Accepting request 1300982 from mozilla:Factory

OBS-URL: https://build.opensuse.org/request/show/1300982
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=232

mozilla-nss.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mozilla-nss
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
 # Copyright (c) 2006-2025 Wolfgang Rosenauer
 #
 # All modifications and additions to the file contributed by third parties
@@ -17,14 +17,15 @@
 #
 
 
-%global nss_softokn_fips_version 3.112
+%global nss_softokn_fips_version 3.115
 %define NSPR_min_version 4.36
 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
 %define nssdbdir %{_sysconfdir}/pki/nssdb
+%global crypto_policies_version 20210218
 Name:           mozilla-nss
-Version:        3.112
+Version:        3.115.1
 Release:        0
-%define underscore_version 3_112
+%define underscore_version 3_115_1
 Summary:        Network Security Services
 License:        MPL-2.0
 Group:          System/Libraries
@@ -284,6 +285,13 @@ export NSS_ENABLE_FIPS_INDICATORS=1
 export NSS_FIPS_MODULE_ID="\"SUSE Linux Enterprise NSS %{version}-%{release}\""
 #export SQLITE_LIB_NAME=nsssqlite3
 export MAKE_FLAGS="BUILD_OPT=1"
+%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
+# Set the policy file location
+# if set NSS will always check for the policy file and load if it exists
+#export POLICY_FILE="nss.config"
+# location of the policy file
+#export POLICY_PATH="/etc/crypto-policies/back-ends"
+%endif
 EOF
 
 source ../obsenv.sh
@@ -305,12 +313,30 @@ export HOST="localhost"
 export DOMSUF="localdomain"
 export USE_IP=TRUE
 export IP_ADDRESS="127.0.0.1"
+%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
+# This is necessary because the test suite tests algorithms that are
+# disabled by the system policy.
+export NSS_IGNORE_SYSTEM_POLICY=1
+%endif
 EOF
 source ../obsenv.sh
 source ../obstestenv.sh
 cd tests
 ./all.sh
-if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
+# This file can live at different places when built in OBS or using "osc build":
+if [ -s ../../../tests_results/security/localhost.1/output.log ]; then
+  output_log=../../../tests_results/security/localhost.1/output.log
+elif [ -s ../../tests_results/security/localhost.1/output.log ]; then
+  output_log=../../tests_results/security/localhost.1/output.log
+elif [ -s ../tests_results/security/localhost.1/output.log ]; then
+  output_log=../tests_results/security/localhost.1/output.log
+elif [ -s ../security/localhost.1/output.log ]; then
+  output_log=../security/localhost.1/output.log
+else
+  echo "Cannot find tests_results output.log - Assuming testsuite failed"
+  exit 1
+fi
+if grep "FAILED" $output_log ; then
   echo "Testsuite FAILED"
   exit 1
 fi
@@ -469,6 +495,11 @@ fi
 
 %postun sysinit -p /sbin/ldconfig
 
+%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
+%posttrans
+update-crypto-policies &> /dev/null || :
+%endif
+
 %files
 %{_libdir}/libnss3.so
 %{_libdir}/libnssutil3.so

nss-3.115.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b8189c030b528e57dc5290023c07eea429ce242912a51a0388c184c75a257bcf
+size 76656855

nss-allow-slow-tests.patch

@@ -2,7 +2,7 @@ Index: nss/tests/sdr/sdr.sh
 ===================================================================
 --- nss.orig/tests/sdr/sdr.sh
 +++ nss/tests/sdr/sdr.sh
-@@ -146,7 +146,8 @@ sdr_main()
+@@ -162,7 +162,8 @@ sdr_main()
    RARRAY=($dtime)
    TIMEARRAY=(${RARRAY[1]//./ })
    echo "${TIMEARRAY[0]} seconds"

nss-fips-180-3-csp-clearing.patch

@@ -16,7 +16,7 @@ Index: nss/lib/softoken/sftkdb.c
 ===================================================================
 --- nss.orig/lib/softoken/sftkdb.c
 +++ nss/lib/softoken/sftkdb.c
-@@ -1538,7 +1538,7 @@ loser:
+@@ -1565,7 +1565,7 @@ loser:
          PORT_ZFree(data, dataSize);
      }
      if (arena) {
@@ -29,7 +29,7 @@ Index: nss/lib/softoken/sftkpwd.c
 ===================================================================
 --- nss.orig/lib/softoken/sftkpwd.c
 +++ nss/lib/softoken/sftkpwd.c
-@@ -1459,7 +1459,7 @@ loser:
+@@ -1465,7 +1465,7 @@ loser:
          PORT_ZFree(newKey.data, newKey.len);
      }
      if (result) {

