pool/mozilla-nss
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2
..
compare: pool:factory
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2

9 Commits
slfo-main ... factory

Author SHA256 Message Date
Ana Guerrero
2c2283cb51 Accepting request 1327069 from mozilla:Factory 
- update to NSS 3.119.1
  * bmo#2004866 - restore coreconf/Darwin.mk behavior for intel archs
- update to NSS 3.119
  * bmo#1983320 - Fix ml-dsa return value for  SECKEY_PrivateKeyStrengthInBits.
  * bmo#1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted.
  * bmo#2002246 - Add a pkcs12 fuzzer with crypto stubbed out.
  * bmo#2003314 - handle errors while setting sanitizers cflags in build.
  * bmo#1986912 - Ignore IVs for AES KW.
  * bmo#2003286 - Update Cryptofuzz version.
  * bmo#2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled.
  * bmo#1975855 - fix forwarding of sqlite_libs in sqlite.gyp.
  * bmo#1999204 - fix CPU_ARCH setting for arm64 makefile builds.
  * bmo#1998094 - remove unused calcThreads variable from cmd/rsaperf.
  * bmo#1978348 - Solving the incorrect tests introduced by extending EKU.
  * bmo#1972054 - Memory leaks in pkcs12 and pkcs7 decoders.
  * bmo#1978348 - Extending parsing with Microsoft Document Signing EKU.
  * bmo#1978348 - Extending parsing with Adobe Document Signing EKU.
  * bmo#1978348 - Extending pkix parsing with document signing EKUs.
  * bmo#2000737 - fix compilation failure on ia32.
  * bmo#2000737 - use hardware x64 GCM in static builds.
  * bmo#2000737 - separate ppc sha512 library from ppc gcm library.
  * bmo#2000737 - simplify cross-compilation from build.sh.
  * bmo#1724353 - use clang's integrated assembler.
  * bmo#2000737 - remove unused MP_IS_LITTLE_ENDIAN defines.
  * bmo#2000737 - fix logic for disabling altivec in gyp builds.
  * bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  * bmo#1972825 - Add TLS interoperability tests with openssl and gnutls.
  * bmo#1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest.
  * bmo#1965329 - add failure checks to pk11_mergeTrust() .
  * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*.

OBS-URL: https://build.opensuse.org/request/show/1327069
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=235
 2026-01-14 15:20:26 +00:00
Wolfgang Rosenauer
60df1580df - update to NSS 3.119.1 
* bmo#2004866 - restore coreconf/Darwin.mk behavior for intel archs
- update to NSS 3.119
  * bmo#1983320 - Fix ml-dsa return value for  SECKEY_PrivateKeyStrengthInBits.
  * bmo#1986352 - Make sure we don't accept ECH if the HRR cookie is ill-formatted.
  * bmo#2002246 - Add a pkcs12 fuzzer with crypto stubbed out.
  * bmo#2003314 - handle errors while setting sanitizers cflags in build.
  * bmo#1986912 - Ignore IVs for AES KW.
  * bmo#2003286 - Update Cryptofuzz version.
  * bmo#2001932 - Fix incorrect logic for SNI selection when ECH is available but disabled.
  * bmo#1975855 - fix forwarding of sqlite_libs in sqlite.gyp.
  * bmo#1999204 - fix CPU_ARCH setting for arm64 makefile builds.
  * bmo#1998094 - remove unused calcThreads variable from cmd/rsaperf.
  * bmo#1978348 - Solving the incorrect tests introduced by extending EKU.
  * bmo#1972054 - Memory leaks in pkcs12 and pkcs7 decoders.
  * bmo#1978348 - Extending parsing with Microsoft Document Signing EKU.
  * bmo#1978348 - Extending parsing with Adobe Document Signing EKU.
  * bmo#1978348 - Extending pkix parsing with document signing EKUs.
  * bmo#2000737 - fix compilation failure on ia32.
  * bmo#2000737 - use hardware x64 GCM in static builds.
  * bmo#2000737 - separate ppc sha512 library from ppc gcm library.
  * bmo#2000737 - simplify cross-compilation from build.sh.
  * bmo#1724353 - use clang's integrated assembler.
  * bmo#2000737 - remove unused MP_IS_LITTLE_ENDIAN defines.
  * bmo#2000737 - fix logic for disabling altivec in gyp builds.
  * bmo#1964722 - free digest objects in SEC_PKCS7DecoderFinish if they haven't already been freed.
  * bmo#1972825 - Add TLS interoperability tests with openssl and gnutls.
  * bmo#1314849 - Ensure we don't send a DTLS1.3 cookie after DTLS1.2 HelloVerifyRequest.
  * bmo#1965329 - add failure checks to pk11_mergeTrust() .
  * bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=489
 2026-01-13 17:32:08 +00:00
Ana Guerrero
71bf0d2695 Accepting request 1320938 from mozilla:Factory 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/1320938
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=234
 2025-12-04 10:21:51 +00:00
Wolfgang Rosenauer
d2a4d4090e - update to NSS 3.118.1 
* bmo#1999517 - pk11wrap selects incorrect slot for CKM_ML_KEM*
- update to NSS 3.118
  * bmo#1994866 - Remove four Commscope root certificates from NSS
  * bmo#1996036 - fix try pushes with --nspr-patch to actually apply the patch
  * bmo#1995512 - Support for NIST Curves compressed points
  * bmo#1985058 - Destroy certificate on error paths
  * bmo#1990242 - Move NSS DB password hash away from SHA-1
  * bmo#1983313 - support secp384r1mlkem1024
  * bmo#1991549 - vendor latest ML-KEM code from libcrux
  * bmo#1991549 - add mlk-kem-1024 tests
  * bmo#1996717 - use the correct directory for FStar_UInt_8_16_32_64.h in source consistency test
  * bmo#1766767 - Move scripts to python3
  * bmo#1983313 - add mlkem1024 support in freebl
  * bmo#1983313 - support secp256r1mlkem768
  * bmo#1983313 - Make mlkem768x25519 the default
  * bmo#1983320 - ML-DSA SGN and VFY interfaces
  * bmo#1988625 - Align FIPS interfaces count with array
  * bmo#1989477 - Ensure CKK_ML_KEM has derive CK_FALSE
  * bmo#1992128 - Add script for tagging an NSS release
  * bmo#1992128 - Remove the globals from nss-release-helper.py
  * bmo#1992128 - Add release helper command for generating the release index
  * bmo#1992128 - Add release helper command for generating a release note
  * bmo#1992128 - Add release helper command for freezing a branch

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=487
 2025-12-03 07:57:12 +00:00
Dominique Leuenberger
4a23ddc07a Accepting request 1311901 from mozilla:Factory 
- update to NSS 3.117
  * bmo#1992218 - fix memory leak in secasn1decode_unittest.cc
  * bmo#1988913 - Add OISTE roots
  * bmo#1976051 - Add runbook for certdata.txt changes
  * bmo#1991666 - dbtool: close databases before shutdown
  * bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
  * bmo#1956754 - don’t flush base64 when buffer is null
  * bmo#1989541 - Set use_pkcs5_pbkd2_params2_only=1 for fuzzing builds
  * bmo#1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs
  * bmo#1980465 - Fix a big-endian-problematic cast in zlib calls
  * bmo#1962321 - Revert removing out/ directory after ossfuzz build
  * bmo#1988524 - Add Cryptofuzz to OSS-Fuzz build
  * bmo#1984704 - Add PKCS#11 trust tests
  * bmo#1983308 - final disable dsa patch cert.sh
  * bmo#1983320 - ml-dsa: move tls 1.3 to use streaming signatures
  * bmo#1983320 - ml-dsa: Prep Create a FindOidTagByString function
  * bmo#1983320 - ml-dsa: softoken changes
  * bmo#1983320 - ml-dsa: der key decode
  * bmo#1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi
  * bmo#1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function

