================================================
--- nss.orig/lib/freebl/deprecated/seed.c
@ -293,56 +248,32 @@ Index: nss/lib/freebl/md2.c
#define MD2_DIGEST_LEN 16
#define MD2_BUFSIZE 16
#define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */
@@ -66,7 +68,11 @@ SECStatus
@@ -66,7 +68,9 @@ SECStatus
MD2_Hash(unsigned char *dest, const char *src)
{
unsigned int len;
- MD2Context *cx = MD2_NewContext();
+ MD2Context *cx;
+
+ IN_FIPS_RETURN(SECFailure);
+
+ cx = MD2_NewContext();
if (!cx) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return SECFailure;
@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char
@@ -81,7 +85,9 @@ MD2_Hash(unsigned char *dest, const char
MD2Context *
MD2_NewContext(void)
{
- MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
+ MD2Context *cx;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return NULL;
@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBoo
void
MD2_Begin(MD2Context *cx)
{
+ IN_FIPS_RETURN();
+
memset(cx, 0, sizeof(*cx));
cx->unusedBuffer = MD2_BUFSIZE;
}
@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigne
{
PRUint32 bytesToConsume;
+ IN_FIPS_RETURN();
+
/* Fill the remaining input buffer. */
if (cx->unusedBuffer != MD2_BUFSIZE) {
bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer);
@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *d
@@ -226,6 +232,7 @@ MD2_End(MD2Context *cx, unsigned char *d
unsigned int *digestLen, unsigned int maxDigestLen)
{
PRUint8 padStart;
+
+ IN_FIPS_RETURN();
+
if (maxDigestLen < MD2_BUFSIZE) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -360,37 +291,18 @@ Index: nss/lib/freebl/md5.c
#define MD5_HASH_LEN 16
#define MD5_BUFFER_SIZE 64
#define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8)
@@ -195,6 +197,7 @@ struct MD5ContextStr {
SECStatus
MD5_Hash(unsigned char *dest, const char *src)
{
+ IN_FIPS_RETURN(SECFailure);
return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src));
}
@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const u
unsigned int len;
MD5Context cx;
+ IN_FIPS_RETURN(SECFailure);
+
MD5_Begin(&cx);
MD5_Update(&cx, src, src_length);
MD5_End(&cx, dest, &len, MD5_HASH_LEN);
@@ -215,7 +220,11 @@ MD5Context *
@@ -215,7 +217,9 @@ MD5Context *
MD5_NewContext(void)
{
/* no need to ZAlloc, MD5_Begin will init the context */
- MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
+ MD5Context *cx;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
return NULL;
@@ -226,7 +235,8 @@ MD5_NewContext(void)
@@ -226,7 +230,8 @@ MD5_NewContext(void)
void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
@ -400,42 +312,6 @@ Index: nss/lib/freebl/md5.c
if (freeit) {
PORT_Free(cx);
}
@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
void
MD5_Begin(MD5Context *cx)
{
+ IN_FIPS_RETURN();
+
cx->lsbInput = 0;
cx->msbInput = 0;
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigne
PRUint32 inBufIndex = cx->lsbInput & 63;
const PRUint32 *wBuf;
+ IN_FIPS_RETURN();
+
/* Add the number of input bytes to the 64-bit input counter. */
addto64(cx->msbInput, cx->lsbInput, inputLen);
if (inBufIndex) {
@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *d
PRUint32 lowInput, highInput;
PRUint32 inBufIndex = cx->lsbInput & 63;
+ IN_FIPS_RETURN();
+
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char
#endif
PRUint32 cv[4];
+ IN_FIPS_RETURN();
+
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
Index: nss/lib/freebl/nsslowhash.c
===================================================================
--- nss.orig/lib/freebl/nsslowhash.c
@ -448,15 +324,18 @@ Index: nss/lib/freebl/nsslowhash.c
struct NSSLOWInitContextStr {
int count;
@@ -99,6 +100,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
@@ -99,6 +100,15 @@ NSSLOWHASH_NewContext(NSSLOWInitContext
{
NSSLOWHASHContext *context;
+#if 0
+ /* return with an error if unapproved hash is requested in FIPS mode */
+ /* This is now handled by the service level indicator */
+ if (!FIPS_hashAlgApproved(hashType)) {
+ PORT_SetError(SEC_ERROR_INVALID_ALGORITHM);
+ return NULL;
+ }
+#endif
+
if (post_failed) {
PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR);
@ -473,13 +352,16 @@ Index: nss/lib/freebl/rawhash.c
static void *
null_hash_new_context(void)
@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[]
@@ -146,7 +147,11 @@ const SECHashObject SECRawHashObjects[]
const SECHashObject *
HASH_GetRawHashObject(HASH_HashType hashType)
{
- if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
+ /* We rely on the service level indicator for algorithm approval now, so
+ * the FIPS check here has been commented out */
+
+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL
+ || (!FIPS_hashAlgApproved(hashType))) {
+ /* || (!FIPS_hashAlgApproved(hashType)) */) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return NULL;
}
@ -487,7 +369,58 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -7495,7 +7495,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
@@ -4780,6 +4780,9 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
goto loser;
}
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM, key);
+ session->lastOpWasFIPS = key->isFIPS;
+
/*
* handle the base object stuff
*/
@@ -4794,6 +4797,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
if (crv == CKR_OK) {
*phKey = key->handle;
}
+
loser:
PORT_Memset(buf, 0, sizeof buf);
sftk_FreeObject(key);
@@ -5710,11 +5714,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
* created and linked.
*/
crv = sftk_handleObject(publicKey, session);
- sftk_FreeSession(session);
if (crv != CKR_OK) {
sftk_FreeObject(publicKey);
NSC_DestroyObject(hSession, privateKey->handle);
sftk_FreeObject(privateKey);
+ sftk_FreeSession(session);
return crv;
}
if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
@@ -5758,13 +5762,19 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
sftk_FreeObject(publicKey);
NSC_DestroyObject(hSession, privateKey->handle);
sftk_FreeObject(privateKey);
+ sftk_FreeSession(session);
return crv;
}
+ publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey);
+ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey);
+ session->lastOpWasFIPS = privateKey->isFIPS;
+
*phPrivateKey = privateKey->handle;
*phPublicKey = publicKey->handle;
sftk_FreeObject(publicKey);
sftk_FreeObject(privateKey);
+ sftk_FreeSession(session);
return CKR_OK;
}
@@ -7469,7 +7479,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
} else {
/* now allocate the hash contexts */
md5 = MD5_NewContext();
@ -496,6 +429,14 @@ Index: nss/lib/softoken/pkcs11c.c
PORT_Memset(crsrdata, 0, sizeof crsrdata);
crv = CKR_HOST_MEMORY;
break;
@@ -7858,6 +7868,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
PORT_Assert(i <= sizeof key_block);
}
+ session->lastOpWasFIPS = key->isFIPS;
crv = CKR_OK;
if (0) {
Index: nss/lib/freebl/desblapi.c
===================================================================
--- nss.orig/lib/freebl/desblapi.c
@ -509,21 +450,10 @@ Index: nss/lib/freebl/desblapi.c
#if defined(NSS_X86_OR_X64)
/* Intel X86 CPUs do unaligned loads and stores without complaint. */
#define COPY8B(to, from, ptr) \
@@ -136,6 +138,8 @@ DES_EDE3CBCDe(DESContext *cx, BYTE *out,
DESContext *
DES_AllocateContext(void)
{
+ IN_FIPS_RETURN(NULL);
+
return PORT_ZNew(DESContext);
}
@@ -145,12 +149,16 @@ DES_InitContext(DESContext *cx, const un
@@ -145,12 +147,14 @@ DES_InitContext(DESContext *cx, const un
unsigned int unused)
{
DESDirection opposite;
+
+ IN_FIPS_RETURN(SECFailure);
+
if (!cx) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@ -535,7 +465,7 @@ Index: nss/lib/freebl/desblapi.c
switch (mode) {
case NSS_DES: /* DES ECB */
DES_MakeSchedule(cx->ks0, key, cx->direction);
@@ -201,8 +209,13 @@ DES_InitContext(DESContext *cx, const un
@@ -201,8 +205,11 @@ DES_InitContext(DESContext *cx, const un
DESContext *
DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt)
{
@ -544,43 +474,114 @@ Index: nss/lib/freebl/desblapi.c
+ DESContext *cx;
+ SECStatus rv;
+
+ IN_FIPS_RETURN(NULL);
+
+ cx = PORT_ZNew(DESContext);
+ rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0);
if (rv != SECSuccess) {
PORT_ZFree(cx, sizeof *cx);
@@ -214,6 +227,8 @@ DES_CreateContext(const BYTE *key, const
void
DES_DestroyContext(DESContext *cx, PRBool freeit)
{
+ IN_FIPS_RETURN();
+
if (cx) {
memset(cx, 0, sizeof *cx);
if (freeit)
@@ -225,6 +240,7 @@ SECStatus
@@ -225,7 +232,6 @@ SECStatus
DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
{
+ IN_FIPS_RETURN(SECFailure);
-
if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
cx->direction != DES_ENCRYPT) {
@@ -242,6 +258,7 @@ SECStatus
PORT_SetError(SEC_ERROR_INVALID_ARGS);
@@ -242,7 +248,6 @@ SECStatus
DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen,
unsigned int maxOutLen, const BYTE *in, unsigned int inLen)
{
+ IN_FIPS_RETURN(SECFailure);
-
if ((inLen % 8) != 0 || maxOutLen < inLen || !cx ||
cx->direction != DES_DECRYPT) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
Index: nss/lib/softoken/fips_algorithms.h
===================================================================
--- nss.orig/lib/softoken/fips_algorithms.h
+++ nss/lib/softoken/fips_algorithms.h
@@ -111,8 +111,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
@@ -58,18 +58,35 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
#define RSA_FB_STEP 1
#define RSA_LEGACY_FB_KEY 1024, 1792 /* min, max */
#define RSA_LEGACY_FB_STEP 256
-#define DSA_FB_KEY 2048, 4096 /* min, max */
+#define DSA_FB_KEY 2048, 3072 /* min, max */
#define DSA_FB_STEP 1024
-#define DH_FB_KEY 2048, 4096 /* min, max */
+#define DH_FB_KEY 2048, 8192 /* min, max */
#define DH_FB_STEP 1024
#define EC_FB_KEY 256, 521 /* min, max */
#define EC_FB_STEP 1 /* key limits handled by special operation */
-#define AES_FB_KEY 128, 256
+#define AES_FB_KEY 128, 512
#define AES_FB_STEP 64
{ CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone },
+#if 0
{ CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS },
+ /* Non-approved */
{ CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone },
{ CKM_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
+#endif
+
+ { CKM_SHA_1_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA224_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA256_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA384_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA512_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA512_224_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA512_256_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+
+ { CKM_SHA3_224_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA3_256_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA3_384_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+ { CKM_SHA3_512_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
+
/* -------------- RSA Multipart Signing Operations -------------------- */
{ CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
{ CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone },
@@ -88,13 +105,12 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
{ CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS },
/* ------------------------- DSA Operations --------------------------- */
- { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA_SHA224, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA_SHA256, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA_SHA384, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
- { CKM_DSA_SHA512, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone },
+
+ { CKM_DSA_SHA224, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
+ { CKM_DSA_SHA256, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
+ { CKM_DSA_SHA384, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
+ { CKM_DSA_SHA512, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone },
+
/* -------------------- Diffie Hellman Operations --------------------- */
/* no diffie hellman yet */
{ CKM_DH_PKCS_KEY_PAIR_GEN, { DH_FB_KEY, CKF_KPG }, DH_FB_STEP, SFTKFIPSDH },
@@ -102,7 +118,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
/* -------------------- Elliptic Curve Operations --------------------- */
{ CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC },
{ CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC },
+#if 0
+ /* Doesn't consider hash algo. Non-approved */
{ CKM_ECDSA, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
+#endif
{ CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
{ CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
{ CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC },
@@ -112,8 +131,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
+#if 0
+ /* Non-approved */
{ CKM_AES_MAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_MAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
+#endif
{ CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
@@ -123,8 +145,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
{ CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone },
@ -592,3 +593,170 @@ Index: nss/lib/softoken/fips_algorithms.h
/* ------------------------- Hashing Operations ----------------------- */
{ CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
{ CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
@@ -139,41 +164,56 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
{ CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
/* --------------------- Secret Key Operations ------------------------ */
- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 512, CKF_GEN }, 1, SFTKFIPSNone },
/* ---------------------- SSL/TLS operations ------------------------- */
{ CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_SHA256_KEY_DERIVATION, { 128, 256, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_SHA384_KEY_DERIVATION, { 192, 384, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_SHA512_KEY_DERIVATION, { 256, 512, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_TLS_PRF_GENERAL, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
- { CKM_TLS_MAC, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
+ { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone },
+
+ { CKM_NSS_TLS_PRF_GENERAL_SHA256, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone },
+ { CKM_TLS_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256, { 128, 384, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_TLS_MASTER_KEY_DERIVE_DH, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_TLS_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256, { 128, 384, CKF_KDF }, 1, SFTKFIPSNone },
+
+ { CKM_SSL3_PRE_MASTER_KEY_GEN, { 128, 512, CKF_GEN }, 1, SFTKFIPSNone },
+ { CKM_TLS_PRE_MASTER_KEY_GEN, { 128, 512, CKF_GEN }, 1, SFTKFIPSNone },
+
/* sigh, is this algorithm really tested. ssl doesn't seem to have a
* way of turning the extension off */
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone },
/* ------------------------- HKDF Operations -------------------------- */
+#if 0
+ /* Only approved in the context of TLS 1.3 */
{ CKM_HKDF_DERIVE, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_HKDF_DATA, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone },
+#endif
/* ------------------ NIST 800-108 Key Derivations ------------------- */
- { CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone },
/* --------------------IPSEC ----------------------- */
- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE1_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone },
+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
/* ------------------ PBE Key Derivations ------------------- */
- { CKM_PKCS5_PBKD2, { 1, 256, CKF_GEN }, 1, SFTKFIPSNone },
+ { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone },
Index: nss/lib/softoken/pkcs11u.c
===================================================================
--- nss.orig/lib/softoken/pkcs11u.c
+++ nss/lib/softoken/pkcs11u.c
@@ -2242,6 +2242,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
case CKA_NSS_MESSAGE | CKA_VERIFY:
flags = CKF_MESSAGE_VERIFY;
break;
+ case CKA_KEY_GEN_MECHANISM:
+ flags = CKF_GENERATE;
+ break;
+ case CKA_KEY_PAIR_GEN_MECHANISM:
+ flags = CKF_GENERATE_KEY_PAIR;
+ break;
default:
break;
}
@@ -2462,18 +2468,35 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
if (!sftk_isFIPS(slot->slotID)) {
return PR_FALSE;
}
- if (source && !source->isFIPS) {
- return PR_FALSE;
- }
if (mech == NULL) {
return PR_FALSE;
}
-
/* now get the calculated values */
opFlags = sftk_AttributeToFlags(op);
if (opFlags == 0) {
return PR_FALSE;
}
+ if (source && !source->isFIPS
+ && !((mech->mechanism == CKM_DSA_SHA224
+ || mech->mechanism == CKM_DSA_SHA256
+ || mech->mechanism == CKM_DSA_SHA384
+ || mech->mechanism == CKM_DSA_SHA512))) {
+ return PR_FALSE;
+ }
+
+ if (mech->mechanism == CKM_PKCS5_PBKD2) {
+ CK_PKCS5_PBKD2_PARAMS *pbkd2_params = (CK_PKCS5_PBKD2_PARAMS *) mech->pParameter;
+
+ if (!pbkd2_params
+ || !pbkd2_params->ulPasswordLen
+ || *pbkd2_params->ulPasswordLen < 20
+ || pbkd2_params->saltSource != CKZ_SALT_SPECIFIED
+ || pbkd2_params->ulSaltSourceDataLen < 128 / 8
+ || pbkd2_params->iterations < 1000) {
+ return PR_FALSE;
+ }
+ }
+
keyLength = sftk_getKeyLength(source);
/* check against our algorithm array */
Index: nss/lib/util/pkcs11t.h
===================================================================
--- nss.orig/lib/util/pkcs11t.h
+++ nss/lib/util/pkcs11t.h
@@ -576,6 +576,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
#define CKA_KEY_GEN_MECHANISM 0x00000166UL
+#define CKA_KEY_PAIR_GEN_MECHANISM 0x00000167UL
#define CKA_MODIFIABLE 0x00000170UL
Index: nss/lib/softoken/pkcs11.c
===================================================================
--- nss.orig/lib/softoken/pkcs11.c
+++ nss/lib/softoken/pkcs11.c
@@ -534,17 +534,17 @@ static const struct mechanismList mechan
{ CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
- { 48, 48, CKF_DERIVE },
+ { 16, 48, CKF_DERIVE },
PR_FALSE },
- { CKM_TLS_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
- { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
+ { CKM_TLS_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
+ { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256,
- { 8, 128, CKF_DERIVE },
+ { 48, 48, CKF_DERIVE },
PR_FALSE },
{ CKM_TLS_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_TLS12_KEY_AND_MAC_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_NSS_TLS_KEY_AND_MAC_DERIVE_SHA256,
- { 48, 48, CKF_DERIVE },
+ { 16, 48, CKF_DERIVE },
PR_FALSE },
{ CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE,
{ 48, 128, CKF_DERIVE },