nss-fips-approved-crypto-non-ec.patch

@@ -87,7 +87,7 @@ Index: nss/lib/freebl/arcfour.c
  
  /* Architecture-dependent defines */
  
-@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un
+@@ -161,7 +162,9 @@ RC4_InitContext(RC4Context *cx, const un
  RC4Context *
  RC4_CreateContext(const unsigned char *key, int len)
  {
@@ -368,27 +368,27 @@ Index: nss/lib/softoken/pkcs11c.c
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11c.c
 +++ nss/lib/softoken/pkcs11c.c
-@@ -539,7 +539,7 @@ sftk_InitGeneric(SFTKSession *session, C
+@@ -541,7 +541,7 @@ sftk_InitGeneric(SFTKSession *session, C
-     context->blockSize = 0;
      context->maxLen = 0;
+     context->signature = NULL;
      context->isFIPS = sftk_operationIsFIPS(session->slot, pMechanism,
 -                                           operation, key);
 +                                           operation, key, 0);
      *contextPtr = context;
      return CKR_OK;
  }
-@@ -4990,6 +4990,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
+@@ -5136,6 +5136,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
          goto loser;
      }
  
-+    key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM,
++    sftk_setFIPS(key, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM,
-+                                       key, key_length * PR_BITS_PER_BYTE);
++                                       key, key_length * PR_BITS_PER_BYTE));
-+    session->lastOpWasFIPS = key->isFIPS;
++    session->lastOpWasFIPS = sftk_hasFIPS(key);
 +
      /*
       * handle the base object stuff
       */
-@@ -5004,6 +5008,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
+@@ -5150,6 +5154,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
      if (crv == CKR_OK) {
          *phKey = key->handle;
      }
@@ -396,7 +396,7 @@ Index: nss/lib/softoken/pkcs11c.c
  loser:
      PORT_Memset(buf, 0, sizeof buf);
      sftk_FreeObject(key);
-@@ -5475,7 +5480,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
+@@ -5638,7 +5643,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
      CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
      int i;
      SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
@@ -405,7 +405,7 @@ Index: nss/lib/softoken/pkcs11c.c
  
      /* RSA */
      int public_modulus_bits = 0;
-@@ -6081,11 +6086,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
+@@ -6253,11 +6258,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
       * created and linked.
       */
      crv = sftk_handleObject(publicKey, session);
@@ -418,7 +418,7 @@ Index: nss/lib/softoken/pkcs11c.c
          return crv;
      }
      if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
-@@ -6129,12 +6134,20 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
+@@ -6301,12 +6306,20 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
          sftk_FreeObject(publicKey);
          NSC_DestroyObject(hSession, privateKey->handle);
          sftk_FreeObject(privateKey);
@@ -426,9 +426,9 @@ Index: nss/lib/softoken/pkcs11c.c
          return crv;
      }
 +
-+    publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0);
++    sftk_setFIPS(publicKey, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0));
-+    privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0);
++    sftk_setFIPS(privateKey, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0));
-+    session->lastOpWasFIPS = privateKey->isFIPS;
++    session->lastOpWasFIPS = sftk_hasFIPS(privateKey);
 +    
      *phPrivateKey = privateKey->handle;
      *phPublicKey = publicKey->handle;
@@ -439,7 +439,7 @@ Index: nss/lib/softoken/pkcs11c.c
  
      return CKR_OK;
  }
-@@ -7326,6 +7339,14 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
+@@ -7529,6 +7542,14 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
          return CKR_TEMPLATE_INCONSISTENT;
      }
  