- update to NSS 3.116
  * bmo#1983308 - disable DSA in NSS script tests
  * bmo#1983308 - Disabling of some algorithms: generic cert.sh
  * bmo#1981046 - Need to update to new mechanisms
  * bmo#1983320 - Add ML-DSA public key printing support in NSS command-line utilities
  * bmo#1986802 - note embedded scts before revocation checks are performed
  * bmo#1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface
  * bmo#1983320 - Add support for ML-DSA key type and public key structure
  * bmo#1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag

OBS-URL: https://build.opensuse.org/request/show/1311901
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=233
 2025-10-18 12:35:27 +00:00
Wolfgang Rosenauer
0d253314ae - update to NSS 3.117 
* bmo#1992218 - fix memory leak in secasn1decode_unittest.cc
  * bmo#1988913 - Add OISTE roots
  * bmo#1976051 - Add runbook for certdata.txt changes
  * bmo#1991666 - dbtool: close databases before shutdown
  * bmo#1988046 - SEC_ASN1Decode* should ensure it has read as many bytes as each length field indicates
  * bmo#1956754 - don’t flush base64 when buffer is null
  * bmo#1989541 - Set use_pkcs5_pbkd2_params2_only=1 for fuzzing builds
  * bmo#1989480 - mozilla::pkix: recognize the qcStatements extension for QWACs
  * bmo#1980465 - Fix a big-endian-problematic cast in zlib calls
  * bmo#1962321 - Revert removing out/ directory after ossfuzz build
  * bmo#1988524 - Add Cryptofuzz to OSS-Fuzz build
  * bmo#1984704 - Add PKCS#11 trust tests
  * bmo#1983308 - final disable dsa patch cert.sh
  * bmo#1983320 - ml-dsa: move tls 1.3 to use streaming signatures
  * bmo#1983320 - ml-dsa: Prep Create a FindOidTagByString function
  * bmo#1983320 - ml-dsa: softoken changes
  * bmo#1983320 - ml-dsa: der key decode
  * bmo#1983320 - ml-dsa: Prep colapse the overuse of keyType outside of pk11wrap and cryptohi
  * bmo#1983320 - ml-dsa: Prep Create a CreateSignatureAlgorithmID function

- update to NSS 3.116
  * bmo#1983308 - disable DSA in NSS script tests
  * bmo#1983308 - Disabling of some algorithms: generic cert.sh
  * bmo#1981046 - Need to update to new mechanisms
  * bmo#1983320 - Add ML-DSA public key printing support in NSS command-line utilities
  * bmo#1986802 - note embedded scts before revocation checks are performed
  * bmo#1983320 - Add support for ML-DSA keys and mechanisms in PKCS#11 interface
  * bmo#1983320 - Add support for ML-DSA key type and public key structure
  * bmo#1983320 - Enable ML-DSA integration via OIDs support and SECMOD flag

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=485
 2025-10-17 06:44:13 +00:00
Ana Guerrero
0be0c3fc70 Accepting request 1300982 from mozilla:Factory 
OBS-URL: https://build.opensuse.org/request/show/1300982
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mozilla-nss?expand=0&rev=232
 2025-09-03 19:06:26 +00:00
Wolfgang Rosenauer
0aac808a02 - update to NSS 3.115.1 
* bmo#1982742 - restore support for finding certificates by decoded serial number.
  * bmo#1984165 - avoid CKR_BUFFER_TO_SMALL error in trust lookups.

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=483
 2025-08-22 13:21:35 +00:00
Wolfgang Rosenauer
ddf96ad23e - update to NSS 3.115 
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=482
 2025-08-19 05:25:35 +00:00
16 changed files with 848 additions and 1370 deletions
Expand all files Collapse all files

81
bmo1956754.patch
View File

@@ -1,81 +0,0 @@
# HG changeset patch
# User Nikolas Wipper <nwipper@mozilla.com>
# Date 1759164988 0
# Node ID 6b0a460d27cdbd71a9e6cb191571b54715538b99
# Parent 57bda5fa146eca15680b0416e340df8426ce928f
Bug 1956754 - don't flush base64 when buffer is null. r=jschanck
Differential Revision: https://phabricator.services.mozilla.com/D263261
diff --git a/gtests/util_gtest/util_b64_unittest.cc b/gtests/util_gtest/util_b64_unittest.cc
--- a/gtests/util_gtest/util_b64_unittest.cc
+++ b/gtests/util_gtest/util_b64_unittest.cc
@@ -56,16 +56,25 @@ class B64EncodeDecodeTest : public ::tes
TEST_F(B64EncodeDecodeTest, DecEncTest) { TestDecodeStr("VGhpcyBpcyBOU1Mh"); }
TEST_F(B64EncodeDecodeTest, EncDecTest) {
uint8_t data[] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09};
SECItem tmp = {siBuffer, data, sizeof(data)};
TestEncodeItem(&tmp);
}
+TEST_F(B64EncodeDecodeTest, IncompleteData) {
+ NSSBase64Decoder *context = NSSBase64Decoder_Create(
+ [](void *, const unsigned char *, PRInt32) { return 0; }, nullptr);
+ EXPECT_TRUE(!!context);
+ char data = 'A';
+ EXPECT_EQ(SECSuccess, NSSBase64Decoder_Update(context, &data, 1));
+ EXPECT_EQ(SECFailure, NSSBase64Decoder_Destroy(context, false));
+}
+
TEST_F(B64EncodeDecodeTest, FakeDecTest) { EXPECT_TRUE(TestFakeDecode(100)); }
TEST_F(B64EncodeDecodeTest, FakeEncDecTest) {
EXPECT_TRUE(TestFakeEncode(100));
}
// These takes a while ...
TEST_F(B64EncodeDecodeTest, DISABLED_LongFakeDecTest1) {
diff --git a/lib/util/nssb64d.c b/lib/util/nssb64d.c
--- a/lib/util/nssb64d.c
+++ b/lib/util/nssb64d.c
@@ -352,16 +352,19 @@ pl_base64_decode_flush(PLBase64Decoder *
/*
* If no remaining characters, or all are padding (also not well-formed
* input, but again, be tolerant), then nothing more to do. (And, that
* is considered successful.)
*/
if (data->token_size == 0 || data->token[0] == B64_PAD)
return PR_SUCCESS;
+ if (!data->output_buffer)
+ return PR_FAILURE;
+
/*
* Assume we have all the interesting input except for some expected
* padding characters. Add them and decode the resulting token.
*/
while (data->token_size < 4)
data->token[data->token_size++] = B64_PAD;
data->token_size = 0; /* so a subsequent flush call is a no-op */
@@ -394,17 +397,17 @@ pl_base64_decode_flush(PLBase64Decoder *
/*
* The maximum space needed to hold the output of the decoder given
* input data of length "size".
*/
static PRUint32
PL_Base64MaxDecodedLength(PRUint32 size)
{
- return size * 0.75;
+ return (((PRUint64)size) * 3) / 4;
}
/*
* A distinct internal creation function for the buffer version to use.
* (It does not want to specify an output_fn, and we want the normal
* Create function to require that.) If more common initialization
* of the decoding context needs to be done, it should be done *here*.
*/

