Compare commits
9 Commits
| Author | SHA256 | Date | |
|---|---|---|---|
| 2c2283cb51 | |||
|
60df1580df | ||
| 71bf0d2695 | |||
|
|
d2a4d4090e | ||
| 4a23ddc07a | |||
|
|
0d253314ae | ||
| 0be0c3fc70 | |||
|
|
0aac808a02 | ||
|
|
ddf96ad23e |
@@ -1,3 +1,175 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 16 07:21:10 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
- update to NSS 3.119.1
|
||||
* bmo#2004866 - restore coreconf/Darwin.mk behavior for intel archs
|
||||
|
||||
- update to NSS 3.119
|
||||
* bmo#1983320 - Fix ml-dsa return value for SECKEY_PrivateKeyStrengthInBits.
|
||||
* bmo#1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted.
|
||||
* bmo#2002246 - Add a pkcs12 fuzzer with crypto stubbed out.
|
||||
* bmo#2003314 - handle errors while setting sanitizers cflags in build.
|
||||
* bmo#1986912 - Ignore IVs for AES KW.
|
||||
* bmo#2003286 - Update Cryptofuzz version.
|
||||
* bmo#2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled.
|
||||
* bmo#1975855 - fix forwarding of sqlite_libs in sqlite.gyp.
|
||||
* bmo#1999204 - fix CPU_ARCH setting for arm64 makefile builds.
|
||||
* bmo#1998094 - remove unused calcThreads variable from cmd/rsaperf.
|
||||
* bmo#1978348 - Solving the incorrect tests introduced by extending EKU.
|
||||
* bmo#1972054 - Memory leaks in pkcs12 and pkcs7 decoders.
|
||||
* bmo#1978348 - Extending parsing with Microsoft Document Signing EKU.
|
||||
* bmo#1978348 - Extending parsing with Adobe Document Signing EKU.
|
||||
* bmo#1978348 - Extending pkix parsing with document signing EKUs.
|
||||
* bmo#2000737 - fix compilation failure on ia32.
|
||||
* bmo#2000737 - use hardware x64 GCM in static builds.
|
||||
* bmo#2000737 - separate ppc sha512 library from ppc gcm library.
|
||||
* bmo#2000737 - simplify cross-compilation from build.sh.
|
||||
* bmo#1724353 - use clang's integrated assembler.
|
||||
* bmo#2000737 - remove unused MP_IS_LITTLE_ENDIAN defines.
|
||||
* bmo#2000737 - fix logic for disabling altivec in gyp builds.
|
||||
* bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
|
||||
* bmo#1972825 - Add TLS interoperability tests with openssl and gnutls.
|
||||
* bmo#1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest.
|
||||
* bmo#1965329 - add failure checks to pk11_mergeTrust() .
|
||||
* bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*.
|
||||
|
||||
- Adjusted for changed naming scheme of tarballs for this release by upstream
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 20 08:56:04 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
- update to NSS 3.118.1
|
||||
* bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*
|
||||
|
||||
- update to NSS 3.118
|
||||
* bmo#1994866 - Remove four Commscope root certificates from NSS
|
||||
* bmo#1996036 - fix try pushes with --nspr-patch to actually apply the patch
|
||||
* bmo#1995512 - Support for NIST Curves compressed points
|
||||
* bmo#1985058 - Destroy certificate on error paths
|
||||
* bmo#1990242 - Move NSS DB password hash away from SHA-1
|
||||
* bmo#1983313 - support secp384r1mlkem1024
|
||||
* bmo#1991549 - vendor latest ML-KEM code from libcrux
|
||||
* bmo#1991549 - add mlk-kem-1024 tests
|
||||
* bmo#1996717 - use the correct directory for FStar_UInt_8_16_32_64.h in source consistency test
|
||||
* bmo#1766767 - Move scripts to python3
|
||||
* bmo#1983313 - add mlkem1024 support in freebl
|
||||
* bmo#1983313 - support secp256r1mlkem768
|
||||
* bmo#1983313 - Make mlkem768x25519 the default
|
||||
* bmo#1983320 - ML-DSA SGN and VFY interfaces
|
||||
* bmo#1988625 - Align FIPS interfaces count with array
|
||||
* bmo#1989477 - Ensure CKK_ML_KEM has derive CK_FALSE
|
||||
* bmo#1992128 - Add script for tagging an NSS release
|
||||
* bmo#1992128 - Remove the globals from nss-release-helper.py
|
||||
* bmo#1992128 - Add release helper command for generating the release index
|
||||
* bmo#1992128 - Add release helper command for generating a release note
|
||||
* bmo#1992128 - Add release helper command for freezing a branch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 7 10:39:41 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
- update to NSS 3.117
|
||||
* bmo#1992218 - fix memory leak in secasn1decode_unittest.cc
|
||||
* bmo#1988913 - Add OISTE roots
|
||||
* bmo#1976051 - Add runbook for certdata.txt changes
|
||||
* bmo#1991666 - dbtool: close databases before shutdown
|
||||
* bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
|
||||
* bmo#1956754 - don’t flush base64 when buffer is null
|
||||
* bmo#1989541 - Set use_pkcs5_pbkd2_params2_only=1 for fuzzing builds
|
||||
* bmo#1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs
|
||||
* bmo#1980465 - Fix a big-endian-problematic cast in zlib calls
|
||||
* bmo#1962321 - Revert removing out/ directory after ossfuzz build
|
||||
* bmo#1988524 - Add Cryptofuzz to OSS-Fuzz build
|
||||
* bmo#1984704 - Add PKCS#11 trust tests
|
||||
* bmo#1983308 - final disable dsa patch cert.sh
|
||||
* bmo#1983320 - ml-dsa: move tls 1.3 to use streaming signatures
|
||||
* bmo#1983320 - ml-dsa: Prep Create a FindOidTagByString function
|
||||
* bmo#1983320 - ml-dsa: softoken changes
|
||||
* bmo#1983320 - ml-dsa: der key decode
|
||||
* bmo#1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi
|
||||
* bmo#1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Oct 7 09:49:37 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
- update to NSS 3.116
|
||||
* bmo#1983308 - disable DSA in NSS script tests
|
||||
* bmo#1983308 - Disabling of some algorithms: generic cert.sh
|
||||
* bmo#1981046 - Need to update to new mechanisms
|
||||
* bmo#1983320 - Add ML-DSA public key printing support in NSS command-line utilities
|
||||
* bmo#1986802 - note embedded scts before revocation checks are performed
|
||||
* bmo#1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface
|
||||
* bmo#1983320 - Add support for ML-DSA key type and public key structure
|
||||
* bmo#1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag
|
||||
* bmo#1983308 - disable kyber
|
||||
* bmo#1965329 - Implement PKCS #11 v3.2 PQ functions (use verify signature)
|
||||
* bmo#1983308 - Disable dsa - gtests
|
||||
* bmo#1983313 - make group and scheme support in test tools generic
|
||||
* bmo#1983770 - Create GH workflow to automatically close PRs
|
||||
* bmo#1983308 - Disable dsa - base code
|
||||
* bmo#1983308 - Disabling of some algorithms: remove dsa from pk11_mode
|
||||
* bmo#1983308 - Disable seed and RC2 bug fixes
|
||||
* bmo#1982742 - restore support for finding certificates by decoded serial number
|
||||
* bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups
|
||||
* bmo#1983399 - lib/softtoken/{sdb.c,sftkdbti.h}: Align sftkdb_known_attributes_size type
|
||||
* bmo#1965329 - Use PKCS #11 v3.2 KEM mechanisms and functions
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 22 07:38:07 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
- update to NSS 3.115.1
|
||||
* bmo#1982742 - restore support for finding certificates by decoded serial number.