@@ -454,17 +454,16 @@ Index: nss/lib/softoken/pkcs11c.c
      /* sourceKey is NULL if we are called from the POST, skip the
       * sensitiveCheck */
      if (sourceKey != NULL) {
-@@ -7374,7 +7395,8 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
+@@ -7578,7 +7599,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
-                     mech.pParameter = params;
                      mech.ulParameterLen = sizeof(*params);
-                     key->isFIPS = sftk_operationIsFIPS(saltKey->slot, &mech,
+                     sftk_setFIPS(key, sftk_operationIsFIPS(saltKey->slot,
--                                                       CKA_DERIVE, saltKey);
+                                                            &mech, CKA_DERIVE,
-+                                                       CKA_DERIVE, saltKey,
+-                                                           saltKey));
-+                                                       keySize*PR_BITS_PER_BYTE);
++                                                           saltKey, keySize*PR_BITS_PER_BYTE));
                  }
                  saltKey_att = sftk_FindAttribute(saltKey, CKA_VALUE);
                  if (saltKey_att == NULL) {
-@@ -7416,7 +7438,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
+@@ -7620,7 +7641,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
      /* HKDF-Expand */
      if (!params->bExpand) {
          okm = prk;
@@ -473,17 +472,17 @@ Index: nss/lib/softoken/pkcs11c.c
      } else {
          /* T(1) = HMAC-Hash(prk, "" | info | 0x01)
           * T(n) = HMAC-Hash(prk, T(n-1) | info | n
-@@ -7640,7 +7662,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
+@@ -7845,7 +7866,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
-             return CKR_KEY_HANDLE_INVALID;
          }
      }
--    key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey);
+     sftk_setFIPS(key, sftk_operationIsFIPS(slot, pMechanism,
-+    key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey,
+-                                           CKA_DERIVE, sourceKey));
-+                                       keySize*PR_BITS_PER_BYTE);
++                                           CKA_DERIVE, sourceKey,
++                                           keySize*PR_BITS_PER_BYTE));
  
      switch (mechanism) {
          /* get a public key from a private key. nsslowkey_ConvertToPublickey()
-@@ -7841,7 +7864,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
+@@ -8050,7 +8072,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
              } else {
                  /* now allocate the hash contexts */
                  md5 = MD5_NewContext();
@@ -492,11 +491,11 @@ Index: nss/lib/softoken/pkcs11c.c
                      PORT_Memset(crsrdata, 0, sizeof crsrdata);
                      crv = CKR_HOST_MEMORY;
                      break;
-@@ -8230,6 +8253,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
+@@ -8439,6 +8461,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
                  PORT_Assert(i <= sizeof key_block);
              }
  
-+            session->lastOpWasFIPS = key->isFIPS;
++            session->lastOpWasFIPS = sftk_hasFIPS(key);
              crv = CKR_OK;
  
              if (0) {
@@ -726,12 +725,9 @@ Index: nss/lib/softoken/fips_algorithms.h
      /* ------------------------- Hashing Operations ----------------------- */
      { CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
      { CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
-@@ -139,44 +190,86 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
+@@ -141,46 +192,88 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
-     { CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
-     { CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
      /* --------------------- Secret Key Operations ------------------------ */
--    { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
+     { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
-+    { CKM_GENERIC_SECRET_KEY_GEN, { 112, 512, CKF_GEN }, 1, SFTKFIPSNone },
      /* ---------------------- SSL/TLS operations ------------------------- */
 +#if 0
 +    /* Non-approved: SP 800-1400 - bsc#1222833 */
@@ -805,6 +801,10 @@ Index: nss/lib/softoken/fips_algorithms.h
 +    { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
 +      offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
      /* --------------------IPSEC ----------------------- */
+     { CKM_IKE2_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
+     { CKM_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
+     { CKM_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
+     { CKM_IKE1_EXTENDED_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
 -    { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
 -    { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
 -    { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
@@ -834,7 +834,7 @@ Index: nss/lib/softoken/pkcs11u.c
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11u.c
 +++ nss/lib/softoken/pkcs11u.c
-@@ -2251,6 +2251,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
+@@ -2315,6 +2315,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
          case CKA_NSS_MESSAGE | CKA_VERIFY:
              flags = CKF_MESSAGE_VERIFY;
              break;
@@ -847,7 +847,7 @@ Index: nss/lib/softoken/pkcs11u.c
          default:
              break;
      }
-@@ -2327,7 +2333,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou
+@@ -2391,7 +2397,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou
  static int
  sftk_getKeyLength(SFTKObject *source)
  {
@@ -856,7 +856,7 @@ Index: nss/lib/softoken/pkcs11u.c
      CK_ATTRIBUTE_TYPE keyAttribute;
      CK_ULONG keyLength = 0;
      SFTKAttribute *attribute;
-@@ -2347,7 +2353,7 @@ sftk_getKeyLength(SFTKObject *source)
+@@ -2411,7 +2417,7 @@ sftk_getKeyLength(SFTKObject *source)
           * key length is CKA_VALUE, which is the default */
          keyType = CKK_INVALID_KEY_TYPE;
      }
@@ -865,7 +865,7 @@ Index: nss/lib/softoken/pkcs11u.c
          SECOidTag curve = sftk_quickGetECCCurveOid(source);
          switch (curve) {
              case SEC_OID_CURVE25519:
-@@ -2389,14 +2395,55 @@ sftk_getKeyLength(SFTKObject *source)
+@@ -2453,14 +2459,55 @@ sftk_getKeyLength(SFTKObject *source)
      return keyLength;
  }
  