16
nss-fips-combined-hash-sign-dsa-ecdsa.patch
View File

@ -68,7 +68,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -2679,7 +2679,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
@@ -2653,7 +2653,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sig
static SECStatus
nsc_DSA_Sign_Stub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@ -77,7 +77,7 @@ Index: nss/lib/softoken/pkcs11c.c
{
SECItem signature, digest;
SECStatus rv;
@@ -2697,6 +2697,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
@@ -2671,6 +2671,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBu
return rv;
}
@ -100,7 +100,7 @@ Index: nss/lib/softoken/pkcs11c.c
static SECStatus
nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen,
void *dataBuf, unsigned int dataLen)
@@ -2714,7 +2730,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
@@ -2688,7 +2704,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sig
static SECStatus
nsc_ECDSASignStub(void *ctx, void *sigBuf,
unsigned int *sigLen, unsigned int maxSigLen,
@ -109,7 +109,7 @@ Index: nss/lib/softoken/pkcs11c.c
{
SECItem signature, digest;
SECStatus rv;
@@ -2732,6 +2748,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
@@ -2706,6 +2722,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBu
return rv;
}
@ -132,7 +132,7 @@ Index: nss/lib/softoken/pkcs11c.c
/* NSC_SignInit setups up the signing operations. There are three basic
* types of signing:
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
@@ -3601,6 +3633,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
@@ -3575,6 +3607,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
info->hashOid = SEC_OID_##mmm; \
goto finish_rsa;
@ -155,7 +155,7 @@ Index: nss/lib/softoken/pkcs11c.c
switch (pMechanism->mechanism) {
INIT_RSA_VFY_MECH(MD5)
INIT_RSA_VFY_MECH(MD2)
@@ -4829,6 +4877,73 @@ loser:
@@ -4807,6 +4855,73 @@ loser:
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
@ -229,7 +229,7 @@ Index: nss/lib/softoken/pkcs11c.c
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -4882,8 +4997,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -4860,8 +4975,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
/* Variables used for Signature/Verification functions. */
/* Must be at least 256 bits for DSA2 digest */
@ -238,7 +238,7 @@ Index: nss/lib/softoken/pkcs11c.c
CK_ULONG signature_length;
if (keyType == CKK_RSA) {
@@ -5037,76 +5150,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -5015,76 +5128,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}