|
||||
* bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 18 15:05:26 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
- update to NSS 3.115
|
||||
* bmo#1970304 - CID 1648399 - Resource leak in shlibsign.c
|
||||
* bmo#1981034 - CKA_SEED needs to be marked as a private attribute
|
||||
* bmo#1981518 - Fix bad syntax on Windows in softoken_gtest.cc
|
||||
* bmo#1974505 - Key private/public/secret keys by key type in softoken keydb
|
||||
* bmo#1980990 - add PK11_HPKE_GetSharedSecret to abi-check expected report
|
||||
* bmo#1980429 - remove NetscapeStepUpMatchesServerAuth from mozpkix TrustDomain
|
||||
* bmo#1927351 - Fixup ABI
|
||||
* bmo#1927351 - add ECH_SECRET and ECH_CONFIG to SSLKEYLOG for both client and server
|
||||
* bmo#1900841 - ECH fuzz target
|
||||
* bmo#1965331 - Implement PKCS #11 v3.2 FIPS indicator and validation objects
|
||||
* bmo#1978677 - remove expired explicitly distrusted DigiNotar lookalike root
|
||||
* bmo#1965329 - Implement PKCS #11 v3.2 functions
|
||||
|
||||
- update to NSS 3.114
|
||||
* bmo#1977376 - NSS 3.114 source distribution should include NSPR 4.37
|
||||
* bmo#1970079 - Prevent leaks during pkcs12 decoding
|
||||
* bmo#1953731 - Remove redundant assert in p7local.c
|
||||
* bmo#1974515 - Bump nssckbi version to 2.80
|
||||
* bmo#1961848 - Remove expired Baltimore CyberTrust Root
|
||||
* bmo#1972391 - Add TrustAsia Dedicated Roots to NSS
|
||||
* bmo#1974511 - Add SwissSign 2022 Roots to NSS
|
||||
* bmo#1836559 - Add backwards compatibility for CK_PKCS5_PBKD2_PARAMS
|
||||
* bmo#1965328 - Implement PKCS #11 v3.2 trust objects in softoken
|
||||
* bmo#1965328 - Implement PKCS #11 v3.2 trust objects - nss proper
|
||||
* bmo#1974331 - remove dead code in ssl3con.c
|
||||
* bmo#1934867 - DTLS (excl DTLS1.3) Changing Holddown timer logic
|
||||
* bmo#1974299 - Bump nssckbi version to 2.79
|
||||
* bmo#1967826 - remove unneccessary assertion
|
||||
* bmo#1948485 - Update mechanisms for Softoken PCT
|
||||
* bmo#1974299 - convert Chunghwa Telecom ePKI Root removal to a distrust after
|
||||
* bmo#1973925 - Ensure ssl_HaveRecvBufLock and friends respect opt.noLocks
|
||||
* bmo#1973930 - use -O2 for asan build
|
||||
* bmo#1973187 - Fix leaking locks when toggling SSL_NO_LOCKS
|
||||
* bmo#1973105 - remove out-of-function semicolon
|
||||
* bmo#1963009 - Extend pkcs8 fuzz target
|
||||
* bmo#1963008 - Extend pkcs7 fuzz target
|
||||
* bmo#1908763 - Remove unused assignment to pageno
|
||||
* bmo#1908762 - Remove unused assignment to nextChunk
|
||||
* bmo#1973490 - don't run commands as part of shell `local` declarations
|
||||
* bmo#1973490 - fix sanitizer setup
|
||||
* bmo#1973187 - don't silence ssl_gtests output when running with coverage
|
||||
* bmo#1967411 - Release docs and housekeeping
|
||||
* bmo#1972768 - migrate to new linux tester pool
|
||||
|
||||
- rebase FIPS patches to adjust for upstream FIPS work
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jul 21 13:51:01 UTC 2025 - Martin Sirringhaus <martin.sirringhaus@suse.com>
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package mozilla-nss
|
||||
#
|
||||
# Copyright (c) 2025 SUSE LLC
|
||||
# Copyright (c) 2026 SUSE LLC and contributors
|
||||
# Copyright (c) 2006-2025 Wolfgang Rosenauer
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@@ -17,20 +17,20 @@
|
||||
#
|
||||
|
||||
|
||||
%global nss_softokn_fips_version 3.113
|
||||
%define NSPR_min_version 4.36
|
||||
%global nss_softokn_fips_version 3.119.1
|
||||
%define NSPR_min_version 4.37
|
||||
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
|
||||
%define nssdbdir %{_sysconfdir}/pki/nssdb
|
||||
%global crypto_policies_version 20210218
|
||||
Name: mozilla-nss
|
||||
Version: 3.113
|
||||
Version: 3.119.1
|
||||
Release: 0
|
||||
%define underscore_version 3_113
|
||||
%define underscore_version 3_119_1
|
||||
Summary: Network Security Services
|
||||
License: MPL-2.0
|
||||
Group: System/Libraries
|
||||
URL: https://www.mozilla.org/projects/security/pki/nss/
|
||||
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{underscore_version}_RTM/src/nss-%{version}.tar.gz
|
||||
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{underscore_version}_RTM/src/nss-%{underscore_version}.tar.gz
|
||||
# hg clone https://hg.mozilla.org/projects/nss nss-%%{version}/nss ; cd nss-%%{version}/nss ; hg up NSS_%%{underscore_version}_RTM
|
||||
#Source: nss-%%{version}.tar.gz
|
||||
Source1: nss.pc.in
|
||||
@@ -199,7 +199,7 @@ This package contains the integrated CA root certificates from the
|
||||
Mozilla project.