104
bmo1980465.patch
View File

@@ -1,104 +0,0 @@
# HG changeset patch
# User Alexander Sosedkin <asosedkin@redhat.com>
# Date 1758314824 0
# Node ID 5cd6a78cccd3e47d5097d1266bc809bb910fa019
# Parent 08d99cad107fb6686c58b8659036b82c88d7681e
Bug 1980465 - Fix a big-endian-problematic cast in zlib calls. r=nkulatova
Differential Revision: https://phabricator.services.mozilla.com/D259453
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -2112,19 +2112,19 @@ zlibCertificateDecode(const SECItem *inp
unsigned char *output, size_t outputLen,
size_t *usedLen)
{
if (!input || !input->data || input->len == 0 || !output || outputLen == 0) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
- *usedLen = outputLen;
-
- int ret = uncompress(output, (unsigned long *)usedLen, input->data, input->len);
+ unsigned long outputLenUL = outputLen;
+ int ret = uncompress(output, &outputLenUL, input->data, input->len);
+ *usedLen = outputLenUL;
if (ret != Z_OK) {
PR_SetError(SEC_ERROR_BAD_DATA, 0);
return SECFailure;
}
return SECSuccess;
}
@@ -2134,17 +2134,19 @@ zlibCertificateEncode(const SECItem *inp
if (!input || !input->data || input->len == 0 || !output) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
unsigned long maxCompressedLen = compressBound(input->len);
SECITEM_AllocItem(NULL, output, maxCompressedLen);
- int ret = compress(output->data, (unsigned long *)&output->len, input->data, input->len);
+ unsigned long outputLenUL = output->len;
+ int ret = compress(output->data, &outputLenUL, input->data, input->len);
+ output->len = outputLenUL;
if (ret != Z_OK) {
PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
return SECFailure;
}
return SECSuccess;
}
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -1366,17 +1366,19 @@ zlibCertificateEncode(const SECItem *inp
if (!input || !input->data || input->len == 0 || !output) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
unsigned long maxCompressedLen = compressBound(input->len);
SECITEM_AllocItem(NULL, output, maxCompressedLen);
- int ret = compress(output->data, (unsigned long *)&output->len, input->data, input->len);
+ unsigned long outputLenUL = output->len;
+ int ret = compress(output->data, &outputLenUL, input->data, input->len);
+ output->len = outputLenUL;
if (ret != Z_OK) {
PR_SetError(SEC_ERROR_LIBRARY_FAILURE, 0);
return SECFailure;
}
return SECSuccess;
}
@@ -1385,19 +1387,19 @@ zlibCertificateDecode(const SECItem *inp
unsigned char *output, size_t outputLen,
size_t *usedLen)
{
if (!input || !input->data || input->len == 0 || !output || outputLen == 0) {
PR_SetError(SEC_ERROR_INVALID_ARGS, 0);
return SECFailure;
}
- *usedLen = outputLen;
-
- int ret = uncompress(output, (unsigned long *)usedLen, input->data, input->len);
+ unsigned long outputLenUL = outputLen;
+ int ret = uncompress(output, &outputLenUL, input->data, input->len);
+ *usedLen = outputLenUL;
if (ret != Z_OK) {
PR_SetError(SEC_ERROR_BAD_DATA, 0);
return SECFailure;
}
return SECSuccess;
}

103
bmo1990242.patch
View File

@@ -1,103 +0,0 @@
From 8dc8570390aac6947e6c686d18e3dbf7d7a10999 Mon Sep 17 00:00:00 2001
From: Hans Petter Jansson <hpj@hpjansson.org>
Date: Tue, 23 Sep 2025 17:06:55 +0200
Subject: [PATCH] Bug 1990242 Move NSS DB password hash away from SHA-1
When the database password is set or changed, migrate the database to
a new passwordToKey function using SHA-384.
SHA-1-based databases will still be supported. The hash function to use
is determined by the size of the stored salt.
An empty password will always use SHA-1.
---
lib/softoken/sftkpwd.c | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/lib/softoken/sftkpwd.c b/lib/softoken/sftkpwd.c
index bb5c23084..d719f3b54 100644
--- a/lib/softoken/sftkpwd.c
+++ b/lib/softoken/sftkpwd.c
@@ -93,35 +93,40 @@ static SECStatus
sftkdb_passwordToKey(SFTKDBHandle *keydb, SECItem *salt,
const char *pw, SECItem *key)
{
- SHA1Context *cx = NULL;
+ HASH_HashType hType;
+ const SECHashObject *hashObj;
+ void *ctx = NULL;
SECStatus rv = SECFailure;
+ hType = salt->len == SHA384_LENGTH ? HASH_AlgSHA384 : HASH_AlgSHA1;
+ hashObj = HASH_GetRawHashObject(hType);
+
if (!pw) {
PORT_SetError(SEC_ERROR_INVALID_ARGS);
return SECFailure;
}
- key->data = PORT_Alloc(SHA1_LENGTH);
+ key->data = PORT_Alloc(hashObj->length);
if (key->data == NULL) {
goto loser;
}
- key->len = SHA1_LENGTH;
+ key->len = hashObj->length;
- cx = SHA1_NewContext();
- if (cx == NULL) {
+ ctx = hashObj->create();
+ if (ctx == NULL) {
goto loser;
}
- SHA1_Begin(cx);
+ hashObj->begin(ctx);
if (salt && salt->data) {
- SHA1_Update(cx, salt->data, salt->len);
+ hashObj->update(ctx, salt->data, salt->len);
}
- SHA1_Update(cx, (unsigned char *)pw, PORT_Strlen(pw));
- SHA1_End(cx, key->data, &key->len, key->len);
+ hashObj->update(ctx, (unsigned char *)pw, PORT_Strlen(pw));
+ hashObj->end(ctx, key->data, &key->len, key->len);
rv = SECSuccess;
loser:
- if (cx) {
- SHA1_DestroyContext(cx, PR_TRUE);
+ if (ctx) {
+ hashObj->destroy(ctx, PR_TRUE);
}
if (rv != SECSuccess) {
if (key->data != NULL) {
@@ -1362,6 +1367,7 @@ sftkdb_ChangePassword(SFTKDBHandle *keydb,
unsigned char saltData[SDB_MAX_META_DATA_LEN];
unsigned char valueData[SDB_MAX_META_DATA_LEN];
int iterationCount = getPBEIterationCount();
+ int preferred_salt_length;
CK_RV crv;
SDB *db;
@@ -1393,7 +1399,18 @@ sftkdb_ChangePassword(SFTKDBHandle *keydb,
goto loser;
}
} else {
- salt.len = SHA1_LENGTH;
+ salt.len = 0;
+ }
+
+ preferred_salt_length = SHA384_LENGTH;
+
+ /* Prefer SHA-1 if the password is NULL */
+ if (!newPin || *newPin == 0) {
+ preferred_salt_length = SHA1_LENGTH;
+ }
+
+ if (salt.len != preferred_salt_length) {
+ salt.len = preferred_salt_length;
RNG_GenerateGlobalRandomBytes(salt.data, salt.len);
}
--
2.47.0