333
nss-fips-constructor-self-tests.patch
View File

@ -63,6 +63,16 @@ Index: nss/lib/freebl/blapi.h
/*********************************************************************/
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPo
*/
extern int EC_GetPointSize(const ECParams *params);
+/* Unconditionally run the integrity check. */
+extern void BL_FIPSRepeatIntegrityCheck(void);
+
SEC_END_PROTOS
#endif /* _BLAPI_H_ */
Index: nss/lib/freebl/fips-selftest.inc
===================================================================
--- /dev/null
@ -149,7 +159,7 @@ Index: nss/lib/freebl/fips-selftest.inc
+ abort();
+}
+
+/* check whether FIPS moode is mandated by the kernel */
+/* check whether FIPS mode is mandated by the kernel */
+static int
+fips_isWantedProc(void)
+{
@ -247,7 +257,7 @@ Index: nss/lib/freebl/fips-selftest.inc
+ }
+ fips_requests += fips_isWantedEnv();
+
+ return fips_requests;
+ return fips_requests < 1 ? 0 : 1;
+}
+
+static PRBool
@ -641,12 +651,12 @@ Index: nss/lib/freebl/fipsfreebl.c
}
/*
@@ -2251,28 +2279,104 @@ bl_startup_tests(void)
@@ -2251,19 +2279,12 @@ bl_startup_tests(void)
* power on selftest failed.
*/
SECStatus
-BL_FIPSEntryOK(PRBool freebl_only)
+BL_FIPSEntryOK(PRBool my_freebl_only)
-BL_FIPSEntryOK(PRBool freebl_only, PRBool rerun)
+BL_FIPSEntryOK(PRBool my_freebl_only, PRBool rerun)
{
-#ifdef NSS_NO_INIT_SUPPORT
- /* this should only be set on platforms that can't handle one of the INIT
@ -660,9 +670,10 @@ Index: nss/lib/freebl/fipsfreebl.c
bl_startup_tests();
}
-#endif
+
/* if the general self tests succeeded, we're done */
if (self_tests_success) {
if (rerun) {
/* reset the flags */
self_tests_freebl_ran = PR_FALSE;
@@ -2277,10 +2298,104 @@ BL_FIPSEntryOK(PRBool freebl_only, PRBoo
return SECSuccess;
}
/* standalone freebl can initialize */
@ -674,6 +685,17 @@ Index: nss/lib/freebl/fipsfreebl.c
return SECFailure;
}
+
+void
+BL_FIPSRepeatIntegrityCheck(void)
+{
+ fips_state = fips_initTest("freebl", NULL, NULL);
+
+ if (!fips_state)
+ {
+ fatal ("fips - freebl: Integrity test re-run failed - aborting.");
+ }
+}
+
+/* returns the FIPS mode we are running in or the one that we aspire to if the
+ * tests have not completed yet - which might happen during the crypto selftest
+ */
@ -756,11 +778,27 @@ Index: nss/lib/freebl/fipsfreebl.c
+}
+
#endif
+
Index: nss/lib/freebl/loader.c
===================================================================
--- nss.orig/lib/freebl/loader.c
+++ nss/lib/freebl/loader.c
@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
@@ -95,6 +95,14 @@ BL_Init(void)
return (vector->p_BL_Init)();
}
+void
+BL_FIPSRepeatIntegrityCheck(void)
+{
+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce())
+ return;
+ (vector->p_BL_FIPSRepeatIntegrityCheck)();
+}
+
RSAPrivateKey *
RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
{
@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext
}
PRBool
@ -774,7 +812,7 @@ Index: nss/lib/freebl/loader.c
}
/*
@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncP
* in freebl_LoadDSO) to p_BLAPI_VerifySelf.
*/
PRBool
@ -789,7 +827,7 @@ Index: nss/lib/freebl/loader.c
}
/* ============== New for 3.006 =============================== */
@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224
}
PRBool
@ -827,6 +865,16 @@ Index: nss/lib/freebl/loader.h
/* Version 3.013 came to here */
@@ -834,6 +834,9 @@ struct FREEBLVectorStr {
/* Add new function pointers at the end of this struct and bump
* FREEBL_VERSION at the beginning of this file. */
+
+ /* SUSE patch: Goes last */
+ void (*p_BL_FIPSRepeatIntegrityCheck)(void);
};
typedef struct FREEBLVectorStr FREEBLVector;
Index: nss/lib/freebl/manifest.mn
===================================================================
--- nss.orig/lib/freebl/manifest.mn
@ -873,12 +921,12 @@ Index: nss/lib/freebl/shvfy.c
return SECSuccess;
}
-static PRBool blapi_SHVerifyFile(const char *shName, PRBool self);
+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, int *err);
-static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun);
+static PRBool blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun, int *err);
static PRBool
-blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self)
+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, int *err)
-blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun)
+blapi_SHVerify(const char *name, PRFuncPtr addr, PRBool self, PRBool rerun, int *err)
{
PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
@ -888,100 +936,119 @@ Index: nss/lib/freebl/shvfy.c
if (!shName) {
goto loser;
}
- result = blapi_SHVerifyFile(shName, self);
+ result = blapi_SHVerifyFile(shName, self, err);
- result = blapi_SHVerifyFile(shName, self, rerun);
+ result = blapi_SHVerifyFile(shName, self, rerun, err);
loser:
if (shName != NULL) {
@@ -311,15 +311,15 @@ loser:
@@ -311,25 +311,25 @@ loser:
}
PRBool
-BLAPI_SHVerify(const char *name, PRFuncPtr addr)
+BLAPI_SHVerify(const char *name, PRFuncPtr addr, int *err)
{
- return blapi_SHVerify(name, addr, PR_FALSE);
+ return blapi_SHVerify(name, addr, PR_FALSE, err);
PRBool rerun = PR_FALSE;
if (name && *name == BLAPI_FIPS_RERUN_FLAG) {
name++;
rerun = PR_TRUE;
}
- return blapi_SHVerify(name, addr, PR_FALSE, rerun);
+ return blapi_SHVerify(name, addr, PR_FALSE, rerun, err);
}
PRBool
-BLAPI_SHVerifyFile(const char *shName)
+BLAPI_SHVerifyFile(const char *shName, int *err)
{
- return blapi_SHVerifyFile(shName, PR_FALSE);
+ return blapi_SHVerifyFile(shName, PR_FALSE, err);
PRBool rerun = PR_FALSE;
if (shName && *shName == BLAPI_FIPS_RERUN_FLAG) {
shName++;
rerun = PR_TRUE;
}
- return blapi_SHVerifyFile(shName, PR_FALSE, rerun);
+ return blapi_SHVerifyFile(shName, PR_FALSE, rerun, err);
}
#ifndef NSS_STRICT_INTEGRITY
@@ -421,7 +421,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
@@ -432,7 +432,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
}
static PRBool
-blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun)
+blapi_SHVerifyFile(const char *shName, PRBool self, PRBool rerun, int *err)
{
char *checkName = NULL;
PRFileDesc *checkFD = NULL;
@@ -446,7 +446,7 @@ blapi_SHVerifyFile(const char *shName, P
int pid = 0;
#endif
PRBool result = PR_FALSE; /* if anything goes wrong,
- * the signature does not verify */
+ * the signature does not verify */
NSSSignChkHeader header;
#ifndef NSS_STRICT_INTEGRITY
DSAPublicKey key;
@@ -473,14 +473,17 @@ blapi_SHVerifyFile(const char *shName, P
/* open the check File */
checkFD = PR_Open(checkName, PR_RDONLY, 0);
if (checkFD == NULL) {
+ if (err) {
+ *err = PORT_GetError();
+ }
#ifdef DEBUG_SHVERIFY
- fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
- checkName, (int)PR_GetError(), (int)PR_GetOSError());
+ fprintf(stderr, "Failed to open the check file %s: (%d)\n",
+ checkName, (int)PORT_GetError());
#endif /* DEBUG_SHVERIFY */
goto loser;
}
static PRBool
- blapi_SHVerifyFile(const char *shName, PRBool self)
+ blapi_SHVerifyFile(const char *shName, PRBool self, int *err)
{
char *checkName = NULL;
PRFileDesc *checkFD = NULL;
@@ -462,14 +462,17 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
/* open the check File */
checkFD = PR_Open(checkName, PR_RDONLY, 0);
if (checkFD == NULL) {
+ if (err) {
+ *err = PORT_GetError();
+ }
#ifdef DEBUG_SHVERIFY
- fprintf(stderr, "Failed to open the check file %s: (%d, %d)\n",
- checkName, (int)PR_GetError(), (int)PR_GetOSError());
+ fprintf(stderr, "Failed to open the check file %s: (%d)\n",
+ checkName, (int)PR_GetError());
