From 521f0d9c8397e4951d87b8ab27c267dad46750930b1a9a52758971ef4f290523 Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 26 Jul 2022 19:23:39 +0000 Subject: [PATCH 1/4] - update to NSS 3.80 * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. * bmo#1617956 - Add support for asynchronous client auth hooks. * bmo#1497537 - nss-policy-check: make unknown keyword check optional. * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations by allocating it on initialization. Replaced redundant code with assert. Debug builds: Added buffer freeing/allocation for each record. * bmo#1773022 - Mark 3.79 as an ESR release. * bmo#1764206 - Bump nssckbi version number for June. * bmo#1759815 - Remove Hellenic Academic 2011 Root. * bmo#1770267 - Add E-Tugra Roots. * bmo#1768970 - Add Certainly Roots. * bmo#1764392 - Add DigitCert Roots. * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. * bmo#1366464 - Compare signature and signatureAlgorithm fields in legacy certificate verifier. * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. * bmo#1771498 - Uninitialized value in cert_ComputeCertType. * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. - FIPS patch updates - removed obsolete patches * nss-fips-tests-skip.patch * nss-fips-tls-allow-md5-prf.patch OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=388 --- mozilla-nss.changes | 31 +++ mozilla-nss.spec | 10 +- nss-3.79.tar.gz | 3 - nss-3.80.tar.gz | 3 + nss-fips-approved-crypto-non-ec.patch | 329 +++++++++++++------------- nss-fips-constructor-self-tests.patch | 131 ++++++++-- nss-fips-tests-skip.patch | 19 -- nss-fips-tls-allow-md5-prf.patch | 270 --------------------- 8 files changed, 314 insertions(+), 482 deletions(-) delete mode 100644 nss-3.79.tar.gz create mode 100644 nss-3.80.tar.gz delete mode 100644 nss-fips-tests-skip.patch delete mode 100644 nss-fips-tls-allow-md5-prf.patch diff --git a/mozilla-nss.changes b/mozilla-nss.changes index 0a324b5..ca694cb 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -1,3 +1,34 @@ +------------------------------------------------------------------- +Tue Jul 26 19:20:48 UTC 2022 - Wolfgang Rosenauer + +- update to NSS 3.80 + * bmo#1774720 - Fix SEC_ERROR_ALGORITHM_MISMATCH entry in SECerrs.h. + * bmo#1617956 - Add support for asynchronous client auth hooks. + * bmo#1497537 - nss-policy-check: make unknown keyword check optional. + * bmo#1765383 - GatherBuffer: Reduced plaintext buffer allocations + by allocating it on initialization. Replaced + redundant code with assert. Debug builds: Added + buffer freeing/allocation for each record. + * bmo#1773022 - Mark 3.79 as an ESR release. + * bmo#1764206 - Bump nssckbi version number for June. + * bmo#1759815 - Remove Hellenic Academic 2011 Root. + * bmo#1770267 - Add E-Tugra Roots. + * bmo#1768970 - Add Certainly Roots. + * bmo#1764392 - Add DigitCert Roots. + * bmo#1759794 - Protect SFTKSlot needLogin with slotLock. + * bmo#1366464 - Compare signature and signatureAlgorithm fields in + legacy certificate verifier. + * bmo#1771497 - Uninitialized value in cert_VerifyCertChainOld. + * bmo#1771495 - Unchecked return code in sec_DecodeSigAlg. + * bmo#1771498 - Uninitialized value in cert_ComputeCertType. + * bmo#1760998 - Avoid data race on primary password change. + * bmo#1769063 - Replace ppc64 dcbzl intrinisic. + * bmo#1771036 - Allow LDFLAGS override in makefile builds. +- FIPS patch updates +- removed obsolete patches + * nss-fips-tests-skip.patch + * nss-fips-tls-allow-md5-prf.patch + ------------------------------------------------------------------- Sat Jun 25 12:30:25 UTC 2022 - Wolfgang Rosenauer diff --git a/mozilla-nss.spec b/mozilla-nss.spec index e625373..4a3b2b5 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -17,14 +17,14 @@ # -%global nss_softokn_fips_version 3.79 +%global nss_softokn_fips_version 3.80 %define NSPR_min_version 4.34 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb Name: mozilla-nss -Version: 3.79 +Version: 3.80 Release: 0 -%define underscore_version 3_79 +%define underscore_version 3_80 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -65,7 +65,6 @@ Patch19: nss-fips-cavs-dsa-fixes.patch Patch20: nss-fips-cavs-rsa-fixes.patch Patch21: nss-fips-approved-crypto-non-ec.patch Patch22: nss-fips-zeroization.patch -Patch23: nss-fips-tls-allow-md5-prf.patch Patch24: nss-fips-use-strong-random-pool.patch Patch25: nss-fips-detect-fips-mode-fixes.patch Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch @@ -74,7 +73,6 @@ Patch37: nss-fips-fix-missing-nspr.patch Patch38: nss-fips-stricter-dh.patch Patch40: nss-fips-180-3-csp-clearing.patch Patch41: nss-fips-pbkdf-kat-compliance.patch -Patch42: nss-fips-tests-skip.patch Patch44: nss-fips-tests-enable-fips.patch %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references @@ -225,7 +223,6 @@ cd nss %patch20 -p1 %patch21 -p1 %patch22 -p1 -%patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 @@ -234,7 +231,6 @@ cd nss %patch38 -p1 %patch40 -p1 %patch41 -p1 -%patch42 -p1 %patch44 -p1 # additional CA certificates diff --git a/nss-3.79.tar.gz b/nss-3.79.tar.gz deleted file mode 100644 index df13da1..0000000 --- a/nss-3.79.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ebdf2d6a96613b6fe70ad579e9f983e0e94e0110171cfb2999db633d3394a514 -size 84830113 diff --git a/nss-3.80.tar.gz b/nss-3.80.tar.gz new file mode 100644 index 0000000..8fa662b --- /dev/null +++ b/nss-3.80.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c0bf1fd2c7e29a6b02b309622baafc443eec90c8934bb155da4bb98988784b6a +size 84841312 diff --git a/nss-fips-approved-crypto-non-ec.patch b/nss-fips-approved-crypto-non-ec.patch index e239737..18ad4e7 100644 --- a/nss-fips-approved-crypto-non-ec.patch +++ b/nss-fips-approved-crypto-non-ec.patch @@ -87,62 +87,17 @@ Index: nss/lib/freebl/arcfour.c /* Architecture-dependent defines */ -@@ -108,6 +109,7 @@ static const Stype Kinit[256] = { - RC4Context * - RC4_AllocateContext(void) - { -+ IN_FIPS_RETURN(NULL); - return PORT_ZNew(RC4Context); - } - -@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const un - PRUint8 K[256]; - PRUint8 *L; - -+ IN_FIPS_RETURN(SECFailure); -+ - /* verify the key length. */ - PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE); - if (len == 0 || len >= ARCFOUR_STATE_SIZE) { -@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const un +@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un RC4Context * RC4_CreateContext(const unsigned char *key, int len) { - RC4Context *cx = RC4_AllocateContext(); + RC4Context *cx; + -+ IN_FIPS_RETURN(NULL); -+ + cx = RC4_AllocateContext(); if (cx) { SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0); if (rv != SECSuccess) { -@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *k - void - RC4_DestroyContext(RC4Context *cx, PRBool freeit) - { -+ IN_FIPS_RETURN(); - if (freeit) - PORT_ZFree(cx, sizeof(*cx)); - } -@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned cha - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) - { -+ IN_FIPS_RETURN(SECFailure); -+ - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); -@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned cha - unsigned int *outputLen, unsigned int maxOutputLen, - const unsigned char *input, unsigned int inputLen) - { -+ IN_FIPS_RETURN(SECFailure); -+ - PORT_Assert(maxOutputLen >= inputLen); - if (maxOutputLen < inputLen) { - PORT_SetError(SEC_ERROR_OUTPUT_LEN); Index: nss/lib/freebl/deprecated/seed.c =================================================================== --- nss.orig/lib/freebl/deprecated/seed.c @@ -293,56 +248,32 @@ Index: nss/lib/freebl/md2.c #define MD2_DIGEST_LEN 16 #define MD2_BUFSIZE 16 #define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */ -@@ -66,7 +68,11 @@ SECStatus +@@ -66,7 +68,9 @@ SECStatus MD2_Hash(unsigned char *dest, const char *src) { unsigned int len; - MD2Context *cx = MD2_NewContext(); + MD2Context *cx; + -+ IN_FIPS_RETURN(SECFailure); -+ + cx = MD2_NewContext(); if (!cx) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return SECFailure; -@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char +@@ -81,7 +85,9 @@ MD2_Hash(unsigned char *dest, const char MD2Context * MD2_NewContext(void) { - MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context)); + MD2Context *cx; + -+ IN_FIPS_RETURN(NULL); -+ + cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context)); if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return NULL; -@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBoo - void - MD2_Begin(MD2Context *cx) - { -+ IN_FIPS_RETURN(); -+ - memset(cx, 0, sizeof(*cx)); - cx->unusedBuffer = MD2_BUFSIZE; - } -@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigne - { - PRUint32 bytesToConsume; - -+ IN_FIPS_RETURN(); -+ - /* Fill the remaining input buffer. */ - if (cx->unusedBuffer != MD2_BUFSIZE) { - bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer); -@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *d +@@ -226,6 +232,7 @@ MD2_End(MD2Context *cx, unsigned char *d unsigned int *digestLen, unsigned int maxDigestLen) { PRUint8 padStart; -+ -+ IN_FIPS_RETURN(); + if (maxDigestLen < MD2_BUFSIZE) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -360,37 +291,18 @@ Index: nss/lib/freebl/md5.c #define MD5_HASH_LEN 16 #define MD5_BUFFER_SIZE 64 #define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8) -@@ -195,6 +197,7 @@ struct MD5ContextStr { - SECStatus - MD5_Hash(unsigned char *dest, const char *src) - { -+ IN_FIPS_RETURN(SECFailure); - return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); - } - -@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const u - unsigned int len; - MD5Context cx; - -+ IN_FIPS_RETURN(SECFailure); -+ - MD5_Begin(&cx); - MD5_Update(&cx, src, src_length); - MD5_End(&cx, dest, &len, MD5_HASH_LEN); -@@ -215,7 +220,11 @@ MD5Context * +@@ -215,7 +217,9 @@ MD5Context * MD5_NewContext(void) { /* no need to ZAlloc, MD5_Begin will init the context */ - MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); + MD5Context *cx; + -+ IN_FIPS_RETURN(NULL); -+ + cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return NULL; -@@ -226,7 +235,8 @@ MD5_NewContext(void) +@@ -226,7 +230,8 @@ MD5_NewContext(void) void MD5_DestroyContext(MD5Context *cx, PRBool freeit) { @@ -400,42 +312,6 @@ Index: nss/lib/freebl/md5.c if (freeit) { PORT_Free(cx); } -@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo - void - MD5_Begin(MD5Context *cx) - { -+ IN_FIPS_RETURN(); -+ - cx->lsbInput = 0; - cx->msbInput = 0; - /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */ -@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigne - PRUint32 inBufIndex = cx->lsbInput & 63; - const PRUint32 *wBuf; - -+ IN_FIPS_RETURN(); -+ - /* Add the number of input bytes to the 64-bit input counter. */ - addto64(cx->msbInput, cx->lsbInput, inputLen); - if (inBufIndex) { -@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *d - PRUint32 lowInput, highInput; - PRUint32 inBufIndex = cx->lsbInput & 63; - -+ IN_FIPS_RETURN(); -+ - if (maxDigestLen < MD5_HASH_LEN) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; -@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char - #endif - PRUint32 cv[4]; - -+ IN_FIPS_RETURN(); -+ - if (maxDigestLen < MD5_HASH_LEN) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; Index: nss/lib/freebl/nsslowhash.c =================================================================== --- nss.orig/lib/freebl/nsslowhash.c @@ -448,15 +324,18 @@ Index: nss/lib/freebl/nsslowhash.c struct NSSLOWInitContextStr { int count; -@@ -92,6 +93,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext +@@ -92,6 +93,15 @@ NSSLOWHASH_NewContext(NSSLOWInitContext { NSSLOWHASHContext *context; ++#if 0 + /* return with an error if unapproved hash is requested in FIPS mode */ ++ /* This is now handled by the service level indicator */ + if (!FIPS_hashAlgApproved(hashType)) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return NULL; + } ++#endif + if (post_failed) { PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR); @@ -473,13 +352,16 @@ Index: nss/lib/freebl/rawhash.c static void * null_hash_new_context(void) -@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[] +@@ -146,7 +147,11 @@ const SECHashObject SECRawHashObjects[] const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType) { - if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) { ++ /* We rely on the service level indicator for algorithm approval now, so ++ * the FIPS check here has been commented out */ ++ + if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL -+ || (!FIPS_hashAlgApproved(hashType))) { ++ /* || (!FIPS_hashAlgApproved(hashType)) */) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } @@ -487,7 +369,24 @@ Index: nss/lib/softoken/pkcs11c.c =================================================================== --- nss.orig/lib/softoken/pkcs11c.c +++ nss/lib/softoken/pkcs11c.c -@@ -7491,7 +7491,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -4806,6 +4806,8 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + goto loser; + } + ++ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM, key); ++ + /* + * handle the base object stuff + */ +@@ -4820,6 +4822,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi + if (crv == CKR_OK) { + *phKey = key->handle; + } ++ + loser: + PORT_Memset(buf, 0, sizeof buf); + sftk_FreeObject(key); +@@ -7495,7 +7498,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession } else { /* now allocate the hash contexts */ md5 = MD5_NewContext(); @@ -509,21 +408,10 @@ Index: nss/lib/freebl/desblapi.c #if defined(NSS_X86_OR_X64) /* Intel X86 CPUs do unaligned loads and stores without complaint. */ #define COPY8B(to, from, ptr) \ -@@ -136,6 +138,8 @@ DES_EDE3CBCDe(DESContext *cx, BYTE *out, - DESContext * - DES_AllocateContext(void) - { -+ IN_FIPS_RETURN(NULL); -+ - return PORT_ZNew(DESContext); - } - -@@ -145,12 +149,16 @@ DES_InitContext(DESContext *cx, const un +@@ -145,12 +147,14 @@ DES_InitContext(DESContext *cx, const un unsigned int unused) { DESDirection opposite; -+ -+ IN_FIPS_RETURN(SECFailure); + if (!cx) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -535,7 +423,7 @@ Index: nss/lib/freebl/desblapi.c switch (mode) { case NSS_DES: /* DES ECB */ DES_MakeSchedule(cx->ks0, key, cx->direction); -@@ -201,8 +209,13 @@ DES_InitContext(DESContext *cx, const un +@@ -201,8 +205,11 @@ DES_InitContext(DESContext *cx, const un DESContext * DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt) { @@ -544,43 +432,95 @@ Index: nss/lib/freebl/desblapi.c + DESContext *cx; + SECStatus rv; + -+ IN_FIPS_RETURN(NULL); -+ + cx = PORT_ZNew(DESContext); + rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0); if (rv != SECSuccess) { PORT_ZFree(cx, sizeof *cx); -@@ -214,6 +227,8 @@ DES_CreateContext(const BYTE *key, const - void - DES_DestroyContext(DESContext *cx, PRBool freeit) - { -+ IN_FIPS_RETURN(); -+ - if (cx) { - memset(cx, 0, sizeof *cx); - if (freeit) -@@ -225,6 +240,7 @@ SECStatus +@@ -225,7 +232,6 @@ SECStatus DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen) { -+ IN_FIPS_RETURN(SECFailure); - +- if ((inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_ENCRYPT) { -@@ -242,6 +258,7 @@ SECStatus + PORT_SetError(SEC_ERROR_INVALID_ARGS); +@@ -242,7 +248,6 @@ SECStatus DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen) { -+ IN_FIPS_RETURN(SECFailure); - +- if ((inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_DECRYPT) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); Index: nss/lib/softoken/fips_algorithms.h =================================================================== --- nss.orig/lib/softoken/fips_algorithms.h +++ nss/lib/softoken/fips_algorithms.h -@@ -111,8 +111,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] +@@ -57,7 +57,7 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + #define RSA_FB_STEP 1024 + #define DSA_FB_KEY 2048, 4096 /* min, max */ + #define DSA_FB_STEP 1024 +-#define DH_FB_KEY 2048, 4096 /* min, max */ ++#define DH_FB_KEY 2048, 8192 /* min, max */ + #define DH_FB_STEP 1024 + #define EC_FB_KEY 256, 521 /* min, max */ + #define EC_FB_STEP 1 /* key limits handled by special operation */ +@@ -65,7 +65,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + #define AES_FB_STEP 64 + { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, ++#if 0 ++ /* Non-approved */ + { CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone }, ++#endif + /* -------------- RSA Multipart Signing Operations -------------------- */ + { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, +@@ -76,9 +79,18 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, + /* ------------------------- DSA Operations --------------------------- */ ++#if 0 + { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, +- { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, ++#endif ++ ++ /* Doesn't consider hash algo. Non-approved, but verification must be allowed ++ * since we use it for signature verification */ ++ { CKM_DSA, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone }, ++ ++#if 0 + { CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, ++#endif ++ + { CKM_DSA_SHA224, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, + { CKM_DSA_SHA256, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, + { CKM_DSA_SHA384, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, +@@ -90,7 +102,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + /* -------------------- Elliptic Curve Operations --------------------- */ + { CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC }, ++#if 0 ++ /* Doesn't consider hash algo. Non-approved */ + { CKM_ECDSA, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, ++#endif + { CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, + { CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, +@@ -100,8 +115,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + { CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, ++#if 0 ++ /* Non-approved */ + { CKM_AES_MAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_MAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, ++#endif + { CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, + { CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, +@@ -111,8 +129,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] { CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, { CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, { CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, @@ -592,3 +532,62 @@ Index: nss/lib/softoken/fips_algorithms.h /* ------------------------- Hashing Operations ----------------------- */ { CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, { CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone }, +@@ -127,41 +148,44 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + { CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone }, + { CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone }, + /* --------------------- Secret Key Operations ------------------------ */ +- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone }, ++ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, + /* ---------------------- SSL/TLS operations ------------------------- */ + { CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_SHA256_KEY_DERIVATION, { 128, 256, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_SHA384_KEY_DERIVATION, { 192, 284, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_SHA384_KEY_DERIVATION, { 192, 384, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_SHA512_KEY_DERIVATION, { 256, 512, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_TLS_PRF_GENERAL, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone }, +- { CKM_TLS_MAC, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone }, ++ { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, + /* sigh, is this algorithm really tested. ssl doesn't seem to have a + * way of turning the extension off */ + { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone }, + + /* ------------------------- HKDF Operations -------------------------- */ ++#if 0 ++ /* Only approved in the context of TLS 1.3 */ + { CKM_HKDF_DERIVE, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_HKDF_DATA, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, + { CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone }, ++#endif + /* ------------------ NIST 800-108 Key Derivations ------------------- */ +- { CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, + /* --------------------IPSEC ----------------------- */ +- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone }, +- { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_IKE_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_IKE1_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone }, ++ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, + /* ------------------ PBE Key Derivations ------------------- */ +- { CKM_PKCS5_PBKD2, { 1, 256, CKF_GEN }, 1, SFTKFIPSNone }, ++ { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone }, + { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone }, diff --git a/nss-fips-constructor-self-tests.patch b/nss-fips-constructor-self-tests.patch index 4afca23..a057426 100644 --- a/nss-fips-constructor-self-tests.patch +++ b/nss-fips-constructor-self-tests.patch @@ -63,6 +63,16 @@ Index: nss/lib/freebl/blapi.h /*********************************************************************/ extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType); +@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPo + */ + extern int EC_GetPointSize(const ECParams *params); + ++/* Unconditionally run the integrity check. */ ++extern void BL_FIPSRepeatIntegrityCheck(void); ++ + SEC_END_PROTOS + + #endif /* _BLAPI_H_ */ Index: nss/lib/freebl/fips-selftest.inc =================================================================== --- /dev/null @@ -641,7 +651,7 @@ Index: nss/lib/freebl/fipsfreebl.c } /* -@@ -2251,28 +2279,104 @@ bl_startup_tests(void) +@@ -2251,28 +2279,110 @@ bl_startup_tests(void) * power on selftest failed. */ SECStatus @@ -674,6 +684,12 @@ Index: nss/lib/freebl/fipsfreebl.c return SECFailure; } + ++void ++BL_FIPSRepeatIntegrityCheck(void) ++{ ++ fips_state = fips_initTest("freebl", NULL, NULL); ++} ++ +/* returns the FIPS mode we are running in or the one that we aspire to if the + * tests have not completed yet - which might happen during the crypto selftest + */ @@ -760,7 +776,22 @@ Index: nss/lib/freebl/loader.c =================================================================== --- nss.orig/lib/freebl/loader.c +++ nss/lib/freebl/loader.c -@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext +@@ -95,6 +95,14 @@ BL_Init(void) + return (vector->p_BL_Init)(); + } + ++void ++BL_FIPSRepeatIntegrityCheck(void) ++{ ++ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) ++ return SECFailure; ++ (vector->p_BL_FIPSRepeatIntegrityCheck)(); ++} ++ + RSAPrivateKey * + RSA_NewKey(int keySizeInBits, SECItem *publicExponent) + { +@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext } PRBool @@ -774,7 +805,7 @@ Index: nss/lib/freebl/loader.c } /* -@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP +@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncP * in freebl_LoadDSO) to p_BLAPI_VerifySelf. */ PRBool @@ -789,7 +820,7 @@ Index: nss/lib/freebl/loader.c } /* ============== New for 3.006 =============================== */ -@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224 +@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224 } PRBool @@ -827,6 +858,16 @@ Index: nss/lib/freebl/loader.h /* Version 3.013 came to here */ +@@ -834,6 +834,9 @@ struct FREEBLVectorStr { + + /* Add new function pointers at the end of this struct and bump + * FREEBL_VERSION at the beginning of this file. */ ++ ++ /* SUSE patch: Goes last */ ++ void (*p_BL_FIPSRepeatIntegrityCheck)(void); + }; + + typedef struct FREEBLVectorStr FREEBLVector; Index: nss/lib/freebl/manifest.mn =================================================================== --- nss.orig/lib/freebl/manifest.mn @@ -839,7 +880,7 @@ Index: nss/lib/freebl/manifest.mn $(NULL) MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h -@@ -186,6 +187,7 @@ ALL_HDRS = \ +@@ -187,6 +188,7 @@ ALL_HDRS = \ shsign.h \ vis_proto.h \ seed.h \ @@ -918,7 +959,7 @@ Index: nss/lib/freebl/shvfy.c { char *checkName = NULL; PRFileDesc *checkFD = NULL; -@@ -340,7 +340,7 @@ blapi_SHVerifyFile(const char *shName, P +@@ -341,7 +341,7 @@ blapi_SHVerifyFile(const char *shName, P #endif PRBool result = PR_FALSE; /* if anything goes wrong, @@ -927,7 +968,7 @@ Index: nss/lib/freebl/shvfy.c unsigned char buf[4096]; unsigned char hashBuf[HASH_LENGTH_MAX]; -@@ -367,14 +367,17 @@ blapi_SHVerifyFile(const char *shName, P +@@ -368,14 +368,17 @@ blapi_SHVerifyFile(const char *shName, P /* open the check File */ checkFD = PR_Open(checkName, PR_RDONLY, 0); if (checkFD == NULL) { @@ -948,7 +989,7 @@ Index: nss/lib/freebl/shvfy.c bytesRead = PR_Read(checkFD, buf, 12); if (bytesRead != 12) { goto loser; -@@ -415,7 +418,8 @@ blapi_SHVerifyFile(const char *shName, P +@@ -416,7 +419,8 @@ blapi_SHVerifyFile(const char *shName, P if (rv != SECSuccess) { goto loser; } @@ -958,7 +999,7 @@ Index: nss/lib/freebl/shvfy.c rv = readItem(checkFD, &signature); if (rv != SECSuccess) { goto loser; -@@ -430,7 +434,7 @@ blapi_SHVerifyFile(const char *shName, P +@@ -431,7 +435,7 @@ blapi_SHVerifyFile(const char *shName, P goto loser; } @@ -967,7 +1008,7 @@ Index: nss/lib/freebl/shvfy.c #ifdef FREEBL_USE_PRELINK shFD = bl_OpenUnPrelink(shName, &pid); #else -@@ -438,13 +442,13 @@ blapi_SHVerifyFile(const char *shName, P +@@ -439,13 +443,13 @@ blapi_SHVerifyFile(const char *shName, P #endif if (shFD == NULL) { #ifdef DEBUG_SHVERIFY @@ -984,7 +1025,7 @@ Index: nss/lib/freebl/shvfy.c hashcx = hashObj->create(); if (hashcx == NULL) { goto loser; -@@ -531,7 +535,7 @@ loser: +@@ -532,7 +536,7 @@ loser: } PRBool @@ -993,7 +1034,7 @@ Index: nss/lib/freebl/shvfy.c { if (name == NULL) { /* -@@ -540,7 +544,7 @@ BLAPI_VerifySelf(const char *name) +@@ -541,7 +545,7 @@ BLAPI_VerifySelf(const char *name) */ return PR_TRUE; } @@ -1006,7 +1047,7 @@ Index: nss/lib/softoken/fips.c =================================================================== --- /dev/null +++ nss/lib/softoken/fips.c -@@ -0,0 +1,40 @@ +@@ -0,0 +1,46 @@ +#include "../freebl/fips-selftest.inc" + +#include "fips.h" @@ -1047,6 +1088,12 @@ Index: nss/lib/softoken/fips.c + + return; +} ++ ++void ++fips_repeatTestSoftoken(void) ++{ ++ fips_initTestSoftoken(); ++} Index: nss/lib/softoken/fips.h =================================================================== --- /dev/null @@ -1422,21 +1469,21 @@ Index: nss/lib/softoken/fipstest.c + /* check the DSA combined functions in softoken */ + rv = sftk_fips_DSA_PowerUpSelfTest(); + if (rv != SECSuccess) { - return; - } ++ return; ++ } + + /* check the ECDSA combined functions in softoken */ + rv = sftk_fips_ECDSA_PowerUpSelfTest(); + if (rv != SECSuccess) { -+ return; -+ } + return; + } + + /* Checksum is done by fips_initTestSoftoken() in fips.c */ + rv = sftk_fips_IKE_PowerUpSelfTests(); if (rv != SECSuccess) { return; -@@ -759,17 +1089,11 @@ sftk_startup_tests(void) +@@ -759,22 +1089,27 @@ sftk_startup_tests(void) CK_RV sftk_FIPSEntryOK() { @@ -1456,6 +1503,22 @@ Index: nss/lib/softoken/fipstest.c if (!sftk_self_tests_success) { return CKR_DEVICE_ERROR; } + return CKR_OK; + } ++ ++void fips_repeatTestSoftoken(void); ++ ++void ++sftk_FIPSRepeatIntegrityCheck() ++{ ++ /* These will abort if the checksum fails in FIPS mode */ ++ BL_FIPSRepeatIntegrityCheck(); ++ fips_repeatTestSoftoken(); ++} ++ + #else + #include "pkcs11t.h" + CK_RV Index: nss/lib/softoken/legacydb/fips.c =================================================================== --- /dev/null @@ -1549,3 +1612,35 @@ Index: nss/lib/softoken/manifest.mn $(NULL) ifndef NSS_DISABLE_DBM +Index: nss/lib/softoken/softoken.h +=================================================================== +--- nss.orig/lib/softoken/softoken.h ++++ nss/lib/softoken/softoken.h +@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLAr + /* make sure Power-up selftests have been run. */ + extern CK_RV sftk_FIPSEntryOK(void); + ++/* Unconditionally run the crypto self-tests. */ ++extern PRBool sftk_FIPSRunTests(); ++ + /* + ** make known fixed PKCS #11 key types to their sizes in bytes + */ +Index: nss/lib/freebl/ldvector.c +=================================================================== +--- nss.orig/lib/freebl/ldvector.c ++++ nss/lib/freebl/ldvector.c +@@ -376,9 +376,12 @@ static const struct FREEBLVectorStr vect + /* End of version 3.024 */ + ChaCha20_InitContext, + ChaCha20_CreateContext, +- ChaCha20_DestroyContext ++ ChaCha20_DestroyContext, + + /* End of version 3.025 */ ++ ++ /* SUSE patch: Goes last */ ++ BL_FIPSRepeatIntegrityCheck + }; + + const FREEBLVector* diff --git a/nss-fips-tests-skip.patch b/nss-fips-tests-skip.patch deleted file mode 100644 index 7661085..0000000 --- a/nss-fips-tests-skip.patch +++ /dev/null @@ -1,19 +0,0 @@ -Index: nss/tests/lowhash/lowhash.sh -=================================================================== ---- nss.orig/tests/lowhash/lowhash.sh -+++ nss/tests/lowhash/lowhash.sh -@@ -61,11 +61,13 @@ lowhash_test() - ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then - echo "freebl lowhash not supported in this plaform." - else -- TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512" -+ TESTS_FIPS_0="MD5 SHA1 SHA224 SHA256 SHA384 SHA512" -+ TESTS_FIPS_1="SHA224 SHA256 SHA384 SHA512" - OLD_MODE=`echo ${NSS_FIPS}` - for fips_mode in 0 1; do - echo "lowhashtest with fips mode=${fips_mode}" - export NSS_FIPS=${fips_mode} -+ eval TESTS=\${TESTS_FIPS_${fips_mode}} - for TEST in ${TESTS} - do - echo "lowhashtest ${TEST}" diff --git a/nss-fips-tls-allow-md5-prf.patch b/nss-fips-tls-allow-md5-prf.patch deleted file mode 100644 index 77304c2..0000000 --- a/nss-fips-tls-allow-md5-prf.patch +++ /dev/null @@ -1,270 +0,0 @@ -# HG changeset patch -# User Hans Petter Jansson -# Date 1574240734 -3600 -# Wed Nov 20 10:05:34 2019 +0100 -# Node ID 0efca22bbafd7575b20461f255c46157c9321822 -# Parent 3a2cb65dc157344cdad19e8e16e9c33e36f82d96 -[PATCH] 30 -From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001 ---- - nss/lib/freebl/md5.c | 67 ++++++++++++++++++++++++++------------ - nss/lib/freebl/rawhash.c | 37 +++++++++++++++++++++ - nss/lib/freebl/tlsprfalg.c | 5 ++- - nss/lib/softoken/pkcs11c.c | 4 +-- - 4 files changed, 90 insertions(+), 23 deletions(-) - -Index: nss/lib/freebl/md5.c -=================================================================== ---- nss.orig/lib/freebl/md5.c -+++ nss/lib/freebl/md5.c -@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const u - } - - MD5Context * --MD5_NewContext(void) -+MD5_NewContext_NonFIPS(void) - { - /* no need to ZAlloc, MD5_Begin will init the context */ - MD5Context *cx; - -- IN_FIPS_RETURN(NULL); -- - cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); - if (cx == NULL) { - PORT_SetError(PR_OUT_OF_MEMORY_ERROR); -@@ -232,6 +230,13 @@ MD5_NewContext(void) - return cx; - } - -+MD5Context * -+MD5_NewContext(void) -+{ -+ IN_FIPS_RETURN(NULL); -+ return MD5_NewContext_NonFIPS(); -+} -+ - void - MD5_DestroyContext(MD5Context *cx, PRBool freeit) - { -@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo - } - - void --MD5_Begin(MD5Context *cx) -+MD5_Begin_NonFIPS(MD5Context *cx) - { -- IN_FIPS_RETURN(); -- - cx->lsbInput = 0; - cx->msbInput = 0; - /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */ -@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx) - cx->cv[3] = CV0_4; - } - -+void -+MD5_Begin(MD5Context *cx) -+{ -+ IN_FIPS_RETURN(); -+ MD5_Begin_NonFIPS(cx); -+} -+ - #define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s)) - - #if defined(SOLARIS) || defined(HPUX) -@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUin - } - - void --MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) -+MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen) - { - PRUint32 bytesToConsume; - PRUint32 inBufIndex = cx->lsbInput & 63; - const PRUint32 *wBuf; - -- IN_FIPS_RETURN(); -- - /* Add the number of input bytes to the 64-bit input counter. */ - addto64(cx->msbInput, cx->lsbInput, inputLen); - if (inBufIndex) { -@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigne - memcpy(cx->inBuf, input, inputLen); - } - -+void -+MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) -+{ -+ IN_FIPS_RETURN(); -+ MD5_Update_NonFIPS(cx, input, inputLen); -+} -+ - static const unsigned char padbytes[] = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -@@ -503,8 +518,8 @@ static const unsigned char padbytes[] = - }; - - void --MD5_End(MD5Context *cx, unsigned char *digest, -- unsigned int *digestLen, unsigned int maxDigestLen) -+MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest, -+ unsigned int *digestLen, unsigned int maxDigestLen) - { - #ifndef IS_LITTLE_ENDIAN - PRUint32 tmp; -@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *d - PRUint32 lowInput, highInput; - PRUint32 inBufIndex = cx->lsbInput & 63; - -- IN_FIPS_RETURN(); -- - if (maxDigestLen < MD5_HASH_LEN) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; -@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *d - lowInput <<= 3; - - if (inBufIndex < MD5_END_BUFFER) { -- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex); -+ MD5_Update_NonFIPS(cx, padbytes, MD5_END_BUFFER - inBufIndex); - } else { -- MD5_Update(cx, padbytes, -- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex); -+ MD5_Update_NonFIPS(cx, padbytes, -+ MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex); - } - - /* Store the number of bytes input (before padding) in final 64 bits. */ -@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *d - } - - void --MD5_EndRaw(MD5Context *cx, unsigned char *digest, -- unsigned int *digestLen, unsigned int maxDigestLen) -+MD5_End(MD5Context *cx, unsigned char *digest, -+ unsigned int *digestLen, unsigned int maxDigestLen) -+{ -+ IN_FIPS_RETURN(); -+ MD5_End_NonFIPS(cx, digest, digestLen, maxDigestLen); -+} -+ -+void -+MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest, -+ unsigned int *digestLen, unsigned int maxDigestLen) - { - #ifndef IS_LITTLE_ENDIAN - PRUint32 tmp; - #endif - PRUint32 cv[4]; - -- IN_FIPS_RETURN(); -- - if (maxDigestLen < MD5_HASH_LEN) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return; -@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char - *digestLen = MD5_HASH_LEN; - } - -+void -+MD5_EndRaw(MD5Context *cx, unsigned char *digest, -+ unsigned int *digestLen, unsigned int maxDigestLen) -+{ -+ IN_FIPS_RETURN(); -+ MD5_EndRaw_NonFIPS(cx, digest, digestLen, maxDigestLen); -+} -+ - unsigned int - MD5_FlattenSize(MD5Context *cx) - { -Index: nss/lib/freebl/rawhash.c -=================================================================== ---- nss.orig/lib/freebl/rawhash.c -+++ nss/lib/freebl/rawhash.c -@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hash - } - return &SECRawHashObjects[hashType]; - } -+ -+/* Defined in md5.c */ -+ -+MD5Context *MD5_NewContext_NonFIPS(void); -+void MD5_Begin_NonFIPS(MD5Context *cx); -+void MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen); -+void MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest, -+ unsigned int *digestLen, unsigned int maxDigestLen); -+void MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest, -+ unsigned int *digestLen, unsigned int maxDigestLen); -+ -+static const SECHashObject SECRawHashObjectMD5NonFIPS = { -+ MD5_LENGTH, -+ (void *(*)(void))MD5_NewContext_NonFIPS, -+ (void *(*)(void *))null_hash_clone_context, -+ (void (*)(void *, PRBool))MD5_DestroyContext, -+ (void (*)(void *))MD5_Begin_NonFIPS, -+ (void (*)(void *, const unsigned char *, unsigned int))MD5_Update_NonFIPS, -+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End_NonFIPS, -+ MD5_BLOCK_LENGTH, -+ HASH_AlgMD5, -+ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw_NonFIPS -+}; -+ -+const SECHashObject * -+HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType) -+{ -+ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) { -+ PORT_SetError(SEC_ERROR_INVALID_ARGS); -+ return NULL; -+ } -+ -+ if (hashType == HASH_AlgMD5) -+ return &SECRawHashObjectMD5NonFIPS; -+ -+ return &SECRawHashObjects[hashType]; -+} -Index: nss/lib/freebl/tlsprfalg.c -=================================================================== ---- nss.orig/lib/freebl/tlsprfalg.c -+++ nss/lib/freebl/tlsprfalg.c -@@ -12,6 +12,9 @@ - #include "hasht.h" - #include "alghmac.h" - -+/* To get valid MD5 object in FIPS mode */ -+const SECHashObject *HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType); -+ - #define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX - - /* TLS P_hash function */ -@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const - SECStatus status; - HMACContext *cx; - SECStatus rv = SECFailure; -- const SECHashObject *hashObj = HASH_GetRawHashObject(hashType); -+ const SECHashObject *hashObj = HASH_GetRawHashObjectNonFIPS(hashType); - - PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len)); - PORT_Assert((seed != NULL) && (seed->data != NULL)); -Index: nss/lib/softoken/pkcs11c.c -=================================================================== ---- nss.orig/lib/softoken/pkcs11c.c -+++ nss/lib/softoken/pkcs11c.c -@@ -7158,7 +7158,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - SFTKAttribute *att2 = NULL; - unsigned char *buf; - SHA1Context *sha; -- MD5Context *md5; -+ MD5Context *md5 = NULL; - MD2Context *md2; - CK_ULONG macSize; - CK_ULONG tmpKeySize; -@@ -7698,7 +7698,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession - } - sftk_FreeAttribute(att2); - md5 = MD5_NewContext(); -- if (md5 == NULL) { -+ if (md5 == NULL && !isTLS) { - crv = CKR_HOST_MEMORY; - break; - } From e6797bdfe9da37b764d872dbfe72baffe2a7c6ffe3207fde64ce57160b9ee4fc Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 26 Jul 2022 20:39:35 +0000 Subject: [PATCH 2/4] OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=389 --- nss-fips-constructor-self-tests.patch | 685 ++++---------------------- 1 file changed, 90 insertions(+), 595 deletions(-) diff --git a/nss-fips-constructor-self-tests.patch b/nss-fips-constructor-self-tests.patch index a057426..00b4e9b 100644 --- a/nss-fips-constructor-self-tests.patch +++ b/nss-fips-constructor-self-tests.patch @@ -1,13 +1,7 @@ -commit d4f90dd0c5e15cfd9db416207d067cc3968b3a0c -Author: Hans Petter Jansson -Date: Sun Mar 15 21:54:30 2020 +0100 - - Patch 23: nss-fips-constructor-self-tests.patch - -Index: nss/cmd/chktest/chktest.c -=================================================================== ---- nss.orig/cmd/chktest/chktest.c -+++ nss/cmd/chktest/chktest.c +diff --git a/cmd/chktest/chktest.c b/cmd/chktest/chktest.c +index a33d184..f09283a 100644 +--- a/cmd/chktest/chktest.c ++++ b/cmd/chktest/chktest.c @@ -38,7 +38,7 @@ main(int argc, char **argv) } RNG_SystemInfoForRNG(); @@ -17,10 +11,10 @@ Index: nss/cmd/chktest/chktest.c printf("%s\n", (good_result ? "SUCCESS" : "FAILURE")); return (good_result) ? SECSuccess : SECFailure; -Index: nss/cmd/shlibsign/shlibsign.c -=================================================================== ---- nss.orig/cmd/shlibsign/shlibsign.c -+++ nss/cmd/shlibsign/shlibsign.c +diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c +index ad8f3b8..a5b42d7 100644 +--- a/cmd/shlibsign/shlibsign.c ++++ b/cmd/shlibsign/shlibsign.c @@ -946,10 +946,12 @@ main(int argc, char **argv) goto cleanup; } @@ -38,10 +32,10 @@ Index: nss/cmd/shlibsign/shlibsign.c } } -Index: nss/lib/freebl/blapi.h -=================================================================== ---- nss.orig/lib/freebl/blapi.h -+++ nss/lib/freebl/blapi.h +diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h +index 94fd802..45e1dd1 100644 +--- a/lib/freebl/blapi.h ++++ b/lib/freebl/blapi.h @@ -1759,17 +1759,17 @@ extern void BL_Unload(void); /************************************************************************** * Verify a given Shared library signature * @@ -63,7 +57,7 @@ Index: nss/lib/freebl/blapi.h /*********************************************************************/ extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType); -@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPo +@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, */ extern int EC_GetPointSize(const ECParams *params); @@ -73,403 +67,10 @@ Index: nss/lib/freebl/blapi.h SEC_END_PROTOS #endif /* _BLAPI_H_ */ -Index: nss/lib/freebl/fips-selftest.inc -=================================================================== ---- /dev/null -+++ nss/lib/freebl/fips-selftest.inc -@@ -0,0 +1,355 @@ -+/* -+ * PKCS #11 FIPS Power-Up Self Test - common stuff. -+ * -+ * This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#ifndef FIPS_INC -+#define FIPS_INC -+ -+/* common functions used for FIPS selftests. Due to the modular design of NSS -+ * putting these into libfreebl would mean either amending the API represented -+ * by FREEBLVectorStr - which might cause problems with newer applications, or -+ * extending the API with another similar function set. Thus, to make things -+ * less complicated in the binaries, we mess up the source a bit. */ -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+ -+#include -+ -+#include "blapi.h" -+ -+#define NSS_FORCE_FIPS_ENV "NSS_FIPS" -+#define FIPS_PROC_PATH "/proc/sys/crypto/fips_enabled" -+ -+#define CHECKSUM_SUFFIX ".chk" -+ -+typedef enum fips_check_status { -+ CHECK_UNCHECKED = -1, -+ CHECK_OK = 0, -+ CHECK_FAIL, -+ CHECK_FAIL_CRYPTO, -+ CHECK_MISSING -+} fips_check_status; -+ -+/* initial value of FIPS state is -1 */ -+static int fips_state = -1; -+ -+static int fips_wanted = -1; -+ -+static int fips_is_env = 0; -+static int fips_ignore_checksums = 0; -+ -+/* debug messages are sent to stderr */ -+static void -+debug(const char *fmt,...) -+{ -+#if 0 -+ va_list args; -+ -+ va_start(args, fmt); -+ vfprintf(stderr, fmt, args); -+ va_end(args); -+ fputc('\n', stderr); -+#endif -+ return; -+} -+ -+/* Fatal messages ending with abort(); this function never returns */ -+static void __attribute__ ((__noreturn__)) -+fatal(const char *fmt,...) -+{ -+ va_list args; -+ -+ va_start(args, fmt); -+ vfprintf(stderr, fmt, args); -+ va_end(args); -+ fputc('\n', stderr); -+ abort(); -+} -+ -+/* check whether FIPS moode is mandated by the kernel */ -+static int -+fips_isWantedProc(void) -+{ -+ int my_fips_wanted = 0; -+ int fips_fd; -+ char fips_sys = 0; -+ -+ struct stat dummy; -+ if (-1 == stat(FIPS_PROC_PATH, &dummy)) { -+ switch (errno) { -+ case ENOENT: -+ case EACCES: /* Mozilla sandboxing returns EACCES instead of ENOENT */ -+ case ENOTDIR: -+ break; -+ default: -+ fatal("Check for system-wide FIPS mode is required and %s cannot" -+ " be accessed for reason other than non-existence - aborting" -+ , FIPS_PROC_PATH); -+ break; -+ } -+ } else { -+ if (-1 == (fips_fd = open(FIPS_PROC_PATH, O_RDONLY))) { -+ fatal("Check for system-wide FIPS mode is required and %s cannot" -+ " be opened for reading - aborting" -+ , FIPS_PROC_PATH); -+ } -+ if (1 > read(fips_fd, &fips_sys, 1)) { -+ fatal("Check for system-wide FIPS mode is required and %s doesn't" -+ " return at least one character - aborting" -+ , FIPS_PROC_PATH); -+ } -+ close(fips_fd); -+ switch (fips_sys) { -+ case '0': -+ case '1': -+ my_fips_wanted = fips_sys - '0'; -+ break; -+ default: -+ fatal("Bogus character %c found in %s - aborting" -+ , fips_sys, FIPS_PROC_PATH); -+ } -+ } -+ return my_fips_wanted; -+} -+ -+/* "legacy" from lib/sysinit/nsssysinit.c */ -+static PRBool -+getFIPSEnv(void) -+{ -+ char *fipsEnv = getenv("NSS_FIPS"); -+ if (!fipsEnv) { -+ return PR_FALSE; -+ } -+ if ((strcasecmp(fipsEnv,"fips") == 0) || -+ (strcasecmp(fipsEnv,"true") == 0) || -+ (strcasecmp(fipsEnv,"on") == 0) || -+ (strcasecmp(fipsEnv,"1") == 0)) { -+ return PR_TRUE; -+ } -+ return PR_FALSE; -+} -+ -+static PRBool -+getIgnoreChecksumsEnv(void) -+{ -+ char *checksumEnv = getenv("NSS_IGNORE_CHECKSUMS"); -+ if (!checksumEnv) { -+ return PR_FALSE; -+ } -+ if ((strcasecmp(checksumEnv,"true") == 0) || -+ (strcasecmp(checksumEnv,"on") == 0) || -+ (strcasecmp(checksumEnv,"1") == 0)) { -+ return PR_TRUE; -+ } -+ return PR_FALSE; -+} -+ -+static int -+fips_isWantedEnv(void) -+{ -+ return getFIPSEnv() ? 