pool/mozilla-nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1042789 from mozilla:Factory

Browse Source 
- update to NSS 3.85
  * bmo#1792821 - Modification of the primes.c and dhe-params.c in
                  order to have better looking tables
  * bmo#1796815 - Update zlib in NSS to 1.2.13
  * bmo#1796504 - Skip building modutil and shlibsign when building
                  in Firefox
  * bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
  * bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
  * bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
                  and -Wtype-limits warnings
  * bmo#1796281 - Followup: add missing stdint.h include
  * bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
  * bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
                  warnings on Windows
  * bmo#1796079 - Fix -Wstring-conversion warnings
  * bmo#1796075 - Fix -Wempty-body warnings
  * bmo#1795242 - Fix unused-but-set-parameter warning
  * bmo#1795241 - Fix unreachable-code warnings
  * bmo#1795222 - Mark _nss_version_c unused on clang-cl
  * bmo#1795668 - Remove redundant variable definitions in lowhashtest
  * Add note about python executable to build instructions.

OBS-URL: https://build.opensuse.org/request/show/1042789
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=196
This commit is contained in:
Dominique Leuenberger 2022-12-15 18:23:37 +00:00 committed by Git OBS Bridge
commit c4fbc14867
6 changed files with 48 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
mozilla-nss.changes
View File

@ -1,3 +1,28 @@
-------------------------------------------------------------------
Mon Dec 5 13:32:45 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>
- update to NSS 3.85
* bmo#1792821 - Modification of the primes.c and dhe-params.c in
order to have better looking tables
* bmo#1796815 - Update zlib in NSS to 1.2.13
* bmo#1796504 - Skip building modutil and shlibsign when building
in Firefox
* bmo#1796504 - Use __STDC_VERSION__ rather than __STDC__ as a guard
* bmo#1796407 - Fix -Wunused-but-set-variable warning from clang 15
* bmo#1796308 - Fix -Wtautological-constant-out-of-range-compare
and -Wtype-limits warnings
* bmo#1796281 - Followup: add missing stdint.h include
* bmo#1796281 - Fix -Wint-to-void-pointer-cast warnings
* bmo#1796280 - Fix -Wunused-{function,variable,but-set-variable}
warnings on Windows
* bmo#1796079 - Fix -Wstring-conversion warnings
* bmo#1796075 - Fix -Wempty-body warnings
* bmo#1795242 - Fix unused-but-set-parameter warning
* bmo#1795241 - Fix unreachable-code warnings
* bmo#1795222 - Mark _nss_version_c unused on clang-cl
* bmo#1795668 - Remove redundant variable definitions in lowhashtest
* Add note about python executable to build instructions.
-------------------------------------------------------------------
Fri Nov 11 14:06:58 UTC 2022 - Wolfgang Rosenauer <wr@rosenauer.org>

6
mozilla-nss.spec
View File

@ -17,14 +17,14 @@
#
%global nss_softokn_fips_version 3.84
%global nss_softokn_fips_version 3.85
%define NSPR_min_version 4.35
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
Name: mozilla-nss
Version: 3.84
Version: 3.85
Release: 0
%define underscore_version 3_84
%define underscore_version 3_85
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries

3
nss-3.84.tar.gz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:9a387ffe350ff14f001d943f96cc0c064891551d71e1a97a5ddbffe7f1207a25
size 84851235

3
nss-3.85.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:afd9d64510b1154debbd6cab3571e9ff64a3373898e03483e4c85cdada13d297
size 84717969