1510
mozilla-nss.changes
View File

File diff suppressed because it is too large Load Diff

58
mozilla-nss.spec
View File

@@ -1,7 +1,7 @@
#
# spec file for package mozilla-nss
#
# Copyright (c) 2025 SUSE LLC
# Copyright (c) 2026 SUSE LLC and contributors
# Copyright (c) 2006-2025 Wolfgang Rosenauer
#
# All modifications and additions to the file contributed by third parties
@@ -17,19 +17,20 @@
#
%global nss_softokn_fips_version 3.112
%define NSPR_min_version 4.36
%global nss_softokn_fips_version 3.119.1
%define NSPR_min_version 4.37
%define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr)
%define nssdbdir %{_sysconfdir}/pki/nssdb
%global crypto_policies_version 20210218
Name: mozilla-nss
Version: 3.112.2
Version: 3.119.1
Release: 0
%define underscore_version 3_112_2
%define underscore_version 3_119_1
Summary: Network Security Services
License: MPL-2.0
Group: System/Libraries
URL: https://www.mozilla.org/projects/security/pki/nss/
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{underscore_version}_RTM/src/nss-%{version}.tar.gz
Source: https://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/NSS_%{underscore_version}_RTM/src/nss-%{underscore_version}.tar.gz
# hg clone https://hg.mozilla.org/projects/nss nss-%%{version}/nss ; cd nss-%%{version}/nss ; hg up NSS_%%{underscore_version}_RTM
#Source: nss-%%{version}.tar.gz
Source1: nss.pc.in
@@ -80,10 +81,6 @@ Patch48: nss-fips-test.patch
Patch49: nss-allow-slow-tests-s390x.patch
Patch50: nss-fips-bsc1223724.patch
Patch51: nss-fips-aes-gcm-restrict.patch
Patch52: bmo1990242.patch
# Backported patches to be removed with next ESR cycle (> 3.112)
Patch60: bmo1980465.patch
Patch61: bmo1956754.patch
%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000
# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references
BuildRequires: gcc9-c++
@@ -202,7 +199,7 @@ This package contains the integrated CA root certificates from the
Mozilla project.
%prep
%setup -q -n nss-%{version}
%setup -q -n nss-%{underscore_version}
cd nss
%patch -P 1 -p1
%patch -P 2 -p1
@@ -249,11 +246,6 @@ cd nss
%endif
%patch -P 50 -p1
%patch -P 51 -p1
%patch -P 52 -p1
# Backported patches that should be removed with next ESR cycle (> 3.112)
%patch -P 60 -p1
%patch -P 61 -p1
# additional CA certificates
#cd security/nss/lib/ckfw/builtins
@@ -293,6 +285,13 @@ export NSS_ENABLE_FIPS_INDICATORS=1
export NSS_FIPS_MODULE_ID="\"SUSE Linux Enterprise NSS %{version}-%{release}\""
#export SQLITE_LIB_NAME=nsssqlite3
export MAKE_FLAGS="BUILD_OPT=1"
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
# Set the policy file location
# if set NSS will always check for the policy file and load if it exists
#export POLICY_FILE="nss.config"
# location of the policy file
#export POLICY_PATH="/etc/crypto-policies/back-ends"
%endif
EOF
source ../obsenv.sh
@@ -314,12 +313,30 @@ export HOST="localhost"
export DOMSUF="localdomain"
export USE_IP=TRUE
export IP_ADDRESS="127.0.0.1"
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
# This is necessary because the test suite tests algorithms that are
# disabled by the system policy.
export NSS_IGNORE_SYSTEM_POLICY=1
%endif
EOF
source ../obsenv.sh
source ../obstestenv.sh
cd tests
./all.sh
if grep "FAILED" ../../../tests_results/security/localhost.1/output.log ; then
# This file can live at different places when built in OBS or using "osc build":
if [ -s ../../../tests_results/security/localhost.1/output.log ]; then
output_log=../../../tests_results/security/localhost.1/output.log
elif [ -s ../../tests_results/security/localhost.1/output.log ]; then
output_log=../../tests_results/security/localhost.1/output.log
elif [ -s ../tests_results/security/localhost.1/output.log ]; then
output_log=../tests_results/security/localhost.1/output.log
elif [ -s ../security/localhost.1/output.log ]; then
output_log=../security/localhost.1/output.log
else
echo "Cannot find tests_results output.log - Assuming testsuite failed"
exit 1
fi
if grep "FAILED" $output_log ; then
echo "Testsuite FAILED"
exit 1
fi
@@ -379,7 +396,7 @@ cp -L bin/certutil \
%{buildroot}%{_bindir}
# copy man-pages
mkdir -p %{buildroot}%{_mandir}/man1/
cp -L %{_builddir}/nss-%{version}/nss/doc/nroff/* %{buildroot}%{_mandir}/man1/
cp -L %{_builddir}/nss-%{underscore_version}/nss/doc/nroff/* %{buildroot}%{_mandir}/man1/
# Fix conflict with perl-PAR-Packer which has a pp-exe in _bindir
mkdir -p %{buildroot}%{_mandir}/man7/
mv %{buildroot}%{_mandir}/man1/pp.1 %{buildroot}%{_mandir}/man7/pp.7
@@ -478,6 +495,11 @@ fi
%postun sysinit -p /sbin/ldconfig
%if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150400
%posttrans
update-crypto-policies &> /dev/null || :
%endif
%files
%{_libdir}/libnss3.so
%{_libdir}/libnssutil3.so

BIN
nss-3.112.2.tar.gz LFS
View File

Binary file not shown.

3
nss-3_119_1.tar.gz Normal file
View File

@@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1387b8478e6c681c533b1f7b0f4d4ef7f58307c1f7e3a353622ddbf841328283
size 77633121

2
nss-allow-slow-tests.patch
View File

@@ -2,7 +2,7 @@ Index: nss/tests/sdr/sdr.sh
===================================================================
--- nss.orig/tests/sdr/sdr.sh
+++ nss/tests/sdr/sdr.sh
@@ -146,7 +146,8 @@ sdr_main()
@@ -162,7 +162,8 @@ sdr_main()
RARRAY=($dtime)
TIMEARRAY=(${RARRAY[1]//./ })
echo "${TIMEARRAY[0]} seconds"

4
nss-fips-180-3-csp-clearing.patch
View File

@@ -16,7 +16,7 @@ Index: nss/lib/softoken/sftkdb.c
===================================================================
--- nss.orig/lib/softoken/sftkdb.c
+++ nss/lib/softoken/sftkdb.c
@@ -1538,7 +1538,7 @@ loser:
@@ -1565,7 +1565,7 @@ loser:
PORT_ZFree(data, dataSize);
}
if (arena) {
@@ -29,7 +29,7 @@ Index: nss/lib/softoken/sftkpwd.c
===================================================================
--- nss.orig/lib/softoken/sftkpwd.c
+++ nss/lib/softoken/sftkpwd.c
@@ -1459,7 +1459,7 @@ loser:
@@ -1465,7 +1465,7 @@ loser:
PORT_ZFree(newKey.data, newKey.len);
}
if (result) {