1 : 0; -+} -+ -+static int -+fips_isWanted(void) -+{ -+ int fips_requests = 0; -+#ifdef LINUX -+ fips_requests += fips_isWantedProc(); -+#endif -+ if (fips_requests < 1) -+ { -+ fips_is_env = 1; -+ fips_ignore_checksums = getIgnoreChecksumsEnv(); -+ } -+ fips_requests += fips_isWantedEnv(); -+ -+ return fips_requests; -+} -+ -+static PRBool -+fips_check_signature_external (const char *full_lib_name, int *err) -+{ -+ char *p0, *p1; -+ char *ld_path; -+ PRBool rv = PR_FALSE; -+ -+ p0 = getenv ("LD_LIBRARY_PATH"); -+ p0 = ld_path = strdup (p0 ? p0 : ""); -+ -+ for (p1 = strchr (p0, ':'); p1 && !rv; p1 = strchr (p0, ':')) -+ { -+ char *path; -+ -+ *p1 = '\0'; -+ path = malloc (strlen (p0) + strlen (full_lib_name) + 2); -+ strcpy (path, p0); -+ strcat (path, "/"); -+ strcat (path, full_lib_name); -+ -+ rv = BLAPI_SHVerifyFile (path, err); -+ -+ free (path); -+ p0 = p1 + 1; -+ } -+ -+ if (!rv) -+ { -+ char *path = malloc (strlen ("/usr/lib64/") + strlen (full_lib_name) + 1); -+ strcpy (path, "/usr/lib64/"); -+ strcat (path, full_lib_name); -+ rv = BLAPI_SHVerifyFile (path, err); -+ } -+ -+ free (ld_path); -+ return rv; -+} -+ -+/* check integrity signatures (if present) */ -+static fips_check_status -+fips_checkSignature(char *libName, PRFuncPtr addr) -+{ -+ PRBool rv; -+ fips_check_status rv_check = CHECK_UNCHECKED; -+ int l = PATH_MAX; -+ int err = 0; -+ int err_NOENT = 0; -+ char full_lib_name[PATH_MAX+1]; -+ full_lib_name[0] = '\0'; -+ -+ if (NULL == libName) { -+ err_NOENT = PR_FILE_NOT_FOUND_ERROR; -+ rv = BLAPI_VerifySelf(SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX, &err); -+ } else { -+ err_NOENT = PR_FILE_NOT_FOUND_ERROR; -+ strncat(full_lib_name, SHLIB_PREFIX, l); -+ l -= strlen(SHLIB_PREFIX); -+ strncat(full_lib_name, libName, l); -+ l -= strlen(libName); -+ strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l); -+ l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX); -+ -+ if (NULL == addr) -+ rv = fips_check_signature_external (full_lib_name, &err); -+ else -+ rv = BLAPI_SHVerify(full_lib_name, addr, &err); -+ } -+ -+ if (rv) { -+ rv_check = CHECK_OK; -+ } else { -+ if (err_NOENT == err) { -+ rv_check = CHECK_MISSING; -+ } else { -+ rv_check = CHECK_FAIL; -+ } -+ } -+ -+ return rv_check; -+} -+ -+/* decide what to do depending on the results of tests and system/required FIPS -+ * mode */ -+static int -+fips_resolve(fips_check_status check, char *libName) -+{ -+ int state; -+ -+ if (fips_wanted) { -+ switch (check) { -+ case CHECK_OK: -+ debug("fips - %s: mandatory checksum ok" -+ , (libName) ? libName : "freebl"); -+ break; -+ case CHECK_FAIL: -+ fatal("fips - %s: mandatory checksum failed - aborting" -+ , (libName) ? libName : "freebl"); -+ break; -+ case CHECK_FAIL_CRYPTO: -+ fatal("fips - %s: mandatory crypto test failed - aborting" -+ , (libName) ? libName : "freebl"); -+ break; -+ case CHECK_MISSING: -+ fatal("fips - %s: mandatory checksum data missing - aborting" -+ , (libName) ? libName : "freebl"); -+ break; -+ default: -+ fatal("Fatal error: internal error at %s:%u" -+ , __FILE__, __LINE__); -+ break; -+ } -+ state = 1; -+ } else { -+ switch (check) { -+ case CHECK_OK: -+ debug("fips - %s: checksum ok" -+ , (libName) ? libName : "freebl"); -+ break; -+ case CHECK_FAIL: -+#if 0 -+ fatal("fips - %s: checksum failed - aborting" -+ , (libName) ? libName : "freebl"); -+#else -+ debug("fips - %s: checksum failed - not in FIPS mode; continuing" -+ , (libName) ? libName : "freebl"); -+#endif -+ break; -+ case CHECK_FAIL_CRYPTO: -+ fatal("fips - %s: crypto test failed - aborting" -+ , (libName) ? libName : "freebl"); -+ break; -+ case CHECK_MISSING: -+ debug("fips - %s: mandatory checksum data missing, but not required in non FIPS mode; continuing non-FIPS" -+ , (libName) ? libName : "freebl"); -+ break; -+ default: -+ fatal("Fatal error: internal error at %s:%u" -+ , __FILE__, __LINE__); -+ break; -+ } -+ state = 0; -+ } -+ return state; -+} -+ -+/* generic selftest -+ * libName and addr are the name of shared object to check and a function -+ * contained therein; (NULL, NULL) performs selfcheck of freebl. -+ * crypto_check is callback that performs cryptographic algorithms checks; NULL -+ * for libraries that do not implement any cryptographic algorithms per se -+ */ -+static int -+fips_initTest(char *libName, PRFuncPtr addr, fips_check_status cryptoCheck(void)) -+{ -+ fips_check_status check = CHECK_OK; -+ -+ fips_wanted = fips_isWanted(); -+ -+ if (cryptoCheck) { -+ check = cryptoCheck(); -+ debug("fips - %s: crypto check %s" -+ , (libName) ? libName : "freebl" -+ , (CHECK_OK == check) ? "ok" : "failed"); -+ } -+ -+ if (CHECK_OK == check) { -+ check = fips_checkSignature(libName, addr); -+ } -+ -+ return fips_resolve(check, libName); -+} -+ -+#endif -Index: nss/lib/freebl/fips.c -=================================================================== ---- /dev/null -+++ nss/lib/freebl/fips.c -@@ -0,0 +1,7 @@ -+/* -+ * PKCS #11 FIPS Power-Up Self Test. -+ * -+ * This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -Index: nss/lib/freebl/fips.h -=================================================================== ---- /dev/null -+++ nss/lib/freebl/fips.h -@@ -0,0 +1,16 @@ -+/* -+ * PKCS #11 FIPS Power-Up Self Test. -+ * -+ * This Source Code Form is subject to the terms of the Mozilla Public -+ * License, v. 2.0. If a copy of the MPL was not distributed with this -+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ -+ -+#ifndef FIPS_H -+#define FIPS_H -+ -+int FIPS_mode(void); -+int FIPS_mode_allow_tests(void); -+char* FIPS_rngDev(void); -+ -+#endif -+ -Index: nss/lib/freebl/fipsfreebl.c -=================================================================== ---- nss.orig/lib/freebl/fipsfreebl.c -+++ nss/lib/freebl/fipsfreebl.c +diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c +index 23f665a..f080417 100644 +--- a/lib/freebl/fipsfreebl.c ++++ b/lib/freebl/fipsfreebl.c @@ -21,6 +21,13 @@ #include "ec.h" /* Required for EC */ @@ -484,7 +85,7 @@ Index: nss/lib/freebl/fipsfreebl.c /* * different platforms have different ways of calling and initial entry point * when the dll/.so is loaded. Most platforms support either a posix pragma -@@ -1998,9 +2005,8 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -1963,9 +1970,8 @@ freebl_fips_RNG_PowerUpSelfTest(void) 0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73, 0x10, 0x1f, 0x60, 0xd7 }; @@ -495,7 +96,7 @@ Index: nss/lib/freebl/fipsfreebl.c /*******************************************/ /* Run the SP 800-90 Health tests */ -@@ -2014,13 +2020,12 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -1979,13 +1985,12 @@ freebl_fips_RNG_PowerUpSelfTest(void) /*******************************************/ /* Generate DSAX fow given Q. */ /*******************************************/ @@ -510,7 +111,7 @@ Index: nss/lib/freebl/fipsfreebl.c PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } -@@ -2028,17 +2033,19 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -1993,17 +1998,19 @@ freebl_fips_RNG_PowerUpSelfTest(void) return (SECSuccess); } @@ -531,7 +132,7 @@ Index: nss/lib/freebl/fipsfreebl.c #define DO_FREEBL 1 #define DO_REST 2 -@@ -2156,11 +2163,13 @@ static PRBool self_tests_ran = PR_FALSE; +@@ -2121,11 +2128,13 @@ static PRBool self_tests_ran = PR_FALSE; static PRBool self_tests_freebl_success = PR_FALSE; static PRBool self_tests_success = PR_FALSE; @@ -546,7 +147,7 @@ Index: nss/lib/freebl/fipsfreebl.c { SECStatus rv; /* if the freebl self tests didn't run, there is something wrong with -@@ -2173,7 +2182,7 @@ BL_POSTRan(PRBool freebl_only) +@@ -2138,7 +2147,7 @@ BL_POSTRan(PRBool freebl_only) return PR_TRUE; } /* if we only care about the freebl tests, we are good */ @@ -555,7 +156,7 @@ Index: nss/lib/freebl/fipsfreebl.c return PR_TRUE; } /* run the rest of the self tests */ -@@ -2192,32 +2201,16 @@ BL_POSTRan(PRBool freebl_only) +@@ -2157,32 +2166,16 @@ BL_POSTRan(PRBool freebl_only) return PR_TRUE; } @@ -593,7 +194,7 @@ Index: nss/lib/freebl/fipsfreebl.c self_tests_freebl_ran = PR_TRUE; /* we are running the tests */ if (!freebl_only) { -@@ -2229,20 +2222,55 @@ bl_startup_tests(void) +@@ -2194,20 +2187,55 @@ bl_startup_tests(void) /* always run the post tests */ rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST); if (rv != SECSuccess) { @@ -651,7 +252,7 @@ Index: nss/lib/freebl/fipsfreebl.c } /* -@@ -2251,28 +2279,110 @@ bl_startup_tests(void) +@@ -2216,28 +2244,110 @@ bl_startup_tests(void) * power on selftest failed. */ SECStatus @@ -772,10 +373,28 @@ Index: nss/lib/freebl/fipsfreebl.c +} + #endif -Index: nss/lib/freebl/loader.c -=================================================================== ---- nss.orig/lib/freebl/loader.c -+++ nss/lib/freebl/loader.c +diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c +index ac3b862..8f3518b 100644 +--- a/lib/freebl/ldvector.c ++++ b/lib/freebl/ldvector.c +@@ -376,9 +376,12 @@ static const struct FREEBLVectorStr vector = + /* End of version 3.024 */ + ChaCha20_InitContext, + ChaCha20_CreateContext, +- ChaCha20_DestroyContext ++ ChaCha20_DestroyContext, + + /* End of version 3.025 */ ++ ++ /* SUSE patch: Goes last */ ++ BL_FIPSRepeatIntegrityCheck + }; + + const FREEBLVector* +diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c +index 692a883..deca671 100644 +--- a/lib/freebl/loader.c ++++ b/lib/freebl/loader.c @@ -95,6 +95,14 @@ BL_Init(void) return (vector->p_BL_Init)(); } @@ -784,14 +403,14 @@ Index: nss/lib/freebl/loader.c +BL_FIPSRepeatIntegrityCheck(void) +{ + if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return SECFailure; ++ return; + (vector->p_BL_FIPSRepeatIntegrityCheck)(); +} + RSAPrivateKey * RSA_NewKey(int keySizeInBits, SECItem *publicExponent) { -@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext +@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext *cx, unsigned char *output, } PRBool @@ -805,7 +424,7 @@ Index: nss/lib/freebl/loader.c } /* -@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncP +@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncPtr addr) * in freebl_LoadDSO) to p_BLAPI_VerifySelf. */ PRBool @@ -820,7 +439,7 @@ Index: nss/lib/freebl/loader.c } /* ============== New for 3.006 =============================== */ -@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224 +@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src) } PRBool @@ -834,10 +453,10 @@ Index: nss/lib/freebl/loader.c } /* === new for DSA-2 === */ -Index: nss/lib/freebl/loader.h -=================================================================== ---- nss.orig/lib/freebl/loader.h -+++ nss/lib/freebl/loader.h +diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h +index eb3046d..3bbc43a 100644 +--- a/lib/freebl/loader.h ++++ b/lib/freebl/loader.h @@ -299,8 +299,8 @@ struct FREEBLVectorStr { /* Version 3.004 came to here */ @@ -868,10 +487,10 @@ Index: nss/lib/freebl/loader.h }; typedef struct FREEBLVectorStr FREEBLVector; -Index: nss/lib/freebl/manifest.mn -=================================================================== ---- nss.orig/lib/freebl/manifest.mn -+++ nss/lib/freebl/manifest.mn +diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn +index b6c5fb3..b8ba60b 100644 +--- a/lib/freebl/manifest.mn ++++ b/lib/freebl/manifest.mn @@ -97,6 +97,7 @@ PRIVATE_EXPORTS = \ ecl.h \ ecl-curve.h \ @@ -888,10 +507,10 @@ Index: nss/lib/freebl/manifest.mn $(NULL) -Index: nss/lib/freebl/shvfy.c -=================================================================== ---- nss.orig/lib/freebl/shvfy.c -+++ nss/lib/freebl/shvfy.c +diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c +index 0428bf6..f463352 100644 +--- a/lib/freebl/shvfy.c ++++ b/lib/freebl/shvfy.c @@ -22,6 +22,8 @@ #ifndef NSS_FIPS_DISABLED @@ -901,7 +520,7 @@ Index: nss/lib/freebl/shvfy.c /* * Most modern version of Linux support a speed optimization scheme where an * application called prelink modifies programs and shared libraries to quickly -@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int +@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int pid) } #endif @@ -959,7 +578,7 @@ Index: nss/lib/freebl/shvfy.c { char *checkName = NULL; PRFileDesc *checkFD = NULL; -@@ -341,7 +341,7 @@ blapi_SHVerifyFile(const char *shName, P +@@ -341,7 +341,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self) #endif PRBool result = PR_FALSE; /* if anything goes wrong, @@ -968,7 +587,7 @@ Index: nss/lib/freebl/shvfy.c unsigned char buf[4096]; unsigned char hashBuf[HASH_LENGTH_MAX]; -@@ -368,14 +368,17 @@ blapi_SHVerifyFile(const char *shName, P +@@ -368,14 +368,17 @@ blapi_SHVerifyFile(const char *shName, PRBool self) /* open the check File */ checkFD = PR_Open(checkName, PR_RDONLY, 0); if (checkFD == NULL) { @@ -989,7 +608,7 @@ Index: nss/lib/freebl/shvfy.c bytesRead = PR_Read(checkFD, buf, 12); if (bytesRead != 12) { goto loser; -@@ -416,7 +419,8 @@ blapi_SHVerifyFile(const char *shName, P +@@ -416,7 +419,8 @@ blapi_SHVerifyFile(const char *shName, PRBool self) if (rv != SECSuccess) { goto loser; } @@ -999,7 +618,7 @@ Index: nss/lib/freebl/shvfy.c rv = readItem(checkFD, &signature); if (rv != SECSuccess) { goto loser; -@@ -431,7 +435,7 @@ blapi_SHVerifyFile(const char *shName, P +@@ -431,7 +435,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self) goto loser; } @@ -1008,7 +627,7 @@ Index: nss/lib/freebl/shvfy.c #ifdef FREEBL_USE_PRELINK shFD = bl_OpenUnPrelink(shName, &pid); #else -@@ -439,13 +443,13 @@ blapi_SHVerifyFile(const char *shName, P +@@ -439,13 +443,13 @@ blapi_SHVerifyFile(const char *shName, PRBool self) #endif if (shFD == NULL) { #ifdef DEBUG_SHVERIFY @@ -1043,76 +662,10 @@ Index: nss/lib/freebl/shvfy.c } #else /* NSS_FIPS_DISABLED */ -Index: nss/lib/softoken/fips.c -=================================================================== ---- /dev/null -+++ nss/lib/softoken/fips.c -@@ -0,0 +1,46 @@ -+#include "../freebl/fips-selftest.inc" -+ -+#include "fips.h" -+ -+#include "softoken.h" -+ -+#include -+ -+/* crypto algorithms selftest wrapper */ -+static fips_check_status -+fips_checkCryptoSoftoken(void) -+{ -+ if (CKR_OK == sftk_FIPSEntryOK()) { -+ return CHECK_OK; -+ } else { -+ return CHECK_FAIL_CRYPTO; -+ } -+ -+ return CHECK_OK; -+} -+ -+/* constructor - load-time selfchecks */ -+static void __attribute__ ((constructor)) -+fips_initTestSoftoken(void) -+{ -+ fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken); -+ -+ /* The legacy DB must be checked unconditionally in FIPS mode. As an exception, -+ * this can be turned off for the build-time tests using the env var -+ * NSS_IGNORE_CHECKSUMS. This is necessary because the files cannot be -+ * located before they're installed. It only works if FIPS mode is enabled -+ * via NSS_FIPS=1, not if it's set in /proc. */ -+ -+ if (fips_state && !