#endif /* DEBUG_SHVERIFY */
goto loser;
}
- /* read and Verify the headerthe header */
+ /* read and Verify the header */
bytesRead = PR_Read(checkFD, &header, sizeof(header));
if (bytesRead != sizeof(header)) {
goto loser;
@@ -550,7 +553,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
goto loser;
}
- /* read and Verify the headerthe header */
+ /* read and Verify the header */
bytesRead = PR_Read(checkFD, &header, sizeof(header));
if (bytesRead != sizeof(header)) {
goto loser;
@@ -561,7 +564,7 @@ blapi_SHVerifyFile(const char *shName, P
goto loser;
}
-/* open our library file */
+ /* open our library file */
#ifdef FREEBL_USE_PRELINK
shFD = bl_OpenUnPrelink(shName, &pid);
shFD = bl_OpenUnPrelink(shName, &pid);
#else
@@ -558,8 +561,8 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
@@ -569,8 +572,8 @@ blapi_SHVerifyFile(const char *shName, P
#endif
if (shFD == NULL) {
if (shFD == NULL) {
#ifdef DEBUG_SHVERIFY
- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
- shName, (int)PR_GetError(), (int)PR_GetOSError());
+ fprintf(stderr, "Failed to open the library file %s: (%d)\n",
+ shName, (int)PR_GetError());
- fprintf(stderr, "Failed to open the library file %s: (%d, %d)\n",
- shName, (int)PR_GetError(), (int)PR_GetOSError());
+ fprintf(stderr, "Failed to open the library file %s: (%d)\n",
+ shName, (int)PORT_GetError());
#endif /* DEBUG_SHVERIFY */
goto loser;
}
@@ -620,7 +623,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
goto loser;
}
@@ -631,7 +634,7 @@ loser:
}
PRBool
- BLAPI_VerifySelf(const char *name)
+ BLAPI_VerifySelf(const char *name, int *err)
{
if (name == NULL) {
/*
@@ -629,7 +632,7 @@ blapi_SHVerifyHMACCheck(PRFileDesc *shFD
*/
return PR_TRUE;
}
- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE);
+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, err);
PRBool
-BLAPI_VerifySelf(const char *name)
+BLAPI_VerifySelf(const char *name, int *err)
{
if (name == NULL) {
/*
@@ -640,7 +643,7 @@ BLAPI_VerifySelf(const char *name)
*/
return PR_TRUE;
}
- return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE);
+ return blapi_SHVerify(name, (PRFuncPtr)decodeInt, PR_TRUE, PR_FALSE, err);
}
#else /* NSS_FIPS_DISABLED */
@@ -645,7 +648,7 @@ BLAPI_SHVerify(const char *name, PRFuncP
@@ -656,7 +659,7 @@ BLAPI_SHVerify(const char *name, PRFuncP
return PR_FALSE;
}
PRBool
@ -994,7 +1061,7 @@ Index: nss/lib/softoken/fips.c
===================================================================
--- /dev/null
+++ nss/lib/softoken/fips.c
@@ -0,0 +1,40 @@
@@ -0,0 +1,50 @@
+#include "../freebl/fips-selftest.inc"
+
+#include "fips.h"
@ -1007,7 +1074,7 @@ Index: nss/lib/softoken/fips.c
+static fips_check_status
+fips_checkCryptoSoftoken(void)
+{
+ if (CKR_OK == sftk_FIPSEntryOK()) {
+ if (CKR_OK == sftk_FIPSEntryOK(PR_FALSE)) {
+ return CHECK_OK;
+ } else {
+ return CHECK_FAIL_CRYPTO;
@ -1035,18 +1102,33 @@ Index: nss/lib/softoken/fips.c
+
+ return;
+}
+
+void
+fips_repeatTestSoftoken(void)
+{
+ fips_initTestSoftoken();
+ if (!fips_state)
+ {
+ fatal ("fips - softokn: Integrity test re-run failed - aborting.");
+ }
+}
Index: nss/lib/softoken/fips.h
===================================================================
--- /dev/null
+++ nss/lib/softoken/fips.h
@@ -0,0 +1,10 @@
@@ -0,0 +1,15 @@
+#ifndef FIPS_H
+#define FIPS_H
+
+#include "prtypes.h"
+#include "softoken.h"
+
+CK_RV FIPS_cryptoSelftestSoftoken(void);
+SEC_BEGIN_PROTOS
+
+CK_RV sftk_fipsPowerUpSelfTest(void);
+extern void sftk_FIPSRepeatIntegrityCheck(void);
+
+SEC_END_PROTOS
+
+#endif
+
@ -1382,15 +1464,15 @@ Index: nss/lib/softoken/fipstest.c
static PRBool sftk_self_tests_ran = PR_FALSE;
static PRBool sftk_self_tests_success = PR_FALSE;
@@ -694,7 +1015,6 @@ static void
sftk_startup_tests(void)
@@ -694,7 +1015,6 @@ void
sftk_startup_tests_with_rerun(PRBool rerun)
{
SECStatus rv;
- const char *libraryName = SOFTOKEN_LIB_NAME;
- const char *libraryName = rerun ? BLAPI_FIPS_RERUN_FLAG_STRING SOFTOKEN_LIB_NAME : SOFTOKEN_LIB_NAME;
PORT_Assert(!sftk_self_tests_ran);
PORT_Assert(!sftk_self_tests_success);
@@ -706,6 +1026,7 @@ sftk_startup_tests(void)
@@ -706,6 +1026,7 @@ sftk_startup_tests_with_rerun(PRBool rer
if (rv != SECSuccess) {
return;
}
@ -1398,7 +1480,7 @@ Index: nss/lib/softoken/fipstest.c
/* make sure freebl is initialized, or our RSA check
* may fail. This is normally done at freebl load time, but it's
* possible we may have shut freebl down without unloading it. */
@@ -723,12 +1044,21 @@ sftk_startup_tests(void)
@@ -723,12 +1044,21 @@ sftk_startup_tests_with_rerun(PRBool rer
if (rv != SECSuccess) {
return;
}
@ -1424,9 +1506,9 @@ Index: nss/lib/softoken/fipstest.c
rv = sftk_fips_IKE_PowerUpSelfTests();
if (rv != SECSuccess) {
return;
@@ -760,17 +1090,11 @@ sftk_startup_tests(void)
@@ -766,17 +1096,10 @@ sftk_startup_tests(void)
CK_RV
sftk_FIPSEntryOK()
sftk_FIPSEntryOK(PRBool rerun)
{
-#ifdef NSS_NO_INIT_SUPPORT
- /* this should only be set on platforms that can't handle one of the INIT
@ -1440,10 +1522,27 @@ Index: nss/lib/softoken/fipstest.c
sftk_startup_tests();
}
-#endif
+
if (!sftk_self_tests_success) {
return CKR_DEVICE_ERROR;
if (rerun) {
sftk_self_tests_ran = PR_FALSE;
sftk_self_tests_success = PR_FALSE;
@@ -787,6 +1110,17 @@ sftk_FIPSEntryOK(PRBool rerun)
}
return CKR_OK;
}
+
+void fips_repeatTestSoftoken(void);
+
+void
+sftk_FIPSRepeatIntegrityCheck()
+{
+ /* These will abort if the checksum fails in FIPS mode */
+ BL_FIPSRepeatIntegrityCheck();
+ fips_repeatTestSoftoken();
+}
+
#else
#include "pkcs11t.h"
CK_RV
Index: nss/lib/softoken/legacydb/fips.c
===================================================================
--- /dev/null
@ -1521,14 +1620,14 @@ Index: nss/lib/softoken/manifest.mn
===================================================================
--- nss.orig/lib/softoken/manifest.mn
+++ nss/lib/softoken/manifest.mn
@@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \
softkver.h \
sdb.h \
sftkdbt.h \
@@ -22,6 +22,7 @@ endif
EXPORTS = \
lowkeyi.h \
lowkeyti.h \
+ fips.h \
$(NULL)
CSRCS = \
PRIVATE_EXPORTS = \
@@ -55,6 +56,7 @@ CSRCS = \
softkver.c \
tlsprf.c \
@ -1537,3 +1636,47 @@ Index: nss/lib/softoken/manifest.mn
$(NULL)
ifndef NSS_DISABLE_DBM
Index: nss/lib/softoken/softoken.h
===================================================================
--- nss.orig/lib/softoken/softoken.h
+++ nss/lib/softoken/softoken.h
@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLAr
/* make sure Power-up selftests have been run. */
extern CK_RV sftk_FIPSEntryOK(PRBool rerun);
+/* Unconditionally run the crypto self-tests. */
+extern PRBool sftk_FIPSRunTests();
+
/*
** make known fixed PKCS #11 key types to their sizes in bytes
*/
Index: nss/lib/freebl/ldvector.c
===================================================================
--- nss.orig/lib/freebl/ldvector.c
+++ nss/lib/freebl/ldvector.c
@@ -375,9 +375,12 @@ static const struct FREEBLVectorStr vect
/* End of version 3.024 */
ChaCha20_InitContext,
ChaCha20_CreateContext,
- ChaCha20_DestroyContext
+ ChaCha20_DestroyContext,
/* End of version 3.025 */
+
+ /* SUSE patch: Goes last */
+ BL_FIPSRepeatIntegrityCheck
};
const FREEBLVector*
Index: nss/lib/softoken/softokn.def
===================================================================
--- nss.orig/lib/softoken/softokn.def
+++ nss/lib/softoken/softokn.def
@@ -34,6 +34,7 @@ NSC_GetInterfaceList;
C_GetInterface;
FC_GetInterface;
NSC_GetInterface;
+sftk_FIPSRepeatIntegrityCheck;
;+ local:
;+ *;
;+};

