Hello community, here is the log from the commit of package mozilla-nss for openSUSE:Leap:15.2 checked in at 2020-06-21 21:58:40 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/mozilla-nss (Old) and /work/SRC/openSUSE:Leap:15.2/.mozilla-nss.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "mozilla-nss" Sun Jun 21 21:58:40 2020 rev:50 rq:815869 version:3.53 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/mozilla-nss/mozilla-nss.changes 2020-05-26 18:32:29.921591301 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.mozilla-nss.new.3606/mozilla-nss.changes 2020-06-21 21:58:41.228006553 +0200 @@ -1,0 +2,221 @@ +Tue Jun 2 06:30:54 UTC 2020 - Martin Sirringhaus <[email protected]> + +- update to NSS 3.53 + Notable changes: + * When using the Makefiles, NSS can be built in parallel, speeding up + those builds to more similar performance as the build.sh/ninja/gyp + system. (bmo#290526) + * SEED is now moved into a new freebl directory + freebl/deprecated (Bug 1636389). SEED will be disabled by default in + a future release of NSS. At that time, users will need to set the + compile-time flag (bmo#1622033) to disable that deprecation in order + to use the algorithm. + Algorithms marked as deprecated will ultimately + be removed. + * Several root certificates in the Mozilla program now set + the CKA_NSS_SERVER_DISTRUST_AFTER attribute, which NSS consumers can + query to further refine trust decisions. (bmo#1618404, bmo#1621159) + If a builtin certificate has a CKA_NSS_SERVER_DISTRUST_AFTER timestamp + before the SCT or NotBefore date of a certificate that builtin + issued, then clients can elect not to trust it. This attribute + provides a more graceful phase-out for certificate authorities than + complete removal from the root certificate builtin store. + + Bugs fixed + * Initialize PBE params (ASAN fix) (bmo#1640260) + * Set CKA_NSS_SERVER_DISTRUST_AFTER for Symantec root certs + (bmo#1618404) + * Set CKA_NSS_SERVER_DISTRUST_AFTER for Consorci AOC, GRCA, and SK ID + root certs (bmo#1621159) + * PPC64: Correct compilation error between VMX vs. VSX vector + instructions (bmo#1629414) + * Fix various compile warnings in NSS (bmo#1639033) + * Fix a null pointer in security/nss/lib/ssl/sslencode.c:67 + (bmo#1640041) + * Fix a null pointer in security/nss/lib/ssl/sslsock.c:4460 + (bmo#1640042) + * Avoid multiple definitions of SHA{256,384,512}_* symbols when linking + libfreeblpriv3.so in Firefox on ppc64le (bmo#1638289) + * Relocate deprecated SEED algorithm (bmo#1636389) + * lib/ckfw: No such file or directory. Stop. (bmo#1637083) + * Additional modular inverse test (bmo#1561331) + * Rework and cleanup gmake builds (bmo#1629553) + * Remove mkdepend and "depend" make target (bmo#1438431) + * Support parallel building of NSS when using the Makefiles (bmo#290526) + * HACL* update after changes in libintvector.h (bmo#1636206) + * Fix building NSS on Debian s390x, mips64el, and riscv64 (bmo#1636058) + * Add option to build without SEED (bmo#1622033) + +- Remove upstreamed patches nss-kremlin-ppc64le.patch + and nss-unit-test-fixes.patch + +------------------------------------------------------------------- +Tue May 26 11:30:05 UTC 2020 - Martin Sirringhaus <[email protected]> + +- update to NSS 3.52.1 + Notable changes + * Update NSS to support PKCS#11 v3.0 (bmo#1603628) + * Support new PKCS #11 v3.0 Message Interface for AES-GCM and + ChaChaPoly (bmo#1623374) + * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from HACL* + (bmo#1612493) + * CVE-2020-12399 - Force a fixed length for DSA exponentiation + (bmo#1631576, bsc#1171978) + +- Set NSS_ENABLE_WERROR=0 in order to fix boo#1169746. + +- update to NSS 3.52: + * Update NSS to support PKCS #11 v3.0. (bmo#1603628) + Note: This change modifies the CK_GCM_PARAMS struct to include + the ulIvBits field which, prior to PKCS #11 v3.0, was + ambiguously defined and not included in the NSS definition. + If an application is recompiled with NSS 3.52+, this field + must be initialized to a value corresponding to ulIvLen. + Alternatively, defining NSS_PKCS11_2_0_COMPAT will yield the + old definition. See the bug for more information. + * Support new PKCS #11 v3.0 Message Interface for AES-GCM and + ChaChaPoly (bmo#1623374). + * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from + HACL* (bmo#1612493). + * Fix unused variable 'getauxval' error on iOS compilation. + (bmo#1633498) + * Add Softoken functions for FIPS. (bmo#1630721) + * Fix problem of GYP MSVC builds not producing debug symbol files. + (bmo#1630458) + * Add IKEv1 Quick Mode KDF. (bmo#1629663) + * MPConfig calls in SSL initialize policy before NSS is initialized. + (bmo#1629661) + * Support temporary session objects in ckfw. (bmo#1629655) + * Add PKCS11 v3.0 functions to module debug logger. (bmo#1629105) + * Fix error in generation of fuzz32 docker image after updates. + (bmo#1626751) + * Fix implicit declaration of function 'getopt' error. (bmo#1625133) + * Allow building of gcm-arm32-neon on non-armv7 architectures. + (bmo#1624864) + * Fix compilation error in Firefox Android. (bmo#1624402) + * Require CK_FUNCTION_LIST structs to be packed. (bmo#1624130) + * Fix clang warning for unknown argument '-msse4'. (bmo#1624377) + * Support new PKCS #11 v3.0 Message Interface for AES-GCM and + ChaChaPoly. (bmo#1623374) + * Fix freebl_cpuid for querying Extended Features. (bmo#1623184) + * Fix argument parsing in lowhashtest. (bmo#1622555) + * Introduce NSS_DISABLE_GCM_ARM32_NEON to build on arm32 without + NEON support. (bmo#1620799) + * Add workaround option to include both DTLS and TLS versions in + DTLS supported_versions. (bmo#1619102) + * Update README: TLS 1.3 is not experimental anymore. (bmo#1619056) + * Fix UBSAN issue in ssl_ParseSessionTicket. (bmo#1618915) + * Don't assert fuzzer behavior in SSL_ParseSessionTicket. + (bmo#1618739) + * Update Delegated Credentials implementation to draft-07. + (bmo#1617968) + * Update HACL* dependencies for libintvector.h (bmo#1617533) + * Add vector accelerated SHA2 for POWER 8+. (bmo#1613238) + * Integrate AVX2 ChaCha20, Poly1305, and ChaCha20Poly1305 from + HACL*. (bmo#1612493) + * Maintain PKCS11 C_GetAttributeValue semantics on attributes that + lack NSS database columns. (bmo#1612281) + * Add Wycheproof RSA test vectors. (bmo#1612260) + * broken fipstest handling of KI_len. (bmo#1608250) + * Consistently handle NULL slot/session. (bmo#1608245) + * Avoid dcache pollution from sdb_measureAccess(). (bmo#1603801) + * Update NSS to support PKCS #11 v3.0. (bmo#1603628) + * TLS 1.3 does not work in FIPS mode. (bmo#1561637) + * Fix overzealous assertion when evicting a cached sessionID or + using external cache. (bmo#1531906) + * Fix issue where testlib makefile build produced extraneous object + files. (bmo#1465613) + * Properly handle multi-block SEED ECB inputs. (bmo#1619959) + * Guard all instances of NSSCMSSignedData.signerInfo to avoid a CMS + crash (bmo#1630925) + * Name Constraints validation: CN treated as DNS name even when + syntactically invalid as DNS name (bmo#1571677) + +- update to NSS 3.51.1: + * Update Delegated Credentials implementation to draft-07 + (bmo#1617968) + * Add workaround option to include both DTLS and TLS versions in + DTLS supported_versions (bmo#1619102) + * Update README: TLS 1.3 is not experimental anymore + (bmo#1619056) + * Don't assert fuzzer behavior in SSL_ParseSessionTicket + (bmo#1618739) + * Fix UBSAN issue in ssl_ParseSessionTicket (bmo#1618915) + * Consistently handle NULL slot/session (bmo#1608245) + * broken fipstest handling of KI_len (bmo#1608250) + * Update Delegated Credentials implementation to draft-07 + (bmo#1617968) + +- Add patch nss-kremlin-ppc64le.patch to fix ppc and s390x builds + +- update to NSS 3.51 + * Updated DTLS 1.3 implementation to Draft-34. (bmo#1608892) + * Correct swapped PKCS11 values of CKM_AES_CMAC and + CKM_AES_CMAC_GENERAL (bmo#1611209) + * Complete integration of Wycheproof ECDH test cases (bmo#1612259) + * Check if PPC __has_include(<sys/auxv.h>) (bmo#1614183) + * Fix a compilation error for ‘getFIPSEnv’ "defined but not used" + (bmo#1614786) + * Send DTLS version numbers in DTLS 1.3 supported_versions extension + to avoid an incompatibility. (bmo#1615208) + * SECU_ReadDERFromFile calls strstr on a string that isn't guaranteed + to be null-terminated (bmo#1538980) + * Correct a warning for comparison of integers of different signs: + 'int' and 'unsigned long' in security/nss/lib/freebl/ecl/ecp_25519.c:88 + (bmo#1561337) + * Add test for mp_int clamping (bmo#1609751) + * Don't attempt to read the fips_enabled flag on the machine unless + NSS was built with FIPS enabled (bmo#1582169) + * Fix a null pointer dereference in BLAKE2B_Update (bmo#1431940) + * Fix compiler warning in secsign.c (bmo#1617387) + * Fix a OpenBSD/arm64 compilation error: unused variable 'getauxval' + (bmo#1618400) + * Fix a crash on unaligned CMACContext.aes.keySchedule when using + AES-NI intrinsics (bmo#1610687) + +- update to NSS 3.50 + * Verified primitives from HACL* were updated, bringing performance + improvements for several platforms. + Note that Intel processors with SSE4 but without AVX are currently + unable to use the improved ChaCha20/Poly1305 due to a build issue; + such platforms will fall-back to less optimized algorithms. + See bmo#1609569 for details + * Updated DTLS 1.3 implementation to Draft-30. + See bmo#1599514 for details. + * Added NIST SP800-108 KBKDF - PKCS#11 implementation. + See bmo#1599603 for details. + * Several bugfixes and minor changes + +- Disable LTO on %arm as LTO fails on neon errors + +- update to NSS 3.49.2 + Fixed bugs: + * Fix compilation problems with NEON-specific code in freebl + (bmo#1608327) + * Fix a taskcluster issue with Python 2 / Python 3 (bmo#1608895) + +- update to NSS 3.49.1 ++++ 36 more lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/mozilla-nss/mozilla-nss.changes ++++ and /work/SRC/openSUSE:Leap:15.2/.mozilla-nss.new.3606/mozilla-nss.changes Old: ---- nss-3.47.1.tar.gz nss-unit-test-fixes.patch New: ---- nss-3.53.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ mozilla-nss.spec ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.392047659 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.396047682 +0200 @@ -1,8 +1,8 @@ # # spec file for package mozilla-nss # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2006-2019 Wolfgang Rosenauer +# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2006-2020 Wolfgang Rosenauer # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,14 +17,14 @@ # -%global nss_softokn_fips_version 3.47 -%define NSPR_min_version 4.23 +%global nss_softokn_fips_version 3.53 +%define NSPR_min_version 4.25 %define nspr_ver %(rpm -q --queryformat '%%{VERSION}' mozilla-nspr) %define nssdbdir %{_sysconfdir}/pki/nssdb Name: mozilla-nss -Version: 3.47.1 +Version: 3.53 Release: 0 -%define underscore_version 3_47_1 +%define underscore_version 3_53 Summary: Network Security Services License: MPL-2.0 Group: System/Libraries @@ -66,12 +66,15 @@ Patch30: nss-fips-tls-allow-md5-prf.patch Patch31: nss-fips-use-strong-random-pool.patch Patch32: nss-fips-detect-fips-mode-fixes.patch -Patch33: nss-unit-test-fixes.patch Patch34: nss-fips-combined-hash-sign-dsa-ecdsa.patch Patch35: nss-fix-dh-pkcs-derive-inverted-logic.patch Patch36: nss-fips-aes-keywrap-post.patch - +%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 +# aarch64 + gcc4.8 fails to build on SLE-12 due to undefined references +BuildRequires: gcc9-c++ +%else BuildRequires: gcc-c++ +%endif BuildRequires: pkgconfig BuildRequires: pkgconfig(nspr) >= %{NSPR_min_version} BuildRequires: pkgconfig(sqlite3) @@ -201,7 +204,6 @@ %endif %patch6 -p1 %patch7 -p1 -cd .. # FIPS patches %patch11 -p1 @@ -221,7 +223,6 @@ %patch30 -p1 %patch31 -p1 %patch32 -p1 -%patch33 -p1 %patch34 -p1 %patch35 -p1 %patch36 -p1 @@ -232,13 +233,25 @@ #make generate %build +%ifarch %arm +# LTO fails on neon errors +%global _lto_cflags %{nil} +%else %global _lto_cflags %{_lto_cflags} -ffat-lto-objects +%endif +%if 0%{?sle_version} >= 120000 && 0%{?sle_version} < 150000 +export CC=gcc-9 +# Yes, they use both... +export CXX=g++-9 +export CCC=g++-9 +%endif cd nss modified="$(sed -n '/^----/n;s/ - .