Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Factory checked in at 2025-03-07 16:38:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/mozilla-nss (Old) and /work/SRC/openSUSE:Factory/.mozilla-nss.new.19136 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Fri Mar 7 16:38:48 2025 rev:227 rq:1250499 version:3.108 Changes: -------- --- /work/SRC/openSUSE:Factory/mozilla-nss/mozilla-nss.changes 2025-01-12 11:09:31.855017639 +0100 +++ /work/SRC/openSUSE:Factory/.mozilla-nss.new.19136/mozilla-nss.changes 2025-03-07 16:39:52.575601138 +0100 @@ -1,0 +2,68 @@ +Wed Mar 5 10:17:10 UTC 2025 - Martin Sirringhaus <[email protected]> + +- Updated nss-fips-approved-crypto-non-ec.patch to not pass in + bad targetKeyLength parameters when checking for FIPS approval + after keygen. This was causing false rejections. + +- Updated nss-fips-approved-crypto-non-ec.patch to approve + RSA signature verification mechanisms with PKCS padding and + legacy moduli (bsc#1222834). + +------------------------------------------------------------------- +Sun Mar 2 09:04:20 UTC 2025 - Wolfgang Rosenauer <[email protected]> + +- update to NSS 3.108 + * bmo#1923285 - libclang-16 -> libclang-19 + * bmo#1939086 - Turn off Secure Email Trust Bit for Security + Communication ECC RootCA1 + * bmo#1937332 - Turn off Secure Email Trust Bit for BJCA Global Root + CA1 and BJCA Global Root CA2 + * bmo#1915902 - Remove SwissSign Silver CA â G2 + * bmo#1938245 - Add D-Trust 2023 TLS Roots to NSS + * bmo#1942301 - fix fips test failure on windows + * bmo#1935925 - change default sensitivity of KEM keys + * bmo#1936001 - Part 1: Introduce frida hooks and script + * bmo#1942350 - add missing arm_neon.h include to gcm.c + * bmo#1831552 - ci: update windows workers to win2022 + * bmo#1831552 - strip trailing carriage returns in tools tests + * bmo#1880256 - work around unix/windows path translation issues + in cert test script + * bmo#1831552 - ci: let the windows setup script work without $m + * bmo#1880255 - detect msys + * bmo#1936680 - add a specialized CTR_Update variant for AES-GCM + * bmo#1930807 - NSS policy updates + * bmo#1930806 - FIPS changes need to be upstreamed: FIPS 140-3 RNG + * bmo#1930806 - FIPS changes need to be upstreamed: Add SafeZero + * bmo#1930806 - FIPS changes need to be upstreamed - updated POST + * bmo#1933031 - Segmentation fault in SECITEM_Hash during pkcs12 processing + * bmo#1929922 - Extending NSS with LoadModuleFromFunction functionality + * bmo#1935984 - Ensure zero-initialization of collectArgs.cert + * bmo#1934526 - pkcs7 fuzz target use CERT_DestroyCertificate + * bmo#1915898 - Fix actual underlying ODR violations issue + * bmo#1184059 - mozilla::pkix: allow reference ID labels to begin + and/or end with hyphens + * bmo#1927953 - don't look for secmod.db in nssutil_ReadSecmodDB if + NSS_DISABLE_DBM is set + * bmo#1934526 - Fix memory leak in pkcs7 fuzz target + * bmo#1934529 - Set -O2 for ASan builds in CI + * bmo#1934543 - Change branch of tlsfuzzer dependency + * bmo#1915898 - Run tests in CI for ASan builds with detect_odr_violation=1 + * bmo#1934241 - Fix coverage failure in CI + * bmo#1934213 - Add fuzzing for delegated credentials, DTLS short + header and Tls13BackendEch + * bmo#1927142 - Add fuzzing for SSL_EnableTls13GreaseEch and + SSL_SetDtls13VersionWorkaround + * bmo#1913677 - Part 3: Restructure fuzz/ + * bmo#1931925 - Extract