14
nss-fips-detect-fips-mode-fixes.patch
View File

@ -12,7 +12,7 @@ Index: nss/lib/freebl/nsslowhash.c
===================================================================
--- nss.orig/lib/freebl/nsslowhash.c
+++ nss/lib/freebl/nsslowhash.c
@@ -2,6 +2,9 @@
@@ -2,9 +2,13 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
@ -22,7 +22,11 @@ Index: nss/lib/freebl/nsslowhash.c
#ifdef FREEBL_NO_DEPEND
#include "stubs.h"
#endif
@@ -25,6 +28,23 @@ struct NSSLOWHASHContextStr {
+
#include "prtypes.h"
#include "prenv.h"
#include "secerr.h"
@@ -25,6 +29,23 @@ struct NSSLOWHASHContextStr {
};
#ifndef NSS_FIPS_DISABLED
@ -46,7 +50,7 @@ Index: nss/lib/freebl/nsslowhash.c
static int
nsslow_GetFIPSEnabled(void)
{
@@ -52,6 +72,7 @@ nsslow_GetFIPSEnabled(void)
@@ -52,6 +73,7 @@ nsslow_GetFIPSEnabled(void)
#endif /* LINUX */
return 1;
}
@ -54,13 +58,13 @@ Index: nss/lib/freebl/nsslowhash.c
#endif /* NSS_FIPS_DISABLED */
static NSSLOWInitContext dummyContext = { 0 };
@@ -67,7 +88,7 @@ NSSLOW_Init(void)
@@ -67,7 +89,7 @@ NSSLOW_Init(void)
#ifndef NSS_FIPS_DISABLED
/* make sure the FIPS product is installed if we are trying to
* go into FIPS mode */
- if (nsslow_GetFIPSEnabled()) {
+ if (nsslow_GetFIPSEnabled() || getFIPSEnv()) {
if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) {
if (BL_FIPSEntryOK(PR_TRUE, PR_FALSE) != SECSuccess) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
post_failed = PR_TRUE;
Index: nss/lib/sysinit/nsssysinit.c