|
||||
|
||||
%prep
|
||||
%setup -q -n nss-%{version}
|
||||
%setup -q -n nss-%{underscore_version}
|
||||
cd nss
|
||||
%patch -P 1 -p1
|
||||
%patch -P 2 -p1
|
||||
@@ -396,7 +396,7 @@ cp -L bin/certutil \
|
||||
%{buildroot}%{_bindir}
|
||||
# copy man-pages
|
||||
mkdir -p %{buildroot}%{_mandir}/man1/
|
||||
cp -L %{_builddir}/nss-%{version}/nss/doc/nroff/* %{buildroot}%{_mandir}/man1/
|
||||
cp -L %{_builddir}/nss-%{underscore_version}/nss/doc/nroff/* %{buildroot}%{_mandir}/man1/
|
||||
# Fix conflict with perl-PAR-Packer which has a pp-exe in _bindir
|
||||
mkdir -p %{buildroot}%{_mandir}/man7/
|
||||
mv %{buildroot}%{_mandir}/man1/pp.1 %{buildroot}%{_mandir}/man7/pp.7
|
||||
|
||||
@@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:acef06b512d3bd81c87a63b3c8653d258bb689d2191fc0e64decf5a1efa01c0f
|
||||
size 76625834
|
||||
3
nss-3_119_1.tar.gz
Normal file
3
nss-3_119_1.tar.gz
Normal file
@@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:1387b8478e6c681c533b1f7b0f4d4ef7f58307c1f7e3a353622ddbf841328283
|
||||
size 77633121
|
||||
@@ -2,7 +2,7 @@ Index: nss/tests/sdr/sdr.sh
|
||||
===================================================================
|
||||
--- nss.orig/tests/sdr/sdr.sh
|
||||
+++ nss/tests/sdr/sdr.sh
|
||||
@@ -146,7 +146,8 @@ sdr_main()
|
||||
@@ -162,7 +162,8 @@ sdr_main()
|
||||
RARRAY=($dtime)
|
||||
TIMEARRAY=(${RARRAY[1]//./ })
|
||||
echo "${TIMEARRAY[0]} seconds"
|
||||
|
||||
@@ -16,7 +16,7 @@ Index: nss/lib/softoken/sftkdb.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/sftkdb.c
|
||||
+++ nss/lib/softoken/sftkdb.c
|
||||
@@ -1538,7 +1538,7 @@ loser:
|
||||
@@ -1565,7 +1565,7 @@ loser:
|
||||
PORT_ZFree(data, dataSize);
|
||||
}
|
||||
if (arena) {
|
||||
@@ -29,7 +29,7 @@ Index: nss/lib/softoken/sftkpwd.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/sftkpwd.c
|
||||
+++ nss/lib/softoken/sftkpwd.c
|
||||
@@ -1459,7 +1459,7 @@ loser:
|
||||
@@ -1465,7 +1465,7 @@ loser:
|
||||
PORT_ZFree(newKey.data, newKey.len);
|
||||
}
|
||||
if (result) {
|
||||
|
||||
@@ -87,7 +87,7 @@ Index: nss/lib/freebl/arcfour.c
|
||||
|
||||
/* Architecture-dependent defines */
|
||||
|
||||
@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un
|
||||
@@ -161,7 +162,9 @@ RC4_InitContext(RC4Context *cx, const un
|
||||
RC4Context *
|
||||
RC4_CreateContext(const unsigned char *key, int len)
|
||||
{
|
||||
@@ -368,27 +368,27 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -539,7 +539,7 @@ sftk_InitGeneric(SFTKSession *session, C
|
||||
context->blockSize = 0;
|
||||
@@ -545,7 +545,7 @@ sftk_InitGeneric(SFTKSession *session, C
|
||||
context->maxLen = 0;
|
||||
context->signature = NULL;
|
||||
context->isFIPS = sftk_operationIsFIPS(session->slot, pMechanism,
|
||||
- operation, key);
|
||||
+ operation, key, 0);
|
||||
*contextPtr = context;
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -4990,6 +4990,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
||||
@@ -5150,6 +5150,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
||||
goto loser;
|
||||
}
|
||||
|
||||
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM,
|
||||
+ key, key_length * PR_BITS_PER_BYTE);
|
||||
+ session->lastOpWasFIPS = key->isFIPS;
|
||||
+ sftk_setFIPS(key, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM,
|
||||
+ key, key_length * PR_BITS_PER_BYTE));
|
||||
+ session->lastOpWasFIPS = sftk_hasFIPS(key);
|
||||
+
|
||||
/*
|
||||
* handle the base object stuff
|
||||
*/
|
||||
@@ -5004,6 +5008,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
||||
@@ -5164,6 +5168,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
|
||||
if (crv == CKR_OK) {
|
||||
*phKey = key->handle;
|
||||
}
|
||||
@@ -396,7 +396,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
loser:
|
||||
PORT_Memset(buf, 0, sizeof buf);
|
||||
sftk_FreeObject(key);
|
||||
@@ -5475,7 +5480,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
@@ -5783,7 +5788,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
|
||||
int i;
|
||||
SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
|
||||
@@ -405,7 +405,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
|
||||
/* RSA */
|
||||
int public_modulus_bits = 0;
|
||||
@@ -6081,11 +6086,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
@@ -6405,11 +6410,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
* created and linked.