110
nss-fips-approved-crypto-non-ec.patch
View File

@@ -87,7 +87,7 @@ Index: nss/lib/freebl/arcfour.c
/* Architecture-dependent defines */
@@ -162,7 +163,9 @@ RC4_InitContext(RC4Context *cx, const un
@@ -161,7 +162,9 @@ RC4_InitContext(RC4Context *cx, const un
RC4Context *
RC4_CreateContext(const unsigned char *key, int len)
{
@@ -368,27 +368,27 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -539,7 +539,7 @@ sftk_InitGeneric(SFTKSession *session, C
context->blockSize = 0;
@@ -545,7 +545,7 @@ sftk_InitGeneric(SFTKSession *session, C
context->maxLen = 0;
context->signature = NULL;
context->isFIPS = sftk_operationIsFIPS(session->slot, pMechanism,
- operation, key);
+ operation, key, 0);
*contextPtr = context;
return CKR_OK;
}
@@ -4990,6 +4990,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
@@ -5150,6 +5150,10 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
goto loser;
}
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM,
+ key, key_length * PR_BITS_PER_BYTE);
+ session->lastOpWasFIPS = key->isFIPS;
+ sftk_setFIPS(key, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_GEN_MECHANISM,
+ key, key_length * PR_BITS_PER_BYTE));
+ session->lastOpWasFIPS = sftk_hasFIPS(key);
+
/*
* handle the base object stuff
*/
@@ -5004,6 +5008,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
@@ -5164,6 +5168,7 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSessi
if (crv == CKR_OK) {
*phKey = key->handle;
}
@@ -396,7 +396,7 @@ Index: nss/lib/softoken/pkcs11c.c
loser:
PORT_Memset(buf, 0, sizeof buf);
sftk_FreeObject(key);
@@ -5475,7 +5480,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -5783,7 +5788,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY;
int i;
SFTKSlot *slot = sftk_SlotFromSessionHandle(hSession);
@@ -405,7 +405,7 @@ Index: nss/lib/softoken/pkcs11c.c
/* RSA */
int public_modulus_bits = 0;
@@ -6081,11 +6086,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -6405,11 +6410,11 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
* created and linked.
*/
crv = sftk_handleObject(publicKey, session);
@@ -418,7 +418,7 @@ Index: nss/lib/softoken/pkcs11c.c
return crv;
}
if (sftk_isTrue(privateKey, CKA_SENSITIVE)) {
@@ -6129,12 +6134,20 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -6454,12 +6459,20 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
sftk_FreeObject(publicKey);
NSC_DestroyObject(hSession, privateKey->handle);
sftk_FreeObject(privateKey);
@@ -426,9 +426,9 @@ Index: nss/lib/softoken/pkcs11c.c
return crv;
}
+
+ publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0);
+ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0);
+ session->lastOpWasFIPS = privateKey->isFIPS;
+ sftk_setFIPS(publicKey, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0));
+ sftk_setFIPS(privateKey, sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0));
+ session->lastOpWasFIPS = sftk_hasFIPS(privateKey);
+
*phPrivateKey = privateKey->handle;
*phPublicKey = publicKey->handle;
@@ -439,7 +439,7 @@ Index: nss/lib/softoken/pkcs11c.c
return CKR_OK;
}
@@ -7326,6 +7339,14 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
@@ -7682,6 +7695,14 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
return CKR_TEMPLATE_INCONSISTENT;
}
@@ -454,17 +454,16 @@ Index: nss/lib/softoken/pkcs11c.c
/* sourceKey is NULL if we are called from the POST, skip the
* sensitiveCheck */
if (sourceKey != NULL) {
@@ -7374,7 +7395,8 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
mech.pParameter = params;
@@ -7731,7 +7752,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
mech.ulParameterLen = sizeof(*params);
key->isFIPS = sftk_operationIsFIPS(saltKey->slot, &mech,
- CKA_DERIVE, saltKey);
+ CKA_DERIVE, saltKey,
+ keySize*PR_BITS_PER_BYTE);
sftk_setFIPS(key, sftk_operationIsFIPS(saltKey->slot,
&mech, CKA_DERIVE,
- saltKey));
+ saltKey, keySize*PR_BITS_PER_BYTE));
}
saltKey_att = sftk_FindAttribute(saltKey, CKA_VALUE);
if (saltKey_att == NULL) {
@@ -7416,7 +7438,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
@@ -7773,7 +7794,7 @@ sftk_HKDF(CK_HKDF_PARAMS_PTR params, CK_
/* HKDF-Expand */
if (!params->bExpand) {
okm = prk;
@@ -473,17 +472,17 @@ Index: nss/lib/softoken/pkcs11c.c
} else {
/* T(1) = HMAC-Hash(prk, "" | info | 0x01)
* T(n) = HMAC-Hash(prk, T(n-1) | info | n
@@ -7640,7 +7662,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
return CKR_KEY_HANDLE_INVALID;
@@ -7998,7 +8019,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
}
}
- key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey);
+ key->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_DERIVE, sourceKey,
+ keySize*PR_BITS_PER_BYTE);
sftk_setFIPS(key, sftk_operationIsFIPS(slot, pMechanism,
- CKA_DERIVE, sourceKey));
+ CKA_DERIVE, sourceKey,
+ keySize*PR_BITS_PER_BYTE));
switch (mechanism) {
/* get a public key from a private key. nsslowkey_ConvertToPublickey()
@@ -7841,7 +7864,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
@@ -8203,7 +8225,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
} else {
/* now allocate the hash contexts */
md5 = MD5_NewContext();
@@ -492,11 +491,11 @@ Index: nss/lib/softoken/pkcs11c.c
PORT_Memset(crsrdata, 0, sizeof crsrdata);
crv = CKR_HOST_MEMORY;
break;
@@ -8230,6 +8253,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
@@ -8595,6 +8617,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession
PORT_Assert(i <= sizeof key_block);
}
+ session->lastOpWasFIPS = key->isFIPS;
+ session->lastOpWasFIPS = sftk_hasFIPS(key);
crv = CKR_OK;
if (0) {
@@ -726,12 +725,9 @@ Index: nss/lib/softoken/fips_algorithms.h
/* ------------------------- Hashing Operations ----------------------- */
{ CKM_SHA224, { 0, 0, CKF_HSH }, 1, SFTKFIPSNone },
{ CKM_SHA224_HMAC, { 112, 224, CKF_SGN }, 1, SFTKFIPSNone },
@@ -139,44 +190,86 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
{ CKM_SHA512_HMAC, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
{ CKM_SHA512_HMAC_GENERAL, { 256, 512, CKF_SGN }, 1, SFTKFIPSNone },
@@ -141,46 +192,88 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[]
/* --------------------- Secret Key Operations ------------------------ */
- { CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
+ { CKM_GENERIC_SECRET_KEY_GEN, { 112, 512, CKF_GEN }, 1, SFTKFIPSNone },
{ CKM_GENERIC_SECRET_KEY_GEN, { 8, 256, CKF_GEN }, 1, SFTKFIPSNone },
/* ---------------------- SSL/TLS operations ------------------------- */