*$//;p;q' "%{SOURCE99}")" DATE="\"$(date -d "${modified}" "+%%b %%e %%Y")\"" TIME="\"$(date -d "${modified}" "+%%R")\"" find . -name '*.[ch]' -print -exec sed -i "s/__DATE__/${DATE}/g;s/__TIME__/${TIME}/g" {} + +export NSS_ENABLE_WERROR=0 export NSS_NO_PKCS11_BYPASS=1 export FREEBL_NO_DEPEND=1 export FREEBL_LOWHASH=1 ++++++ baselibs.conf ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.460048050 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.460048050 +0200 @@ -1,5 +1,5 @@ mozilla-nss - requires "mozilla-nspr-<targettype> >= 4.23" + requires "mozilla-nspr-<targettype> >= 4.25" requires "libfreebl3-<targettype>" requires "libsoftokn3-<targettype>" requires "mozilla-nss-certs-<targettype>" ++++++ nss-3.47.1.tar.gz -> nss-3.53.tar.gz ++++++ /work/SRC/openSUSE:Leap:15.2/mozilla-nss/nss-3.47.1.tar.gz /work/SRC/openSUSE:Leap:15.2/.mozilla-nss.new.3606/nss-3.53.tar.gz differ: char 5, line 1 ++++++ nss-fips-aes-keywrap-post.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.524048417 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.524048417 +0200 @@ -1,14 +1,17 @@ +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1589854460 -7200 +# Tue May 19 04:14:20 2020 +0200 +# Node ID ce99bba6375432c55a73c1367f619dfef7c7e9fc +# Parent 2b4f407fb1f8824fed4df9c4c3f15a2493e71677 commit e78f5a6a2124ce88002796d6aaefc6232f132526 Author: Hans Petter Jansson <[email protected]> -Date: Tue May 19 04:14:20 2020 +0200 - AES Keywrap POST. -diff --git a/nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c -index 407a2db..4dc9f47 100644 ---- a/nss/lib/freebl/fipsfreebl.c -+++ b/nss/lib/freebl/fipsfreebl.c -@@ -110,6 +110,9 @@ BOOL WINAPI DllMain( +diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c +--- a/lib/freebl/fipsfreebl.c ++++ b/lib/freebl/fipsfreebl.c +@@ -110,6 +110,9 @@ #define FIPS_AES_192_KEY_SIZE 24 /* 192-bits */ #define FIPS_AES_256_KEY_SIZE 32 /* 256-bits */ @@ -18,7 +21,7 @@ /* FIPS preprocessor directives for message digests */ #define FIPS_KNOWN_HASH_MESSAGE_LENGTH 64 /* 512-bits */ -@@ -299,6 +302,9 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -299,6 +302,9 @@ static const PRUint8 aes_gcm_known_aad[] = { "MozillaallizoM" }; @@ -28,7 +31,7 @@ /* AES Known Ciphertext (128-bit key). */ static const PRUint8 aes_ecb128_known_ciphertext[] = { 0x3c, 0xa5, 0x96, 0xf3, 0x34, 0x6a, 0x96, 0xc1, -@@ -353,6 +359,25 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -353,6 +359,25 @@ 0xf4, 0xb0, 0xc1, 0x8c, 0x86, 0x51, 0xf5, 0xa1 }; @@ -54,7 +57,7 @@ const PRUint8 *aes_ecb_known_ciphertext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_ecb128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_ecb192_known_ciphertext : aes_ecb256_known_ciphertext; -@@ -362,10 +387,14 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) +@@ -362,10 +387,14 @@ const PRUint8 *aes_gcm_known_ciphertext = (aes_key_size == FIPS_AES_128_KEY_SIZE) ? aes_gcm128_known_ciphertext : (aes_key_size == FIPS_AES_192_KEY_SIZE) ? aes_gcm192_known_ciphertext : aes_gcm256_known_ciphertext; @@ -68,8 +71,8 @@ + AESKeyWrapContext *aes_keywrap_context; unsigned int aes_bytes_encrypted; unsigned int aes_bytes_decrypted; - CK_GCM_PARAMS gcmParams; -@@ -554,6 +583,52 @@ freebl_fips_AES_PowerUpSelfTest(int aes_key_size) + CK_NSS_GCM_PARAMS gcmParams; +@@ -554,6 +583,52 @@ return (SECFailure); } ++++++ nss-fips-approved-crypto-non-ec.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.532048462 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.532048462 +0200 @@ -1,7 +1,14 @@ -diff --git a/nss/lib/freebl/alg2268.c b/nss/lib/freebl/alg2268.c -index 54c6f4d..8200bc9 100644 ---- a/nss/lib/freebl/alg2268.c -+++ b/nss/lib/freebl/alg2268.c +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1590413430 -7200 +# Mon May 25 15:30:30 2020 +0200 +# Node ID 2d4483f4a1259f965f32ff4c65436e92aef83be7 +# Parent 3f4d682c9a1e8b3d939c744ee249e23179db5191 +imported patch nss-fips-approved-crypto-non-ec.patch + +diff --git a/lib/freebl/alg2268.c b/lib/freebl/alg2268.c +--- a/lib/freebl/alg2268.c ++++ b/lib/freebl/alg2268.c @@ -16,6 +16,8 @@ #include <stddef.h> /* for ptrdiff_t */ #endif @@ -11,7 +18,7 @@ /* ** RC2 symmetric block cypher */ -@@ -119,6 +121,7 @@ static const PRUint8 S[256] = { +@@ -119,6 +121,7 @@ RC2Context * RC2_AllocateContext(void) { @@ -19,7 +26,7 @@ return PORT_ZNew(RC2Context); } SECStatus -@@ -133,6 +136,8 @@ RC2_InitContext(RC2Context *cx, const unsigned char *key, unsigned int len, +@@ -133,6 +136,8 @@ #endif PRUint8 tmpB; @@ -28,7 +35,7 @@ if (!key || !cx || !len || len > (sizeof cx->B) || efLen8 > (sizeof cx->B)) { PORT_SetError(SEC_ERROR_INVALID_ARGS); -@@ -204,7 +209,11 @@ RC2Context * +@@ -204,7 +209,11 @@ RC2_CreateContext(const unsigned char *key, unsigned int len, const unsigned char *iv, int mode, unsigned efLen8) { @@ -41,7 +48,7 @@ if (cx) { SECStatus rv = RC2_InitContext(cx, key, len, iv, mode, efLen8, 0); if (rv != SECSuccess) { -@@ -456,7 +465,11 @@ RC2_Encrypt(RC2Context *cx, unsigned char *output, +@@ -456,7 +465,11 @@ unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { @@ -54,7 +61,7 @@ if (inputLen) { if (inputLen % RC2_BLOCK_SIZE) { PORT_SetError(SEC_ERROR_INPUT_LEN); -@@ -490,7 +503,11 @@ RC2_Decrypt(RC2Context *cx, unsigned char *output, +@@ -490,7 +503,11 @@ unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { @@ -67,10 +74,9 @@ if (inputLen) { if (inputLen % RC2_BLOCK_SIZE) { PORT_SetError(SEC_ERROR_INPUT_LEN); -diff --git a/nss/lib/freebl/arcfour.c b/nss/lib/freebl/arcfour.c -index e37b458..5d4a8b2 100644 ---- a/nss/lib/freebl/arcfour.c -+++ b/nss/lib/freebl/arcfour.c +diff --git a/lib/freebl/arcfour.c b/lib/freebl/arcfour.c +--- a/lib/freebl/arcfour.c ++++ b/lib/freebl/arcfour.c @@ -13,6 +13,7 @@ #include "prtypes.h" @@ -79,7 +85,7 @@ /* Architecture-dependent defines */ -@@ -108,6 +109,7 @@ static const Stype Kinit[256] = { +@@ -108,6 +109,7 @@ RC4Context * RC4_AllocateContext(void) { @@ -87,7 +93,7 @@ return PORT_ZNew(RC4Context); } -@@ -121,6 +123,8 @@ RC4_InitContext(RC4Context *cx, const unsigned char *key, unsigned int len, +@@ -121,6 +123,8 @@ PRUint8 K[256]; PRUint8 *L; @@ -96,7 +102,7 @@ /* verify the key length. */ PORT_Assert(len > 0 && len < ARCFOUR_STATE_SIZE); if (len == 0 || len >= ARCFOUR_STATE_SIZE) { -@@ -162,7 +166,11 @@ RC4_InitContext(RC4Context *cx, const unsigned char *key, unsigned int len, +@@ -162,7 +166,11 @@ RC4Context * RC4_CreateContext(const unsigned char *key, int len) { @@ -109,7 +115,7 @@ if (cx) { SECStatus rv = RC4_InitContext(cx, key, len, NULL, 0, 0, 0); if (rv != SECSuccess) { -@@ -176,6 +184,7 @@ RC4_CreateContext(const unsigned char *key, int len) +@@ -176,6 +184,7 @@ void RC4_DestroyContext(RC4Context *cx, PRBool freeit) { @@ -117,7 +123,7 @@ if (freeit) PORT_ZFree(cx, sizeof(*cx)); } -@@ -548,6 +557,8 @@ RC4_Encrypt(RC4Context *cx, unsigned char *output, +@@ -548,6 +557,8 @@ unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { @@ -126,7 +132,7 @@ PORT_Assert(maxOutputLen >= inputLen); if (maxOutputLen < inputLen) { PORT_SetError(SEC_ERROR_OUTPUT_LEN); -@@ -571,6 +582,8 @@ RC4_Decrypt(RC4Context *cx, unsigned char *output, +@@ -571,6 +582,8 @@ unsigned int *outputLen, unsigned int maxOutputLen, const unsigned char *input, unsigned int inputLen) { @@ -135,10 +141,119 @@ PORT_Assert(maxOutputLen >= inputLen); if (maxOutputLen < inputLen) { PORT_SetError(SEC_ERROR_OUTPUT_LEN); -diff --git a/nss/lib/freebl/fips.h b/nss/lib/freebl/fips.h -index a4ac7a9..d5f4a0b 100644 ---- a/nss/lib/freebl/fips.h -+++ b/nss/lib/freebl/fips.h +diff --git a/lib/freebl/deprecated/seed.c b/lib/freebl/deprecated/seed.c +--- a/lib/freebl/deprecated/seed.c ++++ b/lib/freebl/deprecated/seed.c +@@ -17,6 +17,8 @@ + #include "seed.h" + #include "secerr.h" + ++#include "../fips.h" ++ + static const seed_word SS[4][256] = { + { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, + 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, +@@ -301,6 +303,8 @@ + seed_word K0, K1, K2, K3; + seed_word t0, t1; + ++ IN_FIPS_RETURN(); ++ + char2word(rawkey, K0); + char2word(rawkey + 4, K1); + char2word(rawkey + 8, K2); +@@ -349,6 +353,8 @@ + seed_word L0, L1, R0, R1; + seed_word t0, t1; + ++ IN_FIPS_RETURN(); ++ + char2word(s, L0); + char2word(s + 4, L1); + char2word(s + 8, R0); +@@ -385,6 +391,8 @@ + seed_word L0, L1, R0, R1; + seed_word t0, t1; + ++ IN_FIPS_RETURN(); ++ + char2word(s, L0); + char2word(s + 4, L1); + char2word(s + 8, R0); +@@ -419,6 +427,8 @@ + size_t inLen, + const SEED_KEY_SCHEDULE *ks, int enc) + { ++ IN_FIPS_RETURN(); ++ + if (enc) { + while (inLen > 0) { + SEED_encrypt(in, out, ks); +@@ -445,6 +455,8 @@ + unsigned char tmp[SEED_BLOCK_SIZE]; + const unsigned char *iv = ivec; + ++ IN_FIPS_RETURN(); ++ + if (enc) { + while (len >= SEED_BLOCK_SIZE) { + for (n = 0; n < SEED_BLOCK_SIZE; ++n) { +@@ -528,6 +540,7 @@ + SEEDContext * + SEED_AllocateContext(void) + { ++ IN_FIPS_RETURN(NULL); + return PORT_ZNew(SEEDContext); + } + +@@ -536,6 +549,8 @@ + unsigned int keylen, const unsigned char *iv, + int mode, unsigned int encrypt, unsigned int unused) + { ++ IN_FIPS_RETURN(SECFailure); ++ + if (!cx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; +@@ -567,10 +582,14 @@ + SEED_CreateContext(const unsigned char *key, const unsigned char *iv, + int mode, PRBool encrypt) + { +- SEEDContext *cx = PORT_ZNew(SEEDContext); +- SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode, +- encrypt, 0); ++ SEEDContext *cx; ++ SECStatus rv; + ++ IN_FIPS_RETURN(NULL); ++ ++ cx = PORT_ZNew(SEEDContext); ++ rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode, ++ encrypt, 0); + if (rv != SECSuccess) { + PORT_ZFree(cx, sizeof *cx); + cx = NULL; +@@ -595,6 +614,8 @@ + unsigned int maxOutLen, const unsigned char *in, + unsigned int inLen) + { ++ IN_FIPS_RETURN(SECFailure); ++ + if (!cx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; +@@ -635,6 +656,8 @@ + unsigned int maxOutLen, const unsigned char *in, + unsigned int inLen) + { ++ IN_FIPS_RETURN(SECFailure); ++ + if (!cx) { + PORT_SetError(SEC_ERROR_INVALID_ARGS); + return SECFailure; +diff --git a/lib/freebl/fips.h b/lib/freebl/fips.h +--- a/lib/freebl/fips.h ++++ b/lib/freebl/fips.h @@ -8,8 +8,20 @@ #ifndef FIPS_H #define FIPS_H @@ -160,10 +275,9 @@ #endif -diff --git a/nss/lib/freebl/md2.c b/nss/lib/freebl/md2.c -index cb3d3d8..6b1bea5 100644 ---- a/nss/lib/freebl/md2.c -+++ b/nss/lib/freebl/md2.c +diff --git a/lib/freebl/md2.c b/lib/freebl/md2.c +--- a/lib/freebl/md2.c ++++ b/lib/freebl/md2.c @@ -13,6 +13,8 @@ #include "blapi.h" @@ -173,7 +287,7 @@ #define MD2_DIGEST_LEN 16 #define MD2_BUFSIZE 16 #define MD2_X_SIZE 48 /* The X array, [CV | INPUT | TMP VARS] */ -@@ -66,7 +68,11 @@ SECStatus +@@ -66,7 +68,11 @@ MD2_Hash(unsigned char *dest, const char *src) { unsigned int len; @@ -186,7 +300,7 @@ if (!cx) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return SECFailure; -@@ -81,7 +87,11 @@ MD2_Hash(unsigned char *dest, const char *src) +@@ -81,7 +87,11 @@ MD2Context * MD2_NewContext(void) { @@ -199,7 +313,7 @@ if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return NULL; -@@ -99,6 +109,8 @@ MD2_DestroyContext(MD2Context *cx, PRBool freeit) +@@ -99,6 +109,8 @@ void MD2_Begin(MD2Context *cx) { @@ -208,7 +322,7 @@ memset(cx, 0, sizeof(*cx)); cx->unusedBuffer = MD2_BUFSIZE; } -@@ -196,6 +208,8 @@ MD2_Update(MD2Context *cx, const unsigned char *input, unsigned int inputLen) +@@ -196,6 +208,8 @@ { PRUint32 bytesToConsume; @@ -217,7 +331,7 @@ /* Fill the remaining input buffer. */ if (cx->unusedBuffer != MD2_BUFSIZE) { bytesToConsume = PR_MIN(inputLen, cx->unusedBuffer); -@@ -226,6 +240,9 @@ MD2_End(MD2Context *cx, unsigned char *digest, +@@ -226,6 +240,9 @@ unsigned int *digestLen, unsigned int maxDigestLen) { PRUint8 padStart; @@ -227,10 +341,9 @@ if (maxDigestLen < MD2_BUFSIZE) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return; -diff --git a/nss/lib/freebl/md5.c b/nss/lib/freebl/md5.c -index bdd36a6..b3a796b 100644 ---- a/nss/lib/freebl/md5.c -+++ b/nss/lib/freebl/md5.c +diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c +--- a/lib/freebl/md5.c ++++ b/lib/freebl/md5.c @@ -15,6 +15,8 @@ #include "blapi.h" #include "blapii.h" @@ -240,7 +353,7 @@ #define MD5_HASH_LEN 16 #define MD5_BUFFER_SIZE 64 #define MD5_END_BUFFER (MD5_BUFFER_SIZE - 8) -@@ -195,6 +197,7 @@ struct MD5ContextStr { +@@ -195,6 +197,7 @@ SECStatus MD5_Hash(unsigned char *dest, const char *src) { @@ -248,7 +361,7 @@ return MD5_HashBuf(dest, (const unsigned char *)src, PORT_Strlen(src)); } -@@ -204,6 +207,8 @@ MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length) +@@ -204,6 +207,8 @@ unsigned int len; MD5Context cx; @@ -257,7 +370,7 @@ MD5_Begin(&cx); MD5_Update(&cx, src, src_length); MD5_End(&cx, dest, &len, MD5_HASH_LEN); -@@ -215,7 +220,11 @@ MD5Context * +@@ -215,7 +220,11 @@ MD5_NewContext(void) { /* no need to ZAlloc, MD5_Begin will init the context */ @@ -270,7 +383,7 @@ if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); return NULL; -@@ -226,7 +235,8 @@ MD5_NewContext(void) +@@ -226,7 +235,8 @@ void MD5_DestroyContext(MD5Context *cx, PRBool freeit) { @@ -280,7 +393,7 @@ if (freeit) { PORT_Free(cx); } -@@ -235,6 +245,8 @@ MD5_DestroyContext(MD5Context *cx, PRBool freeit) +@@ -235,6 +245,8 @@ void MD5_Begin(MD5Context *cx) { @@ -289,7 +402,7 @@ cx->lsbInput = 0; cx->msbInput = 0; /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */ -@@ -425,6 +437,8 @@ MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) +@@ -425,6 +437,8 @@ PRUint32 inBufIndex = cx->lsbInput & 63; const PRUint32 *wBuf; @@ -298,7 +411,7 @@ /* Add the number of input bytes to the 64-bit input counter. */ addto64(cx->msbInput, cx->lsbInput, inputLen); if (inBufIndex) { -@@ -498,6 +512,8 @@ MD5_End(MD5Context *cx, unsigned char *digest, +@@ -498,6 +512,8 @@ PRUint32 lowInput, highInput; PRUint32 inBufIndex = cx->lsbInput & 63; @@ -307,7 +420,7 @@ if (maxDigestLen < MD5_HASH_LEN) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return; -@@ -546,6 +562,8 @@ MD5_EndRaw(MD5Context *cx, unsigned char *digest, +@@ -546,6 +562,8 @@ #endif PRUint32 cv[4]; @@ -316,10 +429,9 @@ if (maxDigestLen < MD5_HASH_LEN) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return; -diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c -index 22f9781..69a2c1a 100644 ---- a/nss/lib/freebl/nsslowhash.c -+++ b/nss/lib/freebl/nsslowhash.c +diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c +--- a/lib/freebl/nsslowhash.c ++++ b/lib/freebl/nsslowhash.c @@ -12,6 +12,7 @@ #include "plhash.h" #include "nsslowhash.h" @@ -328,7 +440,7 @@ struct NSSLOWInitContextStr { int count; -@@ -92,6 +93,12 @@ NSSLOWHASH_NewContext(NSSLOWInitContext *initContext, +@@ -92,6 +93,12 @@ { NSSLOWHASHContext *context; @@ -341,10 +453,9 @@ if (post_failed) { PORT_SetError(SEC_ERROR_PKCS11_DEVICE_ERROR); return NULL; -diff --git a/nss/lib/freebl/rawhash.c b/nss/lib/freebl/rawhash.c -index 551727b..d0e8ee8 100644 ---- a/nss/lib/freebl/rawhash.c -+++ b/nss/lib/freebl/rawhash.c +diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c +--- a/lib/freebl/rawhash.c ++++ b/lib/freebl/rawhash.c @@ -10,6 +10,7 @@ #include "hasht.h" #include "blapi.h" /* below the line */ @@ -353,7 +464,7 @@ static void * null_hash_new_context(void) -@@ -146,7 +147,8 @@ const SECHashObject SECRawHashObjects[] = { +@@ -146,7 +147,8 @@ const SECHashObject * HASH_GetRawHashObject(HASH_HashType hashType) { @@ -363,122 +474,10 @@ PORT_SetError(SEC_ERROR_INVALID_ARGS); return NULL; } -diff --git a/nss/lib/freebl/seed.c b/nss/lib/freebl/seed.c -index 377bdeb..95a76b8 100644 ---- a/nss/lib/freebl/seed.c -+++ b/nss/lib/freebl/seed.c -@@ -17,6 +17,8 @@ - #include "seed.h" - #include "secerr.h" - -+#include "fips.h" -+ - static const seed_word SS[4][256] = { - { 0x2989a1a8, 0x05858184, 0x16c6d2d4, 0x13c3d3d0, - 0x14445054, 0x1d0d111c, 0x2c8ca0ac, 0x25052124, -@@ -301,6 +303,8 @@ SEED_set_key(const unsigned char rawkey[SEED_KEY_LENGTH], - seed_word K0, K1, K2, K3; - seed_word t0, t1; - -+ IN_FIPS_RETURN(); -+ - char2word(rawkey, K0); - char2word(rawkey + 4, K1); - char2word(rawkey + 8, K2); -@@ -349,6 +353,8 @@ SEED_encrypt(const unsigned char s[SEED_BLOCK_SIZE], - seed_word L0, L1, R0, R1; - seed_word t0, t1; - -+ IN_FIPS_RETURN(); -+ - char2word(s, L0); - char2word(s + 4, L1); - char2word(s + 8, R0); -@@ -385,6 +391,8 @@ SEED_decrypt(const unsigned char s[SEED_BLOCK_SIZE], - seed_word L0, L1, R0, R1; - seed_word t0, t1; - -+ IN_FIPS_RETURN(); -+ - char2word(s, L0); - char2word(s + 4, L1); - char2word(s + 8, R0); -@@ -418,6 +426,8 @@ SEED_ecb_encrypt(const unsigned char *in, - unsigned char *out, - const SEED_KEY_SCHEDULE *ks, int enc) - { -+ IN_FIPS_RETURN(); -+ - if (enc) { - SEED_encrypt(in, out, ks); - } else { -@@ -434,6 +444,8 @@ SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, - unsigned char tmp[SEED_BLOCK_SIZE]; - const unsigned char *iv = ivec; - -+ IN_FIPS_RETURN(); -+ - if (enc) { - while (len >= SEED_BLOCK_SIZE) { - for (n = 0; n < SEED_BLOCK_SIZE; ++n) { -@@ -517,6 +529,7 @@ SEED_cbc_encrypt(const unsigned char *in, unsigned char *out, - SEEDContext * - SEED_AllocateContext(void) - { -+ IN_FIPS_RETURN(NULL); - return PORT_ZNew(SEEDContext); - } - -@@ -525,6 +538,8 @@ SEED_InitContext(SEEDContext *cx, const unsigned char *key, - unsigned int keylen, const unsigned char *iv, - int mode, unsigned int encrypt, unsigned int unused) - { -+ IN_FIPS_RETURN(SECFailure); -+ - if (!cx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -@@ -556,10 +571,14 @@ SEEDContext * - SEED_CreateContext(const unsigned char *key, const unsigned char *iv, - int mode, PRBool encrypt) - { -- SEEDContext *cx = PORT_ZNew(SEEDContext); -- SECStatus rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode, -- encrypt, 0); -+ SEEDContext *cx; -+ SECStatus rv; -+ -+ IN_FIPS_RETURN(NULL); - -+ cx = PORT_ZNew(SEEDContext); -+ rv = SEED_InitContext(cx, key, SEED_KEY_LENGTH, iv, mode, -+ encrypt, 0); - if (rv != SECSuccess) { - PORT_ZFree(cx, sizeof *cx); - cx = NULL; -@@ -584,6 +603,8 @@ SEED_Encrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen, - unsigned int maxOutLen, const unsigned char *in, - unsigned int inLen) - { -+ IN_FIPS_RETURN(SECFailure); -+ - if (!cx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -@@ -624,6 +645,8 @@ SEED_Decrypt(SEEDContext *cx, unsigned char *out, unsigned int *outLen, - unsigned int maxOutLen, const unsigned char *in, - unsigned int inLen) - { -+ IN_FIPS_RETURN(SECFailure); -+ - if (!cx) { - PORT_SetError(SEC_ERROR_INVALID_ARGS); - return SECFailure; -diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c -index 4b68f7a..bf47acc 100644 ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -6997,7 +6997,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -7282,7 +7282,7 @@ } else { /* now allocate the hash contexts */ md5 = MD5_NewContext(); ++++++ nss-fips-cavs-dsa-fixes.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.540048509 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.540048509 +0200 @@ -1,17 +1,19 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574237264 -3600 +# Wed Nov 20 09:07:44 2019 +0100 +# Node ID 0e904e6179d1db21965df2c405c80c3fc0258658 +# Parent 969310ea4c573aac64bf08846b8938b8fa783870 +[PATCH] 24 From ef2620b770082c77dbbbccae2e773157897b005d Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 09:07:44 +0100 -Subject: [PATCH] 24 - --- nss/cmd/fipstest/fipstest.c | 112 ++++++++++++++++++++++++++++++++---- 1 file changed, 101 insertions(+), 11 deletions(-) -diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c -index 17aafae..1a1465b 100644 ---- a/nss/cmd/fipstest/fipstest.c -+++ b/nss/cmd/fipstest/fipstest.c -@@ -5576,7 +5576,7 @@ loser: +diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c ++++ b/cmd/fipstest/fipstest.c +@@ -5576,7 +5576,7 @@ void dsa_pqggen_test(char *reqfn) { @@ -20,7 +22,7 @@ * or to the output RESPONSE file. * 800 to hold seed = (384 public key (x2 for HEX) */ -@@ -5592,6 +5592,13 @@ dsa_pqggen_test(char *reqfn) +@@ -5592,6 +5592,13 @@ PQGVerify *vfy = NULL; unsigned int keySizeIndex = 0; dsa_pqg_type type = FIPS186_1; @@ -34,7 +36,7 @@ dsareq = fopen(reqfn, "r"); dsaresp = stdout; -@@ -5612,8 +5619,8 @@ dsa_pqggen_test(char *reqfn) +@@ -5612,8 +5619,8 @@ output_g = 1; exit(1); } else if (strncmp(&buf[1], "A.2.3", 5) == 0) { @@ -45,7 +47,7 @@ } else if (strncmp(&buf[1], "A.1.2.1", 7) == 0) { type = A_1_2_1; output_g = 0; -@@ -5627,14 +5634,17 @@ dsa_pqggen_test(char *reqfn) +@@ -5627,14 +5634,17 @@ /* [Mod = ... ] */ if (buf[0] == '[') { @@ -57,14 +59,15 @@ goto loser; } - } else if (sscanf(buf, "[mod = L=%d, N=%d", &L, &N) != 2) { +- goto loser; + } else if (sscanf(buf, "[mod = L=%d, N=%d, SHA-%d", &L, &N, &hashbits) != 3) { - goto loser; ++ goto loser; + } else { + hashtype = sha_get_hashType (hashbits); } fputs(buf, dsaresp); -@@ -5656,7 +5666,7 @@ dsa_pqggen_test(char *reqfn) +@@ -5656,7 +5666,7 @@ continue; } /* N = ... */ @@ -73,7 +76,7 @@ if (strncmp(buf, "Num", 3) == 0) { if (sscanf(buf, "Num = %d", &count) != 1) { goto loser; -@@ -5671,7 +5681,10 @@ dsa_pqggen_test(char *reqfn) +@@ -5671,7 +5681,10 @@ rv = PQG_ParamGenSeedLen(keySizeIndex, PQG_TEST_SEED_BYTES, &pqg, &vfy); } else { @@ -85,7 +88,7 @@ } if (rv != SECSuccess) { fprintf(dsaresp, -@@ -5682,6 +5695,10 @@ dsa_pqggen_test(char *reqfn) +@@ -5682,6 +5695,10 @@ fprintf(dsaresp, "P = %s\n", buf); to_hex_str(buf, pqg->subPrime.data, pqg->subPrime.len); fprintf(dsaresp, "Q = %s\n", buf); @@ -96,7 +99,7 @@ if (output_g) { to_hex_str(buf, pqg->base.data, pqg->base.len); fprintf(dsaresp, "G = %s\n", buf); -@@ -5697,13 +5714,13 @@ dsa_pqggen_test(char *reqfn) +@@ -5697,13 +5714,13 @@ } fprintf(dsaresp, "%s\n", buf); } else { @@ -115,10 +118,11 @@ fprintf(dsaresp, "qseed = %s\n", buf); fprintf(dsaresp, "pgen_counter = %d\n", pgen_counter); fprintf(dsaresp, "qgen_counter = %d\n", qgen_counter); -@@ -5723,12 +5740,85 @@ dsa_pqggen_test(char *reqfn) +@@ -5723,12 +5740,85 @@ vfy = NULL; } } +- + continue; + } + @@ -176,7 +180,7 @@ + + to_hex_str(buf, pqg->base.data, pqg->base.len); + fprintf(dsaresp, "G = %s\n\n", buf); - ++ + PQG_DestroyParams(pqg); + pqg = NULL; + PQG_DestroyVerify(vfy); @@ -201,6 +205,3 @@ if (pqg != NULL) { PQG_DestroyParams(pqg); } --- -2.21.0 - ++++++ nss-fips-cavs-general.