@@ -922,7 +922,7 @@ Index: nss/lib/softoken/pkcs11u.c
      switch (mechInfo->special) {
          case SFTKFIPSDH: {
              SECItem dhPrime;
-@@ -2425,10 +2472,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
+@@ -2489,10 +2536,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
          }
          case SFTKFIPSNone:
              return PR_FALSE;
@@ -951,7 +951,7 @@ Index: nss/lib/softoken/pkcs11u.c
          case SFTKFIPSAEAD: {
              if (mech->ulParameterLen == 0) {
                  /* AEAD ciphers are only in FIPS mode if we are using the
-@@ -2456,11 +2520,44 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
+@@ -2520,11 +2584,44 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
              if (hashObj == NULL) {
                  return PR_FALSE;
              }
@@ -996,7 +996,7 @@ Index: nss/lib/softoken/pkcs11u.c
          default:
              break;
      }
-@@ -2471,7 +2568,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
+@@ -2535,7 +2632,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
  
  PRBool
  sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, CK_ATTRIBUTE_TYPE op,
@@ -1005,23 +1005,21 @@ Index: nss/lib/softoken/pkcs11u.c
  {
  #ifndef NSS_HAS_FIPS_INDICATORS
      return PR_FALSE;
-@@ -2484,18 +2581,35 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
+@@ -2548,9 +2645,6 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
      if (!sftk_isFIPS(slot->slotID)) {
          return PR_FALSE;
      }
--    if (source && !source->isFIPS) {
+-    if (source && !sftk_hasFIPS(source)) {
 -        return PR_FALSE;
 -    }
      if (mech == NULL) {
          return PR_FALSE;
      }
--
+@@ -2560,6 +2654,27 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
-     /* now get the calculated values */
-     opFlags = sftk_AttributeToFlags(op);
      if (opFlags == 0) {
          return PR_FALSE;
      }
-+    if (source && !source->isFIPS
++    if (source && !sftk_hasFIPS(source)
 +        && !((mech->mechanism == CKM_DSA_SHA224
 +              || mech->mechanism == CKM_DSA_SHA256
 +              || mech->mechanism == CKM_DSA_SHA384
@@ -1045,7 +1043,7 @@ Index: nss/lib/softoken/pkcs11u.c
      keyLength = sftk_getKeyLength(source);
  
      /* check against our algorithm array */
-@@ -2503,13 +2617,15 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
+@@ -2567,13 +2682,15 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
          SFTKFIPSAlgorithmList *mechs = &sftk_fips_mechs[i];
          /* if we match the number of records exactly, then we are an
           * approved algorithm in the approved mode with an approved key */
@@ -1071,7 +1069,7 @@ Index: nss/lib/util/pkcs11t.h
 ===================================================================
 --- nss.orig/lib/util/pkcs11t.h
 +++ nss/lib/util/pkcs11t.h
-@@ -576,6 +576,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
+@@ -617,6 +617,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
  