testcases from ssl gtests for fuzzing + * bmo#1923037 - Force Cryptofuzz to use NSS in CI + * bmo#1923037 - Fix Cryptofuzz on 32 bit in CI + * bmo#1933154 - Update Cryptofuzz repository link + * bmo#1926256 - fix build error from 9505f79d + * bmo#1926256 - simplify error handling in get_token_objects_for_cache + * bmo#1931973 - nss doc: fix a warning + * bmo#1930797 - pkcs12 fixes from RHEL need to be picked up +- remove obsolete patches + * nss-fips-safe-memset.patch + * nss-bmo1930797.patch + +------------------------------------------------------------------- Old: ---- nss-3.107.tar.gz nss-bmo1930797.patch nss-fips-safe-memset.patch New: ---- nss-3.108.tar.gz BETA DEBUG BEGIN: Old: * nss-fips-safe-memset.patch * nss-bmo1930797.patch Old:- remove obsolete patches * nss-fips-safe-memset.patch * nss-bmo1930797.patch BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.MUmziU/_old 2025-03-07 16:39:54.847696214 +0100 +++ /var/tmp/diff_new_pack.MUmziU/_new 2025-03-07 16:39:54.847696214 +0100 @@ -17,15 +17,15 @@ # -%global nss_softokn_fips_version 3.107 +%global nss_softokn_fips_version 3.108 %define NSPR_min_version 4.36 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb %global crypto_policies_version 20210218 Name: mozilla-nss -Version: 3.107 +Version: 3.108 Release: 0 -%define underscore_version 3_107 +%define underscore_version 3_108 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -51,7 +51,6 @@ Patch4: add-relro-linker-option.patch Patch5: malloc.patch Patch7: nss-sqlitename.patch -Patch8: nss-bmo1930797.patch Patch9: nss-fips-use-getrandom.patch Patch10: nss-fips-dsa-kat.patch Patch11: nss-fips-pairwise-consistency-check.patch @@ -82,7 +81,6 @@ Patch49: nss-allow-slow-tests-s390x.patch Patch50: nss-fips-bsc1223724.patch Patch51: nss-fips-aes-gcm-restrict.patch -Patch52: nss-fips-safe-memset.patch %if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 # aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references BuildRequires: gcc9-c++ @@ -211,7 +209,6 @@ %patch -P 5 -p1 %endif %patch -P 7 -p1 -%patch -P 8 -p1 # FIPS patches %patch -P 9 -p1 %patch -P 10 -p1 @@ -249,10 +246,6 @@ %endif %patch -P 50 -p1 %patch -P 51 -p1 -%if 0%{?sle_version} >= 150000 -# glibc on SLE-12 is too old and doesn't have explicit_bzero yet. -%patch -P 52 -p1 -%endif # additional CA certificates #cd security/nss/lib/ckfw/builtins ++++++ nss-3.107.tar.gz -> nss-3.108.tar.gz ++++++ /work/SRC/openSUSE:Factory/mozilla-nss/nss-3.107.tar.gz /work/SRC/openSUSE:Factory/.mozilla-nss.new.19136/nss-3.108.tar.gz differ: char 5, line 1 ++++++ nss-fips-approved-crypto-non-ec.patch ++++++ --- /var/tmp/diff_new_pack.MUmziU/_old 2025-03-07 16:39:55.047704583 +0100 +++ /var/tmp/diff_new_pack.MUmziU/_new 2025-03-07 16:39:55.051704751 +0100 @@ -426,8 +426,8 @@ return crv; } -+ publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, bitSize); -+ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, bitSize); ++ publicKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, publicKey, 0); ++ privateKey->isFIPS = sftk_operationIsFIPS(slot, pMechanism, CKA_KEY_PAIR_GEN_MECHANISM, privateKey, 0); + session->lastOpWasFIPS = privateKey->isFIPS; + *phPrivateKey = privateKey->handle; @@ -472,7 +472,7 @@ } else { /* T(1) = HMAC-Hash(prk, "" | info | 0x01) * T(n) = HMAC-Hash(prk, T(n-1) | info | n -@@ -7597,7 +7617,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -7598,7 +7618,8 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession return CKR_KEY_HANDLE_INVALID; } } @@ -482,7 +482,7 @@ switch (mechanism) { /* get a public key from a private key. nsslowkey_ConvertToPublickey() -@@ -7798,7 +7819,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -7799,7 +7820,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession } else { /* now allocate the hash contexts */ md5 = MD5_NewContext(); @@ -491,7 +491,7 @@ PORT_Memset(crsrdata, 0, sizeof crsrdata); crv = CKR_HOST_MEMORY; break; -@@ -8187,6 +8208,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession +@@ -8188,6 +8209,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession PORT_Assert(i <= sizeof key_block); } @@ -636,7 +636,20 @@ /* -------------- RSA Multipart Signing Operations -------------------- */ { CKM_SHA224_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, { CKM_SHA256_RSA_PKCS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSNone }, -@@ -88,21 +116,33 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] +@@ -79,30 +107,42 @@ SFTKFIPSAlgorithmList sftk_fips_mechs[] + { CKM_SHA256_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA384_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA512_RSA_PKCS_PSS, { RSA_FB_KEY, CKF_SGN }, RSA_FB_STEP, SFTKFIPSRSAPSS }, +- { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, +- { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, +- { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, +- { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, ++ { CKM_SHA224_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, ++ { CKM_SHA256_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, ++ { CKM_SHA384_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, ++ { CKM_SHA512_RSA_PKCS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSNone }, + { CKM_SHA224_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, + { CKM_SHA256_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, { CKM_SHA384_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, { CKM_SHA512_RSA_PKCS_PSS, { RSA_LEGACY_FB_KEY, CKF_VERIFY }, RSA_LEGACY_FB_STEP, SFTKFIPSRSAPSS }, /* ------------------------- DSA Operations --------------------------- */ ++++++ nss-fips-fix-missing-nspr.patch ++++++ --- /var/tmp/diff_new_pack.MUmziU/_old 2025-03-07 16:39:55.119707596 +0100 +++ /var/tmp/diff_new_pack.MUmziU/_new 2025-03-07 16:39:55.119707596 +0100 @@ -1,7 +1,7 @@ -diff --git a/lib/freebl/drbg.c b/lib/freebl/drbg.c -index 3ed1751..56a1a58 100644 ---- a/lib/freebl/drbg.c -+++ b/lib/freebl/drbg.c +Index: nss/lib/freebl/drbg.c +=================================================================== +--- nss.orig/lib/freebl/drbg.c ++++ nss/lib/freebl/drbg.c @@ -6,6 +6,8 @@ #include "stubs.h" #endif @@ -11,7 +11,7 @@ #include "prerror.h" #include "secerr.h" -@@ -182,11 +184,30 @@ prng_initEntropy(void) +@@ -183,11 +185,30 @@ prng_initEntropy(void) PRUint8 block[PRNG_ENTROPY_BLOCK_SIZE]; SHA256Context ctx; @@ -42,9 +42,9 @@ return PR_FAILURE; /* error is already set */ } PORT_Assert(length == sizeof(block)); -@@ -199,6 +220,9 @@ prng_initEntropy(void) +@@ -200,6 +221,9 @@ prng_initEntropy(void) sizeof(globalrng->previousEntropyHash)); - PORT_Memset(block, 0, sizeof(block)); + PORT_SafeZero(block, sizeof(block)); SHA256_DestroyContext(&ctx, PR_FALSE); + coRNGInitEntropy.status = PR_SUCCESS; + __sync_synchronize (); @@ -52,7 +52,7 @@ return PR_SUCCESS; } -@@ -211,7 +235,7 @@ prng_getEntropy(PRUint8 *buffer, size_t requestLength) +@@ -212,7 +236,7 @@ prng_getEntropy(PRUint8 *buffer, size_t SHA256Context ctx; SECStatus rv = SECSuccess; @@ -61,7 +61,7 @@ PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); return SECFailure; } -@@ -564,10 +588,34 @@ prng_freeRNGContext(RNGContext *rng) +@@ -566,10 +590,34 @@ prng_freeRNGContext(RNGContext *rng) SECStatus RNG_RNGInit(void) { @@ -98,7 +98,7 @@ } /* -@@ -842,7 +890,21 @@ PRNGTEST_Generate(PRUint8 *bytes, unsigned int bytes_len, +@@ -844,7 +892,21 @@ PRNGTEST_Generate(PRUint8 *bytes, unsign } /* replicate reseed test from prng_GenerateGlobalRandomBytes */ if (testContext.reseed_counter[0] >= RESEED_VALUE) { ++++++ nss-fips-gcm-ctr.patch ++++++ --- /var/tmp/diff_new_pack.MUmziU/_old 2025-03-07 16:39:55.131708099 +0100 +++ /var/tmp/diff_new_pack.MUmziU/_new 2025-03-07 16:39:55.135708266 +0100 @@ -14,7 +14,7 @@ =================================================================== --- nss.orig/lib/freebl/gcm.c +++ nss/lib/freebl/gcm.c -@@ -535,8 +535,14 @@ struct GCMContextStr { +@@ -539,8 +539,14 @@ struct GCMContextStr { unsigned char tagKey[MAX_BLOCK_SIZE]; PRBool ctr_context_init; gcmIVContext gcm_iv; @@ -29,7 +29,7 @@ SECStatus gcm_InitCounter(GCMContext *gcm, const unsigned char *iv, unsigned int ivLen, unsigned int tagBits, const unsigned char *aad, unsigned int aadLen); -@@ -676,6 +682,8 @@ gcm_InitCounter(GCMContext *gcm, const u +@@ -794,6 +800,8 @@ gcm_InitCounter(GCMContext *gcm, const u goto loser; } @@ -38,7 +38,7 @@ /* finally mix in the AAD data */ rv = gcmHash_Reset(ghash, aad, aadLen); if (rv != SECSuccess) { -@@ -777,6 +785,13 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig +@@ -895,6 +903,13 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig return SECFailure; } @@ -52,7 +52,7 @@ tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; if (UINT_MAX - inlen < tagBytes) { PORT_SetError(SEC_ERROR_INPUT_LEN); -@@ -805,6 +820,7 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig +@@ -923,6 +938,7 @@ GCM_EncryptUpdate(GCMContext *gcm, unsig *outlen = 0; return SECFailure; }; ++++++ nss-fips-pbkdf-kat-compliance.patch ++++++ --- /var/tmp/diff_new_pack.MUmziU/_old 2025-03-07 16:39:55.147708768 +0100 +++ /var/tmp/diff_new_pack.MUmziU/_new 2025-03-07 16:39:55.151708935 +0100 @@ -11,27 +11,27 @@ SECStatus sftk_fips_pbkdf_PowerUpSelfTests(void) { -@@ -1765,16 +1765,22 @@ sftk_fips_pbkdf_PowerUpSelfTests(void) - unsigned char iteration_count = 5; +@@ -1766,19 +1766,21 @@ sftk_fips_pbkdf_PowerUpSelfTests(void) unsigned char keyLen = 64; char *inKeyData = TEST_KEY; -- static const unsigned char saltData[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; -+ static const unsigned char saltData[] = { + static const unsigned char saltData[] = { +- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, +- 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + 0x11, 0x39, 0x93, 0x54, 0x1C, 0xDD, 0xD7, 0x18, + 0x2F, 0x4A, 0xC1, 0x14, 0x03, 0x7A, 0x0B, 0x64, + 0x48, 0x99, 0xF4, 0x6D, 0xB7, 0x48, 0xE3, 0x3B, + 0x91, 0xBF, 0x65, 0xA9, 0x26, 0x83, 0xE8, 0x22 -+ }; -+ + }; + static const unsigned char pbkdf_known_answer[] = { -- 0x31, 0xf0, 0xe5, 0x39, 0x9f, 0x39, 0xb9, 0x29, -- 0x68, 0xac, 0xf2, 0xe9, 0x53, 0x9b, 0xb4, 0x9c, -- 0x28, 0x59, 0x8b, 0x5c, 0xd8, 0xd4, 0x02, 0x37, -- 0x18, 0x22, 0xc1, 0x92, 0xd0, 