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.548048554 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.552048577 +0200 @@ -1,7 +1,14 @@ -diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c -index 9bdd21c..17aafae 100644 ---- a/nss/cmd/fipstest/fipstest.c -+++ b/nss/cmd/fipstest/fipstest.c +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1590413427 -7200 +# Mon May 25 15:30:27 2020 +0200 +# Node ID 969310ea4c573aac64bf08846b8938b8fa783870 +# Parent 60c5e5d73ce1177fa66d8fd6cf49d9b371ca9be4 +imported patch nss-fips-cavs-general.patch + +diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c ++++ b/cmd/fipstest/fipstest.c @@ -5,6 +5,7 @@ #include <stdio.h> #include <stdlib.h> @@ -20,7 +27,7 @@ #define __PASTE(x, y) x##y #undef CK_PKCS11_FUNCTION_INFO #undef CK_NEED_ARG_LIST -@@ -55,6 +59,10 @@ EC_CopyParams(PLArenaPool *arena, ECParams *dstParams, +@@ -55,6 +59,10 @@ #define RSA_MAX_TEST_EXPONENT_BYTES 8 #define PQG_TEST_SEED_BYTES 20 @@ -31,7 +38,7 @@ SECStatus hex_to_byteval(const char *c2, unsigned char *byteval) { -@@ -168,6 +176,62 @@ from_hex_str(unsigned char *buf, unsigned int len, const char *str) +@@ -168,6 +176,62 @@ return PR_TRUE; } @@ -94,7 +101,7 @@ SECStatus tdea_encrypt_buf( int mode, -@@ -8409,41 +8473,6 @@ out: +@@ -8930,41 +8994,6 @@ } } @@ -136,7 +143,7 @@ void kas_ffc_test(char *reqfn, int do_validity) { -@@ -8866,12 +8895,34 @@ out: +@@ -9387,12 +9416,34 @@ free_param_specs (pspecs); } @@ -171,10 +178,9 @@ RNG_RNGInit(); SECOID_Init(); -diff --git a/nss/lib/freebl/freebl.def b/nss/lib/freebl/freebl.def -index 164c843..a541124 100644 ---- a/nss/lib/freebl/freebl.def -+++ b/nss/lib/freebl/freebl.def +diff --git a/lib/freebl/freebl.def b/lib/freebl/freebl.def +--- a/lib/freebl/freebl.def ++++ b/lib/freebl/freebl.def @@ -21,6 +21,7 @@ LIBRARY freebl3 ;- EXPORTS ;- @@ -183,10 +189,9 @@ ;+ local: ;+ *; ;+}; -diff --git a/nss/lib/freebl/freebl_hash.def b/nss/lib/freebl/freebl_hash.def -index 9fd2736..d44fd48 100644 ---- a/nss/lib/freebl/freebl_hash.def -+++ b/nss/lib/freebl/freebl_hash.def +diff --git a/lib/freebl/freebl_hash.def b/lib/freebl/freebl_hash.def +--- a/lib/freebl/freebl_hash.def ++++ b/lib/freebl/freebl_hash.def @@ -21,6 +21,7 @@ LIBRARY freebl3 ;- EXPORTS ;- @@ -195,10 +200,9 @@ ;+ local: ;+ *; ;+}; -diff --git a/nss/lib/freebl/freebl_hash_vector.def b/nss/lib/freebl/freebl_hash_vector.def -index 9d7d07d..0e87a7b 100644 ---- a/nss/lib/freebl/freebl_hash_vector.def -+++ b/nss/lib/freebl/freebl_hash_vector.def +diff --git a/lib/freebl/freebl_hash_vector.def b/lib/freebl/freebl_hash_vector.def +--- a/lib/freebl/freebl_hash_vector.def ++++ b/lib/freebl/freebl_hash_vector.def @@ -21,6 +21,7 @@ LIBRARY freebl3 ;- EXPORTS ;- @@ -207,11 +211,10 @@ ;+ local: ;+ *; ;+}; -diff --git a/nss/lib/freebl/pqg.c b/nss/lib/freebl/pqg.c -index 626b2fb..9e1c6ce 100644 ---- a/nss/lib/freebl/pqg.c -+++ b/nss/lib/freebl/pqg.c -@@ -1231,7 +1231,8 @@ cleanup: +diff --git a/lib/freebl/pqg.c b/lib/freebl/pqg.c +--- a/lib/freebl/pqg.c ++++ b/lib/freebl/pqg.c +@@ -1231,7 +1231,8 @@ **/ static SECStatus pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, @@ -221,7 +224,7 @@ { unsigned int n; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int seedlen; /* Per FIPS 186-3 app A.1.1.2 (was 'g' 186-1)*/ -@@ -1239,7 +1240,6 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, +@@ -1239,7 +1240,6 @@ unsigned int offset; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ unsigned int outlen; /* Per FIPS 186-3, appendix A.1.1.2. */ unsigned int maxCount; @@ -229,7 +232,7 @@ SECItem *seed; /* Per FIPS 186, app 2.2. 186-3 app A.1.1.2 */ PLArenaPool *arena = NULL; PQGParams *params = NULL; -@@ -1290,7 +1290,8 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, +@@ -1290,7 +1290,8 @@ /* fill in P Q, */ SECITEM_TO_MPINT((*pParams)->prime, &P); SECITEM_TO_MPINT((*pParams)->subPrime, &Q); @@ -239,7 +242,7 @@ CHECK_SEC_OK(makeGfromIndex(hashtype, &P, &Q, &(*pVfy)->seed, (*pVfy)->h.data[0], &G)); MPINT_TO_SECITEM(&G, &(*pParams)->base, (*pParams)->arena); -@@ -1330,7 +1331,8 @@ pqg_ParamGen(unsigned int L, unsigned int N, pqgGenType type, +@@ -1330,7 +1331,8 @@ /* Select Hash and Compute lengths. */ /* getFirstHash gives us the smallest acceptable hash for this key * strength */ @@ -249,7 +252,7 @@ outlen = HASH_ResultLen(hashtype) * PR_BITS_PER_BYTE; /* Step 3: n = Ceil(L/outlen)-1; (same as n = Floor((L-1)/outlen)) */ -@@ -1532,6 +1534,10 @@ generate_G: +@@ -1532,6 +1534,10 @@ verify->counter = counter; *pParams = params; *pVfy = verify; @@ -260,7 +263,7 @@ cleanup: if (pseed.data) { PORT_Free(pseed.data); -@@ -1576,7 +1582,7 @@ PQG_ParamGen(unsigned int j, PQGParams **pParams, PQGVerify **pVfy) +@@ -1576,7 +1582,7 @@ L = 512 + (j * 64); /* bits in P */ seedBytes = L / 8; return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes, @@ -269,7 +272,7 @@ } SECStatus -@@ -1591,7 +1597,7 @@ PQG_ParamGenSeedLen(unsigned int j, unsigned int seedBytes, +@@ -1591,7 +1597,7 @@ } L = 512 + (j * 64); /* bits in P */ return pqg_ParamGen(L, DSA1_Q_BITS, FIPS186_1_TYPE, seedBytes, @@ -278,7 +281,7 @@ } SECStatus -@@ -1609,7 +1615,26 @@ PQG_ParamGenV2(unsigned int L, unsigned int N, unsigned int seedBytes, +@@ -1609,7 +1615,26 @@ /* error code already set */ return SECFailure; } ++++++ nss-fips-cavs-kas-ecc.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.564048646 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.564048646 +0200 @@ -1,18 +1,20 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574234615 -3600 +# Wed Nov 20 08:23:35 2019 +0100 +# Node ID f5cf5d16deb68e65b5dd4e799d9e8e3098400d62 +# Parent af7d3ee4e96cf685be0b95dff7aa5a1d3ab64a89 +[PATCH] 21 From 4c27df62aa425745620f45710465b0264acacbb0 Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 08:23:35 +0100 -Subject: [PATCH] 21 - --- nss/cmd/fipstest/fipstest.c | 304 ++++++++++++++++++++++++++++++++++++ nss/cmd/fipstest/kas.sh | 22 +++ 2 files changed, 326 insertions(+) -diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c -index eba22fa..9bdd21c 100644 ---- a/nss/cmd/fipstest/fipstest.c -+++ b/nss/cmd/fipstest/fipstest.c -@@ -8571,6 +8571,301 @@ out: +diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c ++++ b/cmd/fipstest/fipstest.c +@@ -9092,6 +9092,301 @@ } } @@ -314,7 +316,7 @@ int main(int argc, char **argv) { -@@ -8764,6 +9059,15 @@ main(int argc, char **argv) +@@ -9287,6 +9582,15 @@ } else { kas_ffc_test(argv[3], PR_FALSE); } @@ -330,11 +332,10 @@ } return 0; } -diff --git a/nss/cmd/fipstest/kas.sh b/nss/cmd/fipstest/kas.sh -index 148d7c9..dc1627d 100644 ---- a/nss/cmd/fipstest/kas.sh -+++ b/nss/cmd/fipstest/kas.sh -@@ -27,6 +27,16 @@ KASValidityTest_FFCEphem_NOKC_ZZOnly_init.req +diff --git a/cmd/fipstest/kas.sh b/cmd/fipstest/kas.sh +--- a/cmd/fipstest/kas.sh ++++ b/cmd/fipstest/kas.sh +@@ -27,6 +27,16 @@ KASValidityTest_FFCEphem_NOKC_ZZOnly_resp.req " @@ -351,7 +352,7 @@ if [ ${COMMAND} = "verify" ]; then for request in $kas_requests; do sh ./validate1.sh ${TESTDIR} $request -@@ -45,3 +55,15 @@ for request in $kas_requests_ffc_validity; do +@@ -45,3 +55,15 @@ echo $request $response fipstest kasffc validity ${REQDIR}/$request > ${RSPDIR}/$response done @@ -367,6 +368,3 @@ + echo $request $response + fipstest kasecc validity ${REQDIR}/$request > ${RSPDIR}/$response +done --- -2.21.0 - ++++++ nss-fips-cavs-kas-ffc.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.576048715 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.576048715 +0200 @@ -1,19 +1,21 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574234297 -3600 +# Wed Nov 20 08:18:17 2019 +0100 +# Node ID af7d3ee4e96cf685be0b95dff7aa5a1d3ab64a89 +# Parent 5d6e015d1af40b5f5b990d0cf4d97932774c2a61 +[PATCH] 20 From ac98082c3bc0c9f85213078b730980483062f25c Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 08:18:17 +0100 -Subject: [PATCH] 20 - --- nss/cmd/fipstest/fipstest.c | 194 ++++++++++++++++++++++++++++++++++++ nss/cmd/fipstest/kas.sh | 47 +++++++++ 2 files changed, 241 insertions(+) create mode 100644 nss/cmd/fipstest/kas.sh -diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c -index 6f495c9..eba22fa 100644 ---- a/nss/cmd/fipstest/fipstest.c -+++ b/nss/cmd/fipstest/fipstest.c -@@ -2258,6 +2258,29 @@ fips_hashBuf(HASH_HashType type, unsigned char *hashBuf, +diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c ++++ b/cmd/fipstest/fipstest.c +@@ -2258,6 +2258,29 @@ return rv; } @@ -43,7 +45,7 @@ int fips_hashLen(HASH_HashType type) { -@@ -8386,6 +8409,168 @@ out: +@@ -8907,6 +8930,168 @@ } } @@ -212,7 +214,7 @@ int main(int argc, char **argv) { -@@ -8570,6 +8755,15 @@ main(int argc, char **argv) +@@ -9093,6 +9278,15 @@ /* AES Keywrap */ /***************/ keywrap(argv[2]); @@ -228,11 +230,10 @@ } return 0; } -diff --git a/nss/cmd/fipstest/kas.sh b/nss/cmd/fipstest/kas.sh +diff --git a/cmd/fipstest/kas.sh b/cmd/fipstest/kas.sh new file mode 100644 -index 0000000..148d7c9 --- /dev/null -+++ b/nss/cmd/fipstest/kas.sh ++++ b/cmd/fipstest/kas.sh @@ -0,0 +1,47 @@ +#!/bin/sh +# @@ -281,6 +282,3 @@ + echo $request $response + fipstest kasffc validity ${REQDIR}/$request > ${RSPDIR}/$response +done --- -2.21.0 - ++++++ nss-fips-cavs-keywrap.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.588048784 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.588048784 +0200 @@ -1,20 +1,22 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574234023 -3600 +# Wed Nov 20 08:13:43 2019 +0100 +# Node ID 5d6e015d1af40b5f5b990d0cf4d97932774c2a61 +# Parent 2f570c6952d8edfc1ad9061cd3830f202eec1960 +[PATCH 1/2] 19 From f4cbaf95fcf2519029bb3c4407b2f15aa27c94c1 Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 08:13:43 +0100 -Subject: [PATCH 1/2] 19 - --- nss/cmd/fipstest/fipstest.c | 160 ++++++++++++++++++++++++++++++++++++ nss/cmd/fipstest/keywrap.sh | 40 +++++++++ 2 files changed, 200 insertions(+) create mode 100644 nss/cmd/fipstest/keywrap.sh -diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c -index 1a8008d..6f495c9 100644 ---- a/nss/cmd/fipstest/fipstest.c -+++ b/nss/cmd/fipstest/fipstest.c -@@ -8231,6 +8231,161 @@ loser: - fclose(ikereq); +diff -r 2f570c6952d8 -r 5d6e015d1af4 cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c Sun Mar 15 21:54:30 2020 +0100 ++++ b/cmd/fipstest/fipstest.c Wed Nov 20 08:13:43 2019 +0100 +@@ -8752,6 +8752,161 @@ + return; } +void @@ -175,10 +177,10 @@ int main(int argc, char **argv) { -@@ -8410,6 +8565,11 @@ main(int argc, char **argv) - ikev1_psk(argv[2]); - } else if (strcmp(argv[1], "ikev2") == 0) { +@@ -8933,6 +9088,11 @@ ikev2(argv[2]); + } else if (strcmp(argv[1], "kbkdf") == 0) { + kbkdf(argv[2]); + } else if (strcmp(argv[1], "keywrap") == 0) { + /***************/ + /* AES Keywrap */ @@ -187,11 +189,9 @@ } return 0; } -diff --git a/nss/cmd/fipstest/keywrap.sh b/nss/cmd/fipstest/keywrap.sh -new file mode 100644 -index 0000000..a04374a ---- /dev/null -+++ b/nss/cmd/fipstest/keywrap.sh +diff -r 2f570c6952d8 -r 5d6e015d1af4 cmd/fipstest/keywrap.sh +--- /dev/null Thu Jan 01 00:00:00 1970 +0000 ++++ b/cmd/fipstest/keywrap.sh Wed Nov 20 08:13:43 2019 +0100 @@ -0,0 +1,40 @@ +#!/bin/sh +# @@ -233,6 +233,3 @@ + echo $request $response + fipstest keywrap ${REQDIR}/$request > ${RSPDIR}/$response +done --- -2.21.0 - ++++++ nss-fips-cavs-rsa-fixes.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.596048829 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.600048853 +0200 @@ -1,17 +1,19 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574237297 -3600 +# Wed Nov 20 09:08:17 2019 +0100 +# Node ID 3f4d682c9a1e8b3d939c744ee249e23179db5191 +# Parent 0e904e6179d1db21965df2c405c80c3fc0258658 +[PATCH] 25 From 9b4636ad75add2ac09ce1844b3071785d563c275 Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 09:08:17 +0100 -Subject: [PATCH] 25 - --- nss/cmd/fipstest/fipstest.