111
nss-fips-drbg-libjitter.patch Normal file
View File

@ -0,0 +1,111 @@
Index: nss/coreconf/Linux.mk
===================================================================
--- nss.orig/coreconf/Linux.mk
+++ nss/coreconf/Linux.mk
@@ -136,7 +136,7 @@ OS_CFLAGS = $(DSO_CFLAGS) $(OS_REL_CFLA
ifeq ($(KERNEL),Linux)
OS_CFLAGS += -DLINUX -Dlinux
endif
-OS_LIBS = $(OS_PTHREAD) -ldl -lc
+OS_LIBS = $(OS_PTHREAD) -ldl -lc -ljitterentropy
ifeq ($(OS_TARGET),Android)
OS_LIBS += -llog
Index: nss/lib/freebl/drbg.c
===================================================================
--- nss.orig/lib/freebl/drbg.c
+++ nss/lib/freebl/drbg.c
@@ -6,6 +6,8 @@
#include "stubs.h"
#endif
+#include <jitterentropy.h>
+
#include <unistd.h>
#include "prerror.h"
@@ -107,6 +109,45 @@ typedef struct RNGContextStr RNGContext;
static RNGContext *globalrng = NULL;
static RNGContext theGlobalRng;
+/* Jitterentropy */
+#define JITTER_FLAGS JENT_FORCE_FIPS
+static struct rand_data *jitter;
+
+static ssize_t
+FIPS_jent_get_entropy (void *dest, ssize_t len)
+{
+ int result = -1;
+
+ /* Ensure that the jitterentropy generator is initialized */
+
+ if (!jitter)
+ {
+ if (jent_entropy_init_ex (1, JITTER_FLAGS))
+ goto out;
+
+ jitter = jent_entropy_collector_alloc (1, JITTER_FLAGS);
+ if (!jitter)
+ goto out;
+ }
+
+ /* Get some entropy */
+
+ result = jent_read_entropy_safe (&jitter, dest, len);
+
+out:
+ return result;
+}
+
+static void
+FIPS_jent_deinit (void)
+{
+ if (jitter)
+ {
+ jent_entropy_collector_free (jitter);
+ jitter = NULL;
+ }
+}
+
/*
* The next several functions are derived from the NIST SP 800-90
* spec. In these functions, an attempt was made to use names consistent
@@ -180,7 +221,7 @@ static PRCallOnceType coRNGInitEntropy;
static PRStatus
prng_initEntropy(void)
{
- size_t length;
+ ssize_t length;
PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE];
SHA256Context ctx;
@@ -203,8 +244,8 @@ prng_initEntropy(void)
/* For FIPS 140-2 4.9.2 continuous random number generator test,
* fetch the initial entropy from the system RNG and keep it for
* later comparison. */
- length = RNG_SystemRNG(block, sizeof(block));
- if (length == 0) {
+ length = FIPS_jent_get_entropy(block, sizeof(block));
+ if (length < 1) {
coRNGInitEntropy.status = PR_FAILURE;
__sync_synchronize ();
coRNGInitEntropy.initialized = 1;
@@ -244,8 +285,8 @@ prng_getEntropy(PRUint8 *buffer, size_t
* iteratively fetch fixed sized blocks from the system and
* compare consecutive blocks. */
while (total < requestLength) {
- size_t length = RNG_SystemRNG(block, sizeof(block));
- if (length == 0) {
+ ssize_t length = FIPS_jent_get_entropy(block, sizeof(block));
+ if (length < 1) {
rv = SECFailure; /* error is already set */
goto out;
}
@@ -792,6 +833,7 @@ RNG_RNGShutdown(void)
/* clear */
prng_freeRNGContext(globalrng);
globalrng = NULL;
+ FIPS_jent_deinit ();
/* reset the callonce struct to allow a new call to RNG_RNGInit() */
coRNGInit = pristineCallOnce;
}

4
nss-fips-pairwise-consistency-check.patch
View File

@ -14,7 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -4826,8 +4826,8 @@ loser:
@@ -4800,8 +4800,8 @@ loser:
return crv;
}
@ -25,7 +25,7 @@ Index: nss/lib/softoken/pkcs11c.c
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
@@ -5775,6 +5775,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -5749,6 +5749,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}

11
nss-fips-pbkdf-kat-compliance.patch
View File

@ -1,6 +1,6 @@
diff --git nss/lib/softoken/lowpbe.c b/nss/lib/softoken/lowpbe.c
index fae9e18..1c55642 100644
--- nss/lib/softoken/lowpbe.c
Index: nss/lib/softoken/lowpbe.c
===================================================================
--- nss.orig/lib/softoken/lowpbe.c
+++ nss/lib/softoken/lowpbe.c
@@ -1756,7 +1756,7 @@ loser:
return ret_algid;
@ -11,7 +11,7 @@ index fae9e18..1c55642 100644
SECStatus
sftk_fips_pbkdf_PowerUpSelfTests(void)
{
@@ -1766,16 +1766,21 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
@@ -1766,16 +1766,22 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
unsigned char iteration_count = 5;
unsigned char keyLen = 64;
char *inKeyData = TEST_KEY;
@ -22,6 +22,7 @@ index fae9e18..1c55642 100644
+ 0x48, 0x99, 0xF4, 0x6D, 0xB7, 0x48, 0xE3, 0x3B,
+ 0x91, 0xBF, 0x65, 0xA9, 0x26, 0x83, 0xE8, 0x22
+ };
+
static const unsigned char pbkdf_known_answer[] = {
- 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29,
- 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c,
@ -42,7 +43,7 @@ index fae9e18..1c55642 100644
};
sftk_PBELockInit();
@@ -1804,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
@@ -1804,11 +1810,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
* for NSSPKCS5_PBKDF2 */
pbe_params.iter = iteration_count;
pbe_params.keyLen = keyLen;

135
nss-fips-pct-pubkeys.patch Normal file
View File

@ -0,0 +1,135 @@
# HG changeset patch
# Parent 5786c2bb5c229b530e95e435ee0cf51314359e7b
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -17,6 +17,7 @@
* In this implementation, session objects are only visible to the session
* that created or generated them.
*/
+#include "lowkeyti.h"
#include "seccomon.h"
#include "secitem.h"
#include "secport.h"
@@ -4922,6 +4923,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
return crv;
}
+/* This function regenerates a public key from a private key
+ * (not simply returning the saved public key) and compares it
+ * to the given publicKey
+ */
+static CK_RV
+regeneratePublicKeyFromPrivateKeyAndCompare(NSSLOWKEYPrivateKey *currPrivKey,
+ NSSLOWKEYPublicKey *currPubKey)
+{
+ NSSLOWKEYPublicKey *pubk;
+ SECItem publicValue;
+ PLArenaPool *arena;
+
+ arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE);
+ if (arena == NULL) {
+ PORT_SetError(SEC_ERROR_NO_MEMORY);
+ return CKR_HOST_MEMORY;
+ }
+
+ switch (currPrivKey->keyType) {
+ case NSSLOWKEYDHKey:
+ pubk = (NSSLOWKEYPublicKey *)PORT_ArenaZAlloc(arena,
+ sizeof(NSSLOWKEYPublicKey));
+ if (pubk != NULL) {
+ SECStatus rv;
+
+ pubk->arena = arena;
+ pubk->keyType = currPrivKey->keyType;
+
+ // Regenerate the publicValue
+ rv = DH_Derive(&currPrivKey->u.dh.base, &currPrivKey->u.dh.prime,
+ &currPrivKey->u.dh.privateValue, &publicValue, 0);
+ if (rv != SECSuccess) {
+ break;
+ }
+ rv = SECITEM_CopyItem(arena, &pubk->u.dh.publicValue,
+ &publicValue);
+ SECITEM_ZfreeItem(&publicValue, PR_FALSE);
+ if (rv != SECSuccess) {
+ break;
+ }
+
+ if (SECITEM_CompareItem(&pubk->u.dh.publicValue, &currPubKey->u.dh.publicValue) != SECEqual) {
+ nsslowkey_DestroyPublicKey(pubk);
+ return CKR_GENERAL_ERROR;
+ }
+ nsslowkey_DestroyPublicKey(pubk);
+ return CKR_OK;
+ }
+ break;
+ case NSSLOWKEYECKey:
+ {
+ ECPrivateKey *privk = NULL;
+ SECStatus rv;
+
+ /* The "seed" is an octet stream corresponding to our private key.
+ * The new public key is derived from this + the parameters and
+ * stored in the new private key's publicValue. */
+ rv = EC_NewKeyFromSeed (&currPrivKey->u.ec.ecParams,
+ &privk,
+ currPrivKey->u.ec.privateValue.data,
+ currPrivKey->u.ec.privateValue.len);
+ if (rv != SECSuccess)
+ break;
+
+ /* Verify that the passed-in public value is equal to the one derived */
+ if (SECITEM_CompareItem (&privk->publicValue, &currPubKey->u.ec.publicValue) != SECEqual) {
+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
+ return CKR_GENERAL_ERROR;
+ }
+
+ PORT_FreeArena (privk->ecParams.arena, PR_TRUE);
+ return CKR_OK;
+ }
+ break;
+ default:
+ break;
+ }
+
+ PORT_FreeArena(arena, PR_TRUE);
+ return CKR_GENERAL_ERROR;
+}
+
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -5268,6 +5351,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}
+ // Regenerate the publicKey from the privateKey and compare it to the
+ // original publicKey
+ if (keyType == CKK_DH || keyType == CKK_EC) {
+ NSSLOWKEYPrivateKey *currPrivKey = sftk_GetPrivKey(privateKey, CKK_DH, &crv);
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ if (!currPrivKey) {
+ return CKR_DEVICE_ERROR;
+ }
+
+ NSSLOWKEYPublicKey *currPubKey = sftk_GetPubKey(publicKey, CKK_DH, &crv);
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ if (!currPubKey) {
+ return CKR_DEVICE_ERROR;
+ }
+
+ crv = regeneratePublicKeyFromPrivateKeyAndCompare(currPrivKey, currPubKey);
+ if (crv != CKR_OK) {
+ return crv;
+ }
+ }
return CKR_OK;
}