|
||||
*/
|
||||
crv = sftk_handleObject(publicKey, session);
|
||||
@@ -418,7 +418,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
return crv;
|
||||
}
|
||||
if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
|
||||
@@ -6129,12 +6134,20 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
@@ -6454,12 +6459,20 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
sftk_FreeObject(publicKey);
|
||||
NSC_DestroyObject(hSession, privateKey->handle);
|
||||
sftk_FreeObject(privateKey);
|
||||
@@ -426,9 +426,9 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
return crv;
|
||||
}
|
||||
+
|
||||
+ publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0);
|
||||
+ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0);
|
||||
+ session->lastOpWasFIPS = privateKey->isFIPS;
|
||||
+ sftk_setFIPS(publicKey, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0));
|
||||
+ sftk_setFIPS(privateKey, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0));
|
||||
+ session->lastOpWasFIPS = sftk_hasFIPS(privateKey);
|
||||
+
|
||||
*phPrivateKey = privateKey->handle;
|
||||
*phPublicKey = publicKey->handle;
|
||||
@@ -439,7 +439,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
|
||||
return CKR_OK;
|
||||
}
|
||||
@@ -7326,6 +7339,14 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
|
||||
@@ -7682,6 +7695,14 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
|
||||
return CKR_TEMPLATE_INCONSISTENT;
|
||||
}
|
||||
|
||||
@@ -454,17 +454,16 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
/* sourceKey is NULL if we are called from the POST, skip the
|
||||
* sensitiveCheck */
|
||||
if (sourceKey != NULL) {
|
||||
@@ -7374,7 +7395,8 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
|
||||
mech.pParameter = params;
|
||||
@@ -7731,7 +7752,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
|
||||
mech.ulParameterLen = sizeof(*params);
|
||||
key->isFIPS = sftk_operationIsFIPS(saltKey->slot, &mech,
|
||||
- CKA_DERIVE, saltKey);
|
||||
+ CKA_DERIVE, saltKey,
|
||||
+ keySize*PR_BITS_PER_BYTE);
|
||||
sftk_setFIPS(key, sftk_operationIsFIPS(saltKey->slot,
|
||||
&mech, CKA_DERIVE,
|
||||
- saltKey));
|
||||
+ saltKey, keySize*PR_BITS_PER_BYTE));
|
||||
}
|
||||
saltKey_att = sftk_FindAttribute(saltKey, CKA_VALUE);
|
||||
if (saltKey_att == NULL) {
|
||||
@@ -7416,7 +7438,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
|
||||
@@ -7773,7 +7794,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
|
||||
/* HKDF-Expand */
|
||||
if (!params->bExpand) {
|
||||
okm = prk;
|
||||
@@ -473,17 +472,17 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
} else {
|
||||
/* T(1) = HMAC-Hash(prk, "" | info | 0x01)
|
||||
* T(n) = HMAC-Hash(prk, T(n-1) | info | n
|
||||
@@ -7640,7 +7662,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
return CKR_KEY_HANDLE_INVALID;
|
||||
@@ -7998,7 +8019,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
}
|
||||
}
|
||||
- key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey);
|
||||
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey,
|
||||
+ keySize*PR_BITS_PER_BYTE);
|
||||
sftk_setFIPS(key, sftk_operationIsFIPS(slot, pMechanism,
|
||||
- CKA_DERIVE, sourceKey));
|
||||
+ CKA_DERIVE, sourceKey,
|
||||
+ keySize*PR_BITS_PER_BYTE));
|
||||
|
||||
switch (mechanism) {
|
||||
/* get a public key from a private key. nsslowkey_ConvertToPublickey()
|
||||
@@ -7841,7 +7864,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
@@ -8203,7 +8225,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
} else {
|
||||
/* now allocate the hash contexts */
|
||||
md5 = MD5_NewContext();
|
||||
@@ -492,11 +491,11 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
PORT_Memset(crsrdata, 0, sizeof crsrdata);
|
||||
crv = CKR_HOST_MEMORY;
|
||||
break;
|
||||
@@ -8230,6 +8253,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
@@ -8595,6 +8617,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
|
||||
PORT_Assert(i <= sizeof key_block);
|
||||
}
|
||||
|
||||
+ session->lastOpWasFIPS = key->isFIPS;
|
||||
+ session->lastOpWasFIPS = sftk_hasFIPS(key);
|
||||
crv = CKR_OK;
|
||||
|
||||
if (0) {
|
||||
@@ -728,8 +727,7 @@ Index: nss/lib/softoken/fips_algorithms.h
|
||||
{ CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
|
||||
@@ -141,46 +192,88 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
|
||||
/* --------------------- Secret Key Operations ------------------------ */
|
||||
- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 512, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
{ CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
|
||||
/* ---------------------- SSL/TLS operations ------------------------- */
|
||||
+#if 0
|
||||
+ /* Non-approved: SP 800-1400 - bsc#1222833 */
|
||||
@@ -836,7 +834,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11u.c
|
||||
+++ nss/lib/softoken/pkcs11u.c
|
||||
@@ -2251,6 +2251,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
|
||||
@@ -2315,6 +2315,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
|
||||
case CKA_NSS_MESSAGE | CKA_VERIFY:
|
||||
flags = CKF_MESSAGE_VERIFY;
|
||||
break;
|
||||