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) -diff --git a/nss/cmd/fipstest/fipstest.c b/nss/cmd/fipstest/fipstest.c -index 1a1465b..c14f532 100644 ---- a/nss/cmd/fipstest/fipstest.c -+++ b/nss/cmd/fipstest/fipstest.c -@@ -6536,7 +6536,7 @@ rsa_siggen_test(char *reqfn) +diff --git a/cmd/fipstest/fipstest.c b/cmd/fipstest/fipstest.c +--- a/cmd/fipstest/fipstest.c ++++ b/cmd/fipstest/fipstest.c +@@ -6536,7 +6536,7 @@ /* Output the signature */ fputs(buf, rsaresp); to_hex_str(buf, rsa_computed_signature, rsa_bytes_signed); @@ -20,7 +22,7 @@ /* Perform RSA verification with the RSA public key. */ rv = RSA_HashCheckSign(shaOid, -@@ -9015,6 +9015,7 @@ main(int argc, char **argv) +@@ -9536,6 +9536,7 @@ init_functions(); RNG_RNGInit(); SECOID_Init(); @@ -28,6 +30,3 @@ /*************/ /* TDEA */ --- -2.21.0 - ++++++ nss-fips-combined-hash-sign-dsa-ecdsa.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.608048899 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.612048922 +0200 @@ -1,14 +1,22 @@ -commit c0ae706da7ce51b9585b0a35430a0efae446a981 -Author: Hans Petter Jansson <[email protected]> -Date: Fri Apr 17 16:02:23 2020 +0200 +From 7f3606a84f6c62b002246ee73121279e59f83437 Mon Sep 17 00:00:00 2001 +From: Hans Petter Jansson <[email protected]> +Date: Thu, 28 May 2020 22:44:22 +0200 +Subject: [PATCH] CKM_(EC)DSA_SHAxxx mechs: Add some missing pieces. - Add CKM_(EC)DSA_SHAxxx mechs. +This includes pairwise consistency checks and entry points for +power-on self tests. +--- + cmd/lib/pk11table.c | 8 ++ + lib/pk11wrap/pk11mech.c | 8 ++ + lib/softoken/pkcs11c.c | 213 +++++++++++++++++++++++++++------------- + lib/softoken/softoken.h | 10 ++ + 4 files changed, 169 insertions(+), 70 deletions(-) -diff --git a/nss/cmd/lib/pk11table.c b/nss/cmd/lib/pk11table.c -index ec5d889..d7b60e2 100644 ---- a/nss/cmd/lib/pk11table.c -+++ b/nss/cmd/lib/pk11table.c -@@ -274,6 +274,10 @@ const Constant _consts[] = { +diff --git a/cmd/lib/pk11table.c b/cmd/lib/pk11table.c +index f7a45fa..d302436 100644 +--- a/cmd/lib/pk11table.c ++++ b/cmd/lib/pk11table.c +@@ -273,6 +273,10 @@ const Constant _consts[] = { mkEntry(CKM_DSA_KEY_PAIR_GEN, Mechanism), mkEntry(CKM_DSA, Mechanism), mkEntry(CKM_DSA_SHA1, Mechanism), @@ -19,7 +27,7 @@ mkEntry(CKM_DH_PKCS_KEY_PAIR_GEN, Mechanism), mkEntry(CKM_DH_PKCS_DERIVE, Mechanism), mkEntry(CKM_X9_42_DH_DERIVE, Mechanism), -@@ -439,6 +443,10 @@ const Constant _consts[] = { +@@ -438,6 +442,10 @@ const Constant _consts[] = { mkEntry(CKM_EC_KEY_PAIR_GEN, Mechanism), mkEntry(CKM_ECDSA, Mechanism), mkEntry(CKM_ECDSA_SHA1, Mechanism), @@ -30,34 +38,11 @@ mkEntry(CKM_ECDH1_DERIVE, Mechanism), mkEntry(CKM_ECDH1_COFACTOR_DERIVE, Mechanism), mkEntry(CKM_ECMQV_DERIVE, Mechanism), -diff --git a/nss/lib/pk11wrap/debug_module.c b/nss/lib/pk11wrap/debug_module.c -index 59b89c3..74ed3c7 100644 ---- a/nss/lib/pk11wrap/debug_module.c -+++ b/nss/lib/pk11wrap/debug_module.c -@@ -424,10 +424,18 @@ print_mechanism(CK_MECHANISM_PTR m) - CASE(CKM_DSA_KEY_PAIR_GEN); - CASE(CKM_DSA_PARAMETER_GEN); - CASE(CKM_DSA_SHA1); -+ CASE(CKM_DSA_SHA224); -+ CASE(CKM_DSA_SHA256); -+ CASE(CKM_DSA_SHA384); -+ CASE(CKM_DSA_SHA512); - CASE(CKM_ECDH1_COFACTOR_DERIVE); - CASE(CKM_ECDH1_DERIVE); - CASE(CKM_ECDSA); - CASE(CKM_ECDSA_SHA1); -+ CASE(CKM_ECDSA_SHA224); -+ CASE(CKM_ECDSA_SHA256); -+ CASE(CKM_ECDSA_SHA384); -+ CASE(CKM_ECDSA_SHA512); - CASE(CKM_ECMQV_DERIVE); - CASE(CKM_EC_KEY_PAIR_GEN); /* also CASE(CKM_ECDSA_KEY_PAIR_GEN); */ - CASE(CKM_EXTRACT_KEY_FROM_KEY); -diff --git a/nss/lib/pk11wrap/pk11mech.c b/nss/lib/pk11wrap/pk11mech.c -index cfbe45b..c7f5272 100644 ---- a/nss/lib/pk11wrap/pk11mech.c -+++ b/nss/lib/pk11wrap/pk11mech.c -@@ -366,6 +366,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) +diff --git a/lib/pk11wrap/pk11mech.c b/lib/pk11wrap/pk11mech.c +index d94d59a..ac280f0 100644 +--- a/lib/pk11wrap/pk11mech.c ++++ b/lib/pk11wrap/pk11mech.c +@@ -376,6 +376,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) return CKK_RSA; case CKM_DSA: case CKM_DSA_SHA1: @@ -68,7 +53,7 @@ case CKM_DSA_KEY_PAIR_GEN: return CKK_DSA; case CKM_DH_PKCS_DERIVE: -@@ -376,6 +380,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) +@@ -386,6 +390,10 @@ PK11_GetKeyType(CK_MECHANISM_TYPE type, unsigned long len) return CKK_KEA; case CKM_ECDSA: case CKM_ECDSA_SHA1: @@ -79,74 +64,11 @@ case CKM_EC_KEY_PAIR_GEN: /* aka CKM_ECDSA_KEY_PAIR_GEN */ case CKM_ECDH1_DERIVE: return CKK_EC; /* CKK_ECDSA is deprecated */ -diff --git a/nss/lib/softoken/pkcs11.c b/nss/lib/softoken/pkcs11.c -index 05e3ac1..79f1a50 100644 ---- a/nss/lib/softoken/pkcs11.c -+++ b/nss/lib/softoken/pkcs11.c -@@ -278,6 +278,10 @@ static const struct mechanismList mechanisms[] = { - { CKM_DSA, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, - { CKM_DSA_PARAMETER_GEN, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_GENERATE }, PR_TRUE }, - { CKM_DSA_SHA1, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, -+ { CKM_DSA_SHA224, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, -+ { CKM_DSA_SHA256, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, -+ { CKM_DSA_SHA384, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, -+ { CKM_DSA_SHA512, { DSA_MIN_P_BITS, DSA_MAX_P_BITS, CKF_SN_VR }, PR_TRUE }, - /* -------------------- Diffie Hellman Operations --------------------- */ - /* no diffie hellman yet */ - { CKM_DH_PKCS_KEY_PAIR_GEN, { DH_MIN_P_BITS, DH_MAX_P_BITS, CKF_GENERATE_KEY_PAIR }, PR_TRUE }, -@@ -287,6 +291,10 @@ static const struct mechanismList mechanisms[] = { - { CKM_ECDH1_DERIVE, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_DERIVE | CKF_EC_BPNU }, PR_TRUE }, - { CKM_ECDSA, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE }, - { CKM_ECDSA_SHA1, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE }, -+ { CKM_ECDSA_SHA224, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE }, -+ { CKM_ECDSA_SHA256, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE }, -+ { CKM_ECDSA_SHA384, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE }, -+ { CKM_ECDSA_SHA512, { EC_MIN_KEY_BITS, EC_MAX_KEY_BITS, CKF_SN_VR | CKF_EC_BPNU }, PR_TRUE }, - /* ------------------------- RC2 Operations --------------------------- */ - { CKM_RC2_KEY_GEN, { 1, 128, CKF_GENERATE }, PR_TRUE }, - { CKM_RC2_ECB, { 1, 128, CKF_EN_DE_WR_UN }, PR_TRUE }, -diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c -index d7307cd..d700041 100644 ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -2473,6 +2473,36 @@ sftk_RSAHashSign(SFTKHashSignInfo *info, unsigned char *sig, - hash, hashLen); - } - -+static SECStatus -+sftk_DSAHashSign(SFTKHashSignInfo *info, unsigned char *sig, -+ unsigned int *sigLen, unsigned int maxLen, -+ const unsigned char *hash, unsigned int hashLen) -+{ -+ PORT_Assert(info->key->keyType == NSSLOWKEYDSAKey); -+ if (info->key->keyType != NSSLOWKEYDSAKey) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return SECFailure; -+ } -+ -+ return DSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen, -+ hash, hashLen); -+} -+ -+static SECStatus -+sftk_ECDSAHashSign(SFTKHashSignInfo *info, unsigned char *sig, -+ unsigned int *sigLen, unsigned int maxLen, -+ const unsigned char *hash, unsigned int hashLen) -+{ -+ PORT_Assert(info->key->keyType == NSSLOWKEYECKey); -+ if (info->key->keyType != NSSLOWKEYECKey) { -+ PORT_SetError(SEC_ERROR_INVALID_KEY); -+ return SECFailure; -+ } -+ -+ return ECDSA_HashSign(info->hashOid, info->key, sig, sigLen, maxLen, -+ hash, hashLen); -+} -+ - /* XXX Old template; want to expunge it eventually. */ - static DERTemplate SECAlgorithmIDTemplate[] = { - { DER_SEQUENCE, -@@ -2635,7 +2665,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +index 08f94bc..ec6b205 100644 +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -2606,7 +2606,7 @@ nsc_DSA_Verify_Stub(void *ctx, void *sigBuf, unsigned int sigLen, static SECStatus nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, @@ -155,7 +77,7 @@ { SECItem signature, digest; SECStatus rv; -@@ -2653,6 +2683,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, +@@ -2624,6 +2624,22 @@ nsc_DSA_Sign_Stub(void *ctx, void *sigBuf, return rv; } @@ -178,7 +100,7 @@ static SECStatus nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, void *dataBuf, unsigned int dataLen) -@@ -2670,7 +2716,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, +@@ -2641,7 +2657,7 @@ nsc_ECDSAVerifyStub(void *ctx, void *sigBuf, unsigned int sigLen, static SECStatus nsc_ECDSASignStub(void *ctx, void *sigBuf, unsigned int *sigLen, unsigned int maxSigLen, @@ -187,7 +109,7 @@ { SECItem signature, digest; SECStatus rv; -@@ -2688,6 +2734,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, +@@ -2659,6 +2675,22 @@ nsc_ECDSASignStub(void *ctx, void *sigBuf, return rv; } @@ -210,135 +132,7 @@ /* NSC_SignInit setups up the signing operations. There are three basic * types of signing: * (1) the tradition single part, where "Raw RSA" or "Raw DSA" is applied -@@ -2757,6 +2819,36 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, - info->hashOid = SEC_OID_##mmm; \ - goto finish_rsa; - -+#define INIT_DSA_SIGN_MECH(mmm) \ -+ case CKM_DSA_##mmm: \ -+ context->multi = PR_TRUE; \ -+ crv = sftk_doSub##mmm(context); \ -+ if (crv != CKR_OK) \ -+ break; \ -+ context->update = (SFTKCipher)sftk_DSAHashSign; \ -+ info = PORT_New(SFTKHashSignInfo); \ -+ if (info == NULL) { \ -+ crv = CKR_HOST_MEMORY; \ -+ break; \ -+ } \ -+ info->hashOid = SEC_OID_##mmm; \ -+ goto finish_dsa; -+ -+#define INIT_ECDSA_SIGN_MECH(mmm) \ -+ case CKM_ECDSA_##mmm: \ -+ context->multi = PR_TRUE; \ -+ crv = sftk_doSub##mmm(context); \ -+ if (crv != CKR_OK) \ -+ break; \ -+ context->update = (SFTKCipher)sftk_ECDSAHashSign; \ -+ info = PORT_New(SFTKHashSignInfo); \ -+ if (info == NULL) { \ -+ crv = CKR_HOST_MEMORY; \ -+ break; \ -+ } \ -+ info->hashOid = SEC_OID_##mmm; \ -+ goto finish_ecdsa; -+ - switch (pMechanism->mechanism) { - INIT_RSA_SIGN_MECH(MD5) - INIT_RSA_SIGN_MECH(MD2) -@@ -2824,13 +2916,15 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, - context->maxLen = nsslowkey_PrivateModulusLen(info->key); - break; - -- case CKM_DSA_SHA1: -- context->multi = PR_TRUE; -- crv = sftk_doSubSHA1(context); -- if (crv != CKR_OK) -- break; -- /* fall through */ -+ INIT_DSA_SIGN_MECH(SHA1) -+ INIT_DSA_SIGN_MECH(SHA224) -+ INIT_DSA_SIGN_MECH(SHA256) -+ INIT_DSA_SIGN_MECH(SHA384) -+ INIT_DSA_SIGN_MECH(SHA512) -+ - case CKM_DSA: -+ context->update = (SFTKCipher)nsc_DSA_Sign_Stub; -+ finish_dsa: - if (key_type != CKK_DSA) { - crv = CKR_KEY_TYPE_INCONSISTENT; - break; -@@ -2839,20 +2933,32 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, - if (privKey == NULL) { - break; - } -- context->cipherInfo = privKey; -- context->update = (SFTKCipher)nsc_DSA_Sign_Stub; -- context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey; -- context->maxLen = DSA_MAX_SIGNATURE_LEN; - -+ /* OK, info is allocated only if we're doing hash and sign mechanism. -+ * It's necessary to be able to set the correct OID in the final -+ * signature. -+ */ -+ if (info) { -+ info->key = privKey; -+ context->cipherInfo = info; -+ context->destroy = (SFTKDestroy)sftk_Space; -+ } else { -+ context->cipherInfo = privKey; -+ context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey; -+ } -+ -+ context->maxLen = DSA_MAX_SIGNATURE_LEN; - break; - -- case CKM_ECDSA_SHA1: -- context->multi = PR_TRUE; -- crv = sftk_doSubSHA1(context); -- if (crv != CKR_OK) -- break; -- /* fall through */ -+ INIT_ECDSA_SIGN_MECH(SHA1) -+ INIT_ECDSA_SIGN_MECH(SHA224) -+ INIT_ECDSA_SIGN_MECH(SHA256) -+ INIT_ECDSA_SIGN_MECH(SHA384) -+ INIT_ECDSA_SIGN_MECH(SHA512) -+ - case CKM_ECDSA: -+ context->update = (SFTKCipher)nsc_ECDSASignStub; -+ finish_ecdsa: - if (key_type != CKK_EC) { - crv = CKR_KEY_TYPE_INCONSISTENT; - break; -@@ -2862,11 +2968,21 @@ NSC_SignInit(CK_SESSION_HANDLE hSession, - crv = CKR_HOST_MEMORY; - break; - } -- context->cipherInfo = privKey; -- context->update = (SFTKCipher)nsc_ECDSASignStub; -- context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey; -- context->maxLen = MAX_ECKEY_LEN * 2; - -+ /* OK, info is allocated only if we're doing hash and sign mechanism. -+ * It's necessary to be able to set the correct OID in the final -+ * signature. -+ */ -+ if (info) { -+ info->key = privKey; -+ context->cipherInfo = info; -+ context->destroy = (SFTKDestroy)sftk_Space; -+ } else { -+ context->cipherInfo = privKey; -+ context->destroy = (privKey == key->objectInfo) ? (SFTKDestroy)sftk_Null : (SFTKDestroy)sftk_FreePrivKey; -+ } -+ -+ context->maxLen = MAX_ECKEY_LEN * 2; - break; - - #define INIT_HMAC_MECH(mmm) \ -@@ -3469,6 +3585,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, +@@ -3511,6 +3543,22 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, info->hashOid = SEC_OID_##mmm; \ goto finish_rsa; @@ -361,7 +155,7 @@ switch (pMechanism->mechanism) { INIT_RSA_VFY_MECH(MD5) INIT_RSA_VFY_MECH(MD2) -@@ -3533,13 +3665,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, +@@ -3575,13 +3623,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, context->destroy = (SFTKDestroy)sftk_Space; context->verify = (SFTKVerify)sftk_RSACheckSignPSS; break; @@ -383,7 +177,7 @@ if (key_type != CKK_DSA) { crv = CKR_KEY_TYPE_INCONSISTENT; break; -@@ -3552,13 +3686,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, +@@ -3594,13 +3644,15 @@ NSC_VerifyInit(CK_SESSION_HANDLE hSession, context->verify = (SFTKVerify)nsc_DSA_Verify_Stub; context->destroy = sftk_Null; break; @@ -405,7 +199,7 @@ if (key_type != CKK_EC) { crv = CKR_KEY_TYPE_INCONSISTENT; break; -@@ -4673,6 +4809,73 @@ loser: +@@ -4733,6 +4785,73 @@ loser: #define PAIRWISE_DIGEST_LENGTH SHA224_LENGTH /* 224-bits */ #define PAIRWISE_MESSAGE_LENGTH 20 /* 160-bits */ @@ -479,7 +273,7 @@ /* * FIPS 140-2 pairwise consistency check utilized to validate key pair. * -@@ -4720,8 +4923,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, +@@ -4780,8 +4899,6 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, /* Variables used for Signature/Verification functions. */ /* Must be at least 256 bits for DSA2 digest */ @@ -488,7 +282,7 @@ CK_ULONG signature_length; if (keyType == CKK_RSA) { -@@ -4875,76 +5076,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, +@@ -4935,76 +5052,32 @@ sftk_PairwiseConsistencyCheck(CK_SESSION_HANDLE hSession, } } @@ -575,10 +369,10 @@ if (crv != CKR_OK) { return crv; } -diff --git a/nss/lib/softoken/softoken.h b/nss/lib/softoken/softoken.h -index 4626e78..1a22b07 100644 ---- a/nss/lib/softoken/softoken.h -+++ b/nss/lib/softoken/softoken.h +diff --git a/lib/softoken/softoken.h b/lib/softoken/softoken.h +index 30586fc..d5aaffa 100644 +--- a/lib/softoken/softoken.h ++++ b/lib/softoken/softoken.h @@ -35,6 +35,16 @@ RSA_HashCheckSign(SECOidTag hashOid, NSSLOWKEYPublicKey *key, const unsigned char *sig, unsigned int sigLen, const unsigned char *hash, unsigned int hashLen); @@ -596,29 +390,6 @@ /* ** Prepare a buffer for padded CBC encryption, growing to the appropriate ** boundary, filling with the appropriate padding. -diff --git a/nss/lib/util/pkcs11t.h b/nss/lib/util/pkcs11t.h -index 6ee6609..e42fcba 100644 ---- a/nss/lib/util/pkcs11t.h -+++ b/nss/lib/util/pkcs11t.h -@@ -593,6 +593,10 @@ typedef CK_ULONG CK_MECHANISM_TYPE; - #define CKM_DSA_KEY_PAIR_GEN 0x00000010 - #define CKM_DSA 0x00000011 - #define CKM_DSA_SHA1 0x00000012 -+#define CKM_DSA_SHA224 0x00000013 -+#define CKM_DSA_SHA256 0x00000014 -+#define CKM_DSA_SHA384 0x00000015 -+#define CKM_DSA_SHA512 0x00000016 - #define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 - #define CKM_DH_PKCS_DERIVE 0x00000021 - -@@ -851,6 +855,10 @@ typedef CK_ULONG CK_MECHANISM_TYPE; - - #define CKM_ECDSA 0x00001041 - #define CKM_ECDSA_SHA1 0x00001042 -+#define CKM_ECDSA_SHA224 0x00001043 -+#define CKM_ECDSA_SHA256 0x00001044 -+#define CKM_ECDSA_SHA384 0x00001045 -+#define CKM_ECDSA_SHA512 0x00001046 - - /* CKM_ECDH1_DERIVE, CKM_ECDH1_COFACTOR_DERIVE, and CKM_ECMQV_DERIVE - * are new for v2.11 */ +-- +2.26.2 + ++++++ nss-fips-constructor-self-tests.patch ++++++ ++++ 604 lines (skipped) ++++ between /work/SRC/openSUSE:Leap:15.2/mozilla-nss/nss-fips-constructor-self-tests.patch ++++ and /work/SRC/openSUSE:Leap:15.2/.mozilla-nss.new.3606/nss-fips-constructor-self-tests.patch ++++++ nss-fips-detect-fips-mode-fixes.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.632049037 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.632049037 +0200 @@ -1,13 +1,16 @@ +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1584305671 -3600 +# Sun Mar 15 21:54:31 2020 +0100 +# Node ID 715834d4a258c535f3abbf116d69d5e77392593b +# Parent 4ddd7d49eeed4ea32850daf41a472ccb50dee45e commit facacdb9078693d7a4219e84f73ea7b8f977ddc2 Author: Hans Petter Jansson <[email protected]> -Date: Sun Mar 15 21:54:31 2020 +0100 - Patch 32: nss-fips-detect-fips-mode-fixes.patch -diff --git a/nss/lib/freebl/nsslowhash.c b/nss/lib/freebl/nsslowhash.c -index 69a2c1a..026f4ca 100644 ---- a/nss/lib/freebl/nsslowhash.c -+++ b/nss/lib/freebl/nsslowhash.c +diff --git a/lib/freebl/nsslowhash.c b/lib/freebl/nsslowhash.c +--- a/lib/freebl/nsslowhash.c ++++ b/lib/freebl/nsslowhash.c @@ -2,10 +2,15 @@ * License, v. 2.0. If a copy of the MPL was not distributed with this * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ @@ -24,7 +27,7 @@ #include "secerr.h" #include "blapi.h" #include "hasht.h" -@@ -24,6 +29,23 @@ struct NSSLOWHASHContextStr { +@@ -24,6 +29,23 @@ }; #ifndef NSS_FIPS_DISABLED @@ -48,7 +51,7 @@ static int nsslow_GetFIPSEnabled(void) { -@@ -45,6 +67,7 @@ nsslow_GetFIPSEnabled(void) +@@ -45,6 +67,7 @@ #endif /* LINUX */ return 1; } @@ -56,7 +59,7 @@ #endif /* NSS_FIPS_DISABLED */ static NSSLOWInitContext dummyContext = { 0 }; -@@ -60,7 +83,7 @@ NSSLOW_Init(void) +@@ -60,7 +83,7 @@ #ifndef NSS_FIPS_DISABLED /* make sure the FIPS product is installed if we are trying to * go into FIPS mode */ @@ -65,11 +68,10 @@ if (BL_FIPSEntryOK(PR_TRUE) != SECSuccess) { PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); post_failed = PR_TRUE; -diff --git a/nss/lib/sysinit/nsssysinit.c b/nss/lib/sysinit/nsssysinit.c -index bd0fac2..acfcd19 100644 ---- a/nss/lib/sysinit/nsssysinit.c -+++ b/nss/lib/sysinit/nsssysinit.c -@@ -175,16 +175,16 @@ getFIPSMode(void) +diff --git a/lib/sysinit/nsssysinit.c b/lib/sysinit/nsssysinit.c +--- a/lib/sysinit/nsssysinit.c ++++ b/lib/sysinit/nsssysinit.c +@@ -178,16 +178,16 @@ f = fopen("/proc/sys/crypto/fips_enabled", "r"); if (!f) { /* if we don't have a proc flag, fall back to the @@ -87,5 +89,5 @@ - return PR_FALSE; + return getFIPSEnv(); return PR_TRUE; - } - + #else + return PR_FALSE; ++++++ nss-fips-dsa-kat.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.644049105 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.644049105 +0200 @@ -1,18 +1,20 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1505605677 -7200 +# Sun Sep 17 01:47:57 2017 +0200 +# Node ID 4ae6bed68a83c01f6d2ce7a37bdb0bdb0556416f +# Parent 5e191a391c38967e49a1d005800713ccd1010b09 +[PATCH 2/6] Make DSA KAT FIPS compliant (1024 -> 2048 bit key). From b88701933a284ba8640df66b954c04d36ee592c9 Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Sun, 17 Sep 2017 01:47:57 +0200 -Subject: [PATCH 2/6] Make DSA KAT FIPS compliant (1024 -> 2048 bit key). - --- nss/lib/freebl/dsa.c | 2 +- nss/lib/freebl/fipsfreebl.c | 143 +++++++++++++++++++++++++++----------------- 2 files changed, 90 insertions(+), 55 deletions(-) -diff --git a/nss/lib/freebl/dsa.c b/nss/lib/freebl/dsa.c -index 9324d30..26daadf 100644 ---- a/nss/lib/freebl/dsa.c -+++ b/nss/lib/freebl/dsa.c -@@ -493,7 +493,7 @@ DSA_SignDigest(DSAPrivateKey *key, SECItem *signature, const SECItem *digest) +diff --git a/lib/freebl/dsa.c b/lib/freebl/dsa.c +--- a/lib/freebl/dsa.c ++++ b/lib/freebl/dsa.c +@@ -533,7 +533,7 @@ return rv; } @@ -21,11 +23,10 @@ SECStatus DSA_SignDigestWithSeed(DSAPrivateKey *key, SECItem *signature, -diff --git a/nss/lib/freebl/fipsfreebl.c b/nss/lib/freebl/fipsfreebl.c -index b3ae686..804589d 100644 ---- a/nss/lib/freebl/fipsfreebl.c -+++ b/nss/lib/freebl/fipsfreebl.c -@@ -123,11 +123,11 @@ BOOL WINAPI DllMain( +diff --git a/lib/freebl/fipsfreebl.c b/lib/freebl/fipsfreebl.c +--- a/lib/freebl/fipsfreebl.c ++++ b/lib/freebl/fipsfreebl.c +@@ -124,11 +124,11 @@ /* FIPS preprocessor directives for DSA. */ #define FIPS_DSA_TYPE siBuffer @@ -42,7 +43,7 @@ /* FIPS preprocessor directives for RNG. */ #define FIPS_RNG_XKEY_LENGTH 32 /* 256-bits */ -@@ -1280,70 +1280,105 @@ freebl_fips_ECDSA_PowerUpSelfTest() +@@ -1445,70 +1445,105 @@ static SECStatus freebl_fips_DSA_PowerUpSelfTest(void) { @@ -196,7 +197,7 @@ }; /* DSA variables. */ -@@ -1385,7 +1420,7 @@ freebl_fips_DSA_PowerUpSelfTest(void) +@@ -1550,7 +1585,7 @@ dsa_signature_item.len = sizeof dsa_computed_signature; dsa_digest_item.data = (unsigned char *)dsa_known_digest; @@ -205,6 +206,3 @@ /* Perform DSA signature process. */ dsa_status = DSA_SignDigestWithSeed(dsa_private_key, --- -2.12.0 - ++++++ nss-fips-gcm-ctr.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.652049151 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.652049151 +0200 @@ -1,22 +1,23 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574234739 -3600 +# Wed Nov 20 08:25:39 2019 +0100 +# Node ID 5396ffb26887cc0cd42b9f12cc6c8e3dfdaf194b +# Parent f5cf5d16deb68e65b5dd4e799d9e8e3098400d62 +[PATCH] 22 From 41dd171b242b0cb550d12760da110db7e2c21daf Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 08:25:39 +0100 -Subject: [PATCH] 22 - --- nss/lib/freebl/gcm.c | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) -diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c -index f1e16da..0f42525 100644 ---- a/nss/lib/freebl/gcm.c -+++ b/nss/lib/freebl/gcm.c -@@ -500,9 +500,15 @@ struct GCMContextStr { - gcmHashContext *ghash_context; - CTRContext ctr_context; - unsigned long tagBits; -+ unsigned long long gcm_iv_bytes; +diff -r f5cf5d16deb6 -r 5396ffb26887 lib/freebl/gcm.c +--- a/lib/freebl/gcm.c Wed Nov 20 08:23:35 2019 +0100 ++++ b/lib/freebl/gcm.c Wed Nov 20 08:25:39 2019 +0100 +@@ -532,8 +532,14 @@ unsigned char tagKey[MAX_BLOCK_SIZE]; + PRBool ctr_context_init; + gcmIVContext gcm_iv; ++ unsigned long long gcm_iv_bytes; }; +/* NIST SP-800-38D limits the use of GCM with a single IV to 2^39 - 256 @@ -24,19 +25,19 @@ + */ +#define MAX_GCM_BYTES_PER_IV ((1ULL << 36) - 32) + - GCMContext * - GCM_CreateContext(void *context, freeblCipherFunc cipher, - const unsigned char *params) -@@ -576,6 +582,8 @@ GCM_CreateContext(void *context, freeblCipherFunc cipher, + SECStatus gcm_InitCounter(GCMContext *gcm, const unsigned char *iv, + unsigned int ivLen, unsigned int tagBits, + const unsigned char *aad, unsigned int aadLen); +@@ -669,6 +675,8 @@ goto loser; } + gcm->gcm_iv_bytes = MAX_GCM_BYTES_PER_IV; + /* finally mix in the AAD data */ - rv = gcmHash_Reset(ghash, gcmParams->pAAD, gcmParams->ulAADLen); + rv = gcmHash_Reset(ghash, aad, aadLen); if (rv != SECSuccess) { -@@ -672,6 +680,13 @@ GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf, +@@ -766,6 +774,13 @@ return SECFailure; } @@ -50,7 +51,7 @@ tagBytes = (gcm->tagBits + (PR_BITS_PER_BYTE - 1)) / PR_BITS_PER_BYTE; if (UINT_MAX - inlen < tagBytes) { PORT_SetError(SEC_ERROR_INPUT_LEN); -@@ -700,6 +715,7 @@ GCM_EncryptUpdate(GCMContext *gcm, unsigned char *outbuf, +@@ -794,6 +809,7 @@ *outlen = 0; return SECFailure; }; @@ -58,6 +59,3 @@ *outlen += len; return SECSuccess; } --- -2.21.0 - ++++++ nss-fips-pairwise-consistency-check.