28
nss-fips-rsa-keygen-strictness.patch
View File

@ -8,10 +8,10 @@ commit 4b8c0eac6b092717157b4141c82b4d76ccdc91b3
Author: Hans Petter Jansson <hpj@cl.no>
Patch 16: nss-fips-rsa-keygen-strictness.patch
diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c
index b757150..41d08b1 100644
--- a/lib/freebl/mpi/mpprime.c
+++ b/lib/freebl/mpi/mpprime.c
Index: nss/lib/freebl/mpi/mpprime.c
===================================================================
--- nss.orig/lib/freebl/mpi/mpprime.c
+++ nss/lib/freebl/mpi/mpprime.c
@@ -14,6 +14,8 @@
#include <stdlib.h>
#include <string.h>
@ -21,7 +21,7 @@ index b757150..41d08b1 100644
#define SMALL_TABLE 0 /* determines size of hard-wired prime table */
#define RANDOM() rand()
@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start, mp_size nBits, mp_size strong, mpp_rand
@@ -465,6 +467,25 @@ mpp_make_prime_ext_random(mp_int *start,
} else
num_tests = 50;
@ -47,10 +47,10 @@ index b757150..41d08b1 100644
if (strong)
--nBits;
MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1));
diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c
index 2b8a3bf..8d40d11 100644
--- a/lib/freebl/rsa.c
+++ b/lib/freebl/rsa.c
Index: nss/lib/freebl/rsa.c
===================================================================
--- nss.orig/lib/freebl/rsa.c
+++ nss/lib/freebl/rsa.c
@@ -16,11 +16,13 @@
#include "prinit.h"
#include "blapi.h"
@ -65,7 +65,7 @@ index 2b8a3bf..8d40d11 100644
/* The minimal required randomness is 64 bits */
/* EXP_BLINDING_RANDOMNESS_LEN is the length of the randomness in mp_digits */
@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, const mp_int *q,
@@ -149,11 +151,24 @@ rsa_build_from_primes(const mp_int *p, c
err = mp_invmod(d, &phi, e);
} else {
err = mp_invmod(e, &phi, d);
@ -92,7 +92,7 @@ index 2b8a3bf..8d40d11 100644
if (err != MP_OKAY) {
if (err == MP_UNDEF) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
@@ -286,10 +301,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
mp_int q = { 0, 0, 0, NULL };
mp_int e = { 0, 0, 0, NULL };
mp_int d = { 0, 0, 0, NULL };
@ -106,7 +106,7 @@ index 2b8a3bf..8d40d11 100644
int prerr = 0;
RSAPrivateKey *key = NULL;
PLArenaPool *arena = NULL;
@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
@@ -307,11 +324,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
@ -151,7 +151,7 @@ index 2b8a3bf..8d40d11 100644
}
#endif
@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
@@ -329,12 +375,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
key->arena = arena;
/* length of primes p and q (in bytes) */
primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
@ -165,7 +165,7 @@ index 2b8a3bf..8d40d11 100644
/* 3. Set the version number (PKCS1 v1.5 says it should be zero) */
SECITEM_AllocItem(arena, &key->version, 1);
key->version.data[0] = 0;
@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent)
@@ -345,13 +386,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
PORT_SetError(0);
CHECK_SEC_OK(generate_prime(&p, primeLen));
CHECK_SEC_OK(generate_prime(&q, primeLen));

19
nss-fips-tests-skip.patch
View File

@ -1,19 +0,0 @@
Index: nss/tests/lowhash/lowhash.sh
===================================================================
--- nss.orig/tests/lowhash/lowhash.sh
+++ nss/tests/lowhash/lowhash.sh
@@ -61,11 +61,13 @@ lowhash_test()
! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then
echo "freebl lowhash not supported in this plaform."
else
- TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+ TESTS_FIPS_0="MD5 SHA1 SHA224 SHA256 SHA384 SHA512"
+ TESTS_FIPS_1="SHA224 SHA256 SHA384 SHA512"
OLD_MODE=`echo ${NSS_FIPS}`
for fips_mode in 0 1; do
echo "lowhashtest with fips mode=${fips_mode}"
export NSS_FIPS=${fips_mode}
+ eval TESTS=\${TESTS_FIPS_${fips_mode}}
for TEST in ${TESTS}
do
echo "lowhashtest ${TEST}"