63
nss-fips-aes-keywrap-post.patch
View File

@ -8,15 +8,12 @@ commit e78f5a6a2124ce88002796d6aaefc6232f132526
Author: Hans Petter Jansson <hpj@cl.no>
AES Keywrap POST.
diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
--- a/lib/freebl/fipsfreebl.c
+++ b/lib/freebl/fipsfreebl.c
@@ -107,16 +107,19 @@ BOOL WINAPI DllMain(
#define FIPS_AES_BLOCK_SIZE 16 /* 128-bits */
#define FIPS_AES_ENCRYPT_LENGTH 16 /* 128-bits */
#define FIPS_AES_DECRYPT_LENGTH 16 /* 128-bits */
#define FIPS_AES_CMAC_LENGTH 16 /* 128-bits */
#define FIPS_AES_128_KEY_SIZE 16 /* 128-bits */
diff --git nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c
index ecbe9e0..3fec612 100644
--- nss/lib/freebl/fipsfreebl.c
+++ nss/lib/freebl/fipsfreebl.c
@@ -113,6 +113,9 @@ DllMain(
#define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */
#define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */
@ -26,17 +23,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
/* FIPS preprocessor directives for message digests */
#define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */
/* FIPS preprocessor directives for RSA. */
#define FIPS_RSA_TYPE siBuffer
#define FIPS_RSA_PUBLIC_EXPONENT_LENGTH 3 /* 24-bits */
#define FIPS_RSA_PRIVATE_VERSION_LENGTH 1 /* 8-bits */
#define FIPS_RSA_MESSAGE_LENGTH 256 /* 2048-bits */
@@ -296,16 +299,19 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
static const PRUint8 aes_cbc_known_initialization_vector[] =
{ "SecurityytiruceS" };
/* AES Known Plaintext (128-bits). (blocksize is 128-bits) */
static const PRUint8 aes_known_plaintext[] = { "NetscapeepacsteN" };
@@ -300,6 +303,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" };
@ -46,17 +33,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
/* AES Known Ciphertext (128-bit key). */
static const PRUint8 aes_ecb128_known_ciphertext[] = {
0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1,
0x03, 0x88, 0x16, 0x7b, 0x20, 0xbf, 0x35, 0x47
};
static const PRUint8 aes_cbc128_known_ciphertext[] = {
0xcf, 0x15, 0x1d, 0x4f, 0x96, 0xe4, 0x4f, 0x63,
@@ -366,33 +372,56 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
};
static const PRUint8 aes_cmac256_known_ciphertext[] = {
0xc1, 0x26, 0x69, 0x32, 0x51, 0x13, 0x65, 0xac,
0x71, 0x23, 0xe4, 0xe7, 0xb9, 0x0c, 0x88, 0x9f
@@ -370,6 +376,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
};
@ -82,12 +59,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
const PRUint8 *aes_ecb_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext;
const PRUint8 *aes_cbc_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cbc128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cbc192_known_ciphertext : aes_cbc256_known_ciphertext;
const PRUint8 *aes_gcm_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_gcm192_known_ciphertext : aes_gcm256_known_ciphertext;
@@ -382,11 +407,15 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
const PRUint8 *aes_cmac_known_ciphertext =
(aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_cmac128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_cmac192_known_ciphertext : aes_cmac256_known_ciphertext;
@ -103,17 +75,7 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
unsigned int aes_bytes_encrypted;
unsigned int aes_bytes_decrypted;
CK_NSS_GCM_PARAMS gcmParams;
SECStatus aes_status;
/*check if aes_key_size is 128, 192, or 256 bits */
if ((aes_key_size != FIPS_AES_128_KEY_SIZE) &&
(aes_key_size != FIPS_AES_192_KEY_SIZE) &&
@@ -609,16 +638,62 @@ freebl_fips_AES_PowerUpSelfTest(int aes_
if ((aes_status != SECSuccess) ||
(aes_bytes_encrypted != FIPS_AES_CMAC_LENGTH) ||
(PORT_Memcmp(aes_computed_ciphertext, aes_cmac_known_ciphertext,
FIPS_AES_CMAC_LENGTH) != 0)) {
PORT_SetError(SEC_ERROR_LIBRARY_FAILURE);
@@ -613,6 +642,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size)
return (SECFailure);
}
@ -166,8 +128,3 @@ diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c
return (SECSuccess);
}
/* Known Hash Message (512-bits). Used for all hashes (incl. SHA-N [N>1]). */
static const PRUint8 known_hash_message[] = {
"The test message for the MD2, MD5, and SHA-1 hashing algorithms."
};

16
nss-fips-pbkdf-kat-compliance.patch
View File

@ -1,8 +1,8 @@
Index: nss/lib/softoken/lowpbe.c
===================================================================
--- nss.orig/lib/softoken/lowpbe.c
diff --git nss/lib/softoken/lowpbe.c b/nss/lib/softoken/lowpbe.c
index fae9e18..1c55642 100644
--- nss/lib/softoken/lowpbe.c
+++ nss/lib/softoken/lowpbe.c
@@ -1745,7 +1745,7 @@ loser:
@@ -1756,7 +1756,7 @@ loser:
return ret_algid;
}
@ -11,19 +11,17 @@ Index: nss/lib/softoken/lowpbe.c
SECStatus
sftk_fips_pbkdf_PowerUpSelfTests(void)
{
@@ -1755,17 +1755,22 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
@@ -1766,16 +1766,21 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
unsigned char iteration_count = 5;
unsigned char keyLen = 64;
char *inKeyData = TEST_KEY;
- static const unsigned char saltData[] =
- { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
- static const unsigned char saltData[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
+ static const unsigned char saltData[] = {
+ 0x11, 0x39, 0x93, 0x54, 0x1C, 0xDD, 0xD7, 0x18,
+ 0x2F, 0x4A, 0xC1, 0x14, 0x03, 0x7A, 0x0B, 0x64,
+ 0x48, 0x99, 0xF4, 0x6D, 0xB7, 0x48, 0xE3, 0x3B,
+ 0x91, 0xBF, 0x65, 0xA9, 0x26, 0x83, 0xE8, 0x22
+ };
+
static const unsigned char pbkdf_known_answer[] = {
- 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29,
- 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c,
@ -44,7 +42,7 @@ Index: nss/lib/softoken/lowpbe.c
};
sftk_PBELockInit();
@@ -1794,11 +1799,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
@@ -1804,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void)
* for NSSPKCS5_PBKDF2 */
pbe_params.iter = iteration_count;
pbe_params.keyLen = keyLen;