+#if 0
+ /* Non-approved: SP 800-1400 - bsc#1222833 */
@@ -805,6 +801,10 @@ Index: nss/lib/softoken/fips_algorithms.h
+ { CKM_NSS_SP800_108_DOUBLE_PIPELINE_KDF_DERIVE_DATA, { 112, CK_MAX, CKF_KDF }, 1, SFTKFIPSChkHashSp800,
+ offsetof(CK_SP800_108_KDF_PARAMS, prfType) },
/* --------------------IPSEC ----------------------- */
{ CKM_IKE2_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
{ CKM_IKE1_EXTENDED_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE_PRF_PLUS_DERIVE, { 8, 255 * 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
- { CKM_NSS_IKE1_PRF_DERIVE, { 8, 64, CKF_KDF }, 1, SFTKFIPSNone },
@@ -834,7 +834,7 @@ Index: nss/lib/softoken/pkcs11u.c
===================================================================
--- nss.orig/lib/softoken/pkcs11u.c
+++ nss/lib/softoken/pkcs11u.c
@@ -2251,6 +2251,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
@@ -2315,6 +2315,12 @@ sftk_AttributeToFlags(CK_ATTRIBUTE_TYPE
case CKA_NSS_MESSAGE | CKA_VERIFY:
flags = CKF_MESSAGE_VERIFY;
break;
@@ -847,7 +847,7 @@ Index: nss/lib/softoken/pkcs11u.c
default:
break;
}
@@ -2327,7 +2333,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou
@@ -2391,7 +2397,7 @@ sftk_quickGetECCCurveOid(SFTKObject *sou
static int
sftk_getKeyLength(SFTKObject *source)
{
@@ -856,7 +856,7 @@ Index: nss/lib/softoken/pkcs11u.c
CK_ATTRIBUTE_TYPE keyAttribute;
CK_ULONG keyLength = 0;
SFTKAttribute *attribute;
@@ -2347,7 +2353,7 @@ sftk_getKeyLength(SFTKObject *source)
@@ -2411,7 +2417,7 @@ sftk_getKeyLength(SFTKObject *source)
* key length is CKA_VALUE, which is the default */
keyType = CKK_INVALID_KEY_TYPE;
}
@@ -865,7 +865,7 @@ Index: nss/lib/softoken/pkcs11u.c
SECOidTag curve = sftk_quickGetECCCurveOid(source);
switch (curve) {
case SEC_OID_CURVE25519:
@@ -2389,14 +2395,55 @@ sftk_getKeyLength(SFTKObject *source)
@@ -2453,14 +2459,55 @@ sftk_getKeyLength(SFTKObject *source)
return keyLength;
}
@@ -922,7 +922,7 @@ Index: nss/lib/softoken/pkcs11u.c
switch (mechInfo->special) {
case SFTKFIPSDH: {
SECItem dhPrime;
@@ -2425,10 +2472,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
@@ -2489,10 +2536,27 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
}
case SFTKFIPSNone:
return PR_FALSE;
@@ -951,7 +951,7 @@ Index: nss/lib/softoken/pkcs11u.c
case SFTKFIPSAEAD: {
if (mech->ulParameterLen == 0) {
/* AEAD ciphers are only in FIPS mode if we are using the
@@ -2456,11 +2520,44 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
@@ -2520,11 +2584,44 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
if (hashObj == NULL) {
return PR_FALSE;
}
@@ -996,7 +996,7 @@ Index: nss/lib/softoken/pkcs11u.c
default:
break;
}
@@ -2471,7 +2568,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
@@ -2535,7 +2632,7 @@ sftk_handleSpecial(SFTKSlot *slot, CK_ME
PRBool
sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech, CK_ATTRIBUTE_TYPE op,
@@ -1005,23 +1005,21 @@ Index: nss/lib/softoken/pkcs11u.c
{
#ifndef NSS_HAS_FIPS_INDICATORS
return PR_FALSE;
@@ -2484,18 +2581,35 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
@@ -2548,9 +2645,6 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
if (!sftk_isFIPS(slot->slotID)) {
return PR_FALSE;
}
- if (source && !source->isFIPS) {
- if (source && !sftk_hasFIPS(source)) {
- return PR_FALSE;
- }
if (mech == NULL) {
return PR_FALSE;
}
-
/* now get the calculated values */
opFlags = sftk_AttributeToFlags(op);
@@ -2560,6 +2654,27 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
if (opFlags == 0) {
return PR_FALSE;
}
+ if (source && !source->isFIPS
+ if (source && !sftk_hasFIPS(source)
+ && !((mech->mechanism == CKM_DSA_SHA224
+ || mech->mechanism == CKM_DSA_SHA256
+ || mech->mechanism == CKM_DSA_SHA384
@@ -1045,7 +1043,7 @@ Index: nss/lib/softoken/pkcs11u.c
keyLength = sftk_getKeyLength(source);
/* check against our algorithm array */
@@ -2503,13 +2617,15 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
@@ -2567,13 +2682,15 @@ sftk_operationIsFIPS(SFTKSlot *slot, CK_
SFTKFIPSAlgorithmList *mechs = &sftk_fips_mechs[i];
/* if we match the number of records exactly, then we are an
* approved algorithm in the approved mode with an approved key */
@@ -1071,7 +1069,7 @@ Index: nss/lib/util/pkcs11t.h
===================================================================
--- nss.orig/lib/util/pkcs11t.h
+++ nss/lib/util/pkcs11t.h
@@ -576,6 +576,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
@@ -617,6 +617,7 @@ typedef CK_ULONG CK_JAVA_MIDP_SECURITY_D
/* CKA_KEY_GEN_MECHANISM is new for v2.11 */
#define CKA_KEY_GEN_MECHANISM 0x00000166UL
@@ -1083,7 +1081,7 @@ Index: nss/lib/softoken/pkcs11.c
===================================================================
--- nss.orig/lib/softoken/pkcs11.c
+++ nss/lib/softoken/pkcs11.c
@@ -575,17 +575,17 @@ static const struct mechanismList mechan
@@ -599,19 +599,19 @@ static const struct mechanismList mechan
{ CKM_TLS_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_TLS12_MASTER_KEY_DERIVE, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_SHA256,
@@ -1094,6 +1092,8 @@ Index: nss/lib/softoken/pkcs11.c
- { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 8, 128, CKF_DERIVE }, PR_FALSE },
+ { CKM_TLS_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
+ { CKM_TLS12_MASTER_KEY_DERIVE_DH, { 48, 48, CKF_DERIVE }, PR_FALSE },
{ CKM_TLS12_EXTENDED_MASTER_KEY_DERIVE, { 48, 128, CKF_DERIVE }, PR_FALSE },
{ CKM_TLS12_EXTENDED_MASTER_KEY_DERIVE_DH, { 48, 128, CKF_DERIVE }, PR_FALSE },
{ CKM_NSS_TLS_MASTER_KEY_DERIVE_DH_SHA256,
- { 8, 128, CKF_DERIVE },
+ { 48, 48, CKF_DERIVE },
@@ -1110,13 +1110,13 @@ Index: nss/lib/softoken/pkcs11i.h
===================================================================
--- nss.orig/lib/softoken/pkcs11i.h
+++ nss/lib/softoken/pkcs11i.h
@@ -968,7 +968,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB
@@ -975,7 +975,8 @@ CK_FLAGS sftk_AttributeToFlags(CK_ATTRIB
/* check the FIPS table to determine if this current operation is allowed by
* FIPS security policy */
PRBool sftk_operationIsFIPS(SFTKSlot *slot, CK_MECHANISM *mech,
- CK_ATTRIBUTE_TYPE op, SFTKObject *source);
+ CK_ATTRIBUTE_TYPE op, SFTKObject *source,
+ CK_ULONG targetKeySize);
/* add validation objects to the slot */
CK_RV sftk_CreateValidationObjects(SFTKSlot *slot);
/* manage the fips flag on objects */
void sftk_setFIPS(SFTKObject *obj, PRBool isFIPS);
PRBool sftk_hasFIPS(SFTKObject *obj);