(fips_is_env && fips_ignore_checksums)) -+ { -+ fips_state = fips_initTest("nssdbm", (PRFuncPtr) NULL, NULL); -+ } -+ -+ return; -+} -+ -+void -+fips_repeatTestSoftoken(void) -+{ -+ fips_initTestSoftoken(); -+} -Index: nss/lib/softoken/fips.h -=================================================================== ---- /dev/null -+++ nss/lib/softoken/fips.h -@@ -0,0 +1,10 @@ -+#ifndef FIPS_H -+#define FIPS_H -+ -+#include "softoken.h" -+ -+CK_RV FIPS_cryptoSelftestSoftoken(void); -+CK_RV sftk_fipsPowerUpSelfTest(void); -+ -+#endif -+ -Index: nss/lib/softoken/fipstest.c -=================================================================== ---- nss.orig/lib/softoken/fipstest.c -+++ nss/lib/softoken/fipstest.c +diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c +index aa4992c..ab3b693 100644 +--- a/lib/softoken/fipstest.c ++++ b/lib/softoken/fipstest.c @@ -682,6 +682,327 @@ sftk_fips_HKDF_PowerUpSelfTest(void) return (SECSuccess); } @@ -1519,50 +1072,10 @@ Index: nss/lib/softoken/fipstest.c #else #include "pkcs11t.h" CK_RV -Index: nss/lib/softoken/legacydb/fips.c -=================================================================== ---- /dev/null -+++ nss/lib/softoken/legacydb/fips.c -@@ -0,0 +1,25 @@ -+#include "../../freebl/fips-selftest.inc" -+ -+#include "fips.h" -+ -+/*** private per-module symbols ***/ -+ -+/* crypto algorithms selftest wrapper */ -+static fips_check_status -+fips_checkCryptoDbm(void) -+{ -+ /* no checks in dbm */ -+ return CHECK_OK; -+} -+ -+/* constructor - load-time selfchecks */ -+static void __attribute__ ((constructor)) -+fips_initTestDbm(void) -+{ -+ fips_state = fips_initTest("nssdbm", (PRFuncPtr)fips_checkCryptoDbm, NULL); -+ -+ return; -+} -+ -+/*** public per-module symbols ***/ -+ -Index: nss/lib/softoken/legacydb/fips.h -=================================================================== ---- /dev/null -+++ nss/lib/softoken/legacydb/fips.h -@@ -0,0 +1,5 @@ -+#ifndef FIPS_H -+#define FIPS_H -+ -+#endif -+ -Index: nss/lib/softoken/legacydb/lgfips.c -=================================================================== ---- nss.orig/lib/softoken/legacydb/lgfips.c -+++ nss/lib/softoken/legacydb/lgfips.c +diff --git a/lib/softoken/legacydb/lgfips.c b/lib/softoken/legacydb/lgfips.c +index b991dcf..efb7e52 100644 +--- a/lib/softoken/legacydb/lgfips.c ++++ b/lib/softoken/legacydb/lgfips.c @@ -90,7 +90,7 @@ lg_startup_tests(void) /* no self tests required for the legacy db, only the integrity check */ @@ -1572,10 +1085,10 @@ Index: nss/lib/softoken/legacydb/lgfips.c /* something is wrong with the library, fail without enabling * the fips token */ return; -Index: nss/lib/softoken/legacydb/manifest.mn -=================================================================== ---- nss.orig/lib/softoken/legacydb/manifest.mn -+++ nss/lib/softoken/legacydb/manifest.mn +diff --git a/lib/softoken/legacydb/manifest.mn b/lib/softoken/legacydb/manifest.mn +index caac524..16c8847 100644 +--- a/lib/softoken/legacydb/manifest.mn ++++ b/lib/softoken/legacydb/manifest.mn @@ -12,7 +12,7 @@ LIBRARY_NAME = nssdbm LIBRARY_VERSION = 3 MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def @@ -1592,10 +1105,10 @@ Index: nss/lib/softoken/legacydb/manifest.mn + fips.c \ $(NULL) -Index: nss/lib/softoken/manifest.mn -=================================================================== ---- nss.orig/lib/softoken/manifest.mn -+++ nss/lib/softoken/manifest.mn +diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn +index 34daf1c..c4c89fc 100644 +--- a/lib/softoken/manifest.mn ++++ b/lib/softoken/manifest.mn @@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \ softkver.h \ sdb.h \ @@ -1612,11 +1125,11 @@ Index: nss/lib/softoken/manifest.mn $(NULL) ifndef NSS_DISABLE_DBM -Index: nss/lib/softoken/softoken.h -=================================================================== ---- nss.orig/lib/softoken/softoken.h -+++ nss/lib/softoken/softoken.h -@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLAr +diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h +index 30586fc..f6d4a4c 100644 +--- a/lib/softoken/softoken.h ++++ b/lib/softoken/softoken.h +@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf, /* make sure Power-up selftests have been run. */ extern CK_RV sftk_FIPSEntryOK(void); @@ -1626,21 +1139,3 @@ Index: nss/lib/softoken/softoken.h /* ** make known fixed PKCS #11 key types to their sizes in bytes */ -Index: nss/lib/freebl/ldvector.c -=================================================================== ---- nss.orig/lib/freebl/ldvector.c -+++ nss/lib/freebl/ldvector.c -@@ -376,9 +376,12 @@ static const struct FREEBLVectorStr vect - /* End of version 3.024 */ - ChaCha20_InitContext, - ChaCha20_CreateContext, -- ChaCha20_DestroyContext -+ ChaCha20_DestroyContext, - - /* End of version 3.025 */ -+ -+ /* SUSE patch: Goes last */ -+ BL_FIPSRepeatIntegrityCheck - }; - - const FREEBLVector* From 36fe40e3e2e24582e9d59be97043c55e5734dc781eeddcb1ef9cb78f65253dfa Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 26 Jul 2022 20:46:30 +0000 Subject: [PATCH 3/4] OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=390 --- mozilla-nss.changes | 4 - mozilla-nss.spec | 4 + nss-3.79.tar.gz | 3 + nss-fips-approved-crypto-non-ec.patch | 329 ++++++------ nss-fips-constructor-self-tests.patch | 722 ++++++++++++++++++++------ nss-fips-tests-skip.patch | 19 + nss-fips-tls-allow-md5-prf.patch | 270 ++++++++++ 7 files changed, 1027 insertions(+), 324 deletions(-) create mode 100644 nss-3.79.tar.gz create mode 100644 nss-fips-tests-skip.patch create mode 100644 nss-fips-tls-allow-md5-prf.patch diff --git a/mozilla-nss.changes b/mozilla-nss.changes index ca694cb..7817b4e 100644 --- a/mozilla-nss.changes +++ b/mozilla-nss.changes @@ -24,10 +24,6 @@ Tue Jul 26 19:20:48 UTC 2022 - Wolfgang Rosenauer * bmo#1760998 - Avoid data race on primary password change. * bmo#1769063 - Replace ppc64 dcbzl intrinisic. * bmo#1771036 - Allow LDFLAGS override in makefile builds. -- FIPS patch updates -- removed obsolete patches - * nss-fips-tests-skip.patch - * nss-fips-tls-allow-md5-prf.patch ------------------------------------------------------------------- Sat Jun 25 12:30:25 UTC 2022 - Wolfgang Rosenauer diff --git a/mozilla-nss.spec b/mozilla-nss.spec index 4a3b2b5..d1c6dc4 100644 --- a/mozilla-nss.spec +++ b/mozilla-nss.spec @@ -65,6 +65,7 @@ Patch19: nss-fips-cavs-dsa-fixes.patch Patch20: nss-fips-cavs-rsa-fixes.patch Patch21: nss-fips-approved-crypto-non-ec.patch Patch22: nss-fips-zeroization.patch +Patch23: nss-fips-tls-allow-md5-prf.patch Patch24: nss-fips-use-strong-random-pool.patch Patch25: nss-fips-detect-fips-mode-fixes.patch Patch26: nss-fips-combined-hash-sign-dsa-ecdsa.patch @@ -73,6 +74,7 @@ Patch37: nss-fips-fix-missing-nspr.patch Patch38: nss-fips-stricter-dh.patch Patch40: nss-fips-180-3-csp-clearing.patch Patch41: nss-fips-pbkdf-kat-compliance.patch +Patch42: nss-fips-tests-skip.patch Patch44: nss-fips-tests-enable-fips.patch %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references @@ -223,6 +225,7 @@ cd nss %patch20 -p1 %patch21 -p1 %patch22 -p1 +%patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 @@ -231,6 +234,7 @@ cd nss %patch38 -p1 %patch40 -p1 %patch41 -p1 +%patch42 -p1 %patch44 -p1 # additional CA certificates diff --git a/nss-3.79.tar.gz b/nss-3.79.tar.gz new file mode 100644 index 0000000..df13da1 --- /dev/null +++ b/nss-3.79.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ebdf2d6a96613b6fe70ad579e9f983e0e94e0110171cfb2999db633d3394a514 +size 84830113 diff --git a/nss-fips-approved-crypto-non-ec.patch b/nss-fips-approved-crypto-non-ec.patch index 18ad4e7..e239737 100644 --- a/nss-fips-approved-crypto-non-ec.patch +++ b/nss-fips-approved-crypto-non-ec.patch @@ -87,17 +87,62 @@ Index: nss/lib/freebl/arcfour.c /* Architecture-dependent defines */ -@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un +@@ -108,6 +109,7 @@ static const Stype Kinit[256] = { + RC4Context * + RC4_AllocateContext(void) + { ++ IN_FIPS_RETURN(NULL); + return PORT_ZNew(RC4Context); + } + +@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const un + PRUint8 K[256]; + PRUint8 *L; + ++ IN_FIPS_RETURN(SECFailure); ++ + /* verify the key length. */ + PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE); + if (len == 0 || len >= ARCFOUR_STATE_SIZE) { +@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const un RC4Context * RC4_CreateContext(const unsigned char *key, int len) { - RC4Context *cx = RC4_AllocateContext(); + RC4Context *cx; + ++ IN_FIPS_RETURN(NULL); ++ + cx = RC4_AllocateContext(); if (cx) { SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0); if (rv != SECSuccess) { +@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *k + void + RC4_DestroyContext(RC4Context *cx, PRBool freeit) + { ++ IN_FIPS_RETURN(); + if (freeit) + PORT_ZFree(cx, sizeof(*cx)); + } +@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned cha + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) + { ++ IN_FIPS_RETURN(SECFailure); ++ + PORT_Assert(maxOutputLen >= inputLen); + if (maxOutputLen < inputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); +@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned cha + unsigned int *outputLen, unsigned int maxOutputLen, + const unsigned char *input, unsigned int inputLen) + { ++ IN_FIPS_RETURN(SECFailure); ++ + PORT_Assert(maxOutputLen >= inputLen); + if (maxOutputLen < inputLen) { + PORT_SetError(SEC_ERROR_OUTPUT_LEN); Index: nss/lib/freebl/deprecated/seed.c =================================================================== --- nss.orig/lib/freebl/deprecated/seed.c @@ -248,32 +293,56 @@ Index: nss/lib/freebl/md2.c #define MD2_DIGEST_LEN 16 #define MD2_BUFSIZE 16 #define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */ -@@ -66,7 +68,9 @@ SECStatus +@@ -66,7 +68,11 @@ SECStatus MD2_Hash(unsigned char *dest, const char *src) { unsigned int len; - MD2Context *cx = MD2_NewContext(); + MD2Context *cx; + ++ IN_FIPS_RETURN(SECFailure); ++ + cx = MD2_NewContext(); if (!cx) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return SECFailure; -@@ -81,7 +85,9 @@ MD2_Hash(unsigned char *dest, const char +@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char MD2Context * MD2_NewContext(void) { - MD2Context *cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context)); + MD2Context *cx; + ++ IN_FIPS_RETURN(NULL); ++ + cx = (MD2Context *)PORT_ZAlloc(sizeof(MD2Context)); if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return NULL; -@@ -226,6 +232,7 @@ MD2_End(MD2Context *cx, unsigned char *d +@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBoo + void + MD2_Begin(MD2Context *cx) + { ++ IN_FIPS_RETURN(); ++ + memset(cx, 0, sizeof(*cx)); + cx->unusedBuffer = MD2_BUFSIZE; + } +@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigne + { + PRUint32 bytesToConsume; + ++ IN_FIPS_RETURN(); ++ + /* Fill the remaining input buffer. */ + if (cx->unusedBuffer != MD2_BUFSIZE) { + bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer); +@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *d unsigned int *digestLen, unsigned int maxDigestLen) { PRUint8 padStart; ++ ++ IN_FIPS_RETURN(); + if (maxDigestLen < MD2_BUFSIZE) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -291,18 +360,37 @@ Index: nss/lib/freebl/md5.c #define MD5_HASH_LEN 16 #define MD5_BUFFER_SIZE 64 #define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8) -@@ -215,7 +217,9 @@ MD5Context * +@@ -195,6 +197,7 @@ struct MD5ContextStr { + SECStatus + MD5_Hash(unsigned char *dest, const char *src) + { ++ IN_FIPS_RETURN(SECFailure); + return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); + } + +@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const u + unsigned int len; + MD5Context cx; + ++ IN_FIPS_RETURN(SECFailure); ++ + MD5_Begin(&cx); + MD5_Update(&cx, src, src_length); + MD5_End(&cx, dest, &len, MD5_HASH_LEN); +@@ -215,7 +220,11 @@ MD5Context * MD5_NewContext(void) { /* no need to ZAlloc, MD5_Begin will init the context */ - MD5Context *cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); + MD5Context *cx; + ++ IN_FIPS_RETURN(NULL); ++ + cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return NULL; -@@ -226,7 +230,8 @@ MD5_NewContext(void) +@@ -226,7 +235,8 @@ MD5_NewContext(void) void MD5_DestroyContext(MD5Context *cx, PRBool freeit) { @@ -312,6 +400,42 @@ Index: nss/lib/freebl/md5.c if (freeit) { PORT_Free(cx); } +@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo + void + MD5_Begin(MD5Context *cx) + { ++ IN_FIPS_RETURN(); ++ + cx->lsbInput = 0; + cx->msbInput = 0; + /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */ +@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigne + PRUint32 inBufIndex = cx->lsbInput & 63; + const PRUint32 *wBuf; + ++ IN_FIPS_RETURN(); ++ + /* Add the number of input bytes to the 64-bit input counter. */ + addto64(cx->msbInput, cx->lsbInput, inputLen); + if (inBufIndex) { +@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *d + PRUint32 lowInput, highInput; + PRUint32 inBufIndex = cx->lsbInput & 63; + ++ IN_FIPS_RETURN(); ++ + if (maxDigestLen < MD5_HASH_LEN) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return; +@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char + #endif + PRUint32 cv[4]; + ++ IN_FIPS_RETURN(); ++ + if (maxDigestLen < MD5_HASH_LEN) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return; Index: nss/lib/freebl/nsslowhash.c =================================================================== --- nss.orig/lib/freebl/nsslowhash.c @@ -324,18 +448,15 @@ Index: nss/lib/freebl/nsslowhash.c struct NSSLOWInitContextStr { int count; -@@ -92,6 +93,15 @@ NSSLOWHASH_NewContext(NSSLOWInitContext +@@ -92,6 +93,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext { NSSLOWHASHContext *context; -+#if 0 + /* return with an error if unapproved hash is requested in FIPS mode */ -+ /* This is now handled by the service level indicator */ + if (!FIPS_hashAlgApproved(hashType)) { + PORT_SetError(SEC_ERROR_INVALID_ALGORITHM); + return NULL; + } -+#endif + if (post_failed) { PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR); @@ -352,16 +473,13 @@ Index: nss/lib/freebl/rawhash.c static void * null_hash_new_context(void) -@@ -146,7 +147,11 @@ const SECHashObject SECRawHashObjects[] +@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[] const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType) { - if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) { -+ /* We rely on the service level indicator for algorithm approval now, so -+ * the FIPS check here has been commented out */ -+ + if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL -+ /* || (!FIPS_hashAlgApproved(hashType)) */) { ++ || (!FIPS_hashAlgApproved(hashType))) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } @@ -369,24 +487,7 @@ Index: nss/lib/softoken/pkcs11c.c =================================================================== --- nss.orig/lib/softoken/pkcs11c.c +++ nss/lib/softoken/pkcs11c.c -@@ -4806,6 +4806,8 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi - goto loser; - } - -+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM, key); -+ - /* - * handle the base object stuff - */ -@@ -4820,6 +4822,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi - if (crv == CKR_OK) { - *phKey = key->handle; - } -+ - loser: - PORT_Memset(buf, 0, sizeof buf); - sftk_FreeObject(key); -@@ -7495,7 +7498,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -7491,7 +7491,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession } else { /* now allocate the hash contexts */ md5 = MD5_NewContext(); @@ -408,10 +509,21 @@ Index: nss/lib/freebl/desblapi.c #if defined(NSS_X86_OR_X64) /* Intel X86 CPUs do unaligned loads and stores without complaint. */ #define COPY8B(to, from, ptr) \ -@@ -145,12 +147,14 @@ DES_InitContext(DESContext *cx, const un +@@ -136,6 +138,8 @@ DES_EDE3CBCDe(DESContext *cx, BYTE *out, + DESContext * + DES_AllocateContext(void) + { ++ IN_FIPS_RETURN(NULL); ++ + return PORT_ZNew(DESContext); + } + +@@ -145,12 +149,16 @@ DES_InitContext(DESContext *cx, const un unsigned int unused) { DESDirection opposite; ++ ++ IN_FIPS_RETURN(SECFailure); + if (!cx) { PORT_SetError(SEC_ERROR_INVALID_ARGS); @@ -423,7 +535,7 @@ Index: nss/lib/freebl/desblapi.c switch (mode) { case NSS_DES: /* DES ECB */ DES_MakeSchedule(cx->ks0, key, cx->direction); -@@ -201,8 +205,11 @@ DES_InitContext(DESContext *cx, const un +@@ -201,8 +209,13 @@ DES_InitContext(DESContext *cx, const un DESContext * DES_CreateContext(const BYTE *key, const BYTE *iv, int mode, PRBool encrypt) { @@ -432,95 +544,43 @@ Index: nss/lib/freebl/desblapi.c + DESContext *cx; + SECStatus rv; + ++ IN_FIPS_RETURN(NULL); ++ + cx = PORT_ZNew(DESContext); + rv = DES_InitContext(cx, key, 0, iv, mode, encrypt, 0); if (rv != SECSuccess) { PORT_ZFree(cx, sizeof *cx); -@@ -225,7 +232,6 @@ SECStatus +@@ -214,6 +227,8 @@ DES_CreateContext(const BYTE *key, const + void + DES_DestroyContext(DESContext *cx, PRBool freeit) + { ++ IN_FIPS_RETURN(); ++ + if (cx) { + memset(cx, 0, sizeof *cx); + if (freeit) +@@ -225,6 +240,7 @@ SECStatus DES_Encrypt(DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen) { -- ++ IN_FIPS_RETURN(SECFailure); + if ((inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_ENCRYPT) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -242,7 +248,6 @@ SECStatus +@@ -242,6 +258,7 @@ SECStatus DES_Decrypt(DESContext *cx, BYTE *out, unsigned int *outLen, unsigned int maxOutLen, const BYTE *in, unsigned int inLen) { -- ++ IN_FIPS_RETURN(SECFailure); + if ((inLen % 8) != 0 || maxOutLen < inLen || !cx || cx->direction != DES_DECRYPT) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); Index: nss/lib/softoken/fips_algorithms.h =================================================================== --- nss.orig/lib/softoken/fips_algorithms.h +++ nss/lib/softoken/fips_algorithms.h -@@ -57,7 +57,7 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - #define RSA_FB_STEP 1024 - #define DSA_FB_KEY 2048, 4096 /* min, max */ - #define DSA_FB_STEP 1024 --#define DH_FB_KEY 2048, 4096 /* min, max */ -+#define DH_FB_KEY 2048, 8192 /* min, max */ - #define DH_FB_STEP 1024 - #define EC_FB_KEY 256, 521 /* min, max */ - #define EC_FB_STEP 1 /* key limits handled by special operation */ -@@ -65,7 +65,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - #define AES_FB_STEP 64 - { CKM_RSA_PKCS_KEY_PAIR_GEN, { RSA_FB_KEY, CKF_KPG }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, -+#if 0 -+ /* Non-approved */ - { CKM_RSA_PKCS_OAEP, { RSA_FB_KEY, CKF_ENC }, RSA_FB_STEP, SFTKFIPSNone }, -+#endif - /* -------------- RSA Multipart Signing Operations -------------------- */ - { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, -@@ -76,9 +79,18 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, - /* ------------------------- DSA Operations --------------------------- */ -+#if 0 - { CKM_DSA_KEY_PAIR_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, -- { CKM_DSA, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, -+#endif -+ -+ /* Doesn't consider hash algo. Non-approved, but verification must be allowed -+ * since we use it for signature verification */ -+ { CKM_DSA, { DSA_FB_KEY, CKF_VERIFY }, DSA_FB_STEP, SFTKFIPSNone }, -+ -+#if 0 - { CKM_DSA_PARAMETER_GEN, { DSA_FB_KEY, CKF_KPG }, DSA_FB_STEP, SFTKFIPSNone }, -+#endif -+ - { CKM_DSA_SHA224, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, - { CKM_DSA_SHA256, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, - { CKM_DSA_SHA384, { DSA_FB_KEY, CKF_SGN }, DSA_FB_STEP, SFTKFIPSNone }, -@@ -90,7 +102,10 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - /* -------------------- Elliptic Curve Operations --------------------- */ - { CKM_EC_KEY_PAIR_GEN, { EC_FB_KEY, CKF_KPG }, EC_FB_STEP, SFTKFIPSECC }, - { CKM_ECDH1_DERIVE, { EC_FB_KEY, CKF_KEA }, EC_FB_STEP, SFTKFIPSECC }, -+#if 0 -+ /* Doesn't consider hash algo. Non-approved */ - { CKM_ECDSA, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, -+#endif - { CKM_ECDSA_SHA224, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, - { CKM_ECDSA_SHA256, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, - { CKM_ECDSA_SHA384, { EC_FB_KEY, CKF_SGN }, EC_FB_STEP, SFTKFIPSECC }, -@@ -100,8 +115,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - { CKM_AES_KEY_GEN, { AES_FB_KEY, CKF_GEN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_ECB, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CBC, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, -+#if 0 -+ /* Non-approved */ - { CKM_AES_MAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_MAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, -+#endif - { CKM_AES_CMAC, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CMAC_GENERAL, { AES_FB_KEY, CKF_SGN }, AES_FB_STEP, SFTKFIPSNone }, - { CKM_AES_CBC_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, -@@ -111,8 +129,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] +@@ -111,8 +111,11 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] { CKM_AES_KEY_WRAP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, { CKM_AES_KEY_WRAP_PAD, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, { CKM_AES_KEY_WRAP_KWP, { AES_FB_KEY, CKF_ENC }, AES_FB_STEP, SFTKFIPSNone }, @@ -532,62 +592,3 @@ Index: nss/lib/softoken/fips_algorithms.h /* ------------------------- Hashing Operations ----------------------- */ { CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone }, { CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone }, -@@ -127,41 +148,44 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] - { CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone }, - { CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone }, - /* --------------------- Secret Key Operations ------------------------ */ -- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone }, -+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, - /* ---------------------- SSL/TLS operations ------------------------- */ - { CKM_SHA224_KEY_DERIVATION, { 112, 224, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_SHA256_KEY_DERIVATION, { 128, 256, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SHA384_KEY_DERIVATION, { 192, 284, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SHA384_KEY_DERIVATION, { 192, 384, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_SHA512_KEY_DERIVATION, { 256, 512, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_TLS12_MASTER_KEY_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_TLS12_MASTER_KEY_DERIVE_DH, { DH_FB_KEY, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_TLS12_KEY_AND_MAC_DERIVE, { 384, 384, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_TLS_PRF_GENERAL, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone }, -- { CKM_TLS_MAC, { 8, 512, CKF_SGN }, 1, SFTKFIPSNone }, -+ { CKM_TLS_MAC, { 112, 512, CKF_SGN }, 1, SFTKFIPSNone }, - /* sigh, is this algorithm really tested. ssl doesn't seem to have a - * way of turning the extension off */ - { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE, { 192, 1024, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_NSS_TLS_EXTENDED_MASTER_KEY_DERIVE_DH, { 192, 1024, CKF_DERIVE }, 1, SFTKFIPSNone }, - - /* ------------------------- HKDF Operations -------------------------- */ -+#if 0 -+ /* Only approved in the context of TLS 1.3 */ - { CKM_HKDF_DERIVE, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_HKDF_DATA, { 8, 255 * 64 * 8, CKF_KDF }, 1, SFTKFIPSNone }, - { CKM_HKDF_KEY_GEN, { 160, 224, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_HKDF_KEY_GEN, { 256, 512, CKF_GEN }, 128, SFTKFIPSNone }, -+#endif - /* ------------------ NIST 800-108 Key Derivations ------------------- */ -- { CKM_SP800_108_COUNTER_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SP800_108_FEEDBACK_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 0, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SP800_108_COUNTER_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SP800_108_FEEDBACK_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_SP800_108_DOUBLE_PIPELINE_KDF, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_SP800_108_COUNTER_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_SP800_108_FEEDBACK_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSNone }, - /* --------------------IPSEC ----------------------- */ -- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone }, -- { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE1_PRF_DERIVE, { 112, 112, CKF_KDF }, 1, SFTKFIPSNone }, -+ { CKM_NSS_IKE1_APP_B_PRF_DERIVE, { 112, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone }, - /* ------------------ PBE Key Derivations ------------------- */ -- { CKM_PKCS5_PBKD2, { 1, 256, CKF_GEN }, 1, SFTKFIPSNone }, -+ { CKM_PKCS5_PBKD2, { 112, 256, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA224_HMAC_KEY_GEN, { 224, 224, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA256_HMAC_KEY_GEN, { 256, 256, CKF_GEN }, 1, SFTKFIPSNone }, - { CKM_NSS_PKCS12_PBE_SHA384_HMAC_KEY_GEN, { 384, 384, CKF_GEN }, 1, SFTKFIPSNone }, diff --git a/nss-fips-constructor-self-tests.patch b/nss-fips-constructor-self-tests.patch index 00b4e9b..4afca23 100644 --- a/nss-fips-constructor-self-tests.patch +++ b/nss-fips-constructor-self-tests.patch @@ -1,7 +1,13 @@ -diff --git a/cmd/chktest/chktest.c b/cmd/chktest/chktest.c -index a33d184..f09283a 100644 ---- a/cmd/chktest/chktest.c -+++ b/cmd/chktest/chktest.c +commit d4f90dd0c5e15cfd9db416207d067cc3968b3a0c +Author: Hans Petter Jansson +Date: Sun Mar 15 21:54:30 2020 +0100 + + Patch 23: nss-fips-constructor-self-tests.patch + +Index: nss/cmd/chktest/chktest.c +=================================================================== +--- nss.orig/cmd/chktest/chktest.c ++++ nss/cmd/chktest/chktest.c @@ -38,7 +38,7 @@ main(int argc, char **argv) } RNG_SystemInfoForRNG(); @@ -11,10 +17,10 @@ index a33d184..f09283a 100644 printf("%s\n", (good_result ? "SUCCESS" : "FAILURE")); return (good_result) ? SECSuccess : SECFailure; -diff --git a/cmd/shlibsign/shlibsign.c b/cmd/shlibsign/shlibsign.c -index ad8f3b8..a5b42d7 100644 ---- a/cmd/shlibsign/shlibsign.c -+++ b/cmd/shlibsign/shlibsign.c +Index: nss/cmd/shlibsign/shlibsign.c +=================================================================== +--- nss.orig/cmd/shlibsign/shlibsign.c ++++ nss/cmd/shlibsign/shlibsign.c @@ -946,10 +946,12 @@ main(int argc, char **argv) goto cleanup; } @@ -32,10 +38,10 @@ index ad8f3b8..a5b42d7 100644 } } -diff --git a/lib/freebl/blapi.h b/lib/freebl/blapi.h -index 94fd802..45e1dd1 100644 ---- a/lib/freebl/blapi.h -+++ b/lib/freebl/blapi.h +Index: nss/lib/freebl/blapi.h +=================================================================== +--- nss.orig/lib/freebl/blapi.h ++++ nss/lib/freebl/blapi.h @@ -1759,17 +1759,17 @@ extern void BL_Unload(void); /************************************************************************** * Verify a given Shared library signature * @@ -57,20 +63,403 @@ index 94fd802..45e1dd1 100644 /*********************************************************************/ extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType); -@@ -1791,6 +1791,9 @@ extern SECStatus EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, - */ - extern int EC_GetPointSize(const ECParams *params); - -+/* Unconditionally run the integrity check. */ -+extern void BL_FIPSRepeatIntegrityCheck(void); +Index: nss/lib/freebl/fips-selftest.inc +=================================================================== +--- /dev/null ++++ nss/lib/freebl/fips-selftest.inc +@@ -0,0 +1,355 @@ ++/* ++ * PKCS #11 FIPS Power-Up Self Test - common stuff. ++ * ++ * This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + - SEC_END_PROTOS - - #endif /* _BLAPI_H_ */ -diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c -index 23f665a..f080417 100644 ---- a/lib/freebl/fipsfreebl.c -+++ b/lib/freebl/fipsfreebl.c ++#ifndef FIPS_INC ++#define FIPS_INC ++ ++/* common functions used for FIPS selftests. Due to the modular design of NSS ++ * putting these into libfreebl would mean either amending the API represented ++ * by FREEBLVectorStr - which might cause problems with newer applications, or ++ * extending the API with another similar function set. Thus, to make things ++ * less complicated in the binaries, we mess up the source a bit. */ ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include ++#include ++ ++#include ++ ++#include "blapi.h" ++ ++#define NSS_FORCE_FIPS_ENV "NSS_FIPS" ++#define FIPS_PROC_PATH "/proc/sys/crypto/fips_enabled" ++ ++#define CHECKSUM_SUFFIX ".chk" ++ ++typedef enum fips_check_status { ++ CHECK_UNCHECKED = -1, ++ CHECK_OK = 0, ++ CHECK_FAIL, ++ CHECK_FAIL_CRYPTO, ++ CHECK_MISSING ++} fips_check_status; ++ ++/* initial value of FIPS state is -1 */ ++static int fips_state = -1; ++ ++static int fips_wanted = -1; ++ ++static int fips_is_env = 0; ++static int fips_ignore_checksums = 0; ++ ++/* debug messages are sent to stderr */ ++static void ++debug(const char *fmt,...) ++{ ++#if 0 ++ va_list args; ++ ++ va_start(args, fmt); ++ vfprintf(stderr, fmt, args); ++ va_end(args); ++ fputc('\n', stderr); ++#endif ++ return; ++} ++ ++/* Fatal messages ending with abort(); this function never returns */ ++static void __attribute__ ((__noreturn__)) ++fatal(const char *fmt,...) ++{ ++ va_list args; ++ ++ va_start(args, fmt); ++ vfprintf(stderr, fmt, args); ++ va_end(args); ++ fputc('\n', stderr); ++ abort(); ++} ++ ++/* check whether FIPS moode is mandated by the kernel */ ++static int ++fips_isWantedProc(void) ++{ ++ int my_fips_wanted = 0; ++ int fips_fd; ++ char fips_sys = 0; ++ ++ struct stat dummy; ++ if (-1 == stat(FIPS_PROC_PATH, &dummy)) { ++ switch (errno) { ++ case ENOENT: ++ case EACCES: /* Mozilla sandboxing returns EACCES instead of ENOENT */ ++ case ENOTDIR: ++ break; ++ default: ++ fatal("Check for system-wide FIPS mode is required and %s cannot" ++ " be accessed for reason other than non-existence - aborting" ++ , FIPS_PROC_PATH); ++ break; ++ } ++ } else { ++ if (-1 == (fips_fd = open(FIPS_PROC_PATH, O_RDONLY))) { ++ fatal("Check for system-wide FIPS mode is required and %s cannot" ++ " be opened for reading - aborting" ++ , FIPS_PROC_PATH); ++ } ++ if (1 > read(fips_fd, &fips_sys, 1)) { ++ fatal("Check for system-wide FIPS mode is required and %s doesn't" ++ " return at least one character - aborting" ++ , FIPS_PROC_PATH); ++ } ++ close(fips_fd); ++ switch (fips_sys) { ++ case '0': ++ case '1': ++ my_fips_wanted = fips_sys - '0'; ++ break; ++ default: ++ fatal("Bogus character %c found in %s - aborting" ++ , fips_sys, FIPS_PROC_PATH); ++ } ++ } ++ return my_fips_wanted; ++} ++ ++/* "legacy" from lib/sysinit/nsssysinit.c */ ++static PRBool ++getFIPSEnv(void) ++{ ++ char *fipsEnv = getenv("NSS_FIPS"); ++ if (!fipsEnv) { ++ return PR_FALSE; ++ } ++ if ((strcasecmp(fipsEnv,"fips") == 0) || ++ (strcasecmp(fipsEnv,"true") == 0) || ++ (strcasecmp(fipsEnv,"on") == 0) || ++ (strcasecmp(fipsEnv,"1") == 0)) { ++ return PR_TRUE; ++ } ++ return PR_FALSE; ++} ++ ++static PRBool ++getIgnoreChecksumsEnv(void) ++{ ++ char *checksumEnv = getenv("NSS_IGNORE_CHECKSUMS"); ++ if (!checksumEnv) { ++ return PR_FALSE; ++ } ++ if ((strcasecmp(checksumEnv,"true") == 0) || ++ (strcasecmp(checksumEnv,"on") == 0) || ++ (strcasecmp(checksumEnv,"1") == 0)) { ++ return PR_TRUE; ++ } ++ return PR_FALSE; ++} ++ ++static int ++fips_isWantedEnv(void) ++{ ++ return getFIPSEnv() ? 