@@ -849,7 +847,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -2327,7 +2333,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou
|
||||
@@ -2391,7 +2397,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou
|
||||
static int
|
||||
sftk_getKeyLength(SFTKObject *source)
|
||||
{
|
||||
@@ -858,7 +856,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
CK_ATTRIBUTE_TYPE keyAttribute;
|
||||
CK_ULONG keyLength = 0;
|
||||
SFTKAttribute *attribute;
|
||||
@@ -2347,7 +2353,7 @@ sftk_getKeyLength(SFTKObject *source)
|
||||
@@ -2411,7 +2417,7 @@ sftk_getKeyLength(SFTKObject *source)
|
||||
* key length is CKA_VALUE, which is the default */
|
||||
keyType = CKK_INVALID_KEY_TYPE;
|
||||
}
|
||||
@@ -867,7 +865,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
SECOidTag curve = sftk_quickGetECCCurveOid(source);
|
||||
switch (curve) {
|
||||
case SEC_OID_CURVE25519:
|
||||
@@ -2389,14 +2395,55 @@ sftk_getKeyLength(SFTKObject *source)
|
||||
@@ -2453,14 +2459,55 @@ sftk_getKeyLength(SFTKObject *source)
|
||||
return keyLength;
|
||||
}
|
||||
|
||||
@@ -924,7 +922,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
switch (mechInfo->special) {
|
||||
case SFTKFIPSDH: {
|
||||
SECItem dhPrime;
|
||||
@@ -2425,10 +2472,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
@@ -2489,10 +2536,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
}
|
||||
case SFTKFIPSNone:
|
||||
return PR_FALSE;
|
||||
@@ -953,7 +951,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
case SFTKFIPSAEAD: {
|
||||
if (mech->ulParameterLen == 0) {
|
||||
/* AEAD ciphers are only in FIPS mode if we are using the
|
||||
@@ -2456,11 +2520,44 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
@@ -2520,11 +2584,44 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
if (hashObj == NULL) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
@@ -998,7 +996,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
default:
|
||||
break;
|
||||
}
|
||||
@@ -2471,7 +2568,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
@@ -2535,7 +2632,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
|
||||
|
||||
PRBool
|
||||
sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, CK_ATTRIBUTE_TYPE op,
|
||||
@@ -1007,23 +1005,21 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
{
|
||||
#ifndef NSS_HAS_FIPS_INDICATORS
|
||||
return PR_FALSE;
|
||||
@@ -2484,18 +2581,35 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
|
||||
@@ -2548,9 +2645,6 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
|
||||
if (!sftk_isFIPS(slot->slotID)) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
- if (source && !source->isFIPS) {
|
||||
- if (source && !sftk_hasFIPS(source)) {
|
||||
- return PR_FALSE;
|
||||
- }
|
||||
if (mech == NULL) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
-
|
||||
/* now get the calculated values */
|
||||
opFlags = sftk_AttributeToFlags(op);
|
||||
@@ -2560,6 +2654,27 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
|
||||
if (opFlags == 0) {
|
||||
return PR_FALSE;
|
||||
}
|
||||
+ if (source && !source->isFIPS
|
||||
+ if (source && !sftk_hasFIPS(source)
|
||||
+ && !((mech->mechanism == CKM_DSA_SHA224
|
||||
+ || mech->mechanism == CKM_DSA_SHA256
|
||||
+ || mech->mechanism == CKM_DSA_SHA384
|
||||
@@ -1047,7 +1043,7 @@ Index: nss/lib/softoken/pkcs11u.c
|
||||
keyLength = sftk_getKeyLength(source);
|
||||
|
||||
/* check against our algorithm array */
|
||||
@@ -2503,13 +2617,15 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
|
||||
@@ -2567,13 +2682,15 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
|
||||
SFTKFIPSAlgorithmList *mechs = &sftk_fips_mechs[i];
|
||||
/* if we match the number of records exactly, then we are an
|
||||
* approved algorithm in the approved mode with an approved key */
|
||||
@@ -1073,7 +1069,7 @@ Index: nss/lib/util/pkcs11t.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/util/pkcs11t.h
|
||||
+++ nss/lib/util/pkcs11t.h
|
||||
@@ -576,6 +576,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
|
||||
@@ -617,6 +617,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
|
||||
|
||||
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
|
||||
#define CKA_KEY_GEN_MECHANISM 0x00000166UL
|
||||
@@ -1085,7 +1081,7 @@ Index: nss/lib/softoken/pkcs11.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11.c
|
||||
+++ nss/lib/softoken/pkcs11.c
|
||||
@@ -575,17 +575,17 @@ static const struct mechanismList mechan
|
||||
@@ -599,19 +599,19 @@ static const struct mechanismList mechan
|
||||
{ CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
|
||||
@@ -1096,6 +1092,8 @@ Index: nss/lib/softoken/pkcs11.c
|
||||
- { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
|
||||
+ { CKM_TLS_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
+ { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_TLS12_EXTENDED_MASTER_KEY_DERIVE, { 48, 128, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_TLS12_EXTENDED_MASTER_KEY_DERIVE_DH, { 48, 128, CKF_DERIVE }, PR_FALSE },
|
||||
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256,
|
||||
- { 8, 128, CKF_DERIVE },
|
||||
+ { 48, 48, CKF_DERIVE },
|
||||
@@ -1112,13 +1110,13 @@ Index: nss/lib/softoken/pkcs11i.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11i.h