  /* CKA_KEY_GEN_MECHANISM is new for v2.11 */
  #define CKA_KEY_GEN_MECHANISM 0x00000166UL
@@ -1083,7 +1081,7 @@ Index: nss/lib/softoken/pkcs11.c
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11.c
 +++ nss/lib/softoken/pkcs11.c
-@@ -575,17 +575,17 @@ static const struct mechanismList mechan
+@@ -596,17 +596,17 @@ static const struct mechanismList mechan
      { CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
      { CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
      { CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
@@ -1110,13 +1108,13 @@ Index: nss/lib/softoken/pkcs11i.h
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11i.h
 +++ nss/lib/softoken/pkcs11i.h
-@@ -968,7 +968,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB
+@@ -975,7 +975,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB
  /* check the FIPS table to determine if this current operation is allowed by
   * FIPS security policy */
  PRBool sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech,
 -                            CK_ATTRIBUTE_TYPE op, SFTKObject *source);
 +                            CK_ATTRIBUTE_TYPE op, SFTKObject *source,
 +                            CK_ULONG targetKeySize);
- /* add validation objects to the slot */
+ /* manage the fips flag on objects */
- CK_RV sftk_CreateValidationObjects(SFTKSlot *slot);
+ void sftk_setFIPS(SFTKObject *obj, PRBool isFIPS);
- 
+ PRBool sftk_hasFIPS(SFTKObject *obj);

nss-fips-combined-hash-sign-dsa-ecdsa.patch

@@ -16,7 +16,7 @@ Index: nss/cmd/lib/pk11table.c
 ===================================================================
 --- nss.orig/cmd/lib/pk11table.c
 +++ nss/cmd/lib/pk11table.c
-@@ -274,6 +274,10 @@ const Constant _consts[] = {
+@@ -283,6 +283,10 @@ const Constant _consts[] = {
      mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
      mkEntry(CKM_DSA, Mechanism),
      mkEntry(CKM_DSA_SHA1, Mechanism),
@@ -27,7 +27,7 @@ Index: nss/cmd/lib/pk11table.c
      mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
      mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
      mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
-@@ -439,6 +443,10 @@ const Constant _consts[] = {
+@@ -448,6 +452,10 @@ const Constant _consts[] = {
      mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
      mkEntry(CKM_ECDSA, Mechanism),
      mkEntry(CKM_ECDSA_SHA1, Mechanism),
@@ -68,7 +68,7 @@ Index: nss/lib/softoken/pkcs11c.c
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11c.c
 +++ nss/lib/softoken/pkcs11c.c
-@@ -2849,6 +2849,38 @@ nsc_EDDSASignStub(void *ctx, unsigned ch
+@@ -2850,6 +2850,38 @@ nsc_EDDSASignStub(void *ctx, unsigned ch
      return rv;
  }
  
@@ -107,7 +107,7 @@ Index: nss/lib/softoken/pkcs11c.c
  /* NSC_SignInit setups up the signing operations. There are three basic
   * types of signing:
   *      (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
-@@ -3756,6 +3788,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
+@@ -3757,6 +3789,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
          info->hashOid = SEC_OID_##mmm;        \
          goto finish_rsa;
  