1 : 0; ++} ++ ++static int ++fips_isWanted(void) ++{ ++ int fips_requests = 0; ++#ifdef LINUX ++ fips_requests += fips_isWantedProc(); ++#endif ++ if (fips_requests < 1) ++ { ++ fips_is_env = 1; ++ fips_ignore_checksums = getIgnoreChecksumsEnv(); ++ } ++ fips_requests += fips_isWantedEnv(); ++ ++ return fips_requests; ++} ++ ++static PRBool ++fips_check_signature_external (const char *full_lib_name, int *err) ++{ ++ char *p0, *p1; ++ char *ld_path; ++ PRBool rv = PR_FALSE; ++ ++ p0 = getenv ("LD_LIBRARY_PATH"); ++ p0 = ld_path = strdup (p0 ? p0 : ""); ++ ++ for (p1 = strchr (p0, ':'); p1 && !rv; p1 = strchr (p0, ':')) ++ { ++ char *path; ++ ++ *p1 = '\0'; ++ path = malloc (strlen (p0) + strlen (full_lib_name) + 2); ++ strcpy (path, p0); ++ strcat (path, "/"); ++ strcat (path, full_lib_name); ++ ++ rv = BLAPI_SHVerifyFile (path, err); ++ ++ free (path); ++ p0 = p1 + 1; ++ } ++ ++ if (!rv) ++ { ++ char *path = malloc (strlen ("/usr/lib64/") + strlen (full_lib_name) + 1); ++ strcpy (path, "/usr/lib64/"); ++ strcat (path, full_lib_name); ++ rv = BLAPI_SHVerifyFile (path, err); ++ } ++ ++ free (ld_path); ++ return rv; ++} ++ ++/* check integrity signatures (if present) */ ++static fips_check_status ++fips_checkSignature(char *libName, PRFuncPtr addr) ++{ ++ PRBool rv; ++ fips_check_status rv_check = CHECK_UNCHECKED; ++ int l = PATH_MAX; ++ int err = 0; ++ int err_NOENT = 0; ++ char full_lib_name[PATH_MAX+1]; ++ full_lib_name[0] = '\0'; ++ ++ if (NULL == libName) { ++ err_NOENT = PR_FILE_NOT_FOUND_ERROR; ++ rv = BLAPI_VerifySelf(SHLIB_PREFIX"freebl"SHLIB_VERSION"."SHLIB_SUFFIX, &err); ++ } else { ++ err_NOENT = PR_FILE_NOT_FOUND_ERROR; ++ strncat(full_lib_name, SHLIB_PREFIX, l); ++ l -= strlen(SHLIB_PREFIX); ++ strncat(full_lib_name, libName, l); ++ l -= strlen(libName); ++ strncat(full_lib_name, SHLIB_VERSION"."SHLIB_SUFFIX, l); ++ l -= strlen(SHLIB_VERSION"."SHLIB_SUFFIX); ++ ++ if (NULL == addr) ++ rv = fips_check_signature_external (full_lib_name, &err); ++ else ++ rv = BLAPI_SHVerify(full_lib_name, addr, &err); ++ } ++ ++ if (rv) { ++ rv_check = CHECK_OK; ++ } else { ++ if (err_NOENT == err) { ++ rv_check = CHECK_MISSING; ++ } else { ++ rv_check = CHECK_FAIL; ++ } ++ } ++ ++ return rv_check; ++} ++ ++/* decide what to do depending on the results of tests and system/required FIPS ++ * mode */ ++static int ++fips_resolve(fips_check_status check, char *libName) ++{ ++ int state; ++ ++ if (fips_wanted) { ++ switch (check) { ++ case CHECK_OK: ++ debug("fips - %s: mandatory checksum ok" ++ , (libName) ? libName : "freebl"); ++ break; ++ case CHECK_FAIL: ++ fatal("fips - %s: mandatory checksum failed - aborting" ++ , (libName) ? libName : "freebl"); ++ break; ++ case CHECK_FAIL_CRYPTO: ++ fatal("fips - %s: mandatory crypto test failed - aborting" ++ , (libName) ? libName : "freebl"); ++ break; ++ case CHECK_MISSING: ++ fatal("fips - %s: mandatory checksum data missing - aborting" ++ , (libName) ? libName : "freebl"); ++ break; ++ default: ++ fatal("Fatal error: internal error at %s:%u" ++ , __FILE__, __LINE__); ++ break; ++ } ++ state = 1; ++ } else { ++ switch (check) { ++ case CHECK_OK: ++ debug("fips - %s: checksum ok" ++ , (libName) ? libName : "freebl"); ++ break; ++ case CHECK_FAIL: ++#if 0 ++ fatal("fips - %s: checksum failed - aborting" ++ , (libName) ? libName : "freebl"); ++#else ++ debug("fips - %s: checksum failed - not in FIPS mode; continuing" ++ , (libName) ? libName : "freebl"); ++#endif ++ break; ++ case CHECK_FAIL_CRYPTO: ++ fatal("fips - %s: crypto test failed - aborting" ++ , (libName) ? libName : "freebl"); ++ break; ++ case CHECK_MISSING: ++ debug("fips - %s: mandatory checksum data missing, but not required in non FIPS mode; continuing non-FIPS" ++ , (libName) ? libName : "freebl"); ++ break; ++ default: ++ fatal("Fatal error: internal error at %s:%u" ++ , __FILE__, __LINE__); ++ break; ++ } ++ state = 0; ++ } ++ return state; ++} ++ ++/* generic selftest ++ * libName and addr are the name of shared object to check and a function ++ * contained therein; (NULL, NULL) performs selfcheck of freebl. ++ * crypto_check is callback that performs cryptographic algorithms checks; NULL ++ * for libraries that do not implement any cryptographic algorithms per se ++ */ ++static int ++fips_initTest(char *libName, PRFuncPtr addr, fips_check_status cryptoCheck(void)) ++{ ++ fips_check_status check = CHECK_OK; ++ ++ fips_wanted = fips_isWanted(); ++ ++ if (cryptoCheck) { ++ check = cryptoCheck(); ++ debug("fips - %s: crypto check %s" ++ , (libName) ? libName : "freebl" ++ , (CHECK_OK == check) ? "ok" : "failed"); ++ } ++ ++ if (CHECK_OK == check) { ++ check = fips_checkSignature(libName, addr); ++ } ++ ++ return fips_resolve(check, libName); ++} ++ ++#endif +Index: nss/lib/freebl/fips.c +=================================================================== +--- /dev/null ++++ nss/lib/freebl/fips.c +@@ -0,0 +1,7 @@ ++/* ++ * PKCS #11 FIPS Power-Up Self Test. ++ * ++ * This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ +Index: nss/lib/freebl/fips.h +=================================================================== +--- /dev/null ++++ nss/lib/freebl/fips.h +@@ -0,0 +1,16 @@ ++/* ++ * PKCS #11 FIPS Power-Up Self Test. ++ * ++ * This Source Code Form is subject to the terms of the Mozilla Public ++ * License, v. 2.0. If a copy of the MPL was not distributed with this ++ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ ++ ++#ifndef FIPS_H ++#define FIPS_H ++ ++int FIPS_mode(void); ++int FIPS_mode_allow_tests(void); ++char* FIPS_rngDev(void); ++ ++#endif ++ +Index: nss/lib/freebl/fipsfreebl.c +=================================================================== +--- nss.orig/lib/freebl/fipsfreebl.c ++++ nss/lib/freebl/fipsfreebl.c @@ -21,6 +21,13 @@ #include "ec.h" /* Required for EC */ @@ -85,7 +474,7 @@ index 23f665a..f080417 100644 /* * different platforms have different ways of calling and initial entry point * when the dll/.so is loaded. Most platforms support either a posix pragma -@@ -1963,9 +1970,8 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -1998,9 +2005,8 @@ freebl_fips_RNG_PowerUpSelfTest(void) 0x0a, 0x26, 0x21, 0xd0, 0x19, 0xcb, 0x86, 0x73, 0x10, 0x1f, 0x60, 0xd7 }; @@ -96,7 +485,7 @@ index 23f665a..f080417 100644 /*******************************************/ /* Run the SP 800-90 Health tests */ -@@ -1979,13 +1985,12 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -2014,13 +2020,12 @@ freebl_fips_RNG_PowerUpSelfTest(void) /*******************************************/ /* Generate DSAX fow given Q. */ /*******************************************/ @@ -111,7 +500,7 @@ index 23f665a..f080417 100644 PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } -@@ -1993,17 +1998,19 @@ freebl_fips_RNG_PowerUpSelfTest(void) +@@ -2028,17 +2033,19 @@ freebl_fips_RNG_PowerUpSelfTest(void) return (SECSuccess); } @@ -132,7 +521,7 @@ index 23f665a..f080417 100644 #define DO_FREEBL 1 #define DO_REST 2 -@@ -2121,11 +2128,13 @@ static PRBool self_tests_ran = PR_FALSE; +@@ -2156,11 +2163,13 @@ static PRBool self_tests_ran = PR_FALSE; static PRBool self_tests_freebl_success = PR_FALSE; static PRBool self_tests_success = PR_FALSE; @@ -147,7 +536,7 @@ index 23f665a..f080417 100644 { SECStatus rv; /* if the freebl self tests didn't run, there is something wrong with -@@ -2138,7 +2147,7 @@ BL_POSTRan(PRBool freebl_only) +@@ -2173,7 +2182,7 @@ BL_POSTRan(PRBool freebl_only) return PR_TRUE; } /* if we only care about the freebl tests, we are good */ @@ -156,7 +545,7 @@ index 23f665a..f080417 100644 return PR_TRUE; } /* run the rest of the self tests */ -@@ -2157,32 +2166,16 @@ BL_POSTRan(PRBool freebl_only) +@@ -2192,32 +2201,16 @@ BL_POSTRan(PRBool freebl_only) return PR_TRUE; } @@ -194,7 +583,7 @@ index 23f665a..f080417 100644 self_tests_freebl_ran = PR_TRUE; /* we are running the tests */ if (!freebl_only) { -@@ -2194,20 +2187,55 @@ bl_startup_tests(void) +@@ -2229,20 +2222,55 @@ bl_startup_tests(void) /* always run the post tests */ rv = freebl_fipsPowerUpSelfTest(freebl_only ? DO_FREEBL : DO_FREEBL | DO_REST); if (rv != SECSuccess) { @@ -252,7 +641,7 @@ index 23f665a..f080417 100644 } /* -@@ -2216,28 +2244,110 @@ bl_startup_tests(void) +@@ -2251,28 +2279,104 @@ bl_startup_tests(void) * power on selftest failed. */ SECStatus @@ -285,12 +674,6 @@ index 23f665a..f080417 100644 return SECFailure; } + -+void -+BL_FIPSRepeatIntegrityCheck(void) -+{ -+ fips_state = fips_initTest("freebl", NULL, NULL); -+} -+ +/* returns the FIPS mode we are running in or the one that we aspire to if the + * tests have not completed yet - which might happen during the crypto selftest + */ @@ -373,44 +756,11 @@ index 23f665a..f080417 100644 +} + #endif -diff --git a/lib/freebl/ldvector.c b/lib/freebl/ldvector.c -index ac3b862..8f3518b 100644 ---- a/lib/freebl/ldvector.c -+++ b/lib/freebl/ldvector.c -@@ -376,9 +376,12 @@ static const struct FREEBLVectorStr vector = - /* End of version 3.024 */ - ChaCha20_InitContext, - ChaCha20_CreateContext, -- ChaCha20_DestroyContext -+ ChaCha20_DestroyContext, - - /* End of version 3.025 */ -+ -+ /* SUSE patch: Goes last */ -+ BL_FIPSRepeatIntegrityCheck - }; - - const FREEBLVector* -diff --git a/lib/freebl/loader.c b/lib/freebl/loader.c -index 692a883..deca671 100644 ---- a/lib/freebl/loader.c -+++ b/lib/freebl/loader.c -@@ -95,6 +95,14 @@ BL_Init(void) - return (vector->p_BL_Init)(); - } - -+void -+BL_FIPSRepeatIntegrityCheck(void) -+{ -+ if (!vector && PR_SUCCESS != freebl_RunLoaderOnce()) -+ return; -+ (vector->p_BL_FIPSRepeatIntegrityCheck)(); -+} -+ - RSAPrivateKey * - RSA_NewKey(int keySizeInBits, SECItem *publicExponent) - { -@@ -1213,11 +1221,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext *cx, unsigned char *output, +Index: nss/lib/freebl/loader.c +=================================================================== +--- nss.orig/lib/freebl/loader.c ++++ nss/lib/freebl/loader.c +@@ -1213,11 +1213,11 @@ AESKeyWrap_DecryptKWP(AESKeyWrapContext } PRBool @@ -424,7 +774,7 @@ index 692a883..deca671 100644 } /* -@@ -1227,12 +1235,12 @@ BLAPI_SHVerify(const char *name, PRFuncPtr addr) +@@ -1227,12 +1227,12 @@ BLAPI_SHVerify(const char *name, PRFuncP * in freebl_LoadDSO) to p_BLAPI_VerifySelf. */ PRBool @@ -439,7 +789,7 @@ index 692a883..deca671 100644 } /* ============== New for 3.006 =============================== */ -@@ -1836,11 +1844,11 @@ SHA224_Clone(SHA224Context *dest, SHA224Context *src) +@@ -1836,11 +1836,11 @@ SHA224_Clone(SHA224Context *dest, SHA224 } PRBool @@ -453,10 +803,10 @@ index 692a883..deca671 100644 } /* === new for DSA-2 === */ -diff --git a/lib/freebl/loader.h b/lib/freebl/loader.h -index eb3046d..3bbc43a 100644 ---- a/lib/freebl/loader.h -+++ b/lib/freebl/loader.h +Index: nss/lib/freebl/loader.h +=================================================================== +--- nss.orig/lib/freebl/loader.h ++++ nss/lib/freebl/loader.h @@ -299,8 +299,8 @@ struct FREEBLVectorStr { /* Version 3.004 came to here */ @@ -477,20 +827,10 @@ index eb3046d..3bbc43a 100644 /* Version 3.013 came to here */ -@@ -834,6 +834,9 @@ struct FREEBLVectorStr { - - /* Add new function pointers at the end of this struct and bump - * FREEBL_VERSION at the beginning of this file. */ -+ -+ /* SUSE patch: Goes last */ -+ void (*p_BL_FIPSRepeatIntegrityCheck)(void); - }; - - typedef struct FREEBLVectorStr FREEBLVector; -diff --git a/lib/freebl/manifest.mn b/lib/freebl/manifest.mn -index b6c5fb3..b8ba60b 100644 ---- a/lib/freebl/manifest.mn -+++ b/lib/freebl/manifest.mn +Index: nss/lib/freebl/manifest.mn +=================================================================== +--- nss.orig/lib/freebl/manifest.mn ++++ nss/lib/freebl/manifest.mn @@ -97,6 +97,7 @@ PRIVATE_EXPORTS = \ ecl.h \ ecl-curve.h \ @@ -499,7 +839,7 @@ index b6c5fb3..b8ba60b 100644 $(NULL) MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h -@@ -187,6 +188,7 @@ ALL_HDRS = \ +@@ -186,6 +187,7 @@ ALL_HDRS = \ shsign.h \ vis_proto.h \ seed.h \ @@ -507,10 +847,10 @@ index b6c5fb3..b8ba60b 100644 $(NULL) -diff --git a/lib/freebl/shvfy.c b/lib/freebl/shvfy.c -index 0428bf6..f463352 100644 ---- a/lib/freebl/shvfy.c -+++ b/lib/freebl/shvfy.c +Index: nss/lib/freebl/shvfy.c +=================================================================== +--- nss.orig/lib/freebl/shvfy.c ++++ nss/lib/freebl/shvfy.c @@ -22,6 +22,8 @@ #ifndef NSS_FIPS_DISABLED @@ -520,7 +860,7 @@ index 0428bf6..f463352 100644 /* * Most modern version of Linux support a speed optimization scheme where an * application called prelink modifies programs and shared libraries to quickly -@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int pid) +@@ -231,8 +233,6 @@ bl_CloseUnPrelink(PRFileDesc *file, int } #endif @@ -578,7 +918,7 @@ index 0428bf6..f463352 100644 { char *checkName = NULL; PRFileDesc *checkFD = NULL; -@@ -341,7 +341,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self) +@@ -340,7 +340,7 @@ blapi_SHVerifyFile(const char *shName, P #endif PRBool result = PR_FALSE; /* if anything goes wrong, @@ -587,7 +927,7 @@ index 0428bf6..f463352 100644 unsigned char buf[4096]; unsigned char hashBuf[HASH_LENGTH_MAX]; -@@ -368,14 +368,17 @@ blapi_SHVerifyFile(const char *shName, PRBool self) +@@ -367,14 +367,17 @@ blapi_SHVerifyFile(const char *shName, P /* open the check File */ checkFD = PR_Open(checkName, PR_RDONLY, 0); if (checkFD == NULL) { @@ -608,7 +948,7 @@ index 0428bf6..f463352 100644 bytesRead = PR_Read(checkFD, buf, 12); if (bytesRead != 12) { goto loser; -@@ -416,7 +419,8 @@ blapi_SHVerifyFile(const char *shName, PRBool self) +@@ -415,7 +418,8 @@ blapi_SHVerifyFile(const char *shName, P if (rv != SECSuccess) { goto loser; } @@ -618,7 +958,7 @@ index 0428bf6..f463352 100644 rv = readItem(checkFD, &signature); if (rv != SECSuccess) { goto loser; -@@ -431,7 +435,7 @@ blapi_SHVerifyFile(const char *shName, PRBool self) +@@ -430,7 +434,7 @@ blapi_SHVerifyFile(const char *shName, P goto loser; } @@ -627,7 +967,7 @@ index 0428bf6..f463352 100644 #ifdef FREEBL_USE_PRELINK shFD = bl_OpenUnPrelink(shName, &pid); #else -@@ -439,13 +443,13 @@ blapi_SHVerifyFile(const char *shName, PRBool self) +@@ -438,13 +442,13 @@ blapi_SHVerifyFile(const char *shName, P #endif if (shFD == NULL) { #ifdef DEBUG_SHVERIFY @@ -644,7 +984,7 @@ index 0428bf6..f463352 100644 hashcx = hashObj->create(); if (hashcx == NULL) { goto loser; -@@ -532,7 +536,7 @@ loser: +@@ -531,7 +535,7 @@ loser: } PRBool @@ -653,7 +993,7 @@ index 0428bf6..f463352 100644 { if (name == NULL) { /* -@@ -541,7 +545,7 @@ BLAPI_VerifySelf(const char *name) +@@ -540,7 +544,7 @@ BLAPI_VerifySelf(const char *name) */ return PR_TRUE; } @@ -662,10 +1002,70 @@ index 0428bf6..f463352 100644 } #else /* NSS_FIPS_DISABLED */ -diff --git a/lib/softoken/fipstest.c b/lib/softoken/fipstest.c -index aa4992c..ab3b693 100644 ---- a/lib/softoken/fipstest.c -+++ b/lib/softoken/fipstest.c +Index: nss/lib/softoken/fips.c +=================================================================== +--- /dev/null ++++ nss/lib/softoken/fips.c +@@ -0,0 +1,40 @@ ++#include "../freebl/fips-selftest.inc" ++ ++#include "fips.h" ++ ++#include "softoken.h" ++ ++#include ++ ++/* crypto algorithms selftest wrapper */ ++static fips_check_status ++fips_checkCryptoSoftoken(void) ++{ ++ if (CKR_OK == sftk_FIPSEntryOK()) { ++ return CHECK_OK; ++ } else { ++ return CHECK_FAIL_CRYPTO; ++ } ++ ++ return CHECK_OK; ++} ++ ++/* constructor - load-time selfchecks */ ++static void __attribute__ ((constructor)) ++fips_initTestSoftoken(void) ++{ ++ fips_state = fips_initTest("softokn", (PRFuncPtr)fips_initTestSoftoken, fips_checkCryptoSoftoken); ++ ++ /* The legacy DB must be checked unconditionally in FIPS mode. As an exception, ++ * this can be turned off for the build-time tests using the env var ++ * NSS_IGNORE_CHECKSUMS. This is necessary because the files cannot be ++ * located before they're installed. It only works if FIPS mode is enabled ++ * via NSS_FIPS=1, not if it's set in /proc. */ ++ ++ if (fips_state && !