|
||||
+++ nss/lib/softoken/pkcs11i.h
|
||||
@@ -968,7 +968,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB
|
||||
@@ -975,7 +975,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB
|
||||
/* check the FIPS table to determine if this current operation is allowed by
|
||||
* FIPS security policy */
|
||||
PRBool sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech,
|
||||
- CK_ATTRIBUTE_TYPE op, SFTKObject *source);
|
||||
+ CK_ATTRIBUTE_TYPE op, SFTKObject *source,
|
||||
+ CK_ULONG targetKeySize);
|
||||
/* add validation objects to the slot */
|
||||
CK_RV sftk_CreateValidationObjects(SFTKSlot *slot);
|
||||
|
||||
/* manage the fips flag on objects */
|
||||
void sftk_setFIPS(SFTKObject *obj, PRBool isFIPS);
|
||||
PRBool sftk_hasFIPS(SFTKObject *obj);
|
||||
|
||||
@@ -16,7 +16,7 @@ Index: nss/cmd/lib/pk11table.c
|
||||
===================================================================
|
||||
--- nss.orig/cmd/lib/pk11table.c
|
||||
+++ nss/cmd/lib/pk11table.c
|
||||
@@ -274,6 +274,10 @@ const Constant _consts[] = {
|
||||
@@ -405,6 +405,10 @@ const Constant _consts[] = {
|
||||
mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
|
||||
mkEntry(CKM_DSA, Mechanism),
|
||||
mkEntry(CKM_DSA_SHA1, Mechanism),
|
||||
@@ -27,7 +27,7 @@ Index: nss/cmd/lib/pk11table.c
|
||||
mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
|
||||
mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
|
||||
mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
|
||||
@@ -439,6 +443,10 @@ const Constant _consts[] = {
|
||||
@@ -570,6 +574,10 @@ const Constant _consts[] = {
|
||||
mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
|
||||
mkEntry(CKM_ECDSA, Mechanism),
|
||||
mkEntry(CKM_ECDSA_SHA1, Mechanism),
|
||||
@@ -42,7 +42,7 @@ Index: nss/lib/pk11wrap/pk11mech.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/pk11wrap/pk11mech.c
|
||||
+++ nss/lib/pk11wrap/pk11mech.c
|
||||
@@ -377,6 +377,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
|
||||
@@ -379,6 +379,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
|
||||
return CKK_RSA;
|
||||
case CKM_DSA:
|
||||
case CKM_DSA_SHA1:
|
||||
@@ -53,7 +53,7 @@ Index: nss/lib/pk11wrap/pk11mech.c
|
||||
case CKM_DSA_KEY_PAIR_GEN:
|
||||
return CKK_DSA;
|
||||
case CKM_DH_PKCS_DERIVE:
|
||||
@@ -387,6 +391,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
|
||||
@@ -389,6 +393,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
|
||||
return CKK_KEA;
|
||||
case CKM_ECDSA:
|
||||
case CKM_ECDSA_SHA1:
|
||||
@@ -68,8 +68,8 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -2849,6 +2849,38 @@ nsc_EDDSASignStub(void *ctx, unsigned ch
|
||||
return rv;
|
||||
@@ -2933,6 +2933,38 @@ sftk_MLDSAGetSigLen(CK_ML_DSA_PARAMETER_
|
||||
return 0;
|
||||
}
|
||||
|
||||
+SECStatus
|
||||
@@ -107,7 +107,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
/* NSC_SignInit setups up the signing operations. There are three basic
|
||||
* types of signing:
|
||||
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
|
||||
@@ -3756,6 +3788,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
|
||||
@@ -3903,6 +3935,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
|
||||
info->hashOid = SEC_OID_##mmm; \
|
||||
goto finish_rsa;
|
||||
|
||||
@@ -130,182 +130,18 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
switch (pMechanism->mechanism) {
|
||||
INIT_RSA_VFY_MECH(MD5)
|
||||
INIT_RSA_VFY_MECH(MD2)
|
||||
@@ -5018,6 +5066,73 @@ loser:
|
||||
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
|
||||
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
|
||||
|
||||
+static CK_RV
|
||||
+pairwise_signverify_mech (CK_SESSION_HANDLE hSession,
|
||||
+ SFTKObject *publicKey, SFTKObject *privateKey,
|
||||
+ CK_MECHANISM mech,
|
||||
+ CK_ULONG signature_length,
|
||||
+ CK_ULONG pairwise_digest_length)
|
||||
+{
|
||||
+ /* Variables used for Signature/Verification functions. */
|
||||
+ /* Must be at least 256 bits for DSA2 digest */
|
||||
+ unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
|
||||
+ unsigned char *signature;
|
||||
+ CK_RV crv;
|
||||
+
|
||||
+ /* Allocate space for signature data. */
|
||||
+ signature = (unsigned char *)PORT_ZAlloc(signature_length);
|
||||
+ if (signature == NULL) {
|
||||
+ return CKR_HOST_MEMORY;
|
||||
+ }
|
||||
+
|
||||
+ /* Sign the known hash using the private key. */
|
||||
+ crv = NSC_SignInit(hSession, &mech, privateKey->handle);
|
||||
+ if (crv != CKR_OK) {
|
||||
+ PORT_Free(signature);
|
||||
+ return crv;
|
||||
+ }
|
||||
+
|
||||
+ crv = NSC_Sign(hSession,
|
||||
+ known_digest,
|
||||
+ pairwise_digest_length,
|
||||
+ signature,
|
||||
+ &signature_length);
|
||||
+ if (crv != CKR_OK) {
|
||||
+ PORT_Free(signature);
|
||||
+ return crv;
|
||||
+ }
|
||||
+
|
||||
+ /* detect trivial signing transforms */
|
||||
+ if ((signature_length >= pairwise_digest_length) &&
|
||||
+ (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
|
||||
+ PORT_Free(signature);
|
||||
+ return CKR_DEVICE_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ /* Verify the known hash using the public key. */
|
||||
+ crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
|
||||
+ if (crv != CKR_OK) {
|
||||
+ PORT_Free(signature);
|
||||
+ return crv;
|
||||
+ }
|
||||
+
|
||||
+ crv = NSC_Verify(hSession,
|
||||
+ known_digest,
|
||||
+ pairwise_digest_length,
|
||||
+ signature,
|
||||
+ signature_length);
|
||||
+
|
||||
+ /* Free signature data. */
|
||||
+ PORT_Free(signature);
|
||||
+
|
||||
+ if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
|
||||
+ (crv == CKR_SIGNATURE_INVALID)) {
|
||||
+ return CKR_GENERAL_ERROR;
|
||||
+ }
|
||||
+
|
||||
+ return crv;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
|
||||
*
|
||||
@@ -5072,8 +5187,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
|
||||
/* Variables used for Signature/Verification functions. */
|
||||
/* Must be at least 256 bits for DSA2 digest */
|
||||
- unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
|
||||
- unsigned char *signature;
|
||||
CK_ULONG signature_length;
|
||||
|
||||
if (keyType == CKK_RSA) {
|
||||
@@ -5227,80 +5340,37 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
@@ -5664,10 +5712,9 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
canSignVerify = PR_FALSE;
|
||||
}
|
||||
}
|
||||
|
||||
+#define SIGNVERIFY_CHECK_MECH(vfymech) \
|
||||
+ mech.mechanism = vfymech; \
|
||||
+ crv = pairwise_signverify_mech (hSession, publicKey, privateKey, \
|
||||
+ mech, signature_length, pairwise_digest_length); \
|
||||
+ if (crv != CKR_OK) \
|
||||
+ return crv;
|
||||
-
|
||||
+
|
||||
+
|
||||
if (canSignVerify) {
|
||||
CK_RSA_PKCS_PSS_PARAMS pssParams;
|
||||
- /* Determine length of signature. */
|
||||
switch (keyType) {
|
||||
case CKK_RSA:
|
||||
signature_length = modulusLen;
|
||||
- mech.mechanism = CKM_RSA_PKCS;
|
||||
+ SIGNVERIFY_CHECK_MECH(CKM_SHA224_RSA_PKCS)
|
||||
break;
|
||||
case CKK_DSA:
|
||||
signature_length = DSA_MAX_SIGNATURE_LEN;
|
||||
pairwise_digest_length = subPrimeLen;
|
||||
- mech.mechanism = CKM_DSA;
|
||||
+ SIGNVERIFY_CHECK_MECH(CKM_DSA_SHA224)
|
||||
break;
|
||||
case CKK_EC:
|
||||
signature_length = MAX_ECKEY_LEN * 2;
|
||||
- mech.mechanism = CKM_ECDSA;
|
||||
+ SIGNVERIFY_CHECK_MECH(CKM_ECDSA_SHA224)
|
||||
break;
|
||||
case CKK_EC_EDWARDS:
|
||||
signature_length = ED25519_SIGN_LEN;
|
||||
- mech.mechanism = CKM_EDDSA;
|
||||
+ SIGNVERIFY_CHECK_MECH(CKM_EDDSA)
|
||||
break;
|
||||
default:
|
||||
return CKR_DEVICE_ERROR;
|
||||
}
|
||||
|
||||
- /* Allocate space for signature data. */
|
||||
- signature = (unsigned char *)PORT_ZAlloc(signature_length);
|
||||
- if (signature == NULL) {
|
||||
- return CKR_HOST_MEMORY;
|
||||
- }
|
||||
-
|
||||
- /* Sign the known hash using the private key. */
|
||||
- crv = NSC_SignInit(hSession, &mech, privateKey->handle);
|
||||
- if (crv != CKR_OK) {
|
||||
- PORT_Free(signature);
|
||||
- return crv;
|
||||
- }
|
||||
-
|
||||
- crv = NSC_Sign(hSession,
|
||||
- known_digest,
|
||||
- pairwise_digest_length,
|
||||
- signature,
|
||||
- &signature_length);
|
||||
- if (crv != CKR_OK) {
|
||||
- PORT_Free(signature);
|
||||
- return crv;
|
||||
- }
|
||||
-
|
||||
- /* detect trivial signing transforms */
|
||||
- if ((signature_length >= pairwise_digest_length) &&
|
||||
- (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
|
||||
- PORT_Free(signature);
|
||||
- return CKR_GENERAL_ERROR;
|
||||
- }
|
||||
-
|
||||
- /* Verify the known hash using the public key. */
|
||||
- crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
|
||||
- if (crv != CKR_OK) {
|
||||
- PORT_Free(signature);
|
||||
- return crv;
|
||||
- }
|
||||
-
|
||||
- crv = NSC_Verify(hSession,
|
||||
- known_digest,
|
||||
- pairwise_digest_length,
|
||||
- signature,
|
||||
- signature_length);
|
||||
-
|
||||
- /* Free signature data. */
|
||||
- PORT_Free(signature);
|
||||
-
|
||||
- if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
|
||||
- (crv == CKR_SIGNATURE_INVALID)) {
|
||||
- return CKR_GENERAL_ERROR;
|
||||
- }
|
||||
if (crv != CKR_OK) {
|
||||
return crv;
|
||||
}
|
||||
Index: nss/lib/softoken/softoken.h
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/softoken.h
|
||||
|
||||
@@ -21,7 +21,7 @@ Index: nss/cmd/shlibsign/shlibsign.c
|
||||
===================================================================
|
||||
--- nss.orig/cmd/shlibsign/shlibsign.c
|
||||
+++ nss/cmd/shlibsign/shlibsign.c
|
||||
@@ -818,10 +818,12 @@ shlibSignDSA(CK_FUNCTION_LIST_PTR pFunct
|
||||
@@ -869,10 +869,12 @@ shlibSignDSA(CK_FUNCTION_LIST_PTR pFunct
|
||||
return crv;
|
||||
}
|
||||
|
||||
@@ -63,9 +63,9 @@ Index: nss/lib/freebl/blapi.h
|
||||
|
||||
/*********************************************************************/
|
||||
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
|
||||
@@ -1947,6 +1947,9 @@ extern SECStatus X25519_DerivePublicKey(
|
||||
/* Public key derivation is supported only for the curves supporting pt_mul method. */
|
||||
extern SECStatus EC_DerivePublicKey(const SECItem *privateKey, const ECParams *ecParams, SECItem *publicKey);
|
||||
@@ -1969,6 +1969,9 @@ SECStatus MLDSA_VerifyFinal(MLDSAContext
|
||||
*/
|
||||
SECStatus EC_DecompressPublicKey(const SECItem *publicCompressed, const ECParams *params, SECItem *publicUncompressed);