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.664049220 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.664049220 +0200 @@ -1,17 +1,19 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574138371 -3600 +# Tue Nov 19 05:39:31 2019 +0100 +# Node ID 557f9009507c9e70941dbe39965028049e1ef5a2 +# Parent 4ae6bed68a83c01f6d2ce7a37bdb0bdb0556416f +[PATCH 07/22] 15 From 2a162c34b7aad7399f33069cd9930fd92714861c Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Tue, 19 Nov 2019 05:39:31 +0100 -Subject: [PATCH 07/22] 15 - --- nss/lib/softoken/pkcs11c.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) -diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c -index d9b7e9c..6afb0ee 100644 ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -4496,8 +4496,8 @@ NSC_GenerateKey(CK_SESSION_HANDLE hSession, +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -4730,8 +4730,8 @@ return crv; } @@ -22,7 +24,7 @@ /* * FIPS 140-2 pairwise consistency check utilized to validate key pair. -@@ -5357,6 +5357,7 @@ NSC_GenerateKeyPair(CK_SESSION_HANDLE hSession, +@@ -5591,6 +5591,7 @@ (PRUint32)crv); sftk_LogAuditMessage(NSS_AUDIT_ERROR, NSS_AUDIT_SELF_TEST, msg); } @@ -30,6 +32,3 @@ } } --- -2.21.0 - ++++++ nss-fips-rsa-keygen-strictness.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.676049289 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.676049289 +0200 @@ -1,13 +1,16 @@ +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1584305670 -3600 +# Sun Mar 15 21:54:30 2020 +0100 +# Node ID 2f570c6952d8edfc1ad9061cd3830f202eec1960 +# Parent 557f9009507c9e70941dbe39965028049e1ef5a2 commit 4b8c0eac6b092717157b4141c82b4d76ccdc91b3 Author: Hans Petter Jansson <[email protected]> -Date: Sun Mar 15 21:54:30 2020 +0100 - Patch 16: nss-fips-rsa-keygen-strictness.patch -diff --git a/nss/lib/freebl/mpi/mpprime.c b/nss/lib/freebl/mpi/mpprime.c -index 9d6232c..ccb0b53 100644 ---- a/nss/lib/freebl/mpi/mpprime.c -+++ b/nss/lib/freebl/mpi/mpprime.c +diff --git a/lib/freebl/mpi/mpprime.c b/lib/freebl/mpi/mpprime.c +--- a/lib/freebl/mpi/mpprime.c ++++ b/lib/freebl/mpi/mpprime.c @@ -14,6 +14,8 @@ #include <stdlib.h> #include <string.h> @@ -17,7 +20,7 @@ #define SMALL_TABLE 0 /* determines size of hard-wired prime table */ #define RANDOM() rand() -@@ -451,6 +453,25 @@ mpp_make_prime(mp_int *start, mp_size nBits, mp_size strong) +@@ -451,6 +453,25 @@ } else num_tests = 50; @@ -43,10 +46,9 @@ if (strong) --nBits; MP_CHECKOK(mpl_set_bit(start, nBits - 1, 1)); -diff --git a/nss/lib/freebl/rsa.c b/nss/lib/freebl/rsa.c -index a08636d..b74641a 100644 ---- a/nss/lib/freebl/rsa.c -+++ b/nss/lib/freebl/rsa.c +diff --git a/lib/freebl/rsa.c b/lib/freebl/rsa.c +--- a/lib/freebl/rsa.c ++++ b/lib/freebl/rsa.c @@ -16,11 +16,13 @@ #include "prinit.h" #include "blapi.h" @@ -61,7 +63,7 @@ /* ** Number of times to attempt to generate a prime (p or q) from a random -@@ -143,11 +145,24 @@ rsa_build_from_primes(const mp_int *p, const mp_int *q, +@@ -143,11 +145,24 @@ err = mp_invmod(d, &phi, e); } else { err = mp_invmod(e, &phi, d); @@ -88,7 +90,7 @@ if (err != MP_OKAY) { if (err == MP_UNDEF) { PORT_SetError(SEC_ERROR_NEED_RANDOM); -@@ -280,10 +295,12 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) +@@ -280,10 +295,12 @@ mp_int q = { 0, 0, 0, NULL }; mp_int e = { 0, 0, 0, NULL }; mp_int d = { 0, 0, 0, NULL }; @@ -102,7 +104,7 @@ int prerr = 0; RSAPrivateKey *key = NULL; PLArenaPool *arena = NULL; -@@ -301,11 +318,40 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) +@@ -301,11 +318,40 @@ PORT_SetError(SEC_ERROR_INVALID_ARGS); goto cleanup; } @@ -147,7 +149,7 @@ } #endif -@@ -323,12 +369,7 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) +@@ -323,12 +369,7 @@ key->arena = arena; /* length of primes p and q (in bytes) */ primeLen = keySizeInBits / (2 * PR_BITS_PER_BYTE); @@ -161,7 +163,7 @@ /* 3. Set the version number (PKCS1 v1.5 says it should be zero) */ SECITEM_AllocItem(arena, &key->version, 1); key->version.data[0] = 0; -@@ -339,13 +380,64 @@ RSA_NewKey(int keySizeInBits, SECItem *publicExponent) +@@ -339,13 +380,64 @@ PORT_SetError(0); CHECK_SEC_OK(generate_prime(&p, primeLen)); CHECK_SEC_OK(generate_prime(&q, primeLen)); @@ -227,7 +229,7 @@ /* Attempt to use these primes to generate a key */ rv = rsa_build_from_primes(&p, &q, &e, PR_FALSE, /* needPublicExponent=false */ -@@ -368,7 +460,9 @@ cleanup: +@@ -368,7 +460,9 @@ mp_clear(&q); mp_clear(&e); mp_clear(&d); ++++++ nss-fips-tls-allow-md5-prf.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.684049335 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.688049357 +0200 @@ -1,8 +1,11 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574240734 -3600 +# Wed Nov 20 10:05:34 2019 +0100 +# Node ID 0efca22bbafd7575b20461f255c46157c9321822 +# Parent 3a2cb65dc157344cdad19e8e16e9c33e36f82d96 +[PATCH] 30 From ca3b695ac461eccf4ed97e1b3fe0a311c80a792f Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 10:05:34 +0100 -Subject: [PATCH] 30 - --- nss/lib/freebl/md5.c | 67 ++++++++++++++++++++++++++------------ nss/lib/freebl/rawhash.c | 37 +++++++++++++++++++++ @@ -10,11 +13,10 @@ nss/lib/softoken/pkcs11c.c | 4 +-- 4 files changed, 90 insertions(+), 23 deletions(-) -diff --git a/nss/lib/freebl/md5.c b/nss/lib/freebl/md5.c -index b3a796b..b2072cb 100644 ---- a/nss/lib/freebl/md5.c -+++ b/nss/lib/freebl/md5.c -@@ -217,13 +217,11 @@ MD5_HashBuf(unsigned char *dest, const unsigned char *src, PRUint32 src_length) +diff --git a/lib/freebl/md5.c b/lib/freebl/md5.c +--- a/lib/freebl/md5.c ++++ b/lib/freebl/md5.c +@@ -217,13 +217,11 @@ } MD5Context * @@ -29,7 +31,7 @@ cx = (MD5Context *)PORT_Alloc(sizeof(MD5Context)); if (cx == NULL) { PORT_SetError(PR_OUT_OF_MEMORY_ERROR); -@@ -232,6 +230,13 @@ MD5_NewContext(void) +@@ -232,6 +230,13 @@ return cx; } @@ -43,7 +45,7 @@ void MD5_DestroyContext(MD5Context *cx, PRBool freeit) { -@@ -243,10 +248,8 @@ MD5_DestroyContext(MD5Context *cx, PRBool freeit) +@@ -243,10 +248,8 @@ } void @@ -55,7 +57,7 @@ cx->lsbInput = 0; cx->msbInput = 0; /* memset(cx->inBuf, 0, sizeof(cx->inBuf)); */ -@@ -256,6 +259,13 @@ MD5_Begin(MD5Context *cx) +@@ -256,6 +259,13 @@ cx->cv[3] = CV0_4; } @@ -69,7 +71,7 @@ #define cls(i32, s) (tmp = i32, tmp << s | tmp >> (32 - s)) #if defined(SOLARIS) || defined(HPUX) -@@ -431,14 +441,12 @@ md5_compress(MD5Context *cx, const PRUint32 *wBuf) +@@ -431,14 +441,12 @@ } void @@ -85,7 +87,7 @@ /* Add the number of input bytes to the 64-bit input counter. */ addto64(cx->msbInput, cx->lsbInput, inputLen); if (inBufIndex) { -@@ -487,6 +495,13 @@ MD5_Update(MD5Context *cx, const unsigned char *input, unsigned int inputLen) +@@ -487,6 +495,13 @@ memcpy(cx->inBuf, input, inputLen); } @@ -99,7 +101,7 @@ static const unsigned char padbytes[] = { 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -@@ -503,8 +518,8 @@ static const unsigned char padbytes[] = { +@@ -503,8 +518,8 @@ }; void @@ -110,7 +112,7 @@ { #ifndef IS_LITTLE_ENDIAN PRUint32 tmp; -@@ -512,8 +527,6 @@ MD5_End(MD5Context *cx, unsigned char *digest, +@@ -512,8 +527,6 @@ PRUint32 lowInput, highInput; PRUint32 inBufIndex = cx->lsbInput & 63; @@ -119,7 +121,7 @@ if (maxDigestLen < MD5_HASH_LEN) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return; -@@ -525,10 +538,10 @@ MD5_End(MD5Context *cx, unsigned char *digest, +@@ -525,10 +538,10 @@ lowInput <<= 3; if (inBufIndex < MD5_END_BUFFER) { @@ -133,7 +135,7 @@ } /* Store the number of bytes input (before padding) in final 64 bits. */ -@@ -554,16 +567,22 @@ MD5_End(MD5Context *cx, unsigned char *digest, +@@ -554,16 +567,22 @@ } void @@ -160,7 +162,7 @@ if (maxDigestLen < MD5_HASH_LEN) { PORT_SetError(SEC_ERROR_INVALID_ARGS); return; -@@ -581,6 +600,14 @@ MD5_EndRaw(MD5Context *cx, unsigned char *digest, +@@ -581,6 +600,14 @@ *digestLen = MD5_HASH_LEN; } @@ -175,11 +177,10 @@ unsigned int MD5_FlattenSize(MD5Context *cx) { -diff --git a/nss/lib/freebl/rawhash.c b/nss/lib/freebl/rawhash.c -index d0e8ee8..5fff18c 100644 ---- a/nss/lib/freebl/rawhash.c -+++ b/nss/lib/freebl/rawhash.c -@@ -154,3 +154,40 @@ HASH_GetRawHashObject(HASH_HashType hashType) +diff --git a/lib/freebl/rawhash.c b/lib/freebl/rawhash.c +--- a/lib/freebl/rawhash.c ++++ b/lib/freebl/rawhash.c +@@ -154,3 +154,40 @@ } return &SECRawHashObjects[hashType]; } @@ -220,10 +221,9 @@ + + return &SECRawHashObjects[hashType]; +} -diff --git a/nss/lib/freebl/tlsprfalg.c b/nss/lib/freebl/tlsprfalg.c -index 1e5e678..d927754 100644 ---- a/nss/lib/freebl/tlsprfalg.c -+++ b/nss/lib/freebl/tlsprfalg.c +diff --git a/lib/freebl/tlsprfalg.c b/lib/freebl/tlsprfalg.c +--- a/lib/freebl/tlsprfalg.c ++++ b/lib/freebl/tlsprfalg.c @@ -12,6 +12,9 @@ #include "hasht.h" #include "alghmac.h" @@ -234,7 +234,7 @@ #define PHASH_STATE_MAX_LEN HASH_LENGTH_MAX /* TLS P_hash function */ -@@ -27,7 +30,7 @@ TLS_P_hash(HASH_HashType hashType, const SECItem *secret, const char *label, +@@ -27,7 +30,7 @@ SECStatus status; HMACContext *cx; SECStatus rv = SECFailure; @@ -243,11 +243,10 @@ PORT_Assert((secret != NULL) && (secret->data != NULL || !secret->len)); PORT_Assert((seed != NULL) && (seed->data != NULL)); -diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c -index 88402ce..c4d8f9d 100644 ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -6510,7 +6510,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -6953,7 +6953,7 @@ SFTKAttribute *att2 = NULL; unsigned char *buf; SHA1Context *sha; @@ -256,7 +255,7 @@ MD2Context *md2; CK_ULONG macSize; CK_ULONG tmpKeySize; -@@ -7012,7 +7012,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, +@@ -7484,7 +7484,7 @@ } sftk_FreeAttribute(att2); md5 = MD5_NewContext(); @@ -265,6 +264,3 @@ crv = CKR_HOST_MEMORY; break; } --- -2.21.0 - ++++++ nss-fips-use-getrandom.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.696049404 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.696049404 +0200 @@ -1,14 +1,17 @@ +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1574137588 -3600 +# Tue Nov 19 05:26:28 2019 +0100 +# Node ID 5e191a391c38967e49a1d005800713ccd1010b09 +# Parent 92da25f8ea7d41e938858872e2b6a2fb1aa53bb2 commit c2a88344b616c75b1873fb163491d7362a4c3e5b Author: Hans Petter Jansson <[email protected]> -Date: Tue Nov 19 05:26:28 2019 +0100 - 11 -diff --git a/nss/coreconf/Linux.mk b/nss/coreconf/Linux.mk -index f15ec95..ea53a58 100644 ---- a/nss/coreconf/Linux.mk -+++ b/nss/coreconf/Linux.mk -@@ -183,6 +183,18 @@ DSO_LDOPTS+=-Wl,-z,relro +diff --git a/coreconf/Linux.mk b/coreconf/Linux.mk +--- a/coreconf/Linux.mk ++++ b/coreconf/Linux.mk +@@ -184,6 +184,18 @@ LDFLAGS += -Wl,-z,relro endif @@ -27,10 +30,9 @@ USE_SYSTEM_ZLIB = 1 ZLIB_LIBS = -lz -diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c -index 24381cb..65a44b3 100644 ---- a/nss/lib/freebl/unix_rand.c -+++ b/nss/lib/freebl/unix_rand.c +diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c +--- a/lib/freebl/unix_rand.c ++++ b/lib/freebl/unix_rand.c @@ -13,6 +13,10 @@ #include <sys/wait.h> #include <sys/stat.h> @@ -86,7 +88,7 @@ size_t RNG_FileUpdate(const char *fileName, size_t limit); /* -@@ -862,6 +903,26 @@ ReadFileOK(char *dir, char *file) +@@ -862,6 +903,26 @@ size_t RNG_SystemRNG(void *dest, size_t maxLen) { @@ -113,7 +115,7 @@ FILE *file; int fd; int bytes; -@@ -895,4 +956,5 @@ RNG_SystemRNG(void *dest, size_t maxLen) +@@ -895,4 +956,5 @@ fileBytes = 0; } return fileBytes; ++++++ nss-fips-use-strong-random-pool.