pool/mozilla-nss
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
088d6711db
mozilla-nss/nss-fips-bsc1223724.patch
Wolfgang Rosenauer b91ce5d4d5 - update to NSS 3.104 
* bmo#1910071 - Copy original corpus to heap-allocated buffer
  * bmo#1910079 - Fix min ssl version for DTLS client fuzzer
  * bmo#1908990 - Remove OS2 support just like we did on NSPR
  * bmo#1910605 - clang-format NSS improvements
  * bmo#1902078 - Adding basicutil.h to use HexString2SECItem function
  * bmo#1908990 - removing dirent.c from build
  * bmo#1902078 - Allow handing in keymaterial to shlibsign to make
                  the output reproducible
  * bmo#1908990 - remove nec4.3, sunos4, riscos and SNI references
  * bmo#1908990 - remove other old OS (BSDI, old HP UX, NCR,
                  openunix, sco, unixware or reliantUnix
  * bmo#1908990 - remove mentions of WIN95
  * bmo#1908990 - remove mentions of WIN16
  * bmo#1913750 - More explicit directory naming
  * bmo#1913755 - Add more options to TLS server fuzz target
  * bmo#1913675 - Add more options to TLS client fuzz target
  * bmo#1835240 - Use OSS-Fuzz corpus in NSS CI
  * bmo#1908012 - set nssckbi version number to 2.70.
  * bmo#1914499 - Remove Email Trust bit from ACCVRAIZ1 root cert.
  * bmo#1908009 - Remove Email Trust bit from certSIGN ROOT CA.
  * bmo#1908006 - Add Cybertrust Japan Roots to NSS.
  * bmo#1908004 - Add Taiwan CA Roots to NSS.
  * bmo#1911354 - remove search by decoded serial in
                  nssToken_FindCertificateByIssuerAndSerialNumber
  * bmo#1913132 - Fix tstclnt CI build failure
  * bmo#1913047 - vfyserv: ensure peer cert chain is in db for
                  CERT_VerifyCertificateNow
  * bmo#1912427 - Enable all supported protocol versions for UDP
  * bmo#1910361 - Actually use random PSK hash type

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=457
2024-09-28 11:15:50 +00:00

20 lines
826 B
Diff
Raw Blame History

Index: nss/lib/pk11wrap/pk11skey.c
===================================================================
--- nss.orig/lib/pk11wrap/pk11skey.c
+++ nss/lib/pk11wrap/pk11skey.c
@@ -521,6 +521,14 @@ PK11_ImportDataKey(PK11SlotInfo *slot, C
CK_OBJECT_HANDLE handle;
PK11GenericObject *genObject;
+ // Using HTTP3, Firefox runs via neqo that doesn't log in before calling into
+ // this function. So we try to log in here (and ignore failures) in case of FIPS.
+ // Also, no need to also load certificates, we only create a new object and we
+ // have to be logged in for that.
+ if (PK11_IsFIPS()) {
+ PK11_Authenticate(slot, PR_FALSE, wincx);
+ }
+
genObject = PK11_CreateGenericObject(slot, template, PR_ARRAY_SIZE(template), PR_FALSE);
if (genObject == NULL) {
return NULL;
Reference in New Issue View Git Blame Copy Permalink