0xfa, 0x72, 0x90, -- 0x2c, 0x8d, 0x19, 0xd4, 0x56, 0xfb, 0x16, 0xfa, -- 0x8d, 0x5c, 0x06, 0x33, 0xd1, 0x5f, 0x17, 0xb1, -- 0x22, 0xd9, 0x9c, 0xaf, 0x5e, 0x3f, 0xf3, 0x66, -- 0xc6, 0x14, 0xfe, 0x83, 0xfa, 0x1a, 0x2a, 0xc5 +- 0x73, 0x8c, 0xfa, 0x02, 0xe8, 0xdb, 0x43, 0xe4, +- 0x99, 0xc5, 0xfd, 0xd9, 0x4d, 0x8e, 0x3e, 0x7b, +- 0xc4, 0xda, 0x22, 0x1b, 0xe1, 0xae, 0x23, 0x7a, +- 0x21, 0x27, 0xbd, 0xcc, 0x78, 0xc4, 0xe6, 0xc5, +- 0x33, 0x38, 0x35, 0xe0, 0x68, 0x1a, 0x1e, 0x06, +- 0xad, 0xaf, 0x7f, 0xd7, 0x3f, 0x0e, 0xc0, 0x90, +- 0x17, 0x97, 0x73, 0x75, 0x7b, 0x88, 0x49, 0xd8, +- 0x6f, 0x78, 0x5a, 0xde, 0x50, 0x20, 0x55, 0x33 + 0x44, 0xd2, 0xae, 0x2d, 0x45, 0xb9, 0x42, 0x70, + 0xcb, 0x3e, 0x40, 0xc5, 0xcf, 0x36, 0x9b, 0x5f, + 0xfc, 0x64, 0xb1, 0x10, 0x18, 0x4d, 0xd8, 0xb6, @@ -43,7 +43,7 @@ }; sftk_PBELockInit(); -@@ -1803,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void) +@@ -1807,11 +1809,12 @@ sftk_fips_pbkdf_PowerUpSelfTests(void) * for NSSPKCS5_PBKDF2 */ pbe_params.iter = iteration_count; pbe_params.keyLen = keyLen; ++++++ nss-fips-zeroization.patch ++++++ --- /var/tmp/diff_new_pack.MUmziU/_old 2025-03-07 16:39:55.179710107 +0100 +++ /var/tmp/diff_new_pack.MUmziU/_new 2025-03-07 16:39:55.183710275 +0100 @@ -107,7 +107,7 @@ =================================================================== --- nss.orig/lib/freebl/gcm.c +++ nss/lib/freebl/gcm.c -@@ -162,6 +162,9 @@ bmul(uint64_t x, uint64_t y, uint64_t *r +@@ -166,6 +166,9 @@ bmul(uint64_t x, uint64_t y, uint64_t *r *r_high = (uint64_t)(r >> 64); *r_low = (uint64_t)r; @@ -117,7 +117,7 @@ } SECStatus -@@ -200,6 +203,12 @@ gcm_HashMult_sftw(gcmHashContext *ghash, +@@ -204,6 +207,12 @@ gcm_HashMult_sftw(gcmHashContext *ghash, } ghash->x_low = ci_low; ghash->x_high = ci_high; @@ -130,7 +130,7 @@ return SECSuccess; } #else -@@ -239,6 +248,10 @@ bmul32(uint32_t x, uint32_t y, uint32_t +@@ -243,6 +252,10 @@ bmul32(uint32_t x, uint32_t y, uint32_t z = z0 | z1 | z2 | z3; *r_high = (uint32_t)(z >> 32); *r_low = (uint32_t)z; @@ -141,7 +141,7 @@ } SECStatus -@@ -324,6 +337,20 @@ gcm_HashMult_sftw32(gcmHashContext *ghas +@@ -328,6 +341,20 @@ gcm_HashMult_sftw32(gcmHashContext *ghas ghash->x_high = z_high_h; ghash->x_low = z_high_l; } @@ -162,41 +162,4 @@ return SECSuccess; } #endif /* HAVE_INT128_SUPPORT */ -@@ -870,11 +897,13 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig - /* verify the block */ - rv = gcmHash_Update(gcm->ghash_context, inbuf, inlen); - if (rv != SECSuccess) { -- return SECFailure; -+ rv = SECFailure; -+ goto cleanup; - } - rv = gcm_GetTag(gcm, tag, &len, AES_BLOCK_SIZE); - if (rv != SECSuccess) { -- return SECFailure; -+ rv = SECFailure; -+ goto cleanup; - } - /* Don't decrypt if we can't authenticate the encrypted data! - * This assumes that if tagBits is not a multiple of 8, intag will -@@ -882,10 +911,18 @@ GCM_DecryptUpdate(GCMContext *gcm, unsig - if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) { - /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ - PORT_SetError(SEC_ERROR_BAD_DATA); -- PORT_Memset(tag, 0, sizeof(tag)); -- return SECFailure; -+ rv = SECFailure; -+ goto cleanup; - } -+cleanup: -+ tagBytes = 0; - PORT_Memset(tag, 0, sizeof(tag)); -+ intag = NULL; -+ len = 0; -+ if (rv != SECSuccess) { -+ return rv; -+ } -+ - /* finish the decryption */ - return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, - inbuf, inlen, AES_BLOCK_SIZE);