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.704049450 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.704049450 +0200 @@ -1,16 +1,18 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574240799 -3600 +# Wed Nov 20 10:06:39 2019 +0100 +# Node ID 4ddd7d49eeed4ea32850daf41a472ccb50dee45e +# Parent 0efca22bbafd7575b20461f255c46157c9321822 +[PATCH] 31 From a7cbf64ba8ac07a4a1fdea91f39da56d86af03bf Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 10:06:39 +0100 -Subject: [PATCH] 31 - --- nss/lib/freebl/unix_rand.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) -diff --git a/nss/lib/freebl/unix_rand.c b/nss/lib/freebl/unix_rand.c -index 65a44b3..ea88012 100644 ---- a/nss/lib/freebl/unix_rand.c -+++ b/nss/lib/freebl/unix_rand.c +diff --git a/lib/freebl/unix_rand.c b/lib/freebl/unix_rand.c +--- a/lib/freebl/unix_rand.c ++++ b/lib/freebl/unix_rand.c @@ -24,6 +24,7 @@ #include "prthread.h" #include "prprf.h" @@ -19,7 +21,7 @@ #ifdef NSS_USE_GETRANDOM # ifndef __NR_getrandom -@@ -779,7 +780,7 @@ RNG_SystemInfoForRNG(void) +@@ -779,7 +780,7 @@ } /* grab some data from system's PRNG before any other files. */ @@ -28,7 +30,7 @@ if (!bytes) { PORT_SetError(SEC_ERROR_NEED_RANDOM); } -@@ -909,7 +910,8 @@ RNG_SystemRNG(void *dest, size_t maxLen) +@@ -909,7 +910,8 @@ int ret; do { @@ -38,7 +40,7 @@ if (0 < ret) inBytes += ret; -@@ -929,7 +931,7 @@ RNG_SystemRNG(void *dest, size_t maxLen) +@@ -929,7 +931,7 @@ size_t fileBytes = 0; unsigned char *buffer = dest; @@ -47,6 +49,3 @@ if (file == NULL) { PORT_SetError(SEC_ERROR_NEED_RANDOM); return 0; --- -2.21.0 - ++++++ nss-fips-zeroization.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.712049495 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.712049495 +0200 @@ -1,8 +1,11 @@ +# HG changeset patch +# User Hans Petter Jansson <[email protected]> +# Date 1574240665 -3600 +# Wed Nov 20 10:04:25 2019 +0100 +# Node ID 3a2cb65dc157344cdad19e8e16e9c33e36f82d96 +# Parent 2d4483f4a1259f965f32ff4c65436e92aef83be7 +[PATCH 07/10] 29 From 76da775313bd40a1353a9d2f6cc43ebe1a287574 Mon Sep 17 00:00:00 2001 -From: Hans Petter Jansson <[email protected]> -Date: Wed, 20 Nov 2019 10:04:25 +0100 -Subject: [PATCH 07/10] 29 - --- nss/lib/freebl/aeskeywrap.c | 1 + nss/lib/freebl/cts.c | 18 +++++++++------ @@ -11,11 +14,10 @@ nss/lib/freebl/gcm.c | 45 +++++++++++++++++++++++++++++++++---- 5 files changed, 58 insertions(+), 12 deletions(-) -diff --git a/nss/lib/freebl/aeskeywrap.c b/nss/lib/freebl/aeskeywrap.c -index ee909db..b9f0439 100644 ---- a/nss/lib/freebl/aeskeywrap.c -+++ b/nss/lib/freebl/aeskeywrap.c -@@ -100,6 +100,7 @@ AESKeyWrap_DestroyContext(AESKeyWrapContext *cx, PRBool freeit) +diff --git a/lib/freebl/aeskeywrap.c b/lib/freebl/aeskeywrap.c +--- a/lib/freebl/aeskeywrap.c ++++ b/lib/freebl/aeskeywrap.c +@@ -102,6 +102,7 @@ { if (cx) { AES_DestroyContext(&cx->aescx, PR_FALSE); @@ -23,11 +25,10 @@ /* memset(cx, 0, sizeof *cx); */ if (freeit) { PORT_Free(cx->mem); -diff --git a/nss/lib/freebl/cts.c b/nss/lib/freebl/cts.c -index 774294b..a12e620 100644 ---- a/nss/lib/freebl/cts.c -+++ b/nss/lib/freebl/cts.c -@@ -37,6 +37,7 @@ CTS_CreateContext(void *context, freeblCipherFunc cipher, +diff --git a/lib/freebl/cts.c b/lib/freebl/cts.c +--- a/lib/freebl/cts.c ++++ b/lib/freebl/cts.c +@@ -37,6 +37,7 @@ void CTS_DestroyContext(CTSContext *cts, PRBool freeit) { @@ -35,7 +36,7 @@ if (freeit) { PORT_Free(cts); } -@@ -135,7 +136,7 @@ CTS_EncryptUpdate(CTSContext *cts, unsigned char *outbuf, +@@ -135,7 +136,7 @@ PORT_Memset(lastBlock + inlen, 0, blocksize - inlen); rv = (*cts->cipher)(cts->context, outbuf, &tmp, maxout, lastBlock, blocksize, blocksize); @@ -44,7 +45,7 @@ if (rv == SECSuccess) { *outlen = written + blocksize; } else { -@@ -230,13 +231,15 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, +@@ -230,13 +231,15 @@ rv = (*cts->cipher)(cts->context, outbuf, outlen, maxout, inbuf, fullblocks, blocksize); if (rv != SECSuccess) { @@ -62,7 +63,7 @@ } outbuf += fullblocks; -@@ -280,9 +283,9 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, +@@ -280,9 +283,9 @@ rv = (*cts->cipher)(cts->context, Pn, &tmpLen, blocksize, lastBlock, blocksize, blocksize); if (rv != SECSuccess) { @@ -74,7 +75,7 @@ } /* make up for the out of order CBC decryption */ XOR_BLOCK(Pn, Cn_2, blocksize); -@@ -297,7 +300,8 @@ CTS_DecryptUpdate(CTSContext *cts, unsigned char *outbuf, +@@ -297,7 +300,8 @@ /* clear last block. At this point last block contains Pn xor Cn_1 xor * Cn_2, both of with an attacker would know, so we need to clear this * buffer out */ @@ -85,11 +86,10 @@ - return SECSuccess; + return rv; } -diff --git a/nss/lib/freebl/dh.c b/nss/lib/freebl/dh.c -index b2d6d74..5ff9551 100644 ---- a/nss/lib/freebl/dh.c -+++ b/nss/lib/freebl/dh.c -@@ -192,6 +192,10 @@ cleanup: +diff --git a/lib/freebl/dh.c b/lib/freebl/dh.c +--- a/lib/freebl/dh.c ++++ b/lib/freebl/dh.c +@@ -192,6 +192,10 @@ rv = SECFailure; } if (rv) { @@ -100,11 +100,10 @@ *privKey = NULL; PORT_FreeArena(arena, PR_TRUE); } -diff --git a/nss/lib/freebl/ec.c b/nss/lib/freebl/ec.c -index ddbcc23..94fbc72 100644 ---- a/nss/lib/freebl/ec.c -+++ b/nss/lib/freebl/ec.c -@@ -958,7 +958,7 @@ ECDSA_VerifyDigest(ECPublicKey *key, const SECItem *signature, +diff --git a/lib/freebl/ec.c b/lib/freebl/ec.c +--- a/lib/freebl/ec.c ++++ b/lib/freebl/ec.c +@@ -958,7 +958,7 @@ ECParams *ecParams = NULL; SECItem pointC = { siBuffer, NULL, 0 }; int slen; /* length in bytes of a half signature (r or s) */ @@ -113,11 +112,10 @@ unsigned olen; /* length in bytes of the base point order */ unsigned obits; /* length in bits of the base point order */ -diff --git a/nss/lib/freebl/gcm.c b/nss/lib/freebl/gcm.c -index 0f42525..4d960f7 100644 ---- a/nss/lib/freebl/gcm.c -+++ b/nss/lib/freebl/gcm.c -@@ -141,6 +141,9 @@ bmul(uint64_t x, uint64_t y, uint64_t *r_high, uint64_t *r_low) +diff --git a/lib/freebl/gcm.c b/lib/freebl/gcm.c +--- a/lib/freebl/gcm.c ++++ b/lib/freebl/gcm.c +@@ -162,6 +162,9 @@ *r_high = (uint64_t)(r >> 64); *r_low = (uint64_t)r; @@ -127,7 +125,7 @@ } SECStatus -@@ -179,6 +182,12 @@ gcm_HashMult_sftw(gcmHashContext *ghash, const unsigned char *buf, +@@ -200,6 +203,12 @@ } ghash->x_low = ci_low; ghash->x_high = ci_high; @@ -140,7 +138,7 @@ return SECSuccess; } #else -@@ -218,6 +227,10 @@ bmul32(uint32_t x, uint32_t y, uint32_t *r_high, uint32_t *r_low) +@@ -239,6 +248,10 @@ z = z0 | z1 | z2 | z3; *r_high = (uint32_t)(z >> 32); *r_low = (uint32_t)z; @@ -151,7 +149,7 @@ } SECStatus -@@ -303,6 +316,20 @@ gcm_HashMult_sftw32(gcmHashContext *ghash, const unsigned char *buf, +@@ -324,6 +337,20 @@ ghash->x_high = z_high_h; ghash->x_low = z_high_l; } @@ -172,7 +170,7 @@ return SECSuccess; } #endif /* HAVE_INT128_SUPPORT */ -@@ -760,11 +787,13 @@ GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf, +@@ -859,11 +886,13 @@ /* verify the block */ rv = gcmHash_Update(gcm->ghash_context, inbuf, inlen); if (rv != SECSuccess) { @@ -188,7 +186,7 @@ } /* Don't decrypt if we can't authenticate the encrypted data! * This assumes that if tagBits is not a multiple of 8, intag will -@@ -772,10 +801,18 @@ GCM_DecryptUpdate(GCMContext *gcm, unsigned char *outbuf, +@@ -871,10 +900,18 @@ if (NSS_SecureMemcmp(tag, intag, tagBytes) != 0) { /* force a CKR_ENCRYPTED_DATA_INVALID error at in softoken */ PORT_SetError(SEC_ERROR_BAD_DATA); @@ -209,6 +207,3 @@ /* finish the decryption */ return CTR_Update(&gcm->ctr_context, outbuf, outlen, maxout, inbuf, inlen, AES_BLOCK_SIZE); --- -2.21.0 - ++++++ nss-fix-dh-pkcs-derive-inverted-logic.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.724049564 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.724049564 +0200 @@ -1,8 +1,15 @@ -diff --git a/nss/lib/softoken/pkcs11c.c b/nss/lib/softoken/pkcs11c.c -index dc8819b..2540d87 100644 ---- a/nss/lib/softoken/pkcs11c.c -+++ b/nss/lib/softoken/pkcs11c.c -@@ -8075,7 +8075,7 @@ NSC_DeriveKey(CK_SESSION_HANDLE hSession, +# HG changeset patch +# User M. Sirringhaus <[email protected]> +# Date 1590586654 -7200 +# Wed May 27 15:37:34 2020 +0200 +# Node ID 582ed54a5cda147cd5996603d6066817edb687fa +# Parent ce99bba6375432c55a73c1367f619dfef7c7e9fc +imported patch nss-fix-dh-pkcs-derive-inverted-logic.patch + +diff --git a/lib/softoken/pkcs11c.c b/lib/softoken/pkcs11c.c +--- a/lib/softoken/pkcs11c.c ++++ b/lib/softoken/pkcs11c.c +@@ -8316,7 +8316,7 @@ if (crv == CKR_OK) { rv = KEA_Verify(&dhPublic, &dhPrime, &dhSubPrime); PORT_Free(dhSubPrime.data); ++++++ nss-sqlitename.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.736049633 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.736049633 +0200 @@ -1,32 +1,29 @@ # HG changeset patch -# Parent b96f2a8d5f606fd982a8fe3655c4b71e282c3976 +# User M. Sirringhaus <[email protected]> +# Date 1590407652 -7200 +# Mon May 25 13:54:12 2020 +0200 +# Node ID b1d7045b31cf4090c0b78003c77a2eb6c8c57436 +# Parent e3d3ed5e142b172289d9d4a1c7fc63dfd4359410 Index: security/nss/lib/sqlite/manifest.mn =================================================================== RCS file: /cvsroot/mozilla/security/nss/lib/sqlite/manifest.mn,v retrieving revision 1.5 -diff --git a/lib/sqlite/manifest.mn b/lib/sqlite/manifest.mn ---- a/lib/sqlite/manifest.mn -+++ b/lib/sqlite/manifest.mn -@@ -1,19 +1,20 @@ - # - # This Source Code Form is subject to the terms of the Mozilla Public - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - CORE_DEPTH = ../.. +diff -r e3d3ed5e142b -r b1d7045b31cf lib/sqlite/manifest.mn +--- a/lib/sqlite/manifest.mn Mon Sep 18 11:24:00 2017 +0200 ++++ b/lib/sqlite/manifest.mn Mon May 25 13:54:12 2020 +0200 +@@ -6,11 +6,11 @@ MODULE = nss -LIBRARY_NAME = sqlite +LIBRARY_NAME = nsssqlite LIBRARY_VERSION = 3 - MAPFILE = $(OBJDIR)/sqlite.def +-MAPFILE = $(OBJDIR)/$(LIBRARY_NAME).def ++MAPFILE = $(OBJDIR)/sqlite.def + RES = $(NULL) +- +MAPFILE_SOURCE = sqlite.def DEFINES += -DSQLITE_THREADSAFE=1 - EXPORTS = \ - $(NULL) - PRIVATE_EXPORTS = \ - sqlite3.h \ - $(NULL) ++++++ system-nspr.patch ++++++ --- /var/tmp/diff_new_pack.FgRr20/_old 2020-06-21 21:58:48.768049817 +0200 +++ /var/tmp/diff_new_pack.FgRr20/_new 2020-06-21 21:58:48.768049817 +0200 @@ -1,25 +1,19 @@ # HG changeset patch -# Parent bbf8e741ac966df6cf513ea042d1351eb279c122 +# User M. Sirringhaus <[email protected]> +# Date 1590407573 -7200 +# Mon May 25 13:52:53 2020 +0200 +# Node ID 7616b189f50b94dbe98f78f32d0416948699cc91 +# Parent 7b3b4111316505e60319a0881f679eaab47a3439 +[mq]: system-nspr.patch -diff --git a/Makefile b/Makefile ---- a/Makefile -+++ b/Makefile -@@ -42,17 +42,17 @@ include $(CORE_DEPTH)/coreconf/rules.mk +diff -r 7b3b41113165 -r 7616b189f50b Makefile +--- a/Makefile Mon May 25 13:49:52 2020 +0200 ++++ b/Makefile Mon May 25 13:52:53 2020 +0200 +@@ -48,7 +48,6 @@ ####################################################################### + nss_build_all: +- $(MAKE) build_nspr + $(MAKE) all + $(MAKE) latest - - ####################################################################### - # (7) Execute "local" rules. (OPTIONAL). # - ####################################################################### - --nss_build_all: build_nspr all latest -+nss_build_all: all latest - - nss_clean_all: clobber_nspr clobber - - NSPR_CONFIG_STATUS = $(CORE_DEPTH)/../nspr/$(OBJDIR_NAME)/config.status - NSPR_CONFIGURE = $(CORE_DEPTH)/../nspr/configure - - # - # Translate coreconf build options to NSPR configure options.