270
nss-fips-tls-allow-md5-prf.patch
View File

@ -1,270 +0,0 @@
# HG changeset patch
# User Hans Petter Jansson <hpj@cl.no>
# Date 1574240734 -3600
# Wed Nov 20 10:05:34 2019 +0100
# Node ID 0efca22bbafd7575b20461f255c46157c9321822
# Parent 3a2cb65dc157344cdad19e8e16e9c33e36f82d96
[PATCH] 30
From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001
---
nss/lib/freebl/md5.c | 67 ++++++++++++++++++++++++++------------
nss/lib/freebl/rawhash.c | 37 +++++++++++++++++++++
nss/lib/freebl/tlsprfalg.c | 5 ++-
nss/lib/softoken/pkcs11c.c | 4 +--
4 files changed, 90 insertions(+), 23 deletions(-)
Index: nss/lib/freebl/md5.c
===================================================================
--- nss.orig/lib/freebl/md5.c
+++ nss/lib/freebl/md5.c
@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const u
}
MD5Context *
-MD5_NewContext(void)
+MD5_NewContext_NonFIPS(void)
{
/* no need to ZAlloc, MD5_Begin will init the context */
MD5Context *cx;
- IN_FIPS_RETURN(NULL);
-
cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context));
if (cx == NULL) {
PORT_SetError(PR_OUT_OF_MEMORY_ERROR);
@@ -232,6 +230,13 @@ MD5_NewContext(void)
return cx;
}
+MD5Context *
+MD5_NewContext(void)
+{
+ IN_FIPS_RETURN(NULL);
+ return MD5_NewContext_NonFIPS();
+}
+
void
MD5_DestroyContext(MD5Context *cx, PRBool freeit)
{
@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo
}
void
-MD5_Begin(MD5Context *cx)
+MD5_Begin_NonFIPS(MD5Context *cx)
{
- IN_FIPS_RETURN();
-
cx->lsbInput = 0;
cx->msbInput = 0;
/* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */
@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx)
cx->cv[3] = CV0_4;
}
+void
+MD5_Begin(MD5Context *cx)
+{
+ IN_FIPS_RETURN();
+ MD5_Begin_NonFIPS(cx);
+}
+
#define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s))
#if defined(SOLARIS) || defined(HPUX)
@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUin
}
void
-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
{
PRUint32 bytesToConsume;
PRUint32 inBufIndex = cx->lsbInput & 63;
const PRUint32 *wBuf;
- IN_FIPS_RETURN();
-
/* Add the number of input bytes to the 64-bit input counter. */
addto64(cx->msbInput, cx->lsbInput, inputLen);
if (inBufIndex) {
@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigne
memcpy(cx->inBuf, input, inputLen);
}
+void
+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen)
+{
+ IN_FIPS_RETURN();
+ MD5_Update_NonFIPS(cx, input, inputLen);
+}
+
static const unsigned char padbytes[] = {
0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
@@ -503,8 +518,8 @@ static const unsigned char padbytes[] =
};
void
-MD5_End(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
#ifndef IS_LITTLE_ENDIAN
PRUint32 tmp;
@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *d
PRUint32 lowInput, highInput;
PRUint32 inBufIndex = cx->lsbInput & 63;
- IN_FIPS_RETURN();
-
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *d
lowInput <<= 3;
if (inBufIndex < MD5_END_BUFFER) {
- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex);
+ MD5_Update_NonFIPS(cx, padbytes, MD5_END_BUFFER - inBufIndex);
} else {
- MD5_Update(cx, padbytes,
- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
+ MD5_Update_NonFIPS(cx, padbytes,
+ MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex);
}
/* Store the number of bytes input (before padding) in final 64 bits. */
@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *d
}
void
-MD5_EndRaw(MD5Context *cx, unsigned char *digest,
- unsigned int *digestLen, unsigned int maxDigestLen)
+MD5_End(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
+{
+ IN_FIPS_RETURN();
+ MD5_End_NonFIPS(cx, digest, digestLen, maxDigestLen);
+}
+
+void
+MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
{
#ifndef IS_LITTLE_ENDIAN
PRUint32 tmp;
#endif
PRUint32 cv[4];
- IN_FIPS_RETURN();
-
if (maxDigestLen < MD5_HASH_LEN) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return;
@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char
*digestLen = MD5_HASH_LEN;
}
+void
+MD5_EndRaw(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen)
+{
+ IN_FIPS_RETURN();
+ MD5_EndRaw_NonFIPS(cx, digest, digestLen, maxDigestLen);
+}
+
unsigned int
MD5_FlattenSize(MD5Context *cx)
{
Index: nss/lib/freebl/rawhash.c
===================================================================
--- nss.orig/lib/freebl/rawhash.c
+++ nss/lib/freebl/rawhash.c
@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hash
}
return &SECRawHashObjects[hashType];
}
+
+/* Defined in md5.c */
+
+MD5Context *MD5_NewContext_NonFIPS(void);
+void MD5_Begin_NonFIPS(MD5Context *cx);
+void MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen);
+void MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+void MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest,
+ unsigned int *digestLen, unsigned int maxDigestLen);
+
+static const SECHashObject SECRawHashObjectMD5NonFIPS = {
+ MD5_LENGTH,
+ (void *(*)(void))MD5_NewContext_NonFIPS,
+ (void *(*)(void *))null_hash_clone_context,
+ (void (*)(void *, PRBool))MD5_DestroyContext,
+ (void (*)(void *))MD5_Begin_NonFIPS,
+ (void (*)(void *, const unsigned char *, unsigned int))MD5_Update_NonFIPS,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End_NonFIPS,
+ MD5_BLOCK_LENGTH,
+ HASH_AlgMD5,
+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw_NonFIPS
+};
+
+const SECHashObject *
+HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType)
+{
+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) {
+ PORT_SetError(SEC_ERROR_INVALID_ARGS);
+ return NULL;
+ }
+
+ if (hashType == HASH_AlgMD5)
+ return &SECRawHashObjectMD5NonFIPS;
+
+ return &SECRawHashObjects[hashType];
+}
Index: nss/lib/freebl/tlsprfalg.c
===================================================================
--- nss.orig/lib/freebl/tlsprfalg.c
+++ nss/lib/freebl/tlsprfalg.c
@@ -12,6 +12,9 @@
#include "hasht.h"
#include "alghmac.h"
+/* To get valid MD5 object in FIPS mode */
+const SECHashObject *HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType);
+
#define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX
/* TLS P_hash function */
@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const
SECStatus status;
HMACContext *cx;
SECStatus rv = SECFailure;
- const SECHashObject *hashObj = HASH_GetRawHashObject(hashType);
+ const SECHashObject *hashObj = HASH_GetRawHashObjectNonFIPS(hashType);
PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len));
PORT_Assert((seed != NULL) && (seed->data != NULL));
Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -7162,7 +7162,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
SFTKAttribute *att2 = NULL;
unsigned char *buf;
SHA1Context *sha;
- MD5Context *md5;
+ MD5Context *md5 = NULL;
MD2Context *md2;
CK_ULONG macSize;
CK_ULONG tmpKeySize;
@@ -7702,7 +7702,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
}
sftk_FreeAttribute(att2);
md5 = MD5_NewContext();
- if (md5 == NULL) {
+ if (md5 == NULL && !isTLS) {
crv = CKR_HOST_MEMORY;
break;
}

69
nss-fix-bmo1836925.patch Normal file
View File

@ -0,0 +1,69 @@
Index: nss/lib/freebl/Makefile
===================================================================
--- nss.orig/lib/freebl/Makefile
+++ nss/lib/freebl/Makefile
@@ -568,7 +568,6 @@ ifneq ($(shell $(CC) -? 2>&1 >/dev/null
HAVE_INT128_SUPPORT = 1
DEFINES += -DHAVE_INT128_SUPPORT
else ifeq (1,$(CC_IS_GCC))
- SUPPORTS_VALE_CURVE25519 = 1
ifneq (,$(filter 4.6 4.7 4.8 4.9,$(word 1,$(GCC_VERSION)).$(word 2,$(GCC_VERSION))))
HAVE_INT128_SUPPORT = 1
DEFINES += -DHAVE_INT128_SUPPORT
@@ -593,11 +592,6 @@ ifndef HAVE_INT128_SUPPORT
DEFINES += -DKRML_VERIFIED_UINT128
endif
-ifdef SUPPORTS_VALE_CURVE25519
- VERIFIED_SRCS += Hacl_Curve25519_64.c
- DEFINES += -DHACL_CAN_COMPILE_INLINE_ASM
-endif
-
ifndef NSS_DISABLE_CHACHAPOLY
ifeq ($(CPU_ARCH),x86_64)
ifndef NSS_DISABLE_AVX2
Index: nss/lib/freebl/freebl.gyp
===================================================================
--- nss.orig/lib/freebl/freebl.gyp
+++ nss/lib/freebl/freebl.gyp
@@ -866,12 +866,6 @@
}],
],
}],
- [ 'supports_vale_curve25519==1', {
- 'defines': [
- # The Makefile does version-tests on GCC, but we're not doing that here.
- 'HACL_CAN_COMPILE_INLINE_ASM',
- ],
- }],
[ 'OS=="linux" or OS=="android"', {
'conditions': [
[ 'target_arch=="x64"', {
@@ -934,11 +928,6 @@
'variables': {
'module': 'nss',
'conditions': [
- [ 'target_arch=="x64" and cc_is_gcc==1', {
- 'supports_vale_curve25519%': 1,
- }, {
- 'supports_vale_curve25519%': 0,
- }],
[ 'target_arch=="x64" or target_arch=="arm64" or target_arch=="aarch64"', {
'have_int128_support%': 1,
}, {
Index: nss/lib/freebl/freebl_base.gypi
===================================================================
--- nss.orig/lib/freebl/freebl_base.gypi
+++ nss/lib/freebl/freebl_base.gypi
@@ -151,11 +151,6 @@
'ecl/curve25519_32.c',
],
}],
- ['supports_vale_curve25519==1', {
- 'sources': [
- 'verified/Hacl_Curve25519_64.c',
- ],
- }],
['(target_arch!="ppc64" and target_arch!="ppc64le") or disable_altivec==1', {
'sources': [
# Gyp does not support per-file cflags, so working around like this.