|
||||
|
||||
+/* Unconditionally run the integrity check. */
|
||||
+extern void BL_FIPSRepeatIntegrityCheck(void);
|
||||
@@ -910,7 +910,7 @@ Index: nss/lib/freebl/loader.h
|
||||
|
||||
/* Version 3.013 came to here */
|
||||
|
||||
@@ -933,6 +933,9 @@ struct FREEBLVectorStr {
|
||||
@@ -945,6 +945,9 @@ struct FREEBLVectorStr {
|
||||
|
||||
/* Add new function pointers at the end of this struct and bump
|
||||
* FREEBL_VERSION at the beginning of this file. */
|
||||
@@ -932,7 +932,7 @@ Index: nss/lib/freebl/manifest.mn
|
||||
$(NULL)
|
||||
|
||||
MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
|
||||
@@ -194,6 +195,7 @@ ALL_HDRS = \
|
||||
@@ -195,6 +196,7 @@ ALL_HDRS = \
|
||||
shsign.h \
|
||||
vis_proto.h \
|
||||
seed.h \
|
||||
@@ -1530,11 +1530,10 @@ Index: nss/lib/freebl/ldvector.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/ldvector.c
|
||||
+++ nss/lib/freebl/ldvector.c
|
||||
@@ -449,6 +449,9 @@ static const struct FREEBLVectorStr vect
|
||||
@@ -462,6 +462,8 @@ static const struct FREEBLVectorStr vect
|
||||
EC_DecompressPublicKey,
|
||||
/* End of version 3.032 */
|
||||
|
||||
EC_DerivePublicKey,
|
||||
/* End of version 3.030 */
|
||||
+
|
||||
+ /* SUSE patch: Goes last */
|
||||
+ BL_FIPSRepeatIntegrityCheck
|
||||
};
|
||||
|
||||
@@ -14,18 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -5009,8 +5009,8 @@ loser:
|
||||
return crv;
|
||||
}
|
||||
|
||||
-#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
|
||||
-#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
|
||||
+#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
|
||||
+#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
|
||||
|
||||
/*
|
||||
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
|
||||
@@ -6077,6 +6077,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
@@ -6165,6 +6165,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
|
||||
(PRUint32)crv);
|
||||
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
|
||||
}
|
||||
|
||||
@@ -5,9 +5,9 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/softoken/pkcs11c.c
|
||||
+++ nss/lib/softoken/pkcs11c.c
|
||||
@@ -5132,6 +5132,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
|
||||
return crv;
|
||||
}
|
||||
@@ -5093,6 +5093,88 @@ loser:
|
||||
|
||||
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
|
||||
|
||||
+/* This function regenerates a public key from a private key
|
||||
+ * (not simply returning the saved public key) and compares it
|
||||
@@ -92,9 +92,9 @@ Index: nss/lib/softoken/pkcs11c.c
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
|
||||
* FIPS 140-3 pairwise consistency check utilized to validate key pair.
|
||||
*
|
||||
@@ -5484,6 +5566,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
@@ -5550,6 +5632,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -92,7 +92,7 @@ Index: nss/lib/freebl/rsa.c
|
||||
if (err != MP_OKAY) {
|
||||
if (err == MP_UNDEF) {
|
||||
PORT_SetError(SEC_ERROR_NEED_RANDOM);
|
||||
@@ -288,10 +303,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
@@ -297,10 +312,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
mp_int q = { 0, 0, 0, NULL };
|
||||
mp_int e = { 0, 0, 0, NULL };
|
||||
mp_int d = { 0, 0, 0, NULL };
|
||||
@@ -106,7 +106,7 @@ Index: nss/lib/freebl/rsa.c
|
||||
int prerr = 0;
|
||||
RSAPrivateKey *key = NULL;
|
||||
PLArenaPool *arena = NULL;
|
||||
@@ -309,11 +326,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
@@ -318,11 +335,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
PORT_SetError(SEC_ERROR_INVALID_ARGS);
|
||||
goto cleanup;
|
||||
}
|
||||
@@ -151,7 +151,7 @@ Index: nss/lib/freebl/rsa.c
|
||||
}
|
||||
#endif
|
||||
|
||||
@@ -331,12 +377,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
@@ -340,12 +386,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
key->arena = arena;
|
||||
/* length of primes p and q (in bytes) */
|
||||
primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
|
||||
@@ -165,7 +165,7 @@ Index: nss/lib/freebl/rsa.c
|
||||
/* 3. Set the version number (PKCS1 v1.5 says it should be zero) */
|
||||
SECITEM_AllocItem(arena, &key->version, 1);
|
||||
key->version.data[0] = 0;
|
||||
@@ -347,13 +388,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
@@ -356,13 +397,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
|
||||
PORT_SetError(0);
|
||||
CHECK_SEC_OK(generate_prime(&p, primeLen));
|
||||
CHECK_SEC_OK(generate_prime(&q, primeLen));
|
||||
@@ -231,7 +231,7 @@ Index: nss/lib/freebl/rsa.c
|
||||
/* Attempt to use these primes to generate a key */
|
||||
rv = rsa_build_from_primes(&p, &q,
|
||||
&e, PR_FALSE, /* needPublicExponent=false */
|
||||
@@ -376,7 +468,9 @@ cleanup:
|
||||
@@ -385,7 +477,9 @@ cleanup:
|
||||
mp_clear(&q);
|
||||
mp_clear(&e);
|
||||
mp_clear(&d);
|
||||
|
||||
@@ -92,7 +92,7 @@ Index: nss/lib/freebl/dh.c
|
||||
===================================================================
|
||||
--- nss.orig/lib/freebl/dh.c
|
||||
+++ nss/lib/freebl/dh.c
|
||||
@@ -192,6 +192,10 @@ cleanup:
|
||||
@@ -194,6 +194,10 @@ cleanup:
|
||||
rv = SECFailure;
|
||||
}
|
||||
if (rv) {
|
||||
|
||||
Reference in New Issue
Block a user