@@ -130,182 +130,18 @@ Index: nss/lib/softoken/pkcs11c.c
      switch (pMechanism->mechanism) {
          INIT_RSA_VFY_MECH(MD5)
          INIT_RSA_VFY_MECH(MD2)
-@@ -5018,6 +5066,73 @@ loser:
+@@ -5266,10 +5314,9 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
- #define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
+             canSignVerify = PR_FALSE;
- #define PAIRWISE_MESSAGE_LENGTH 20           /* 160-bits */
- 
-+static CK_RV
-+pairwise_signverify_mech (CK_SESSION_HANDLE hSession,
-+                          SFTKObject *publicKey, SFTKObject *privateKey,
-+                          CK_MECHANISM mech,
-+                          CK_ULONG signature_length,
-+                          CK_ULONG pairwise_digest_length)
-+{
-+    /* Variables used for Signature/Verification functions. */
-+    /* Must be at least 256 bits for DSA2 digest */
-+    unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
-+    unsigned char *signature;
-+    CK_RV crv;
-+
-+    /* Allocate space for signature data. */
-+    signature = (unsigned char *)PORT_ZAlloc(signature_length);
-+    if (signature == NULL) {
-+        return CKR_HOST_MEMORY;
-+    }
-+
-+    /* Sign the known hash using the private key. */
-+    crv = NSC_SignInit(hSession, &mech, privateKey->handle);
-+    if (crv != CKR_OK) {
-+        PORT_Free(signature);
-+        return crv;
-+    }
-+
-+    crv = NSC_Sign(hSession,
-+                   known_digest,
-+                   pairwise_digest_length,
-+                   signature,
-+                   &signature_length);
-+    if (crv != CKR_OK) {
-+        PORT_Free(signature);
-+        return crv;
-+    }
-+
-+    /* detect trivial signing transforms */
-+    if ((signature_length >= pairwise_digest_length) &&
-+        (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
-+        PORT_Free(signature);
-+        return CKR_DEVICE_ERROR;
-+    }
-+
-+    /* Verify the known hash using the public key. */
-+    crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
-+    if (crv != CKR_OK) {
-+        PORT_Free(signature);
-+        return crv;
-+    }
-+
-+    crv = NSC_Verify(hSession,
-+                     known_digest,
-+                     pairwise_digest_length,
-+                     signature,
-+                     signature_length);
-+
-+    /* Free signature data. */
-+    PORT_Free(signature);
-+
-+    if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
-+        (crv == CKR_SIGNATURE_INVALID)) {
-+        return CKR_GENERAL_ERROR;
-+    }
-+
-+    return crv;
-+}
-+
- /*
-  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
-  *
-@@ -5072,8 +5187,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
- 
-     /* Variables used for Signature/Verification functions. */
-     /* Must be at least 256 bits for DSA2 digest */
--    unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
--    unsigned char *signature;
-     CK_ULONG signature_length;
- 
-     if (keyType == CKK_RSA) {
-@@ -5227,80 +5340,37 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
          }
      }
- 
+-
-+#define SIGNVERIFY_CHECK_MECH(vfymech)                                               \
-+    mech.mechanism = vfymech;                                                        \
-+    crv = pairwise_signverify_mech (hSession, publicKey, privateKey,                 \
-+                                    mech, signature_length, pairwise_digest_length); \
-+    if (crv != CKR_OK)                                                               \
-+        return crv;
 +    
-+
      if (canSignVerify) {
+         CK_RSA_PKCS_PSS_PARAMS pssParams;
 -        /* Determine length of signature. */
          switch (keyType) {
              case CKK_RSA:
                  signature_length = modulusLen;
--                mech.mechanism = CKM_RSA_PKCS;
-+                SIGNVERIFY_CHECK_MECH(CKM_SHA224_RSA_PKCS)
-                 break;
-             case CKK_DSA:
-                 signature_length = DSA_MAX_SIGNATURE_LEN;
-                 pairwise_digest_length = subPrimeLen;
--                mech.mechanism = CKM_DSA;
-+                SIGNVERIFY_CHECK_MECH(CKM_DSA_SHA224)
-                 break;
-             case CKK_EC:
-                 signature_length = MAX_ECKEY_LEN * 2;
--                mech.mechanism = CKM_ECDSA;
-+                SIGNVERIFY_CHECK_MECH(CKM_ECDSA_SHA224)
-                 break;
-             case CKK_EC_EDWARDS:
-                 signature_length = ED25519_SIGN_LEN;
--                mech.mechanism = CKM_EDDSA;
-+                SIGNVERIFY_CHECK_MECH(CKM_EDDSA)
-                 break;
-             default:
-                 return CKR_DEVICE_ERROR;
-         }
- 
--        /* Allocate space for signature data. */
--        signature = (unsigned char *)PORT_ZAlloc(signature_length);
--        if (signature == NULL) {
--            return CKR_HOST_MEMORY;
--        }
--
--        /* Sign the known hash using the private key. */
--        crv = NSC_SignInit(hSession, &mech, privateKey->handle);
--        if (crv != CKR_OK) {
--            PORT_Free(signature);
--            return crv;
--        }
--
--        crv = NSC_Sign(hSession,
--                       known_digest,
--                       pairwise_digest_length,
--                       signature,
--                       &signature_length);
--        if (crv != CKR_OK) {
--            PORT_Free(signature);
--            return crv;
--        }
--
--        /* detect trivial signing transforms */
--        if ((signature_length >= pairwise_digest_length) &&
--            (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
--            PORT_Free(signature);
--            return CKR_GENERAL_ERROR;
--        }
--
--        /* Verify the known hash using the public key. */
--        crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
--        if (crv != CKR_OK) {
--            PORT_Free(signature);
--            return crv;
--        }
--
--        crv = NSC_Verify(hSession,
--                         known_digest,
--                         pairwise_digest_length,
--                         signature,
--                         signature_length);
--
--        /* Free signature data. */
--        PORT_Free(signature);
--
--        if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
--            (crv == CKR_SIGNATURE_INVALID)) {
--            return CKR_GENERAL_ERROR;
--        }
-         if (crv != CKR_OK) {
-             return crv;
-         }
 Index: nss/lib/softoken/softoken.h
 ===================================================================
 --- nss.orig/lib/softoken/softoken.h