186
nss-fips-combined-hash-sign-dsa-ecdsa.patch
View File

@@ -16,7 +16,7 @@ Index: nss/cmd/lib/pk11table.c
===================================================================
--- nss.orig/cmd/lib/pk11table.c
+++ nss/cmd/lib/pk11table.c
@@ -274,6 +274,10 @@ const Constant _consts[] = {
@@ -405,6 +405,10 @@ const Constant _consts[] = {
mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism),
mkEntry(CKM_DSA, Mechanism),
mkEntry(CKM_DSA_SHA1, Mechanism),
@@ -27,7 +27,7 @@ Index: nss/cmd/lib/pk11table.c
mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism),
mkEntry(CKM_DH_PKCS_DERIVE, Mechanism),
mkEntry(CKM_X9_42_DH_DERIVE, Mechanism),
@@ -439,6 +443,10 @@ const Constant _consts[] = {
@@ -570,6 +574,10 @@ const Constant _consts[] = {
mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism),
mkEntry(CKM_ECDSA, Mechanism),
mkEntry(CKM_ECDSA_SHA1, Mechanism),
@@ -42,7 +42,7 @@ Index: nss/lib/pk11wrap/pk11mech.c
===================================================================
--- nss.orig/lib/pk11wrap/pk11mech.c
+++ nss/lib/pk11wrap/pk11mech.c
@@ -377,6 +377,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
@@ -379,6 +379,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
return CKK_RSA;
case CKM_DSA:
case CKM_DSA_SHA1:
@@ -53,7 +53,7 @@ Index: nss/lib/pk11wrap/pk11mech.c
case CKM_DSA_KEY_PAIR_GEN:
return CKK_DSA;
case CKM_DH_PKCS_DERIVE:
@@ -387,6 +391,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
@@ -389,6 +393,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type,
return CKK_KEA;
case CKM_ECDSA:
case CKM_ECDSA_SHA1:
@@ -68,8 +68,8 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -2849,6 +2849,38 @@ nsc_EDDSASignStub(void *ctx, unsigned ch
return rv;
@@ -2933,6 +2933,38 @@ sftk_MLDSAGetSigLen(CK_ML_DSA_PARAMETER_
return 0;
}
+SECStatus
@@ -107,7 +107,7 @@ Index: nss/lib/softoken/pkcs11c.c
/* NSC_SignInit setups up the signing operations. There are three basic
* types of signing:
* (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied
@@ -3756,6 +3788,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
@@ -3903,6 +3935,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSessio
info->hashOid = SEC_OID_##mmm; \
goto finish_rsa;
@@ -130,182 +130,18 @@ Index: nss/lib/softoken/pkcs11c.c
switch (pMechanism->mechanism) {
INIT_RSA_VFY_MECH(MD5)
INIT_RSA_VFY_MECH(MD2)
@@ -5018,6 +5066,73 @@ loser:
#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
+static CK_RV
+pairwise_signverify_mech (CK_SESSION_HANDLE hSession,
+ SFTKObject *publicKey, SFTKObject *privateKey,
+ CK_MECHANISM mech,
+ CK_ULONG signature_length,
+ CK_ULONG pairwise_digest_length)
+{
+ /* Variables used for Signature/Verification functions. */
+ /* Must be at least 256 bits for DSA2 digest */
+ unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
+ unsigned char *signature;
+ CK_RV crv;
+
+ /* Allocate space for signature data. */
+ signature = (unsigned char *)PORT_ZAlloc(signature_length);
+ if (signature == NULL) {
+ return CKR_HOST_MEMORY;
+ }
+
+ /* Sign the known hash using the private key. */
+ crv = NSC_SignInit(hSession, &mech, privateKey->handle);
+ if (crv != CKR_OK) {
+ PORT_Free(signature);
+ return crv;
+ }
+
+ crv = NSC_Sign(hSession,
+ known_digest,
+ pairwise_digest_length,
+ signature,
+ &signature_length);
+ if (crv != CKR_OK) {
+ PORT_Free(signature);
+ return crv;
+ }
+
+ /* detect trivial signing transforms */
+ if ((signature_length >= pairwise_digest_length) &&
+ (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
+ PORT_Free(signature);
+ return CKR_DEVICE_ERROR;
+ }
+
+ /* Verify the known hash using the public key. */
+ crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
+ if (crv != CKR_OK) {
+ PORT_Free(signature);
+ return crv;
+ }
+
+ crv = NSC_Verify(hSession,
+ known_digest,
+ pairwise_digest_length,
+ signature,
+ signature_length);
+
+ /* Free signature data. */
+ PORT_Free(signature);
+
+ if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
+ (crv == CKR_SIGNATURE_INVALID)) {
+ return CKR_GENERAL_ERROR;
+ }
+
+ return crv;
+}
+
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
*
@@ -5072,8 +5187,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
/* Variables used for Signature/Verification functions. */
/* Must be at least 256 bits for DSA2 digest */
- unsigned char *known_digest = (unsigned char *)"Mozilla Rules the World through NSS!";
- unsigned char *signature;
CK_ULONG signature_length;
if (keyType == CKK_RSA) {
@@ -5227,80 +5340,37 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -5664,10 +5712,9 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
canSignVerify = PR_FALSE;
}
}
+#define SIGNVERIFY_CHECK_MECH(vfymech) \
+ mech.mechanism = vfymech; \
+ crv = pairwise_signverify_mech (hSession, publicKey, privateKey, \
+ mech, signature_length, pairwise_digest_length); \
+ if (crv != CKR_OK) \
+ return crv;
-
+
+
if (canSignVerify) {
CK_RSA_PKCS_PSS_PARAMS pssParams;
- /* Determine length of signature. */
switch (keyType) {
case CKK_RSA:
signature_length = modulusLen;
- mech.mechanism = CKM_RSA_PKCS;
+ SIGNVERIFY_CHECK_MECH(CKM_SHA224_RSA_PKCS)
break;
case CKK_DSA:
signature_length = DSA_MAX_SIGNATURE_LEN;
pairwise_digest_length = subPrimeLen;
- mech.mechanism = CKM_DSA;
+ SIGNVERIFY_CHECK_MECH(CKM_DSA_SHA224)
break;
case CKK_EC:
signature_length = MAX_ECKEY_LEN * 2;
- mech.mechanism = CKM_ECDSA;
+ SIGNVERIFY_CHECK_MECH(CKM_ECDSA_SHA224)
break;
case CKK_EC_EDWARDS:
signature_length = ED25519_SIGN_LEN;
- mech.mechanism = CKM_EDDSA;
+ SIGNVERIFY_CHECK_MECH(CKM_EDDSA)
break;
default:
return CKR_DEVICE_ERROR;
}
- /* Allocate space for signature data. */
- signature = (unsigned char *)PORT_ZAlloc(signature_length);
- if (signature == NULL) {
- return CKR_HOST_MEMORY;
- }
-
- /* Sign the known hash using the private key. */
- crv = NSC_SignInit(hSession, &mech, privateKey->handle);
- if (crv != CKR_OK) {
- PORT_Free(signature);
- return crv;
- }
-
- crv = NSC_Sign(hSession,
- known_digest,
- pairwise_digest_length,
- signature,
- &signature_length);
- if (crv != CKR_OK) {
- PORT_Free(signature);
- return crv;
- }
-
- /* detect trivial signing transforms */
- if ((signature_length >= pairwise_digest_length) &&
- (PORT_Memcmp(known_digest, signature + (signature_length - pairwise_digest_length), pairwise_digest_length) == 0)) {
- PORT_Free(signature);
- return CKR_GENERAL_ERROR;
- }
-
- /* Verify the known hash using the public key. */
- crv = NSC_VerifyInit(hSession, &mech, publicKey->handle);
- if (crv != CKR_OK) {
- PORT_Free(signature);
- return crv;
- }
-
- crv = NSC_Verify(hSession,
- known_digest,
- pairwise_digest_length,
- signature,
- signature_length);
-
- /* Free signature data. */
- PORT_Free(signature);
-
- if ((crv == CKR_SIGNATURE_LEN_RANGE) ||
- (crv == CKR_SIGNATURE_INVALID)) {
- return CKR_GENERAL_ERROR;
- }
if (crv != CKR_OK) {
return crv;
}
Index: nss/lib/softoken/softoken.h
===================================================================
--- nss.orig/lib/softoken/softoken.h