(fips_is_env && fips_ignore_checksums)) ++ { ++ fips_state = fips_initTest("nssdbm", (PRFuncPtr) NULL, NULL); ++ } ++ ++ return; ++} +Index: nss/lib/softoken/fips.h +=================================================================== +--- /dev/null ++++ nss/lib/softoken/fips.h +@@ -0,0 +1,10 @@ ++#ifndef FIPS_H ++#define FIPS_H ++ ++#include "softoken.h" ++ ++CK_RV FIPS_cryptoSelftestSoftoken(void); ++CK_RV sftk_fipsPowerUpSelfTest(void); ++ ++#endif ++ +Index: nss/lib/softoken/fipstest.c +=================================================================== +--- nss.orig/lib/softoken/fipstest.c ++++ nss/lib/softoken/fipstest.c @@ -682,6 +682,327 @@ sftk_fips_HKDF_PowerUpSelfTest(void) return (SECSuccess); } @@ -1022,21 +1422,21 @@ index aa4992c..ab3b693 100644 + /* check the DSA combined functions in softoken */ + rv = sftk_fips_DSA_PowerUpSelfTest(); + if (rv != SECSuccess) { -+ return; -+ } + return; + } + + /* check the ECDSA combined functions in softoken */ + rv = sftk_fips_ECDSA_PowerUpSelfTest(); + if (rv != SECSuccess) { - return; - } ++ return; ++ } + + /* Checksum is done by fips_initTestSoftoken() in fips.c */ + rv = sftk_fips_IKE_PowerUpSelfTests(); if (rv != SECSuccess) { return; -@@ -759,22 +1089,27 @@ sftk_startup_tests(void) +@@ -759,17 +1089,11 @@ sftk_startup_tests(void) CK_RV sftk_FIPSEntryOK() { @@ -1056,26 +1456,50 @@ index aa4992c..ab3b693 100644 if (!sftk_self_tests_success) { return CKR_DEVICE_ERROR; } - return CKR_OK; - } +Index: nss/lib/softoken/legacydb/fips.c +=================================================================== +--- /dev/null ++++ nss/lib/softoken/legacydb/fips.c +@@ -0,0 +1,25 @@ ++#include "../../freebl/fips-selftest.inc" + -+void fips_repeatTestSoftoken(void); ++#include "fips.h" + -+void -+sftk_FIPSRepeatIntegrityCheck() ++/*** private per-module symbols ***/ ++ ++/* crypto algorithms selftest wrapper */ ++static fips_check_status ++fips_checkCryptoDbm(void) +{ -+ /* These will abort if the checksum fails in FIPS mode */ -+ BL_FIPSRepeatIntegrityCheck(); -+ fips_repeatTestSoftoken(); ++ /* no checks in dbm */ ++ return CHECK_OK; +} + - #else - #include "pkcs11t.h" - CK_RV -diff --git a/lib/softoken/legacydb/lgfips.c b/lib/softoken/legacydb/lgfips.c -index b991dcf..efb7e52 100644 ---- a/lib/softoken/legacydb/lgfips.c -+++ b/lib/softoken/legacydb/lgfips.c ++/* constructor - load-time selfchecks */ ++static void __attribute__ ((constructor)) ++fips_initTestDbm(void) ++{ ++ fips_state = fips_initTest("nssdbm", (PRFuncPtr)fips_checkCryptoDbm, NULL); ++ ++ return; ++} ++ ++/*** public per-module symbols ***/ ++ +Index: nss/lib/softoken/legacydb/fips.h +=================================================================== +--- /dev/null ++++ nss/lib/softoken/legacydb/fips.h +@@ -0,0 +1,5 @@ ++#ifndef FIPS_H ++#define FIPS_H ++ ++#endif ++ +Index: nss/lib/softoken/legacydb/lgfips.c +=================================================================== +--- nss.orig/lib/softoken/legacydb/lgfips.c ++++ nss/lib/softoken/legacydb/lgfips.c @@ -90,7 +90,7 @@ lg_startup_tests(void) /* no self tests required for the legacy db, only the integrity check */ @@ -1085,10 +1509,10 @@ index b991dcf..efb7e52 100644 /* something is wrong with the library, fail without enabling * the fips token */ return; -diff --git a/lib/softoken/legacydb/manifest.mn b/lib/softoken/legacydb/manifest.mn -index caac524..16c8847 100644 ---- a/lib/softoken/legacydb/manifest.mn -+++ b/lib/softoken/legacydb/manifest.mn +Index: nss/lib/softoken/legacydb/manifest.mn +=================================================================== +--- nss.orig/lib/softoken/legacydb/manifest.mn ++++ nss/lib/softoken/legacydb/manifest.mn @@ -12,7 +12,7 @@ LIBRARY_NAME = nssdbm LIBRARY_VERSION = 3 MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def @@ -1105,10 +1529,10 @@ index caac524..16c8847 100644 + fips.c \ $(NULL) -diff --git a/lib/softoken/manifest.mn b/lib/softoken/manifest.mn -index 34daf1c..c4c89fc 100644 ---- a/lib/softoken/manifest.mn -+++ b/lib/softoken/manifest.mn +Index: nss/lib/softoken/manifest.mn +=================================================================== +--- nss.orig/lib/softoken/manifest.mn ++++ nss/lib/softoken/manifest.mn @@ -31,6 +31,7 @@ PRIVATE_EXPORTS = \ softkver.h \ sdb.h \ @@ -1125,17 +1549,3 @@ index 34daf1c..c4c89fc 100644 $(NULL) ifndef NSS_DISABLE_DBM -diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h -index 30586fc..f6d4a4c 100644 ---- a/lib/softoken/softoken.h -+++ b/lib/softoken/softoken.h -@@ -59,6 +59,9 @@ extern unsigned char *CBC_PadBuffer(PLArenaPool *arena, unsigned char *inbuf, - /* make sure Power-up selftests have been run. */ - extern CK_RV sftk_FIPSEntryOK(void); - -+/* Unconditionally run the crypto self-tests. */ -+extern PRBool sftk_FIPSRunTests(); -+ - /* - ** make known fixed PKCS #11 key types to their sizes in bytes - */ diff --git a/nss-fips-tests-skip.patch b/nss-fips-tests-skip.patch new file mode 100644 index 0000000..7661085 --- /dev/null +++ b/nss-fips-tests-skip.patch @@ -0,0 +1,19 @@ +Index: nss/tests/lowhash/lowhash.sh +=================================================================== +--- nss.orig/tests/lowhash/lowhash.sh ++++ nss/tests/lowhash/lowhash.sh +@@ -61,11 +61,13 @@ lowhash_test() + ! -f ${BINDIR}/lowhashtest${PROG_SUFFIX} ]; then + echo "freebl lowhash not supported in this plaform." + else +- TESTS="MD5 SHA1 SHA224 SHA256 SHA384 SHA512" ++ TESTS_FIPS_0="MD5 SHA1 SHA224 SHA256 SHA384 SHA512" ++ TESTS_FIPS_1="SHA224 SHA256 SHA384 SHA512" + OLD_MODE=`echo ${NSS_FIPS}` + for fips_mode in 0 1; do + echo "lowhashtest with fips mode=${fips_mode}" + export NSS_FIPS=${fips_mode} ++ eval TESTS=\${TESTS_FIPS_${fips_mode}} + for TEST in ${TESTS} + do + echo "lowhashtest ${TEST}" diff --git a/nss-fips-tls-allow-md5-prf.patch b/nss-fips-tls-allow-md5-prf.patch new file mode 100644 index 0000000..77304c2 --- /dev/null +++ b/nss-fips-tls-allow-md5-prf.patch @@ -0,0 +1,270 @@ +# HG changeset patch +# User Hans Petter Jansson +# Date 1574240734 -3600 +# Wed Nov 20 10:05:34 2019 +0100 +# Node ID 0efca22bbafd7575b20461f255c46157c9321822 +# Parent 3a2cb65dc157344cdad19e8e16e9c33e36f82d96 +[PATCH] 30 +From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001 +--- + nss/lib/freebl/md5.c | 67 ++++++++++++++++++++++++++------------ + nss/lib/freebl/rawhash.c | 37 +++++++++++++++++++++ + nss/lib/freebl/tlsprfalg.c | 5 ++- + nss/lib/softoken/pkcs11c.c | 4 +-- + 4 files changed, 90 insertions(+), 23 deletions(-) + +Index: nss/lib/freebl/md5.c +=================================================================== +--- nss.orig/lib/freebl/md5.c ++++ nss/lib/freebl/md5.c +@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const u + } + + MD5Context * +-MD5_NewContext(void) ++MD5_NewContext_NonFIPS(void) + { + /* no need to ZAlloc, MD5_Begin will init the context */ + MD5Context *cx; + +- IN_FIPS_RETURN(NULL); +- + cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); + if (cx == NULL) { + PORT_SetError(PR_OUT_OF_MEMORY_ERROR); +@@ -232,6 +230,13 @@ MD5_NewContext(void) + return cx; + } + ++MD5Context * ++MD5_NewContext(void) ++{ ++ IN_FIPS_RETURN(NULL); ++ return MD5_NewContext_NonFIPS(); ++} ++ + void + MD5_DestroyContext(MD5Context *cx, PRBool freeit) + { +@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBoo + } + + void +-MD5_Begin(MD5Context *cx) ++MD5_Begin_NonFIPS(MD5Context *cx) + { +- IN_FIPS_RETURN(); +- + cx->lsbInput = 0; + cx->msbInput = 0; + /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */ +@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx) + cx->cv[3] = CV0_4; + } + ++void ++MD5_Begin(MD5Context *cx) ++{ ++ IN_FIPS_RETURN(); ++ MD5_Begin_NonFIPS(cx); ++} ++ + #define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s)) + + #if defined(SOLARIS) || defined(HPUX) +@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUin + } + + void +-MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) ++MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen) + { + PRUint32 bytesToConsume; + PRUint32 inBufIndex = cx->lsbInput & 63; + const PRUint32 *wBuf; + +- IN_FIPS_RETURN(); +- + /* Add the number of input bytes to the 64-bit input counter. */ + addto64(cx->msbInput, cx->lsbInput, inputLen); + if (inBufIndex) { +@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigne + memcpy(cx->inBuf, input, inputLen); + } + ++void ++MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) ++{ ++ IN_FIPS_RETURN(); ++ MD5_Update_NonFIPS(cx, input, inputLen); ++} ++ + static const unsigned char padbytes[] = { + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, +@@ -503,8 +518,8 @@ static const unsigned char padbytes[] = + }; + + void +-MD5_End(MD5Context *cx, unsigned char *digest, +- unsigned int *digestLen, unsigned int maxDigestLen) ++MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen) + { + #ifndef IS_LITTLE_ENDIAN + PRUint32 tmp; +@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *d + PRUint32 lowInput, highInput; + PRUint32 inBufIndex = cx->lsbInput & 63; + +- IN_FIPS_RETURN(); +- + if (maxDigestLen < MD5_HASH_LEN) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return; +@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *d + lowInput <<= 3; + + if (inBufIndex < MD5_END_BUFFER) { +- MD5_Update(cx, padbytes, MD5_END_BUFFER - inBufIndex); ++ MD5_Update_NonFIPS(cx, padbytes, MD5_END_BUFFER - inBufIndex); + } else { +- MD5_Update(cx, padbytes, +- MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex); ++ MD5_Update_NonFIPS(cx, padbytes, ++ MD5_END_BUFFER + MD5_BUFFER_SIZE - inBufIndex); + } + + /* Store the number of bytes input (before padding) in final 64 bits. */ +@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *d + } + + void +-MD5_EndRaw(MD5Context *cx, unsigned char *digest, +- unsigned int *digestLen, unsigned int maxDigestLen) ++MD5_End(MD5Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen) ++{ ++ IN_FIPS_RETURN(); ++ MD5_End_NonFIPS(cx, digest, digestLen, maxDigestLen); ++} ++ ++void ++MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen) + { + #ifndef IS_LITTLE_ENDIAN + PRUint32 tmp; + #endif + PRUint32 cv[4]; + +- IN_FIPS_RETURN(); +- + if (maxDigestLen < MD5_HASH_LEN) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return; +@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char + *digestLen = MD5_HASH_LEN; + } + ++void ++MD5_EndRaw(MD5Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen) ++{ ++ IN_FIPS_RETURN(); ++ MD5_EndRaw_NonFIPS(cx, digest, digestLen, maxDigestLen); ++} ++ + unsigned int + MD5_FlattenSize(MD5Context *cx) + { +Index: nss/lib/freebl/rawhash.c +=================================================================== +--- nss.orig/lib/freebl/rawhash.c ++++ nss/lib/freebl/rawhash.c +@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hash + } + return &SECRawHashObjects[hashType]; + } ++ ++/* Defined in md5.c */ ++ ++MD5Context *MD5_NewContext_NonFIPS(void); ++void MD5_Begin_NonFIPS(MD5Context *cx); ++void MD5_Update_NonFIPS(MD5Context *cx, const unsigned char *input, unsigned int inputLen); ++void MD5_End_NonFIPS(MD5Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen); ++void MD5_EndRaw_NonFIPS(MD5Context *cx, unsigned char *digest, ++ unsigned int *digestLen, unsigned int maxDigestLen); ++ ++static const SECHashObject SECRawHashObjectMD5NonFIPS = { ++ MD5_LENGTH, ++ (void *(*)(void))MD5_NewContext_NonFIPS, ++ (void *(*)(void *))null_hash_clone_context, ++ (void (*)(void *, PRBool))MD5_DestroyContext, ++ (void (*)(void *))MD5_Begin_NonFIPS, ++ (void (*)(void *, const unsigned char *, unsigned int))MD5_Update_NonFIPS, ++ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_End_NonFIPS, ++ MD5_BLOCK_LENGTH, ++ HASH_AlgMD5, ++ (void (*)(void *, unsigned char *, unsigned int *, unsigned int))MD5_EndRaw_NonFIPS ++}; ++ ++const SECHashObject * ++HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType) ++{ ++ if (hashType <= HASH_AlgNULL || hashType >= HASH_AlgTOTAL) { ++ PORT_SetError(SEC_ERROR_INVALID_ARGS); ++ return NULL; ++ } ++ ++ if (hashType == HASH_AlgMD5) ++ return &SECRawHashObjectMD5NonFIPS; ++ ++ return &SECRawHashObjects[hashType]; ++} +Index: nss/lib/freebl/tlsprfalg.c +=================================================================== +--- nss.orig/lib/freebl/tlsprfalg.c ++++ nss/lib/freebl/tlsprfalg.c +@@ -12,6 +12,9 @@ + #include "hasht.h" + #include "alghmac.h" + ++/* To get valid MD5 object in FIPS mode */ ++const SECHashObject *HASH_GetRawHashObjectNonFIPS(HASH_HashType hashType); ++ + #define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX + + /* TLS P_hash function */ +@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const + SECStatus status; + HMACContext *cx; + SECStatus rv = SECFailure; +- const SECHashObject *hashObj = HASH_GetRawHashObject(hashType); ++ const SECHashObject *hashObj = HASH_GetRawHashObjectNonFIPS(hashType); + + PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len)); + PORT_Assert((seed != NULL) && (seed->data != NULL)); +Index: nss/lib/softoken/pkcs11c.c +=================================================================== +--- nss.orig/lib/softoken/pkcs11c.c ++++ nss/lib/softoken/pkcs11c.c +@@ -7158,7 +7158,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + SFTKAttribute *att2 = NULL; + unsigned char *buf; + SHA1Context *sha; +- MD5Context *md5; ++ MD5Context *md5 = NULL; + MD2Context *md2; + CK_ULONG macSize; + CK_ULONG tmpKeySize; +@@ -7698,7 +7698,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession + } + sftk_FreeAttribute(att2); + md5 = MD5_NewContext(); +- if (md5 == NULL) { ++ if (md5 == NULL && !isTLS) { + crv = CKR_HOST_MEMORY; + break; + } From e805adc554e3bb1c0a57341f611f065501f37f8875edbc0f5c79bcb82e304e1a Mon Sep 17 00:00:00 2001 From: Wolfgang Rosenauer Date: Tue, 26 Jul 2022 20:46:45 +0000 Subject: [PATCH 4/4] OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=391 --- nss-3.79.tar.gz | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 nss-3.79.tar.gz diff --git a/nss-3.79.tar.gz b/nss-3.79.tar.gz deleted file mode 100644 index df13da1..0000000 --- a/nss-3.79.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ebdf2d6a96613b6fe70ad579e9f983e0e94e0110171cfb2999db633d3394a514 -size 84830113