nss-fips-pairwise-consistency-check.patch

@@ -14,18 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11c.c
 +++ nss/lib/softoken/pkcs11c.c
-@@ -5009,8 +5009,8 @@ loser:
+@@ -6165,6 +6165,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
-     return crv;
- }
- 
--#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
--#define PAIRWISE_MESSAGE_LENGTH 20         /* 160-bits */
-+#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
-+#define PAIRWISE_MESSAGE_LENGTH 20           /* 160-bits */
- 
- /*
-  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
-@@ -6077,6 +6077,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
                              (PRUint32)crv);
                  sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
              }

nss-fips-pct-pubkeys.patch

@@ -5,9 +5,9 @@ Index: nss/lib/softoken/pkcs11c.c
 ===================================================================
 --- nss.orig/lib/softoken/pkcs11c.c
 +++ nss/lib/softoken/pkcs11c.c
-@@ -5132,6 +5132,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
+@@ -5093,6 +5093,88 @@ loser:
-     return crv;
+ 
- }
+ #define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
  
 +/* This function regenerates a public key from a private key 
 + * (not simply returning the saved public key) and compares it
@@ -92,9 +92,9 @@ Index: nss/lib/softoken/pkcs11c.c
 +}
 +
  /*
-  * FIPS 140-2 pairwise consistency check utilized to validate key pair.
+  * FIPS 140-3 pairwise consistency check utilized to validate key pair.
   *
-@@ -5484,6 +5566,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
+@@ -5550,6 +5632,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
          }
      }
  

nss-fips-rsa-keygen-strictness.patch

@@ -92,7 +92,7 @@ Index: nss/lib/freebl/rsa.c
      if (err != MP_OKAY) {
          if (err == MP_UNDEF) {
              PORT_SetError(SEC_ERROR_NEED_RANDOM);
-@@ -288,10 +303,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
+@@ -297,10 +312,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
      mp_int q = { 0, 0, 0, NULL };
      mp_int e = { 0, 0, 0, NULL };
      mp_int d = { 0, 0, 0, NULL };
@@ -106,7 +106,7 @@ Index: nss/lib/freebl/rsa.c
      int prerr = 0;
      RSAPrivateKey *key = NULL;
      PLArenaPool *arena = NULL;
-@@ -309,11 +326,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
+@@ -318,11 +335,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
          PORT_SetError(SEC_ERROR_INVALID_ARGS);
          goto cleanup;
      }
@@ -151,7 +151,7 @@ Index: nss/lib/freebl/rsa.c
      }
  #endif
  
-@@ -331,12 +377,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
+@@ -340,12 +386,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
      key->arena = arena;
      /* length of primes p and q (in bytes) */
      primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
@@ -165,7 +165,7 @@ Index: nss/lib/freebl/rsa.c
      /* 3.  Set the version number (PKCS1 v1.5 says it should be zero) */
      SECITEM_AllocItem(arena, &key->version, 1);
      key->version.data[0] = 0;
-@@ -347,13 +388,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
+@@ -356,13 +397,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
          PORT_SetError(0);
          CHECK_SEC_OK(generate_prime(&p, primeLen));
          CHECK_SEC_OK(generate_prime(&q, primeLen));
@@ -231,7 +231,7 @@ Index: nss/lib/freebl/rsa.c
          /* Attempt to use these primes to generate a key */
          rv = rsa_build_from_primes(&p, &q,
                                     &e, PR_FALSE, /* needPublicExponent=false */
-@@ -376,7 +468,9 @@ cleanup:
+@@ -385,7 +477,9 @@ cleanup:
      mp_clear(&q);
      mp_clear(&e);
      mp_clear(&d);

nss-fips-zeroization.patch

@@ -92,7 +92,7 @@ Index: nss/lib/freebl/dh.c
 ===================================================================
 --- nss.orig/lib/freebl/dh.c
 +++ nss/lib/freebl/dh.c
-@@ -192,6 +192,10 @@ cleanup:
+@@ -194,6 +194,10 @@ cleanup:
          rv = SECFailure;
      }
      if (rv) {