19
nss-fips-constructor-self-tests.patch
View File

@@ -21,7 +21,7 @@ Index: nss/cmd/shlibsign/shlibsign.c
===================================================================
--- nss.orig/cmd/shlibsign/shlibsign.c
+++ nss/cmd/shlibsign/shlibsign.c
@@ -818,10 +818,12 @@ shlibSignDSA(CK_FUNCTION_LIST_PTR pFunct
@@ -869,10 +869,12 @@ shlibSignDSA(CK_FUNCTION_LIST_PTR pFunct
return crv;
}
@@ -63,9 +63,9 @@ Index: nss/lib/freebl/blapi.h
/*********************************************************************/
extern const SECHashObject *HASH_GetRawHashObject(HASH_HashType hashType);
@@ -1947,6 +1947,9 @@ extern SECStatus X25519_DerivePublicKey(
/* Public key derivation is supported only for the curves supporting pt_mul method. */
extern SECStatus EC_DerivePublicKey(const SECItem *privateKey, const ECParams *ecParams, SECItem *publicKey);
@@ -1969,6 +1969,9 @@ SECStatus MLDSA_VerifyFinal(MLDSAContext
*/
SECStatus EC_DecompressPublicKey(const SECItem *publicCompressed, const ECParams *params, SECItem *publicUncompressed);
+/* Unconditionally run the integrity check. */
+extern void BL_FIPSRepeatIntegrityCheck(void);
@@ -910,7 +910,7 @@ Index: nss/lib/freebl/loader.h
/* Version 3.013 came to here */
@@ -933,6 +933,9 @@ struct FREEBLVectorStr {
@@ -945,6 +945,9 @@ struct FREEBLVectorStr {
/* Add new function pointers at the end of this struct and bump
* FREEBL_VERSION at the beginning of this file. */
@@ -932,7 +932,7 @@ Index: nss/lib/freebl/manifest.mn
$(NULL)
MPI_HDRS = mpi-config.h mpi.h mpi-priv.h mplogic.h mpprime.h logtab.h mp_gf2m.h
@@ -194,6 +195,7 @@ ALL_HDRS = \
@@ -195,6 +196,7 @@ ALL_HDRS = \
shsign.h \
vis_proto.h \
seed.h \
@@ -1530,11 +1530,10 @@ Index: nss/lib/freebl/ldvector.c
===================================================================
--- nss.orig/lib/freebl/ldvector.c
+++ nss/lib/freebl/ldvector.c
@@ -449,6 +449,9 @@ static const struct FREEBLVectorStr vect
@@ -462,6 +462,8 @@ static const struct FREEBLVectorStr vect
EC_DecompressPublicKey,
/* End of version 3.032 */
EC_DerivePublicKey,
/* End of version 3.030 */
+
+ /* SUSE patch: Goes last */
+ BL_FIPSRepeatIntegrityCheck
};

13
nss-fips-pairwise-consistency-check.patch
View File

@@ -14,18 +14,7 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -5009,8 +5009,8 @@ loser:
return crv;
}
-#define PAIRWISE_DIGEST_LENGTH SHA1_LENGTH /* 160-bits */
-#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
+#define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */
+#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
@@ -6077,6 +6077,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
@@ -6165,6 +6165,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hS
(PRUint32)crv);
sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg);
}

10
nss-fips-pct-pubkeys.patch
View File

@@ -5,9 +5,9 @@ Index: nss/lib/softoken/pkcs11c.c
===================================================================
--- nss.orig/lib/softoken/pkcs11c.c
+++ nss/lib/softoken/pkcs11c.c
@@ -5132,6 +5132,88 @@ pairwise_signverify_mech (CK_SESSION_HAN
return crv;
}
@@ -5093,6 +5093,88 @@ loser:
#define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */
+/* This function regenerates a public key from a private key
+ * (not simply returning the saved public key) and compares it
@@ -92,9 +92,9 @@ Index: nss/lib/softoken/pkcs11c.c
+}
+
/*
* FIPS 140-2 pairwise consistency check utilized to validate key pair.
* FIPS 140-3 pairwise consistency check utilized to validate key pair.
*
@@ -5484,6 +5566,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
@@ -5550,6 +5632,30 @@ sftk_PairwiseConsistencyCheck(CK_SESSION
}
}

10
nss-fips-rsa-keygen-strictness.patch
View File

@@ -92,7 +92,7 @@ Index: nss/lib/freebl/rsa.c
if (err != MP_OKAY) {
if (err == MP_UNDEF) {
PORT_SetError(SEC_ERROR_NEED_RANDOM);
@@ -288,10 +303,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
@@ -297,10 +312,12 @@ RSA_NewKey(int keySizeInBits, SECItem *p
mp_int q = { 0, 0, 0, NULL };
mp_int e = { 0, 0, 0, NULL };
mp_int d = { 0, 0, 0, NULL };
@@ -106,7 +106,7 @@ Index: nss/lib/freebl/rsa.c
int prerr = 0;
RSAPrivateKey *key = NULL;
PLArenaPool *arena = NULL;
@@ -309,11 +326,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
@@ -318,11 +335,40 @@ RSA_NewKey(int keySizeInBits, SECItem *p
PORT_SetError(SEC_ERROR_INVALID_ARGS);
goto cleanup;
}
@@ -151,7 +151,7 @@ Index: nss/lib/freebl/rsa.c
}
#endif
@@ -331,12 +377,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
@@ -340,12 +386,7 @@ RSA_NewKey(int keySizeInBits, SECItem *p
key->arena = arena;
/* length of primes p and q (in bytes) */
primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE);
@@ -165,7 +165,7 @@ Index: nss/lib/freebl/rsa.c
/* 3. Set the version number (PKCS1 v1.5 says it should be zero) */
SECITEM_AllocItem(arena, &key->version, 1);
key->version.data[0] = 0;
@@ -347,13 +388,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
@@ -356,13 +397,64 @@ RSA_NewKey(int keySizeInBits, SECItem *p
PORT_SetError(0);
CHECK_SEC_OK(generate_prime(&p, primeLen));
CHECK_SEC_OK(generate_prime(&q, primeLen));
@@ -231,7 +231,7 @@ Index: nss/lib/freebl/rsa.c
/* Attempt to use these primes to generate a key */
rv = rsa_build_from_primes(&p, &q,
&e, PR_FALSE, /* needPublicExponent=false */
@@ -376,7 +468,9 @@ cleanup:
@@ -385,7 +477,9 @@ cleanup:
mp_clear(&q);
mp_clear(&e);
mp_clear(&d);

2
nss-fips-zeroization.patch
View File

@@ -92,7 +92,7 @@ Index: nss/lib/freebl/dh.c
===================================================================
--- nss.orig/lib/freebl/dh.c
+++ nss/lib/freebl/dh.c
@@ -192,6 +192,10 @@ cleanup:
@@ -194,6 +194,10 @@ cleanup:
rv = SECFailure;
}
if (rv) {